initial commit
This commit is contained in:
Chris PeBenito
parent
78d30cb1f4
commit
01e30c9b2d
104
www/html/switch.html
Normal file
104
www/html/switch.html
Normal file
@ -0,0 +1,104 @@
|
||||
<h1>Switching to Reference Policy</h1>
|
||||
<p>
|
||||
This guide will walk you through switching to the targeted reference
|
||||
policy on a Fedora system.
|
||||
<p>
|
||||
<h2>
|
||||
Download and unpack the policy
|
||||
</h2>
|
||||
<p>
|
||||
The policy is <a href="index.php?page=download">available</a> and
|
||||
from Sourceforge. Download the policy, and unpack it to a temporary
|
||||
directory. Then use the install-src make target to install the policy
|
||||
sources.
|
||||
|
||||
<pre>
|
||||
# tar -jxvf refpolicy-20050711.tar.bz2 -C /tmp
|
||||
# cd /tmp/refpolicy
|
||||
# make install-src
|
||||
</pre>
|
||||
<h2>
|
||||
Configure the policy
|
||||
</h2>
|
||||
<p>
|
||||
Near the top of the policy Makefile, the policy has a few build options.
|
||||
The TYPE needs to be set to targeted, and the DISTRO option needs to be
|
||||
uncommented, and set to redhat. The Makefile is found in the
|
||||
/etc/selinux/refpolicy/src/policy/ directory.
|
||||
</p>
|
||||
<pre>
|
||||
########################################
|
||||
#
|
||||
# Configurable portions of the Makefile
|
||||
#
|
||||
|
||||
# Policy version
|
||||
# By default, checkpolicy will create the highest
|
||||
# version policy it supports. Setting this will
|
||||
# override the version.
|
||||
#OUTPUT_POLICY = 18
|
||||
|
||||
# Policy Type
|
||||
# strict, targeted, strict-mls, targeted-mls
|
||||
TYPE = <font color=red><b>targeted</b></font>
|
||||
|
||||
# Policy Name
|
||||
# If set, this will be used as the policy
|
||||
# name. Otherwise the policy type will be
|
||||
# used for the name.
|
||||
NAME = refpolicy
|
||||
|
||||
# Distribution
|
||||
# Some distributions have portions of policy
|
||||
# for programs or configurations specific to the
|
||||
# distribution. Setting this will enable options
|
||||
# for the distribution.
|
||||
# redhat, gentoo, debian, and suse are current options.
|
||||
# Fedora users should enable redhat.
|
||||
<font color=red><b>DISTRO = redhat</b></font>
|
||||
|
||||
# Build monolithic policy. Putting n here
|
||||
# will build a loadable module policy.
|
||||
# Only monolithic policies are currently supported.
|
||||
MONOLITHIC=y
|
||||
|
||||
# Uncomment this to disable command echoing
|
||||
#QUIET:=@
|
||||
</pre>
|
||||
<h2>
|
||||
Install the binary policy and application configuration files
|
||||
</h2>
|
||||
<pre>
|
||||
# cd /etc/selinux/refpolicy/src/policy
|
||||
# make install
|
||||
</pre>
|
||||
<h2>
|
||||
Change SELinux Configuration
|
||||
</h2>
|
||||
<p>
|
||||
Modify the /etc/selinux/config file, and set SELINUXTYPE to refpolicy.
|
||||
It should look similar to this:
|
||||
</p>
|
||||
<pre>
|
||||
# This file controls the state of SELinux on the system.
|
||||
# SELINUX= can take one of these three values:
|
||||
# enforcing - SELinux security policy is enforced.
|
||||
# permissive - SELinux prints warnings instead of enforcing.
|
||||
# disabled - No SELinux policy is loaded.
|
||||
SELINUX=enforcing
|
||||
# SELINUXTYPE= can take one of these two values:
|
||||
# targeted - Only targeted network daemons are protected.
|
||||
# strict - Full SELinux protection.
|
||||
SELINUXTYPE=<font color=red><b>refpolicy</b></font>
|
||||
</pre>
|
||||
<h2>
|
||||
Relabel
|
||||
</h2>
|
||||
<p>
|
||||
The system needs to be restarted with the new policy, and relabeled
|
||||
on booting.
|
||||
</p>
|
||||
<pre>
|
||||
# touch /.autorelabel
|
||||
# shutdown -r now
|
||||
</pre>
|
||||
Loading…
Reference in New Issue
Block a user