Re: updated SELinux FAQ

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bob Gustafson wrote:

On Sat, 08 May 2004 00:34:02 -0400 Richard Hally wrote:

Q: I have installed Fedora Core 2 without SELinux, what are the steps to
start using SELinux?
A:


snip


4. cd /etc/security/selinux/src/policy
   make load
	(to make sure the policy and file_contexts were built correctly)
   make relabel
	 (this will take a while, it accesses every file on the system)


(I'm coming from the newbie user side, so hopefully my questions would
qualify as FAQ questions?)

I added the following as a comment to your bugzilla entry.

----------

I wonder if there is a configuration problem with the policy files.

In the /etc/security/selinux/src/policy/Makefile (mine at least), there
is no mention of policy.17 as an output file, but I do have a policy.17
file in that directory and in the /etc/security/selinux directories (see
below).

Where are all of these things dropping from, and what is the source used
in generating policy.15, policy.16, policy.17.

Also, what is the meaning of 'load' when applied to a policy file. And
how can one determine what policy file is 'active'? (whatever that means)

  [root@hoho2 policy]# more /home/user1/policy.bug

  [root@hoho2 policy]# pwd
  /etc/security/selinux/src/policy

  [root@hoho2 policy]# grep 15 Makefile
        $(CHECKPOLICY) -c 15 -o $(INSTALLDIR)/policy.15 policy.conf
  [root@hoho2 policy]# grep 16 Makefile
        $(CHECKPOLICY) -c 16 -o $(INSTALLDIR)/policy.16 policy.conf
  [root@hoho2 policy]# grep 17 Makefile

  [root@hoho2 policy]# ls -l ../..
  total 21752
  -rw-r--r--  1 root root   86912 May  5 23:30 file_contexts
  -rw-r--r--  1 root root 7369029 May  5 23:30 policy.15
  -rw-r--r--  1 root root 7370766 May  5 23:30 policy.16
  -rw-r--r--  1 root root 7371078 May  5 23:29 policy.17
  drwx------  3 root root    4096 Apr 28 21:04 src


[root@hoho2 policy]# ls -l ../../policy.17 -rw-r--r-- 1 root root 7371078 May 5 23:29 ../../policy.17 [root@hoho2 policy]# ls -l policy.17 -rw------- 1 root root 7346892 Apr 28 21:04 policy.17

These are not the same files, both size and date differ.

  [root@hoho2 policy]# file policy.17
  policy.17: SE Linux policy v17 6 symbols 7 ocons
  [root@hoho2 policy]#

That is pretty nifty. Maybe having some sort of 'source stamp' would be
a useful addition somewhere, not necessarily in the file text though.
(But maybe)

  [root@hoho2 policy]# checkpolicy -h
  checkpolicy: invalid option -- h
  usage:  checkpolicy [-b] [-d] [-c policyvers (15-17)] [-o
      output_file] [input_file]
  [root@hoho2 policy]# checkpolicy -b policy.17
  checkpolicy:  loading policy configuration from policy.17
  security:  5 users, 7 roles, 1244 types, 1 bools
  security:  30 classes, 301755 rules
  checkpolicy:  policy configuration loaded
  [root@hoho2 policy]#

Loaded? What does that mean? Have I accidently changed my whole security
configuration?

No indication of what policy.conf or other files were used to make up
this (binary) file.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list

I'm a little surprised that you didn't read the Makefile and find 'cat /selinux/policyvers'. Also the man pages help.
One thing that is not really explained (that I recall) is that installing the 'policy' rpm puts pre-compiled 'policy{15,16,17}' in the "install dir" (which for this rpm is /etc/security/selinux) while installing the 'policy-sources' rpm does it's thing in /etc/security/selinux/src/policy and then builds the binary policy{15,16,17} and moves(selinux "install") them to the /etc/security/selinux/ dir.
HTH
Richard Hally



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux