--- xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml	2010/06/25 16:07:19	1.9
+++ xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml	2012/06/24 11:54:39	1.16
@@ -1,15 +1,17 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <!DOCTYPE book SYSTEM "/dtd/book.dtd">
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.9 2010/06/25 16:07:19 pebenito Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/selinux-handbook.xml,v 1.16 2012/06/24 11:54:39 swift Exp $ -->
 
-<book link="selinux-handbook.xml">
+<book>
 <title>Gentoo SELinux Handbook</title>
 
 <author title="Author">
   <mail link="pebenito@gentoo.org">Chris PeBenito</mail>
 </author>
-
+<author title="Author">
+  <mail link="sven.vermeulen@siphos.be">Sven Vermeulen</mail>
+</author>
 <author title="Author">
   Chris Richards
 </author>
@@ -22,130 +24,187 @@
 <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
 <license/>
 
-<version>2.00</version>
-<date>2006-10-15</date>
+<version>4</version>
+<date>2011-09-18</date>
 
 <part>
-<title>Installing Gentoo SELinux</title>
+<title>Introduction to Gentoo/Hardened SELinux</title>
 <abstract>
-In this part you learn how to install Gentoo SELinux on your system.
+In this part we cover what SELinux is and how it is positioned within the
+Gentoo/Hardened project.
 </abstract>
 
 <chapter>
-<title>Gentoo SELinux Installation</title>
+<title>Enhancing Linux Security</title>
 <abstract>
-How to do a fresh installation of Gentoo SELinux.
+Security is more than enabling a certain framework or installing a different
+Linux kernel. It is a way of working / administrating your Gentoo Linux system.
+We cover a few (generic) best practices, and then elaborate on what Mandatory 
+Access Control is and how SELinux fills in this gap.
 </abstract>
-  <include href="hb-install.xml"/>
+  <include href="hb-intro-enhancingsecurity.xml"/>
 </chapter>
-</part>
 
-<part>
-<title>Converting to Gentoo SELinux</title>
+<chapter>
+<title>SELinux Concepts</title>
 <abstract>
-SELinux alternatively can be installed on current Linux installations.  This
-Chapter deals with converting a prexisting Gentoo install to SELinux.
+To be able to properly work with SELinux, it is vital that you understand a few
+of its concepts like domains, domain transitions and file contexts. Without 
+a basic understanding of these aspects, it will be difficult to understand
+how SELinux policies work and how to troubleshoot if things go wrong.
 </abstract>
+  <include href="hb-intro-concepts.xml"/>
+</chapter>
+
 <chapter>
-<title>Initial preparations</title>
+<title>SELinux Resources</title>
 <abstract>
-A few preparations must be done before installing SELinux packages.
+To get more acquainted with SELinux, many resources exist on the Internet.
+In this chapter we give a quick overview of the various resources as well
+as places where you can get more help when you are fighting with SELinux.
 </abstract>
-  <include href="hb-selinux-conv-profile.xml"/>
+  <include href="hb-intro-resources.xml"/>
 </chapter>
+
+<!-- 
 <chapter>
-<title>Boot SELinux Kernel</title>
+<title>The SELinux (Reference) Policy</title>
 <abstract>
-Install and boot a SELinux kernel.
+To streamline SELinux policy development, a reference policy is being developed
+that is used by all SELinux-supporting distributions. In this chapter we give 
+some intel on what this reference policy is and why it is brought to life, but
+also how this policy functions and how its development is progressing. We also
+cover the basics on SELinux policies in general.
 </abstract>
-  <include href="hb-selinux-conv-reboot1.xml"/>
+  <include href="hb-intro-referencepolicy.xml"/>
 </chapter>
+
 <chapter>
-<title>Install SELinux Userland</title>
+<title>SELinux Virtual Machine Support</title>
 <abstract>
-Install SELinux packages and policy, and label filesystems.
+SELinux support is being actively integrated in libvirt and other
+virtualization frameworks to elevate the security of virtualized
+environments. Within this chapter we give you a first introduction
+on how this is done for libvirt managed environments and what you need to take
+into account if you wish to use SELinux within your virtualized environment.
 </abstract>
-  <include href="hb-selinux-conv-reboot2.xml"/>
+  <include href="hb-intro-virtualization.xml"/>
 </chapter>
+-->
 </part>
 
 <part>
-<title>Working with SELinux</title>
+<title>Using Gentoo/Hardened SELinux</title>
+<abstract>
+With the theoretic stuff behind us, let us start by installing Gentoo/Hardened
+with a SELinux kernel as well as the SELinux tools.
+</abstract>
+
+<chapter>
+<title>Gentoo SELinux Installation / Conversion</title>
 <abstract>
-Learn how to work with SELinux
+To set up SELinux within Gentoo/Hardened, you first need to install Gentoo with
+the correct Hardened profile (or convert to the Hardened profile) and then
+update your system to become a SELinux-managed system. This chapter will guide
+you through this process.
 </abstract>
+  <include href="hb-using-install.xml"/>
+</chapter>
+
 <chapter>
-<title>SELinux Overview</title>
+<title>Configuring SELinux For Your Needs</title>
 <abstract>
-SELinux has many parts to understand.  This chapter discusses SELinux's
-important concepts and policy.
+With SELinux now "installed" and enabled (although in permissive mode), we now
+configure it to suit your particular needs. After all, SELinux is a Mandatory
+Access Control system where you, as security administrator, define what is
+allowed and what not.
 </abstract>
-  <include href="hb-selinux-overview.xml"/>
+  <include href="hb-using-configuring.xml"/>
 </chapter>
+
 <chapter>
-<title>SELinux HOWTO</title>
+<title>SELinux Commands</title>
 <abstract>
-This chapter deals with how to common operations in SELinux.
+Let's take a step back and get to know a few more commands. We covered most of
+them in the previous section, but we will now dive a bit deeper in its
+syntax, features and potential pitfalls.
 </abstract>
-  <include href="hb-selinux-howto.xml"/>
+  <include href="hb-using-commands.xml"/>
 </chapter>
+
 <chapter>
-<title>SELinux FAQ</title>
+<title>Permissive, Unconfined, Disabled or What Not...</title>
 <abstract>
-This chapter deals with frequently asked questions in SELinux.
+Your system can be in many SELinux states. In this chapter, we help you switch
+between the various states / policies.
 </abstract>
-  <include href="hb-selinux-faq.xml"/>
+  <include href="hb-using-states.xml"/>
 </chapter>
+
 <chapter>
-<title>SELinux Management Infrastructure</title>
+<title>Modifying the Gentoo Hardened SELinux Policy</title>
 <abstract>
-The chapter deals with managing SELinux using the management infrastructure.
+Gentoo Hardened offers a default policy, but this might not allow what you want
+(or allows too much). In this chapter we tell you how you can tweak Gentoo's
+policy, or even run your own.
 </abstract>
-  <include href="hb-selinux-libsemanage.xml"/>
+  <include href="hb-using-policies.xml"/>
 </chapter>
+
 <chapter>
-<title>Local Policy Modules</title>
+<title>Troubleshooting SELinux</title>
 <abstract>
-The chapter deals with adding rules and new modules to your policy.
+Everything made by a human can and will fail. In this chapter we will try to
+keep track of all potential issues you might come across and how to resolve
+them. 
 </abstract>
-  <include href="hb-selinux-localmod.xml"/>
+  <include href="hb-using-troubleshoot.xml"/>
 </chapter>
+
 <chapter>
-<title>SELinux Reference Materials</title>
+<title>Change History</title>
 <abstract>
-This has a list of external references on SELinux.
+As documentation evolves with the technology, this handbook too sees its fair
+share of changes. To allow users, who are already on SELinux, to verify if there
+are any changes they need to be aware off, this chapter lists the changes in
+chronological order.
 </abstract>
-  <include href="hb-selinux-references.xml"/>
+  <include href="hb-using-changes.xml"/>
 </chapter>
 </part>
 
+<!--
 <part>
-<title>Troubleshooting SELinux</title>
+<title>Advanced SELinux</title>
 <abstract>
-When encountering problems on a machine, SELinux can add extra difficulty
-in fixing the problem.  This chapter walks through fixing common problems.
+SELinux can be much more integrated in the system. In this part, we describe how
+to enhance SELinux configurations, tuning and securing your system even more.
 </abstract>
+
 <chapter>
-<title>Policy Not Loaded on Boot</title>
+<title>Working with MLS</title>
 <abstract>
-This chapter deals with the problem of the policy not being loaded on boot.
+...
 </abstract>
-  <include href="hb-selinux-initpol.xml"/>
+  <include href="hb-advanced-mls.xml"/>
 </chapter>
+
 <chapter>
-<title>Trouble Logging in Locally</title>
+<title>Using s(ecure) Virt(ualization)</title>
 <abstract>
-This chapter deals with problems logging in locally at the console.
+...
 </abstract>
-  <include href="hb-selinux-loglocal.xml"/>
+  <include href="hb-advanced-svirt.xml"/>
 </chapter>
+
 <chapter>
-<title>Trouble Logging in Remotely</title>
+<title>Using Netlabel</title>
 <abstract>
-This chapter deals with problems logging in remotely by ssh.
+...
 </abstract>
-  <include href="hb-selinux-logremote.xml"/>
+  <include href="hb-advanced-netlabel.xml"/>
 </chapter>
 </part>
+-->
 
 </book>