From 2c1be00843f3a9fca0b5fef34dc75cb4989334f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Kone=C4=8Dn=C3=BD?= Date: Fri, 10 Sep 2021 14:18:46 +0200 Subject: [PATCH] Review selinux SOP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michal Konečný --- modules/sysadmin_guide/nav.adoc | 2 +- modules/sysadmin_guide/pages/selinux.adoc | 28 ++++++++--------------- 2 files changed, 10 insertions(+), 20 deletions(-) diff --git a/modules/sysadmin_guide/nav.adoc b/modules/sysadmin_guide/nav.adoc index 6aea558..32d84e0 100644 --- a/modules/sysadmin_guide/nav.adoc +++ b/modules/sysadmin_guide/nav.adoc @@ -97,7 +97,7 @@ ** xref:resultsdb.adoc[ResultsDB - SOP] ** xref:retrace.adoc[Retrace - SOP] ** xref:scmadmin.adoc[SCM Admin - SOP] -** xref:selinux.adoc[selinux - SOP in review ] +** xref:selinux.adoc[SELinux Infrastructure - SOP] ** xref:sigul-upgrade.adoc[sigul-upgrade - SOP in review ] ** xref:simple_koji_ci.adoc[simple_koji_ci - SOP in review ] ** xref:sshaccess.adoc[sshaccess - SOP in review ] diff --git a/modules/sysadmin_guide/pages/selinux.adoc b/modules/sysadmin_guide/pages/selinux.adoc index ec08707..0cbf659 100644 --- a/modules/sysadmin_guide/pages/selinux.adoc +++ b/modules/sysadmin_guide/pages/selinux.adoc @@ -7,24 +7,15 @@ an unfathomable rate, and is full of custom software that needs to be locked down. The goal of this SOP is to make it simple to track down and fix SELinux policy related issues within Fedora's Infrastructure. -Fully deploying SELinux is still an ongoing task, and can be tracked in -fedora-infrastructure [45]ticket #230. - == Contents -[arabic] -. Contact Information -. Step One: Realizing you have a problem -. Step Two: Tracking down the violation -. Step Three: Fixing the violation - -____ -[arabic] -. Allowing ports -. Toggling an SELinux boolean -. Setting custom context -. Deploying custom policy modules -____ +* <<_contact_information>> +* <<_step_one_realizing_you_have_a_problem>> +* <<_step_two_tracking_down_the_violation>> +* <<_step_three_fixing_the_violation>> +** <<_toggling_an_selinux_boolean>> +** <<_setting_custom_context>> +** <<_fixing_odd_errors_from_the_logs>> == Contact Information @@ -72,7 +63,6 @@ properly configured, this can be changed to 'include selinux-enforcing' to enable SELinux Enforcing mode. [NOTE] -.Note ==== Most services have $service_selinux manpages that are automatically generated from policy. @@ -80,8 +70,8 @@ generated from policy. === Toggling an SELinux boolean -SELinux booleans, which can be viewed by running [.title-ref]#semanage -boolean -l#, can easily be configured using the following syntax within +SELinux booleans, which can be viewed by running `semanage boolean -l`, +can easily be configured using the following syntax within your ansible configuration.: ....