Commit 229fd05c authored by Kees Cook's avatar Kees Cook Committed by Jonathan Corbet

doc: ReSTify SELinux.txt

Adjusts for ReST markup and moves under LSM admin guide.

Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
parent 504f231c
=======
SELinux
=======
If you want to use SELinux, chances are you will want If you want to use SELinux, chances are you will want
to use the distro-provided policies, or install the to use the distro-provided policies, or install the
latest reference policy release from latest reference policy release from
http://oss.tresys.com/projects/refpolicy http://oss.tresys.com/projects/refpolicy
However, if you want to install a dummy policy for However, if you want to install a dummy policy for
testing, you can do using 'mdp' provided under testing, you can do using ``mdp`` provided under
scripts/selinux. Note that this requires the selinux scripts/selinux. Note that this requires the selinux
userspace to be installed - in particular you will userspace to be installed - in particular you will
need checkpolicy to compile a kernel, and setfiles and need checkpolicy to compile a kernel, and setfiles and
fixfiles to label the filesystem. fixfiles to label the filesystem.
1. Compile the kernel with selinux enabled. 1. Compile the kernel with selinux enabled.
2. Type 'make' to compile mdp. 2. Type ``make`` to compile ``mdp``.
3. Make sure that you are not running with 3. Make sure that you are not running with
SELinux enabled and a real policy. If SELinux enabled and a real policy. If
you are, reboot with selinux disabled you are, reboot with selinux disabled
before continuing. before continuing.
4. Run install_policy.sh: 4. Run install_policy.sh::
cd scripts/selinux cd scripts/selinux
sh install_policy.sh sh install_policy.sh
Step 4 will create a new dummy policy valid for your Step 4 will create a new dummy policy valid for your
kernel, with a single selinux user, role, and type. kernel, with a single selinux user, role, and type.
It will compile the policy, will set your SELINUXTYPE to It will compile the policy, will set your ``SELINUXTYPE`` to
dummy in /etc/selinux/config, install the compiled policy ``dummy`` in ``/etc/selinux/config``, install the compiled policy
as 'dummy', and relabel your filesystem. as ``dummy``, and relabel your filesystem.
...@@ -29,3 +29,8 @@ will always include the capability module. The list reflects the ...@@ -29,3 +29,8 @@ will always include the capability module. The list reflects the
order in which checks are made. The capability module will always order in which checks are made. The capability module will always
be first, followed by any "minor" modules (e.g. Yama) and then be first, followed by any "minor" modules (e.g. Yama) and then
the one "major" module (e.g. SELinux) if there is one configured. the one "major" module (e.g. SELinux) if there is one configured.
.. toctree::
:maxdepth: 1
SELinux
00-INDEX 00-INDEX
- this file. - this file.
SELinux.txt
- how to get started with the SELinux security enhancement.
Smack.txt Smack.txt
- documentation on the Smack Linux Security Module. - documentation on the Smack Linux Security Module.
Yama.txt Yama.txt
......
...@@ -11551,6 +11551,7 @@ S: Supported ...@@ -11551,6 +11551,7 @@ S: Supported
F: include/linux/selinux* F: include/linux/selinux*
F: security/selinux/ F: security/selinux/
F: scripts/selinux/ F: scripts/selinux/
F: Documentation/admin-guide/LSM/SELinux.rst
APPARMOR SECURITY MODULE APPARMOR SECURITY MODULE
M: John Johansen <john.johansen@canonical.com> M: John Johansen <john.johansen@canonical.com>
......
Please see Documentation/security/SELinux.txt for information on Please see Documentation/admin-guide/LSM/SELinux.rst for information on
installing a dummy SELinux policy. installing a dummy SELinux policy.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment