I often have problems with SELinux, most of which I have resolved eventually. There are still some situations where doing custom policy would be very elegant and more proper. I'd like to get the skillset of being able to fully do with SELinux what I want. I would ideally like to eventually be capable of implementing a strict policy myself.
I am looking for advice on where to start or how to get into SELinux. It seems like Dan Walsh and Stephen Smalley are the only ones on the internet who seem to understand everything (They are the names I always see on half to fully resolved SELinux issues).
I am not looking for simply a link and "Go here and read" I am looking for clear introductory material with a context of just starting with SELinux – not a technical manual. If you understand it how did you get started?
If this should be community wiki, let me know not sure if it should be or not as it's semi-subjective.
I don't want references to automated tools, I want custom policy. I want to get close and dirty with it, but without having to climb a cliff as the learning curve.
Best Answer
Dan Walsh is indeed the man when it comes to SElinux.
I'd start here with the presentation on what SElinux is trying to tell you.
http://people.fedoraproject.org/~dwalsh/SELinux/Presentations/selinux_four_things.pdf
For policy generation:
http://people.fedoraproject.org/~dwalsh/SELinux/Presentations/PolicyGeneration.odp
http://danwalsh.livejournal.com/35127.html#cutid1
Fedora is where a lot of SElinux stuff debuts, and you'd do well to hang out on the selinux mailing list there:
http://admin.fedoraproject.org/mailman/listinfo/selinux
IRC is also not a bad idea - on freednode.net #selinux and #fedora-selinux you can ask questions there interactiely.
From a raw documentation perspective - the Fedora 13 SElinux guide is probably a good place to start for the current state of SElinux.
http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/index.html