Wind River Education Services Course Catalog

Wind River Education Services offers cost-effective training in various forms. Browse our course catalog below to plan and track a curriculum that will satisfy the training needs of your device software development engineers.

SELinux Essentials

Buy Now

Course Description

Course Results

Products Supported

Who Should Attend

Course Format

Please see course datasheet for further details here Buy Now

Course Details Summary

  • Duration: 2 Days
  • Course Information: View
  • Format: Lectures and Labs
  • Type: Instructor-led
  • Price/Schedule: View

The SELinux Essentials course gives engineers the skills they need to develop complex policies for securing Linux-based devices using SELinux. Although Wind River® Linux is used as the reference distribution in the lab environment, the tools and techniques covered are not specific to Wind River Linux.

After this course, participants will be able to perform the following:

  • Describe SELinux concepts and terminology
  • Use command-line tools to manage SELinux configuration
  • Create and manage SELinux policies
  • Troubleshoot SELinux policies
  • Wind River Linux 6
  • The following targets are available:
  • QEMU simulated target (Intel® x86-64)
  • Developers who want to learn more about securing Linux-based devices
  • Customers who have recently purchased or are considering purchasing Wind River Linux

Day 1


  • SELinux background information
  • SELinux in the Wind River Linux product line
  • MAC implementations
  • Linux security: DAC, MAC, LSM
  • LAB: Getting started with SELinux

SELinux and MAC

  • Type enforcement (TE) security model
  • SELinux users and RBAC
  • MLS and MCS security models
  • LAB: Using SELinux commands

SELinux Security Context

  • What’s a security context?
  • Policy and access control
  • TE
  • RBAC
  • MLS
  • Domain transitions
  • LAB: Understanding security contexts

SELinux Security Policy

  • The reference policy
  • SELinux booleans
  • Policy versions
  • Wind River Linux policy
  • LAB: Using boolean to customize security policies

Day 2

SELinux Identity and Roles

  • SELinux users and Linux users
  • Default identities
  • SELinux and PAM
  • Role switching
  • Granting sensitivity/category to users
  • LAB: Managing SELinux users

SELinux Configuration

  • Configuration files
  • Logging and the audit daemon
  • Configuring the mode of SELinux
  • LAB: Configuring an SELinux system

Creating and Managing SELinux Policy

  • The policy development environment
  • Policy configuration files
  • SELinux policy language
  • Compiling security modules
  • Loading and testing security modules
  • Creating policy sets
  • Making changes persist across boots
  • LAB: Creating SELinux modules

SELinux Troubleshooting

  • Root cause analysis
  • Silent denials
  • Using permissive modes and domains
  • LAB: Using audit tools for troubleshooting

Prerequisite Courses

  • None

Prerequisite Skills

  • Basic understanding of operating systems
  • Familiarity with the Linux operating system
  • One year of experience working with and/or administering a Linux/UNIX system
  • This two-day expert-led course consists of lectures and lab sessions.
  • Attendees use a Wind River Linux 6 target to gain experience with the topics presented.
  • Participants examine and exercise simulated network topologies in hands-on labs.
  • Participants receive individual guidance from an expert engineer who has extensive experience with Linux technologies.