]>
Commit | Line | Data |
---|---|---|
93c06cbb | 1 | #!/bin/sh |
b2441318 | 2 | # SPDX-License-Identifier: GPL-2.0 |
93c06cbb SH |
3 | if [ `id -u` -ne 0 ]; then |
4 | echo "$0: must be root to install the selinux policy" | |
5 | exit 1 | |
6 | fi | |
7 | SF=`which setfiles` | |
8 | if [ $? -eq 1 ]; then | |
9 | if [ -f /sbin/setfiles ]; then | |
10 | SF="/usr/setfiles" | |
11 | else | |
12 | echo "no selinux tools installed: setfiles" | |
13 | exit 1 | |
14 | fi | |
15 | fi | |
16 | ||
17 | cd mdp | |
18 | ||
19 | CP=`which checkpolicy` | |
20 | VERS=`$CP -V | awk '{print $1}'` | |
21 | ||
22 | ./mdp policy.conf file_contexts | |
23 | $CP -o policy.$VERS policy.conf | |
24 | ||
25 | mkdir -p /etc/selinux/dummy/policy | |
26 | mkdir -p /etc/selinux/dummy/contexts/files | |
27 | ||
28 | cp file_contexts /etc/selinux/dummy/contexts/files | |
29 | cp dbus_contexts /etc/selinux/dummy/contexts | |
30 | cp policy.$VERS /etc/selinux/dummy/policy | |
31 | FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts | |
32 | ||
33 | if [ ! -d /etc/selinux ]; then | |
34 | mkdir -p /etc/selinux | |
35 | fi | |
36 | if [ ! -f /etc/selinux/config ]; then | |
37 | cat > /etc/selinux/config << EOF | |
38 | SELINUX=enforcing | |
39 | SELINUXTYPE=dummy | |
40 | EOF | |
41 | else | |
42 | TYPE=`cat /etc/selinux/config | grep "^SELINUXTYPE" | tail -1 | awk -F= '{ print $2 '}` | |
43 | if [ "eq$TYPE" != "eqdummy" ]; then | |
44 | selinuxenabled | |
45 | if [ $? -eq 0 ]; then | |
46 | echo "SELinux already enabled with a non-dummy policy." | |
47 | echo "Exiting. Please install policy by hand if that" | |
48 | echo "is what you REALLY want." | |
49 | exit 1 | |
50 | fi | |
51 | mv /etc/selinux/config /etc/selinux/config.mdpbak | |
52 | grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config | |
53 | echo "SELINUXTYPE=dummy" >> /etc/selinux/config | |
54 | fi | |
55 | fi | |
56 | ||
57 | cd /etc/selinux/dummy/contexts/files | |
58 | $SF file_contexts / | |
59 | ||
60 | mounts=`cat /proc/$$/mounts | egrep "ext2|ext3|xfs|jfs|ext4|ext4dev|gfs2" | awk '{ print $2 '}` | |
61 | $SF file_contexts $mounts | |
62 | ||
63 | ||
64 | dodev=`cat /proc/$$/mounts | grep "/dev "` | |
65 | if [ "eq$dodev" != "eq" ]; then | |
66 | mount --move /dev /mnt | |
67 | $SF file_contexts /dev | |
68 | mount --move /mnt /dev | |
69 | fi |