mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-03 18:20:25 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/scripts/selinux/install_policy.sh
Paul Moore 2fe2fb4ce6 selinux: remove runtime disable message in the install_policy.sh script 
We are in the process of deprecating the runtime disable mechanism,
let's not reference it in the scripts.

Signed-off-by: Paul Moore <paul@paul-moore.com>
2022-09-20 14:12:25 -04:00

84 lines
2.2 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
# SPDX-License-Identifier: GPL-2.0
set -e
if [ `id -u` -ne 0 ]; then
echo "$0: must be root to install the selinux policy"
exit 1
fi
SF=`which setfiles`
if [ $? -eq 1 ]; then
echo "Could not find setfiles"
echo "Do you have policycoreutils installed?"
exit 1
fi
CP=`which checkpolicy`
if [ $? -eq 1 ]; then
echo "Could not find checkpolicy"
echo "Do you have checkpolicy installed?"
exit 1
fi
VERS=`$CP -V | awk '{print $1}'`
ENABLED=`which selinuxenabled`
if [ $? -eq 1 ]; then
echo "Could not find selinuxenabled"
echo "Do you have libselinux-utils installed?"
exit 1
fi
if selinuxenabled; then
echo "SELinux is already enabled"
echo "This prevents safely relabeling all files."
echo "Boot with selinux=0 on the kernel command-line."
exit 1
fi
cd mdp
./mdp -m policy.conf file_contexts
$CP -U allow -M -o policy.$VERS policy.conf
mkdir -p /etc/selinux/dummy/policy
mkdir -p /etc/selinux/dummy/contexts/files
echo "__default__:user_u:s0" > /etc/selinux/dummy/seusers
echo "base_r:base_t:s0" > /etc/selinux/dummy/contexts/failsafe_context
echo "base_r:base_t:s0 base_r:base_t:s0" > /etc/selinux/dummy/default_contexts
cat > /etc/selinux/dummy/contexts/x_contexts <<EOF
client * user_u:base_r:base_t:s0
property * user_u:object_r:base_t:s0
extension * user_u:object_r:base_t:s0
selection * user_u:object_r:base_t:s0
event * user_u:object_r:base_t:s0
EOF
touch /etc/selinux/dummy/contexts/virtual_domain_context
touch /etc/selinux/dummy/contexts/virtual_image_context
cp file_contexts /etc/selinux/dummy/contexts/files
cp dbus_contexts /etc/selinux/dummy/contexts
cp policy.$VERS /etc/selinux/dummy/policy
FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts
if [ ! -d /etc/selinux ]; then
mkdir -p /etc/selinux
fi
if [ -f /etc/selinux/config ]; then
echo "/etc/selinux/config exists, moving to /etc/selinux/config.bak."
mv /etc/selinux/config /etc/selinux/config.bak
fi
echo "Creating new /etc/selinux/config for dummy policy."
cat > /etc/selinux/config << EOF
SELINUX=permissive
SELINUXTYPE=dummy
EOF
cd /etc/selinux/dummy/contexts/files
$SF -F file_contexts /
mounts=`cat /proc/$$/mounts | \
grep -E "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \
awk '{ print $2 '}`
$SF -F file_contexts $mounts
echo "-F" > /.autorelabel
Reference in a new issue View git blame Copy permalink