diff options
| author | Kees Cook | 2017-05-13 13:51:44 +0200 |
|---|---|---|
| committer | Jonathan Corbet | 2017-05-18 18:31:30 +0200 |
| commit | 229fd05c565eb931aa7c59c9d740e2047701a4ad (patch) | |
| tree | 02fe4d7959df807381453555d232861d30dc651e /Documentation/admin-guide/LSM | |
| parent | doc: ReSTify and split LSM.txt (diff) | |
| download | kernel-qcow2-linux-229fd05c565eb931aa7c59c9d740e2047701a4ad.tar.gz kernel-qcow2-linux-229fd05c565eb931aa7c59c9d740e2047701a4ad.tar.xz kernel-qcow2-linux-229fd05c565eb931aa7c59c9d740e2047701a4ad.zip | |
doc: ReSTify SELinux.txt
Adjusts for ReST markup and moves under LSM admin guide.
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Diffstat (limited to 'Documentation/admin-guide/LSM')
| -rw-r--r-- | Documentation/admin-guide/LSM/SELinux.rst | 33 | ||||
| -rw-r--r-- | Documentation/admin-guide/LSM/index.rst | 5 |
2 files changed, 38 insertions, 0 deletions
diff --git a/Documentation/admin-guide/LSM/SELinux.rst b/Documentation/admin-guide/LSM/SELinux.rst new file mode 100644 index 000000000000..f722c9b4173a --- /dev/null +++ b/Documentation/admin-guide/LSM/SELinux.rst @@ -0,0 +1,33 @@ +======= +SELinux +======= + +If you want to use SELinux, chances are you will want +to use the distro-provided policies, or install the +latest reference policy release from + + http://oss.tresys.com/projects/refpolicy + +However, if you want to install a dummy policy for +testing, you can do using ``mdp`` provided under +scripts/selinux. Note that this requires the selinux +userspace to be installed - in particular you will +need checkpolicy to compile a kernel, and setfiles and +fixfiles to label the filesystem. + + 1. Compile the kernel with selinux enabled. + 2. Type ``make`` to compile ``mdp``. + 3. Make sure that you are not running with + SELinux enabled and a real policy. If + you are, reboot with selinux disabled + before continuing. + 4. Run install_policy.sh:: + + cd scripts/selinux + sh install_policy.sh + +Step 4 will create a new dummy policy valid for your +kernel, with a single selinux user, role, and type. +It will compile the policy, will set your ``SELINUXTYPE`` to +``dummy`` in ``/etc/selinux/config``, install the compiled policy +as ``dummy``, and relabel your filesystem. diff --git a/Documentation/admin-guide/LSM/index.rst b/Documentation/admin-guide/LSM/index.rst index 7e892b9b58aa..cc0e04d63bf9 100644 --- a/Documentation/admin-guide/LSM/index.rst +++ b/Documentation/admin-guide/LSM/index.rst @@ -29,3 +29,8 @@ will always include the capability module. The list reflects the order in which checks are made. The capability module will always be first, followed by any "minor" modules (e.g. Yama) and then the one "major" module (e.g. SELinux) if there is one configured. + +.. toctree:: + :maxdepth: 1 + + SELinux |