0001 =======
0002 SELinux
0003 =======
0004
0005 If you want to use SELinux, chances are you will want
0006 to use the distro-provided policies, or install the
0007 latest reference policy release from
0008
0009 https://github.com/SELinuxProject/refpolicy
0010
0011 However, if you want to install a dummy policy for
0012 testing, you can do using ``mdp`` provided under
0013 scripts/selinux. Note that this requires the selinux
0014 userspace to be installed - in particular you will
0015 need checkpolicy to compile a kernel, and setfiles and
0016 fixfiles to label the filesystem.
0017
0018 1. Compile the kernel with selinux enabled.
0019 2. Type ``make`` to compile ``mdp``.
0020 3. Make sure that you are not running with
0021 SELinux enabled and a real policy. If
0022 you are, reboot with selinux disabled
0023 before continuing.
0024 4. Run install_policy.sh::
0025
0026 cd scripts/selinux
0027 sh install_policy.sh
0028
0029 Step 4 will create a new dummy policy valid for your
0030 kernel, with a single selinux user, role, and type.
0031 It will compile the policy, will set your ``SELINUXTYPE`` to
0032 ``dummy`` in ``/etc/selinux/config``, install the compiled policy
0033 as ``dummy``, and relabel your filesystem.
