Review: SELinux by Example
Source: Ryan W. Maple - Posted by Ryan W. Maple   
Book Reviews If you use Linux then you've most probably at least heard of Security-Enhanced Linux (SELinux). In this feature story Ryan W. Maple gives a review and his opinion of the latest and greatest book to cover SELinux: SELinux by Example: Using Security Enhanced Linux. Read on for Ryan's review.

Ryan w. Maple
Date: October 16, 2006


Title SELinux by Example: Using Security Enhanced Linux
Authors Frank Mayer, Karl MacMillan, David Caplan
Pages 425
ISBN 0-13-196369-4
Publisher Prentice Hall PTR
Edition 1st edition (July 27, 2006)
Purchase Amazon


"SELinux by Example" is a hands-on book aimed towards anybody interested in Security-Enhanced Linux (SELinux). Whether you want to learn how to write SELinux policy or administer a machine running SELinux, you will find tremendous value in this book. Each chapter conveniently wraps up with a bullet-point summary of the material that was covered and some exercises which do an excellent job of driving the points home, giving this book it's "hands-on" feel.


The book is written by Frank Mayer (the co-founder and CTO of Tresys Technology), David Caplan (a senior security engineer with Tresys), and Karl Macmillan (a very active contributor to the SELinux community), three of the most qualified people to write a book on this complicated subject. It consists of 14 chapters and four appendices, grouped into three main parts: SELinux Overview, SELinux Policy Language, and Creating and Writing SELinux Security Policies.

Part I, "SELinux Overview" is a three chapter introduction to SELinux. People who are not familiar with SELinux receive a very thorough overview of the history and concepts behind SELinux while those who are familiar with SELinux get a nice refresher. The first chapter discusses the evolution of operating system access controls from the reference monitor concept, to discretionary access controls, all the way to to SELinux. The second chapter introduces the reader to the basic SELinux concepts: Security Contexts, Type Enforcement, Domain Transitions, Roles, and Multilevel Security (MLS). The third and final chapter of this part discusses the SELinux architecture: the LSM (Linux Security Module) framework, user-space policy servers, the SELinux policy language, and monolithic and modular policies.

Part II, "SELinux Policy Language" is a comprehensive reference to the SELinux policy language and devotes a complete chapter to each of the high-level policy constructs, such as Object Classes and Permissions, Type Enforcement, Roles and Users, Constraints, Multilevel Security. The final two chapters of this part wrap up the discussion of the SELinux policy language by covering conditional policies and object labeling.

Part III, "Creating and Writing SELinux Security Policies" brings it all together. The first two chapters of this section discuss the original example policy and the more recent Reference Policy. The book does a good job covering the policy structure (ie, where the various policy files are) and highlighting the differences between these two policies. The next chapter is intended for system administrators who maintain machines running SELinux and focuses on the impact that SELinux will have on their day-to-day lives. Finally, the last chapter of this section gives the reader a step-by-step introduction to writing new policy modules.


This is a very good book and is easily the best I've seen yet on the subject of SELinux. If you've been tasked with maintaining an SELinux-enabled machine, would like to write or enhance existing SELinux policy, or just want to understand what SELinux is and how it came to be, then this is the book for you. This book and an SELinux-enabled Linux distribution, such as the easy to use EnGarde Secure Linux, are all you need to get involved in the growing world of Security Enhanced Linux.

Reviewed by: Ryan W. Maple

Nice reviewWritten by dave on 2006-10-16 12:04:05
Sounds like a great book. Very helpful review, Ryan.
Is there other book about SELinux subjecWritten by Neo on 2007-05-30 17:08:45
I have this book, but i want a book that show me examples about SELinux Policy : How I build a policy step by step. 
goodWritten by done on 2008-04-19 14:56:22
I'm agree with you.
zzzWritten by zzz on 2008-04-19 15:47:23
hoffman estates cosmetic dentist

Only registered users can write comments.
Please login or register.

Powered by AkoComment!