Kyle Swenson | 8d8f654 | 2021-03-15 11:02:55 -0600 | [diff] [blame] | 1 | If you want to use SELinux, chances are you will want |
| 2 | to use the distro-provided policies, or install the |
| 3 | latest reference policy release from |
| 4 | http://oss.tresys.com/projects/refpolicy |
| 5 | |
| 6 | However, if you want to install a dummy policy for |
| 7 | testing, you can do using 'mdp' provided under |
| 8 | scripts/selinux. Note that this requires the selinux |
| 9 | userspace to be installed - in particular you will |
| 10 | need checkpolicy to compile a kernel, and setfiles and |
| 11 | fixfiles to label the filesystem. |
| 12 | |
| 13 | 1. Compile the kernel with selinux enabled. |
| 14 | 2. Type 'make' to compile mdp. |
| 15 | 3. Make sure that you are not running with |
| 16 | SELinux enabled and a real policy. If |
| 17 | you are, reboot with selinux disabled |
| 18 | before continuing. |
| 19 | 4. Run install_policy.sh: |
| 20 | cd scripts/selinux |
| 21 | sh install_policy.sh |
| 22 | |
| 23 | Step 4 will create a new dummy policy valid for your |
| 24 | kernel, with a single selinux user, role, and type. |
| 25 | It will compile the policy, will set your SELINUXTYPE to |
| 26 | dummy in /etc/selinux/config, install the compiled policy |
| 27 | as 'dummy', and relabel your filesystem. |