Commit 229fd05c authored by Kees Cook's avatar Kees Cook Committed by Jonathan Corbet
Browse files

doc: ReSTify SELinux.txt 



Adjusts for ReST markup and moves under LSM admin guide.

Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
parent 504f231c

Documentation/security/SELinux.txtDocumentation/admin-guide/LSM/SELinux.rst

+12 −6
Original line number Diff line number Diff line 
=======

SELinux

=======



If you want to use SELinux, chances are you will want

to use the distro-provided policies, or install the

latest reference policy release from



	http://oss.tresys.com/projects/refpolicy



However, if you want to install a dummy policy for

testing, you can do using 'mdp' provided under

testing, you can do using ``mdp`` provided under

scripts/selinux.  Note that this requires the selinux

userspace to be installed - in particular you will

need checkpolicy to compile a kernel, and setfiles and

fixfiles to label the filesystem.



	1. Compile the kernel with selinux enabled.

	2. Type 'make' to compile mdp.

	2. Type ``make`` to compile ``mdp``.

	3. Make sure that you are not running with

	   SELinux enabled and a real policy.  If

	   you are, reboot with selinux disabled

	   before continuing.

	4. Run install_policy.sh:

	4. Run install_policy.sh::



		cd scripts/selinux

		sh install_policy.sh



Step 4 will create a new dummy policy valid for your

kernel, with a single selinux user, role, and type.

It will compile the policy, will set your SELINUXTYPE to

dummy in /etc/selinux/config, install the compiled policy

as 'dummy', and relabel your filesystem.
 
It will compile the policy, will set your ``SELINUXTYPE`` to

``dummy`` in ``/etc/selinux/config``, install the compiled policy

as ``dummy``, and relabel your filesystem.

Documentation/admin-guide/LSM/index.rst

+5 −0
Original line number Diff line number Diff line
@@ -29,3 +29,8 @@ will always include the capability module. The list reflects the 
order in which checks are made. The capability module will always

be first, followed by any "minor" modules (e.g. Yama) and then

the one "major" module (e.g. SELinux) if there is one configured.



.. toctree::

   :maxdepth: 1



   SELinux

Documentation/security/00-INDEX

+0 −2
Original line number Diff line number Diff line 
00-INDEX

	- this file.

SELinux.txt

	- how to get started with the SELinux security enhancement.

Smack.txt

	- documentation on the Smack Linux Security Module.

Yama.txt

MAINTAINERS

+1 −0
Original line number Diff line number Diff line
@@ -11551,6 +11551,7 @@ S: Supported 
F:	include/linux/selinux*

F:	security/selinux/

F:	scripts/selinux/

F:	Documentation/admin-guide/LSM/SELinux.rst



APPARMOR SECURITY MODULE

M:	John Johansen <john.johansen@canonical.com>

scripts/selinux/README

+1 −1
Original line number Diff line number Diff line 
Please see Documentation/security/SELinux.txt for information on

Please see Documentation/admin-guide/LSM/SELinux.rst for information on

installing a dummy SELinux policy.