diff --git a/www/html/getting-started.html b/www/html/getting-started.html index 65070856..e26f3502 100644 --- a/www/html/getting-started.html +++ b/www/html/getting-started.html @@ -1,6 +1,8 @@

Getting Started

This guide will walk you through the basics of creating a new reference policy module. This will also serve as an introduction to the basics concepts and philosophy of refpolicy. +To install and use a targeted Reference Policy on a Fedora Core 4 system, see the +switching guide.

Creating A Module

diff --git a/www/html/menu.html b/www/html/menu.html index b29fa1d9..4761b65d 100644 --- a/www/html/menu.html +++ b/www/html/menu.html @@ -1,9 +1,10 @@ - Reference Policy Home
- Status/Roadmap
- Contributing
+ Reference Policy Home
+ Status/Roadmap
+ Contributing
Documentation
- Getting Started
+ - Switch to Reference Policy
- Interface Reference
- Download
+ Download
diff --git a/www/html/switch.html b/www/html/switch.html index b76caf6d..43a60134 100644 --- a/www/html/switch.html +++ b/www/html/switch.html @@ -1,4 +1,4 @@ -

Switching to Reference Policy

+

Switching to Targeted Reference Policy

This guide will walk you through switching to the targeted reference policy on a Fedora system. @@ -11,21 +11,34 @@ from Sourceforge. Download the policy, and unpack it to a temporary directory. Then use the install-src make target to install the policy sources. - +

+
-# tar -jxvf refpolicy-20050711.tar.bz2 -C /tmp
+# tar -jxvf refpolicy-xxxxxxxx.tar.bz2 -C /tmp
 # cd /tmp/refpolicy
 # make install-src
 
+

Configure the policy

+

+ The policy source is found in the + /etc/selinux/refpolicy/src/policy/ directory. + Use the example targeted modules configuration. +

+
+
+# cd /etc/selinux/refpolicy/src/policy
+# cp policy/modules.conf.targeted_example policy/modules.conf
+
+

Near the top of the policy Makefile, the policy has a few build options. The TYPE needs to be set to targeted, and the DISTRO option needs to be - uncommented, and set to redhat. The Makefile is found in the - /etc/selinux/refpolicy/src/policy/ directory. + uncommented and set to redhat.

+
 ########################################
 #
@@ -65,13 +78,19 @@ MONOLITHIC=y
 # Uncomment this to disable command echoing
 #QUIET:=@
 
+

- Install the binary policy and application configuration files + Install the policy

+

+ Next, install the policy, application configuration files, and + file contexts. +

+
-# cd /etc/selinux/refpolicy/src/policy
 # make install
 
+

Change SELinux Configuration

@@ -79,6 +98,7 @@ MONOLITHIC=y Modify the /etc/selinux/config file, and set SELINUXTYPE to refpolicy. It should look similar to this:

+
 # This file controls the state of SELinux on the system.
 # SELINUX= can take one of these three values:
@@ -91,14 +111,17 @@ SELINUX=enforcing
 #       strict - Full SELinux protection.
 SELINUXTYPE=refpolicy
 
+

- Relabel + Restart and Relabel

The system needs to be restarted with the new policy, and relabeled on booting.

+
 # touch /.autorelabel
 # shutdown -r now
 
+
diff --git a/www/publish.sh b/www/publish.sh index 6c6e5416..0280bed6 100755 --- a/www/publish.sh +++ b/www/publish.sh @@ -3,4 +3,4 @@ # This will 'publish' the reference policy website. cp ../refpolicy/Changelog html/Changelog.txt -rsync -r . shell.sf.net:/home/groups/s/se/serefpolicy/htdocs +rsync -avr --exclude .svn . shell.sf.net:/home/groups/s/se/serefpolicy/htdocs