Skip to content

Improve SELinux article for SLE16 #500

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 38 commits into
base: main
Choose a base branch
from
Open

Improve SELinux article for SLE16 #500

wants to merge 38 commits into from

Conversation

ca-hu
Copy link
Contributor

@ca-hu ca-hu commented Jul 22, 2025
edited
Loading

Description

Improve SELinux article for SLE 16. Please check thourougly since I am not in the docs team and don't really know all the guidelines

DONE:

  • Fix incorrect commands
  • Rework SELinux Modes section: split out enabling/disabling into a seperate section that goes in a later part of the article and only keep SELinux modes section for SELinux modes. Details see in the commits bsc#1239717
  • Rework SELinux policy overview section: add section about targeted policy, reorder article, reword existing sections
  • Add SELinux administration section and reorder sections for booleans etc from top down with likely most used
  • Add section about which packages to install when
  • Rewrite selinux booleans explanation text to actually explain the reasons behind booleans
  • Rewrite selinux file context text to include how to modify file contexts and when it is necessary to do so
  • Add a section for port configuration
  • Add a section for setting permissive domain
  • Add a troubleshooting section
  • Rewrite module section
  • Add an initial custom modules writing section

Are there any relevant issues/feature requests?

  • bsc#1239717
  • bsc#1241391
  • likely PED-11208

Is this (based on) existing content?

yes

@ca-hu ca-hu changed the title Improve SELinux article for SLE16: Modes and Enabling/Disabling Improve SELinux article for SLE16 Jul 23, 2025
@Amrita42 Amrita42 self-assigned this Jul 23, 2025
@Amrita42
Copy link
Contributor

@ca-hu when it is ready for review , please tag me, thanks :)

@ca-hu
Copy link
Contributor Author

ca-hu commented Jul 29, 2025

@Amrita42 it is ready for review :)

I did not do spellchecking or grammar checks, could you do them according to your doc team guidelines and add it as commit on top? I assume you want to pick and choose or rewrite stuff I did according to doc team guideline anyway, so I think the easiest would be if you do the rest.
If you notice anything that does not make sense or have any questions, please let me know!

Also I think it would be good if selinux-tools section would be a different article. Also feel free to split the article if you think it is too long.

I would hand this over to you now :)

@ca-hu ca-hu marked this pull request as ready for review July 29, 2025 15:35
@ca-hu
Copy link
Contributor Author

ca-hu commented Jul 29, 2025

also let me know when you are done, then i can ask someone from the selinux team to do a quick proofread again :) thanks!

@ca-hu
Copy link
Contributor Author

ca-hu commented Jul 30, 2025

sorry, i found two additional things, done now

@ca-hu ca-hu mentioned this pull request Aug 1, 2025
Merged
ca-hu added 22 commits August 14, 2025 17:50
@ca-hu
SELinux: Fix incorrect semanage boolean usage
2af3f86
@ca-hu
SELinux: Split mode and enabling/disabling
5c97a06 
We don't want to have the SELINUX=disabled option in the /etc/selinux/config
documented, since it is a dirty hack and mixing
enforcing/permissive and enabling/disabling can cause
issues during boot due to systemd being confused
(see bsc#1239717)

Therefor dropping SELINUX=disabled and adding a seperate section
for how to disable SELinux and re-enable it
@ca-hu
SELinux: Rewrite selinux-verification, switching-modes
fb3a0d5 
Also reorder chapters into subchapters
@ca-hu
SELinux: Rework SELinux policy overview
a281bc0 
- Add concept for selinux-policy-targeted
- Fix wording and add explanations in concepts/selinux-policy.md
- Restructure SLE 16 policy overview part in SELinux article
@ca-hu
SELinux: Rewrite concepts/selinux-context.xml
9ce7a2e 
To include examples and Tips
@ca-hu
SELinux: modify SELinux rules section
9598283 
add a more clear example
@ca-hu
SELinux: modify concepts/selinux-context.xml
6e915e0 
Make wording more clear
@ca-hu
SELinux: modify concepts/selinux-rules.xml
70f9052 
Make wording more clear
@ca-hu
SELinux: add administration guide and reorder with priority
f9b5fa9 
The existing ordering is not intuitive, reorder with top down
with most used
@ca-hu
SELinux: rewrite concepts/selinux-booleans.xml
3967947 
Add more context regarding the concepts of booleans
@ca-hu
SELinux: Move sedispol to an earlier section
3cf9efa
@ca-hu
SELinux: add tasks section that describes packages
82eb653 
... for administration and development
@ca-hu
SELinux: rewrite modifying selinux file context section
08ac0fc 
It did not look complete and it needed more explanation
@ca-hu
SELinux: Add section about SELinux ports
5a75cf5 
Add description how to use SELinux ports with example on
how to change the SSH daemon port to port 2222
@ca-hu
SELinux: Add section about setting domains into permissive
01827dd
@ca-hu
SELinux: Use /srv/www for file context example
3bf63b1
@ca-hu
SELinux: Add section about understanding logs
11eae11
@ca-hu
SELinux: Add troubleshooting section
9ebffb9
@ca-hu
SELinux: wording fixes and small addition in selinux-tools
2a2f62f
@ca-hu
SELinux: Rewrite module section, add custom module tutorial
0574bf1 
also move things around
@ca-hu
SELinux: document selinux-policy-doc (bsc#1241391)
5fcacf4
@ca-hu
SELinux: add current sestatus output
32bd248
Amrita42
Amrita42 reviewed Aug 18, 2025
View reviewed changes
Amrita42
Amrita42 reviewed Aug 18, 2025
View reviewed changes
Amrita42
Amrita42 reviewed Aug 18, 2025
View reviewed changes
@Amrita42
Copy link
Contributor

Amrita42 commented Sep 1, 2025

@ca-hu thanks for the extensive review and additions . Lets keep tools within the article , its fine as is. You can now handover to someone from your team for a final check. Noe that , post that I will request Daria to review (she does the final style and grammar review in our team)

@ca-hu
Copy link
Contributor Author

ca-hu commented Sep 1, 2025

thanks, will do :)

@ca-hu
Fixes after review
6a864ec 
- Move troubleshooting section up
- Fix some formulation and typos
@ca-hu
Copy link
Contributor Author

ca-hu commented Sep 4, 2025
edited
Loading

i added some changes from the final check, otherwise looks good

changes:
6a864ec

basically some typo fixes and i moved the troubleshooting section back up, because it is super important as it is very tricky to do.

if you do not like the changes, you can just revert it with:
git revert 6a864ece7f4320f468552282a77ce1b262ce7a95

otherwise looks good from my side, can be merged :)
if we will find something else, we will let you know

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Amrita42 Amrita42 Amrita42 left review comments

Assignees

@Amrita42 Amrita42

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ca-hu @Amrita42