SELinux Policy Wizard

Dan Walsh has published an article on his SELinux policy generation wizard at Red Hat Magazine.

SELinux policy wizard GUI

The article is a great introduction to the modern SELinux policy development environment, while the tool itself demonstrates how high-level abstractions are the key to SELinux usability.

In this case, the sysadmin is provided with a set of questions about the application to be confined, and makes selections based upon patterns which are commonly encountered in similar applications. Some further questions are asked, such as which ports the application might use, and then a loadable policy module is generated.

If you want to try the tool for yourself, you’ll find it in current RHEL 5 and Fedora 7, runnable via system-config-selinux .