doc: ReSTify SELinux.txt
Adjusts for ReST markup and moves under LSM admin guide. Cc: Paul Moore <paul@paul-moore.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
This commit is contained in:
parent
504f231cda
commit
229fd05c56
|
@ -1,27 +1,33 @@
|
||||||
|
=======
|
||||||
|
SELinux
|
||||||
|
=======
|
||||||
|
|
||||||
If you want to use SELinux, chances are you will want
|
If you want to use SELinux, chances are you will want
|
||||||
to use the distro-provided policies, or install the
|
to use the distro-provided policies, or install the
|
||||||
latest reference policy release from
|
latest reference policy release from
|
||||||
|
|
||||||
http://oss.tresys.com/projects/refpolicy
|
http://oss.tresys.com/projects/refpolicy
|
||||||
|
|
||||||
However, if you want to install a dummy policy for
|
However, if you want to install a dummy policy for
|
||||||
testing, you can do using 'mdp' provided under
|
testing, you can do using ``mdp`` provided under
|
||||||
scripts/selinux. Note that this requires the selinux
|
scripts/selinux. Note that this requires the selinux
|
||||||
userspace to be installed - in particular you will
|
userspace to be installed - in particular you will
|
||||||
need checkpolicy to compile a kernel, and setfiles and
|
need checkpolicy to compile a kernel, and setfiles and
|
||||||
fixfiles to label the filesystem.
|
fixfiles to label the filesystem.
|
||||||
|
|
||||||
1. Compile the kernel with selinux enabled.
|
1. Compile the kernel with selinux enabled.
|
||||||
2. Type 'make' to compile mdp.
|
2. Type ``make`` to compile ``mdp``.
|
||||||
3. Make sure that you are not running with
|
3. Make sure that you are not running with
|
||||||
SELinux enabled and a real policy. If
|
SELinux enabled and a real policy. If
|
||||||
you are, reboot with selinux disabled
|
you are, reboot with selinux disabled
|
||||||
before continuing.
|
before continuing.
|
||||||
4. Run install_policy.sh:
|
4. Run install_policy.sh::
|
||||||
|
|
||||||
cd scripts/selinux
|
cd scripts/selinux
|
||||||
sh install_policy.sh
|
sh install_policy.sh
|
||||||
|
|
||||||
Step 4 will create a new dummy policy valid for your
|
Step 4 will create a new dummy policy valid for your
|
||||||
kernel, with a single selinux user, role, and type.
|
kernel, with a single selinux user, role, and type.
|
||||||
It will compile the policy, will set your SELINUXTYPE to
|
It will compile the policy, will set your ``SELINUXTYPE`` to
|
||||||
dummy in /etc/selinux/config, install the compiled policy
|
``dummy`` in ``/etc/selinux/config``, install the compiled policy
|
||||||
as 'dummy', and relabel your filesystem.
|
as ``dummy``, and relabel your filesystem.
|
|
@ -29,3 +29,8 @@ will always include the capability module. The list reflects the
|
||||||
order in which checks are made. The capability module will always
|
order in which checks are made. The capability module will always
|
||||||
be first, followed by any "minor" modules (e.g. Yama) and then
|
be first, followed by any "minor" modules (e.g. Yama) and then
|
||||||
the one "major" module (e.g. SELinux) if there is one configured.
|
the one "major" module (e.g. SELinux) if there is one configured.
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
|
SELinux
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
00-INDEX
|
00-INDEX
|
||||||
- this file.
|
- this file.
|
||||||
SELinux.txt
|
|
||||||
- how to get started with the SELinux security enhancement.
|
|
||||||
Smack.txt
|
Smack.txt
|
||||||
- documentation on the Smack Linux Security Module.
|
- documentation on the Smack Linux Security Module.
|
||||||
Yama.txt
|
Yama.txt
|
||||||
|
|
|
@ -11551,6 +11551,7 @@ S: Supported
|
||||||
F: include/linux/selinux*
|
F: include/linux/selinux*
|
||||||
F: security/selinux/
|
F: security/selinux/
|
||||||
F: scripts/selinux/
|
F: scripts/selinux/
|
||||||
|
F: Documentation/admin-guide/LSM/SELinux.rst
|
||||||
|
|
||||||
APPARMOR SECURITY MODULE
|
APPARMOR SECURITY MODULE
|
||||||
M: John Johansen <john.johansen@canonical.com>
|
M: John Johansen <john.johansen@canonical.com>
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
Please see Documentation/security/SELinux.txt for information on
|
Please see Documentation/admin-guide/LSM/SELinux.rst for information on
|
||||||
installing a dummy SELinux policy.
|
installing a dummy SELinux policy.
|
||||||
|
|
Loading…
Reference in New Issue