diff --git a/www/html/switch.html b/www/html/switch.html new file mode 100644 index 0000000..b76caf6 --- /dev/null +++ b/www/html/switch.html @@ -0,0 +1,104 @@ +
+ This guide will walk you through switching to the targeted reference + policy on a Fedora system. +
+
+ The policy is available and + from Sourceforge. Download the policy, and unpack it to a temporary + directory. Then use the install-src make target to install the policy + sources. + +
+# tar -jxvf refpolicy-20050711.tar.bz2 -C /tmp +# cd /tmp/refpolicy +# make install-src ++
+ Near the top of the policy Makefile, the policy has a few build options. + The TYPE needs to be set to targeted, and the DISTRO option needs to be + uncommented, and set to redhat. The Makefile is found in the + /etc/selinux/refpolicy/src/policy/ directory. +
++######################################## +# +# Configurable portions of the Makefile +# + +# Policy version +# By default, checkpolicy will create the highest +# version policy it supports. Setting this will +# override the version. +#OUTPUT_POLICY = 18 + +# Policy Type +# strict, targeted, strict-mls, targeted-mls +TYPE = targeted + +# Policy Name +# If set, this will be used as the policy +# name. Otherwise the policy type will be +# used for the name. +NAME = refpolicy + +# Distribution +# Some distributions have portions of policy +# for programs or configurations specific to the +# distribution. Setting this will enable options +# for the distribution. +# redhat, gentoo, debian, and suse are current options. +# Fedora users should enable redhat. +DISTRO = redhat + +# Build monolithic policy. Putting n here +# will build a loadable module policy. +# Only monolithic policies are currently supported. +MONOLITHIC=y + +# Uncomment this to disable command echoing +#QUIET:=@ ++
+# cd /etc/selinux/refpolicy/src/policy +# make install ++
+ Modify the /etc/selinux/config file, and set SELINUXTYPE to refpolicy. + It should look similar to this: +
++# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings instead of enforcing. +# disabled - No SELinux policy is loaded. +SELINUX=enforcing +# SELINUXTYPE= can take one of these two values: +# targeted - Only targeted network daemons are protected. +# strict - Full SELinux protection. +SELINUXTYPE=refpolicy ++
+ The system needs to be restarted with the new policy, and relabeled + on booting. +
++# touch /.autorelabel +# shutdown -r now +