Serge E. Hallyn | 93c06cb | 2008-08-26 14:47:57 -0500 | [diff] [blame] | 1 | #!/bin/sh |
Greg Kroah-Hartman | b244131 | 2017-11-01 15:07:57 +0100 | [diff] [blame] | 2 | # SPDX-License-Identifier: GPL-2.0 |
Serge E. Hallyn | 93c06cb | 2008-08-26 14:47:57 -0500 | [diff] [blame] | 3 | if [ `id -u` -ne 0 ]; then |
| 4 | echo "$0: must be root to install the selinux policy" |
| 5 | exit 1 |
| 6 | fi |
| 7 | SF=`which setfiles` |
| 8 | if [ $? -eq 1 ]; then |
| 9 | if [ -f /sbin/setfiles ]; then |
| 10 | SF="/usr/setfiles" |
| 11 | else |
| 12 | echo "no selinux tools installed: setfiles" |
| 13 | exit 1 |
| 14 | fi |
| 15 | fi |
| 16 | |
| 17 | cd mdp |
| 18 | |
| 19 | CP=`which checkpolicy` |
| 20 | VERS=`$CP -V | awk '{print $1}'` |
| 21 | |
| 22 | ./mdp policy.conf file_contexts |
| 23 | $CP -o policy.$VERS policy.conf |
| 24 | |
| 25 | mkdir -p /etc/selinux/dummy/policy |
| 26 | mkdir -p /etc/selinux/dummy/contexts/files |
| 27 | |
| 28 | cp file_contexts /etc/selinux/dummy/contexts/files |
| 29 | cp dbus_contexts /etc/selinux/dummy/contexts |
| 30 | cp policy.$VERS /etc/selinux/dummy/policy |
| 31 | FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts |
| 32 | |
| 33 | if [ ! -d /etc/selinux ]; then |
| 34 | mkdir -p /etc/selinux |
| 35 | fi |
| 36 | if [ ! -f /etc/selinux/config ]; then |
| 37 | cat > /etc/selinux/config << EOF |
| 38 | SELINUX=enforcing |
| 39 | SELINUXTYPE=dummy |
| 40 | EOF |
| 41 | else |
| 42 | TYPE=`cat /etc/selinux/config | grep "^SELINUXTYPE" | tail -1 | awk -F= '{ print $2 '}` |
| 43 | if [ "eq$TYPE" != "eqdummy" ]; then |
| 44 | selinuxenabled |
| 45 | if [ $? -eq 0 ]; then |
| 46 | echo "SELinux already enabled with a non-dummy policy." |
| 47 | echo "Exiting. Please install policy by hand if that" |
| 48 | echo "is what you REALLY want." |
| 49 | exit 1 |
| 50 | fi |
| 51 | mv /etc/selinux/config /etc/selinux/config.mdpbak |
| 52 | grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config |
| 53 | echo "SELINUXTYPE=dummy" >> /etc/selinux/config |
| 54 | fi |
| 55 | fi |
| 56 | |
| 57 | cd /etc/selinux/dummy/contexts/files |
| 58 | $SF file_contexts / |
| 59 | |
| 60 | mounts=`cat /proc/$$/mounts | egrep "ext2|ext3|xfs|jfs|ext4|ext4dev|gfs2" | awk '{ print $2 '}` |
| 61 | $SF file_contexts $mounts |
| 62 | |
| 63 | |
| 64 | dodev=`cat /proc/$$/mounts | grep "/dev "` |
| 65 | if [ "eq$dodev" != "eq" ]; then |
| 66 | mount --move /dev /mnt |
| 67 | $SF file_contexts /dev |
| 68 | mount --move /mnt /dev |
| 69 | fi |