SELinux¶
If you want to use SELinux, chances are you will want to use the distro-provided policies, or install the latest reference policy release from
However, if you want to install a dummy policy for
testing, you can do using mdp
provided under
scripts/selinux. Note that this requires the selinux
userspace to be installed - in particular you will
need checkpolicy to compile a kernel, and setfiles and
fixfiles to label the filesystem.
Compile the kernel with selinux enabled.
Type
make
to compilemdp
.Make sure that you are not running with SELinux enabled and a real policy. If you are, reboot with selinux disabled before continuing.
Run install_policy.sh:
cd scripts/selinux sh install_policy.sh
Step 4 will create a new dummy policy valid for your
kernel, with a single selinux user, role, and type.
It will compile the policy, will set your SELINUXTYPE
to
dummy
in /etc/selinux/config
, install the compiled policy
as dummy
, and relabel your filesystem.