| rjw | 1f88458 | 2022-01-06 17:20:42 +0800 | [diff] [blame] | 1 | ======= |
| 2 | SELinux |
| 3 | ======= |
| 4 | |
| 5 | If you want to use SELinux, chances are you will want |
| 6 | to use the distro-provided policies, or install the |
| 7 | latest reference policy release from |
| 8 | |
| 9 | http://oss.tresys.com/projects/refpolicy |
| 10 | |
| 11 | However, if you want to install a dummy policy for |
| 12 | testing, you can do using ``mdp`` provided under |
| 13 | scripts/selinux. Note that this requires the selinux |
| 14 | userspace to be installed - in particular you will |
| 15 | need checkpolicy to compile a kernel, and setfiles and |
| 16 | fixfiles to label the filesystem. |
| 17 | |
| 18 | 1. Compile the kernel with selinux enabled. |
| 19 | 2. Type ``make`` to compile ``mdp``. |
| 20 | 3. Make sure that you are not running with |
| 21 | SELinux enabled and a real policy. If |
| 22 | you are, reboot with selinux disabled |
| 23 | before continuing. |
| 24 | 4. Run install_policy.sh:: |
| 25 | |
| 26 | cd scripts/selinux |
| 27 | sh install_policy.sh |
| 28 | |
| 29 | Step 4 will create a new dummy policy valid for your |
| 30 | kernel, with a single selinux user, role, and type. |
| 31 | It will compile the policy, will set your ``SELINUXTYPE`` to |
| 32 | ``dummy`` in ``/etc/selinux/config``, install the compiled policy |
| 33 | as ``dummy``, and relabel your filesystem. |