diff --git a/INSTALL b/INSTALL index 0b2632c..12885d2 100644 --- a/INSTALL +++ b/INSTALL @@ -1,6 +1,6 @@ -Reference Policy has a requirement of checkpolicy 1.28. Red Hat -Enterprise Linux 4 and Fedora Core 4 RPMs are available on -the Reference Policy download page at http://serefpolicy.sf.net, +Reference Policy has a requirement of checkpolicy 1.33.1 and +libsepol-1.16.2. Red Hat Enterprise Linux 4 and Fedora Core 4 RPMs +are available on the CLIP download page at http://oss.tresys.com, and can be installed thusly: Red Hat Enterprise Linux 4: diff --git a/README b/README index f4d8b21..37d5ce3 100644 --- a/README +++ b/README @@ -84,6 +84,7 @@ restorelabels Relabel the filesystem and report each file that is 2) Reference Policy Build Options (build.conf) TYPE String. Available options are standard, mls, and mcs. + For a type enforcement only system, set standard. This optionally enables multi-level security (MLS) or multi-category security (MCS) features. This option controls enable_mls, and enable_mcs policy blocks. @@ -109,14 +110,24 @@ DIRECT_INITRC Boolean. If set, sysadm will be allowed to directly This option controls direct_sysadm_daemon policy blocks. -POLY Boolean. If set, policy for polyinstantiated - directories will be enabled. This option controls - enable_polyinstantiation policy blocks. - OUTPUT_POLICY Integer. Set the version of the policy created when building a monolithic policy. This option has no effect on modular policy. +UNK_PERMS String. Set the kernel behavior for handling of + permissions defined in the kernel but missing from the + policy. The permissions can either be allowed, denied, + or the policy loading can be rejected. + +MLS_SENS Integer. Set the number of sensitivities in the MLS + policy. Ignored on standard and MCS policies. + +MLS_CATS Integer. Set the number of categories in the MLS + policy. Ignored on standard and MCS policies. + +MCS_CATS Integer. Set the number of categories in the MCS + policy. Ignored on standard and MLS policies. + QUIET Boolean. If set, the build system will only display status messages and error messages. This option has no effect on policy.