Commit | Line | Data |
---|---|---|
93c06cbb SH |
1 | #!/bin/sh |
2 | if [ `id -u` -ne 0 ]; then | |
3 | echo "$0: must be root to install the selinux policy" | |
4 | exit 1 | |
5 | fi | |
6 | SF=`which setfiles` | |
7 | if [ $? -eq 1 ]; then | |
8 | if [ -f /sbin/setfiles ]; then | |
9 | SF="/usr/setfiles" | |
10 | else | |
11 | echo "no selinux tools installed: setfiles" | |
12 | exit 1 | |
13 | fi | |
14 | fi | |
15 | ||
16 | cd mdp | |
17 | ||
18 | CP=`which checkpolicy` | |
19 | VERS=`$CP -V | awk '{print $1}'` | |
20 | ||
21 | ./mdp policy.conf file_contexts | |
22 | $CP -o policy.$VERS policy.conf | |
23 | ||
24 | mkdir -p /etc/selinux/dummy/policy | |
25 | mkdir -p /etc/selinux/dummy/contexts/files | |
26 | ||
27 | cp file_contexts /etc/selinux/dummy/contexts/files | |
28 | cp dbus_contexts /etc/selinux/dummy/contexts | |
29 | cp policy.$VERS /etc/selinux/dummy/policy | |
30 | FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts | |
31 | ||
32 | if [ ! -d /etc/selinux ]; then | |
33 | mkdir -p /etc/selinux | |
34 | fi | |
35 | if [ ! -f /etc/selinux/config ]; then | |
36 | cat > /etc/selinux/config << EOF | |
37 | SELINUX=enforcing | |
38 | SELINUXTYPE=dummy | |
39 | EOF | |
40 | else | |
41 | TYPE=`cat /etc/selinux/config | grep "^SELINUXTYPE" | tail -1 | awk -F= '{ print $2 '}` | |
42 | if [ "eq$TYPE" != "eqdummy" ]; then | |
43 | selinuxenabled | |
44 | if [ $? -eq 0 ]; then | |
45 | echo "SELinux already enabled with a non-dummy policy." | |
46 | echo "Exiting. Please install policy by hand if that" | |
47 | echo "is what you REALLY want." | |
48 | exit 1 | |
49 | fi | |
50 | mv /etc/selinux/config /etc/selinux/config.mdpbak | |
51 | grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config | |
52 | echo "SELINUXTYPE=dummy" >> /etc/selinux/config | |
53 | fi | |
54 | fi | |
55 | ||
56 | cd /etc/selinux/dummy/contexts/files | |
57 | $SF file_contexts / | |
58 | ||
59 | mounts=`cat /proc/$$/mounts | egrep "ext2|ext3|xfs|jfs|ext4|ext4dev|gfs2" | awk '{ print $2 '}` | |
60 | $SF file_contexts $mounts | |
61 | ||
62 | ||
63 | dodev=`cat /proc/$$/mounts | grep "/dev "` | |
64 | if [ "eq$dodev" != "eq" ]; then | |
65 | mount --move /dev /mnt | |
66 | $SF file_contexts /dev | |
67 | mount --move /mnt /dev | |
68 | fi | |
69 |