Joshua Brindle

How to Win At Security

The SELinux Documentation Project

One of the biggest complaints people have about SELinux is the lack of documentation. Indeed we had a nice group discussion with some users at Linux Plumbers Conference who once again brought this to our attention.

The reason is simple. Most of us working on SELinux are developers. We don't like writing documentation. We'd rather write blog entries explaining some aspect of SELinux instead of real documents. While this works when your primary audience are knowledgeable enough to find the blog entries, figure out how to apply the concepts to their problems and connect all the dots between here and there it isn't useful for new users or users trying to solve a simple problem.

It is unfortunate, and some people over the years have helped us out, such as with the Fedora SELinux User Guide, but unfortunately we've missed some users, particularly new ones, and we haven't aggregated these documents onto a distribution agnostic place with good organization.

With that in mind I volunteered to start the SELinux Documentation Project during LPC. Basically the goal is to make user-problem focused documentation available at the official SELinux project site. This will be a huge effort, writing original documentation, organizing it into consumable chunks and mining years of mail list posts, blog entries and other resources to deliver documents to users.

I've already started putting up several pieces. One of the things I want to really focus on are SELinux ‘recipes', short, to-the-point blurbs telling users how to do the things they want to do, like allowing apache to connect to their database server, or  how to easily add a rule to their policy.

We also need a place where potential developers can go to easily get resources on developing SELinux so that our community can expand. Further a place where vendors can go to learn about what SELinux can do for their solution and how to get started using SELinux is a must.

All that said, I can't do this alone. I've started several pages and will continue doing so but if you are one of those strange souls with a propensity to document things, or you have recently gone through the pains of finding info in obscure places that you couldn't find elsewhere we could really use your help in expanding, organizing and centralizing documentation on selinuxproject.org. If you want to help you can email me at method at manicmethod.com or James Morris at jmorris at namei.org to get an account and start contributing.