Changeset 237
- Timestamp:
- 08/13/08 15:44:14
(3 months ago)
- Author:
- slawrence
- Message:
Install the selinux-relabel script to relabel the filesystem after rebooting after installing clip selinux policy
Update README
-
Files:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
| r236 |
r237 |
|
| 35 | 35 | * Update the selinux toolchain |
|---|
| 36 | 36 | |
|---|
| 37 | | ARCH=`uname -i` |
|---|
| | 37 | Note: In the follow commands, replace $ARCH with your system architecture (either i386 or x86_64) |
|---|
| 38 | 38 | |
|---|
| 39 | 39 | cd clip/selinux-usr |
|---|
| … | … | |
| 60 | 60 | make clip-rpm selinux-policy-clip-rpm |
|---|
| 61 | 61 | |
|---|
| 62 | | * Copy the following rpms needed for the production system to a cd or usb drive: |
|---|
| | 62 | * You will need to install the following rpms on the production (See the INSTALL file for details on installing the production system): |
|---|
| 63 | 63 | |
|---|
| 64 | 64 | clip/RPM/clip-2.0-1.$ARCH.rpm |
|---|
| … | … | |
| 71 | 71 | clip/RPM/policycoreutils-newrole-1.34.16-1.$ARCH.rpm |
|---|
| 72 | 72 | clip/RPM/checkpolicy-1.34.7-1.$ARCH.rpm |
|---|
| 73 | | |
|---|
| 74 | | * See the INSTALL file for installing the clip production system and the rpms |
|---|
| r235 |
r237 |
|
| 41 | 41 | make NAME=%{polname} DESTDIR=$RPM_BUILD_ROOT $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%{polname}/contexts/netfilter_contexts |
|---|
| 42 | 42 | make NAME=%{polname} DESTDIR=$RPM_BUILD_ROOT install |
|---|
| | 43 | # install relabel script |
|---|
| | 44 | %{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/init.d |
|---|
| | 45 | make NAME=%{polname} DESTDIR=$RPM_BUILD_ROOT $RPM_BUILD_ROOT%{_sysconfdir}/init.d/selinux-relabel |
|---|
| 43 | 46 | |
|---|
| 44 | 47 | %clean |
|---|
| … | … | |
| 72 | 75 | %config %{_sysconfdir}/selinux/%{polname}/users/system.users |
|---|
| 73 | 76 | %config %{_sysconfdir}/selinux/%{polname}/users/local.users |
|---|
| | 77 | %{_sysconfdir}/init.d/selinux-relabel |
|---|
| 74 | 78 | #%ghost %dir %{_sysconfdir}/selinux/*/modules |
|---|
| 75 | 79 | |
|---|
| … | … | |
| 100 | 104 | echo "" > /etc/selinux/%{polname}/booleans |
|---|
| 101 | 105 | touch /.autorelabel |
|---|
| | 106 | #relabel the fs |
|---|
| | 107 | chkconfig --del selinux-relabel 2>/dev/null |
|---|
| | 108 | chkconfig --add selinux-relabel |
|---|
| | 109 | %{_sysconfdir}/init.d/selinux-relabel start |
|---|
| | 110 | %{_sysconfdir}/init.d/selinux-relabel switch clip enforcing |
|---|
| | 111 | echo "**********************************************************************" |
|---|
| | 112 | echo "The loading of the clip selinux policy has failed because of changes" |
|---|
| | 113 | echo "in class definitions. This is expected behavior. You must reboot for" |
|---|
| | 114 | echo "the clip selinux policy to load." |
|---|
| | 115 | echo "**********************************************************************" |
|---|
| 102 | 116 | echo "Please reboot the system *now*" |
|---|
| 103 | 117 | exit 0 |
|---|
| r235 |
r237 |
|
| 41 | 41 | make NAME=%{polname} DESTDIR=$RPM_BUILD_ROOT $RPM_BUILD_ROOT%{_sysconfdir}/selinux/%{polname}/contexts/netfilter_contexts |
|---|
| 42 | 42 | make NAME=%{polname} DESTDIR=$RPM_BUILD_ROOT install |
|---|
| | 43 | # install relabel script |
|---|
| | 44 | %{__mkdir} -p $RPM_BUILD_ROOT/%{_sysconfdir}/init.d |
|---|
| | 45 | make NAME=%{polname} DESTDIR=$RPM_BUILD_ROOT $RPM_BUILD_ROOT%{_sysconfdir}/init.d/selinux-relabel |
|---|
| 43 | 46 | |
|---|
| 44 | 47 | %clean |
|---|
| … | … | |
| 72 | 75 | %config %{_sysconfdir}/selinux/%{polname}/users/system.users |
|---|
| 73 | 76 | %config %{_sysconfdir}/selinux/%{polname}/users/local.users |
|---|
| | 77 | %{_sysconfdir}/init.d/selinux-relabel |
|---|
| 74 | 78 | #%ghost %dir %{_sysconfdir}/selinux/*/modules |
|---|
| 75 | 79 | |
|---|
| … | … | |
| 93 | 97 | echo "" > /etc/selinux/%{polname}/booleans |
|---|
| 94 | 98 | touch /.autorelabel |
|---|
| | 99 | #relabel the fs |
|---|
| | 100 | chkconfig --del selinux-relabel 2>/dev/null |
|---|
| | 101 | chkconfig --add selinux-relabel |
|---|
| | 102 | %{_sysconfdir}/init.d/selinux-relabel start |
|---|
| | 103 | %{_sysconfdir}/init.d/selinux-relabel switch clip enforcing |
|---|
| | 104 | echo "**********************************************************************" |
|---|
| | 105 | echo "The loading of the clip selinux policy has failed because of changes" |
|---|
| | 106 | echo "in class definitions. This is expected behavior. You must reboot for" |
|---|
| | 107 | echo "the clip selinux policy to load." |
|---|
| | 108 | echo "**********************************************************************" |
|---|
| 95 | 109 | echo "Please reboot the system *now*" |
|---|
| 96 | 110 | exit 0 |
|---|
| r230 |
r237 |
|
| 158 | 158 | headerdir = $(modpkgdir)/include |
|---|
| 159 | 159 | docsdir = $(prefix)/share/doc/$(PKGNAME) |
|---|
| | 160 | initdir = $(DESTDIR)/etc/init.d |
|---|
| 160 | 161 | |
|---|
| 161 | 162 | # enable MLS if requested. |
|---|
| … | … | |
| 491 | 492 | ######################################## |
|---|
| 492 | 493 | # |
|---|
| | 494 | # Install relabel script |
|---|
| | 495 | # |
|---|
| | 496 | $(initdir)/selinux-relabel: support/selinux-relabel |
|---|
| | 497 | @mkdir -p $(initdir) |
|---|
| | 498 | @echo "Installing selinux-relabel" |
|---|
| | 499 | $(verbose) $(INSTALL) -b -m 755 $< $@ |
|---|
| | 500 | |
|---|
| | 501 | ######################################## |
|---|
| | 502 | # |
|---|
| 493 | 503 | # Build Appconfig files |
|---|
| 494 | 504 | # |
|---|
Download in other formats:
* Generating other formats may take time.
