]>
Commit | Line | Data |
---|---|---|
93c06cbb | 1 | #!/bin/sh |
b2441318 | 2 | # SPDX-License-Identifier: GPL-2.0 |
e37c1877 | 3 | set -e |
93c06cbb SH |
4 | if [ `id -u` -ne 0 ]; then |
5 | echo "$0: must be root to install the selinux policy" | |
6 | exit 1 | |
7 | fi | |
e37c1877 | 8 | |
93c06cbb SH |
9 | SF=`which setfiles` |
10 | if [ $? -eq 1 ]; then | |
e37c1877 SS |
11 | echo "Could not find setfiles" |
12 | echo "Do you have policycoreutils installed?" | |
13 | exit 1 | |
93c06cbb SH |
14 | fi |
15 | ||
93c06cbb | 16 | CP=`which checkpolicy` |
e37c1877 SS |
17 | if [ $? -eq 1 ]; then |
18 | echo "Could not find checkpolicy" | |
19 | echo "Do you have checkpolicy installed?" | |
20 | exit 1 | |
21 | fi | |
93c06cbb SH |
22 | VERS=`$CP -V | awk '{print $1}'` |
23 | ||
e37c1877 SS |
24 | ENABLED=`which selinuxenabled` |
25 | if [ $? -eq 1 ]; then | |
26 | echo "Could not find selinuxenabled" | |
27 | echo "Do you have libselinux-utils installed?" | |
28 | exit 1 | |
29 | fi | |
30 | ||
31 | if selinuxenabled; then | |
32 | echo "SELinux is already enabled" | |
33 | echo "This prevents safely relabeling all files." | |
34 | echo "Boot with selinux=0 on the kernel command-line or" | |
35 | echo "SELINUX=disabled in /etc/selinux/config." | |
36 | exit 1 | |
37 | fi | |
38 | ||
39 | cd mdp | |
40 | ./mdp -m policy.conf file_contexts | |
41 | $CP -U allow -M -o policy.$VERS policy.conf | |
93c06cbb SH |
42 | |
43 | mkdir -p /etc/selinux/dummy/policy | |
44 | mkdir -p /etc/selinux/dummy/contexts/files | |
45 | ||
e37c1877 SS |
46 | echo "__default__:user_u:s0" > /etc/selinux/dummy/seusers |
47 | echo "base_r:base_t:s0" > /etc/selinux/dummy/contexts/failsafe_context | |
48 | echo "base_r:base_t:s0 base_r:base_t:s0" > /etc/selinux/dummy/default_contexts | |
49 | cat > /etc/selinux/dummy/contexts/x_contexts <<EOF | |
50 | client * user_u:base_r:base_t:s0 | |
51 | property * user_u:object_r:base_t:s0 | |
52 | extension * user_u:object_r:base_t:s0 | |
53 | selection * user_u:object_r:base_t:s0 | |
54 | event * user_u:object_r:base_t:s0 | |
55 | EOF | |
56 | touch /etc/selinux/dummy/contexts/virtual_domain_context | |
57 | touch /etc/selinux/dummy/contexts/virtual_image_context | |
58 | ||
93c06cbb SH |
59 | cp file_contexts /etc/selinux/dummy/contexts/files |
60 | cp dbus_contexts /etc/selinux/dummy/contexts | |
61 | cp policy.$VERS /etc/selinux/dummy/policy | |
62 | FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts | |
63 | ||
64 | if [ ! -d /etc/selinux ]; then | |
65 | mkdir -p /etc/selinux | |
66 | fi | |
e37c1877 SS |
67 | if [ -f /etc/selinux/config ]; then |
68 | echo "/etc/selinux/config exists, moving to /etc/selinux/config.bak." | |
69 | mv /etc/selinux/config /etc/selinux/config.bak | |
70 | fi | |
71 | echo "Creating new /etc/selinux/config for dummy policy." | |
72 | cat > /etc/selinux/config << EOF | |
73 | SELINUX=permissive | |
93c06cbb SH |
74 | SELINUXTYPE=dummy |
75 | EOF | |
93c06cbb SH |
76 | |
77 | cd /etc/selinux/dummy/contexts/files | |
e37c1877 | 78 | $SF -F file_contexts / |
93c06cbb | 79 | |
e37c1877 SS |
80 | mounts=`cat /proc/$$/mounts | \ |
81 | egrep "ext[234]|jfs|xfs|reiserfs|jffs2|gfs2|btrfs|f2fs|ocfs2" | \ | |
82 | awk '{ print $2 '}` | |
83 | $SF -F file_contexts $mounts | |
93c06cbb | 84 | |
e37c1877 | 85 | echo "-F" > /.autorelabel |