ANN: SELinux Policy Editor 2.0(seedit)

SELinux English

I have finally released seedit 2.0!
http://seedit.sourceforge.net/

Here is an announce posted in NSA selinux list and fedora-seliux list.

Hi.

I am glad to announce that SELinux Policy Editor 2.0(seedit 2.0) has been released.
seedit is a tool to make SELinux easy.
We have renewed the tool. Almost everything have been changed.
Policy generator, new GUI are developed, and many others.
You can download and try it from
http://seedit.sourceforge.net
Manuals are also provided.
It supports Fedora Core 5 and Cent OS 4.

If you have question, please feel free to contact me.


Here is a brief introduction of seedit 2.0:

1. About SELinux Policy Editor
SELinux Policy Editor(seedit) is a tool to make SELinux easy.
It was originally developed by Hitachi Software,
now is developed in SELinux Policy Editor Project(http://seedit.sourceforge.net).

seedit is composed of Simplified Policy and
tools such as GUI and policy generator.
The most important is Simplified Policy.
Simplified Policy is a policy described by
Simplified Policy Description Language(SPDL).
SPDL hides detail of SELinux configuration by name-based configuration
and reducing number of permissions.
Following is example policy for Apache by SPDL.

domain httpd_t;
include daemon.sp;
program /usr/sbin/httpd;
allow /var/www/** r,s;
allownet -protocol tcp -port 80 server.
...

As you see, type is not used.
You can use file name, port number in configuration.
SPDL is converted into SELinux policy by SPDL compiler.

2. New features in 2.0
In this release, we have renewed our tool.
We improved usability and security.

2.1 Improvement in usability
About usability, we learned a lot from AppArmor.
We investigated AppArmor and taken good points of it.
We have to thank to them :-)

- New GUI
We have developed new GUI "seedit Control Panel".
It works on X Window System, implemented by python and pygtk.
You can see screenshots at
http://sourceforge.net/project/screenshots.php?group_id=135756 .

You can do almost everything about SELinux from control panel.
Features of control panel are following:
- Policy Generator
Read audit log and generate Simplified Policy.
- Policy Template tool
User can generate policy template for applications by answering some questions.
- Editor
Editor for SPDL, you can insert configuration by GUI.
- Status checker
It is like AppArmor's unconfined command.
You can check network process's domain.
You can see which domains are assigned unconfined domain.

- Syntax of SPDL:
We have taken some AppArmor's profile syntax into SPDL.

- RBAC(Role-Based Access Control) Support
You can switch on/off RBAC support easily by one command.
See RBAC guide.

2.2 Improvement of security
SPDL reduces number of permissions by integrating SELinux's permissions,
but it affects security.
We have re-designed permission integration of SPDL,
as a research project at The George Washington University.
For detail of SPDL, see document
"Specification of Simplified Policy Description Language(SPDL)".
More documents about security is in progress.

3. Feedback
If you have question or want to say something to us,
please e-mail to me(himainu-ynakam@miomio.jp),
or subscribe seedit-devel-list at
http://sourceforge.net/mail/?group_id=135756