SELinux.rst 1.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344
  1. =======
  2. SELinux
  3. =======
  4. Information about the SELinux kernel subsystem can be found at the
  5. following links:
  6. https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git/tree/README.md
  7. https://github.com/selinuxproject/selinux-kernel/wiki
  8. Information about the SELinux userspace can be found at:
  9. https://github.com/SELinuxProject/selinux/wiki
  10. If you want to use SELinux, chances are you will want
  11. to use the distro-provided policies, or install the
  12. latest reference policy release from
  13. https://github.com/SELinuxProject/refpolicy
  14. However, if you want to install a dummy policy for
  15. testing, you can do using ``mdp`` provided under
  16. scripts/selinux. Note that this requires the selinux
  17. userspace to be installed - in particular you will
  18. need checkpolicy to compile a kernel, and setfiles and
  19. fixfiles to label the filesystem.
  20. 1. Compile the kernel with selinux enabled.
  21. 2. Type ``make`` to compile ``mdp``.
  22. 3. Make sure that you are not running with
  23. SELinux enabled and a real policy. If
  24. you are, reboot with selinux disabled
  25. before continuing.
  26. 4. Run install_policy.sh::
  27. cd scripts/selinux
  28. sh install_policy.sh
  29. Step 4 will create a new dummy policy valid for your
  30. kernel, with a single selinux user, role, and type.
  31. It will compile the policy, will set your ``SELINUXTYPE`` to
  32. ``dummy`` in ``/etc/selinux/config``, install the compiled policy
  33. as ``dummy``, and relabel your filesystem.