********************************
SELinux Policy Editor for Webmin
********************************
Notice: this document is not up to date.

This document is a release note for SELinux Policy Editor that is an
add-on module for Webmin(*1). This document describes the minimum
system requirements and the matters to be attended to.

If you want more informations, please refer following documents.

    - install.txt       : the install method
    - interlanguage.txt : specifications for inter-language (no English)
    - readme_policy.txt : Notes for default security policy


What is SELinux Policy Editor ?

    SELinux Policy Editor is an add-on module for Webmin. If you
    installs this module in your system whose operating system is
    Security-Enhanced Linux(SELinux)(*2), this module enables
    Web-based edit of the security rules.
    
    SELinux brings very strong security, but the definition of
    security rules is very complex and difficult to deal with. Without
    SELinux Policy Editor, you must edit many configuration files to
    define the security policy for your system. This is hard
    task. SELinux Policy Editor prevents mis-defining or lack of
    security rules, because this module provides more easily
    understandable expressions of security policy on Web browser.


What is the feature of SELinux Policy Editor ?

     SELinux Policy Editor has following features.
    
    - Web-based interface for editing security rules for SELinux
    - GUI View to review security rule configuration
    - Supports an inter-language
    - Automatic label generation
    - A lasting configuration style
    
    
    = Web-based interface for editing security rules for SELinux =
    
	SELinux Policy Editor is implemented as an add-on module for
	Webmin. Webmin is a web-based interface for system
	administration for unix. So the security policy for SELinux is
	displayed visually and more understandably. Of course, you can
	edit the security rules from remote host with browser,
	regardless of your platform.
        
	= Shows security rule configurations =
    
	SELinux Policy Editor has a function to show the security rule 
	configurations unitary. This function will prevent mis-definition 
	of the security rules.
        
	= Supports an inter-language =
    
	The security rules edited with SELinux Policy Editor is
	output to inter-configuration files. The security rules in
	those inter-configuration files are described by an
	inter-language.  This inter-language is more understandable
	than the original policy language in SELinux. You may edit
	those inter-configuration files directly. Those
	inter-configuration files are converted into the original
	configuration file in SELinux by a converter which SELinux
	Policy Editor provides.
    	
    = Automatic label generation =
    
	The access control in SELinux is not defined for the relation
	between the subject and the object but for the label attached
	to the subject and the label attached to the object. Therefore
	the relation between the object and the label attached to is
	very important, and complicates the security rule
	configuration.
        
	The converter in SELinux Policy Editor generates the name of
	label automatically based on the name of domain and the name
	of subject accessed by it. Thanks to this function, you can
	configure the security policy by intuition without being
	conscious of the name of label.
        
    = A lasting configuration style =
    
	SELinux is version upped frequently. The version-up brings the
	change of the security policy configuration style. Therefore
	the administrator must grasp the new style of the security
	policy configuration every time whenever SELinux are version
	upped.
        
	In SELinux Policy Editor, the inter-configuration and the
	converter absorb the change of the security policy
	configuration style. Consequently, SELinux Policy Editor can
	provides a lasting web-based style of the security policy
	configuration.


What is the minimum system requirements ?

    < Server side >
    
	- OS     : SELinux version 2002121210, 2003011510
	- Webmin : Webmin  version 1.03, 1.05
    
    < Client side >
    
	We have tested with following environments. 
	However, even if you use this module with listed environments , 
	this module may behave abnormally depending on your environment. 
	We does not necessarily warrant the normal operation in the 
	following environments.
        
	- OS      : RedHat7.2, RedHat7.3, RedHat 8.0
	- Browser : Mozilla version 1.0.1, 
        
	- OS      : WindowsNT4.0, Windows XP Pro
	- Browser : IE version 6.0 
		    Netscape version 4.7x, 7.x

Notes

	This software is NOT a commercial product of Hitachi Software.
	Therefore, there is no warranty and support for this software.
	The intent is to allow free use of this source code under
	the GNU General Public License (See COPYING).
	Absolutely no warranty is provided or implied (see COPYING).

--------------------------------------------------
*1 Web-based system administration tool for unix
    - http://www.webmin.com/
    
*2 Security-Enhanced Linux
    - http://www.nsa.gov/
