d410fa4ef9
move LSM-, credentials-, and keys-related files from Documentation/ to Documentation/security/, add Documentation/security/00-INDEX, and update all occurrences of Documentation/<moved_file> to Documentation/security/<moved_file>.
27 lines
1 KiB
Text
27 lines
1 KiB
Text
If you want to use SELinux, chances are you will want
|
|
to use the distro-provided policies, or install the
|
|
latest reference policy release from
|
|
http://oss.tresys.com/projects/refpolicy
|
|
|
|
However, if you want to install a dummy policy for
|
|
testing, you can do using 'mdp' provided under
|
|
scripts/selinux. Note that this requires the selinux
|
|
userspace to be installed - in particular you will
|
|
need checkpolicy to compile a kernel, and setfiles and
|
|
fixfiles to label the filesystem.
|
|
|
|
1. Compile the kernel with selinux enabled.
|
|
2. Type 'make' to compile mdp.
|
|
3. Make sure that you are not running with
|
|
SELinux enabled and a real policy. If
|
|
you are, reboot with selinux disabled
|
|
before continuing.
|
|
4. Run install_policy.sh:
|
|
cd scripts/selinux
|
|
sh install_policy.sh
|
|
|
|
Step 4 will create a new dummy policy valid for your
|
|
kernel, with a single selinux user, role, and type.
|
|
It will compile the policy, will set your SELINUXTYPE to
|
|
dummy in /etc/selinux/config, install the compiled policy
|
|
as 'dummy', and relabel your filesystem.
|