Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/Documentation/admin-guide/LSM/SELinux.rst 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) =======
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) SELinux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) =======
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5) If you want to use SELinux, chances are you will want
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) to use the distro-provided policies, or install the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) latest reference policy release from
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) 	https://github.com/SELinuxProject/refpolicy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) However, if you want to install a dummy policy for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) testing, you can do using ``mdp`` provided under
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) scripts/selinux.  Note that this requires the selinux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) userspace to be installed - in particular you will
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) need checkpolicy to compile a kernel, and setfiles and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) fixfiles to label the filesystem.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) 	1. Compile the kernel with selinux enabled.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) 	2. Type ``make`` to compile ``mdp``.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) 	3. Make sure that you are not running with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) 	   SELinux enabled and a real policy.  If
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) 	   you are, reboot with selinux disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 	   before continuing.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) 	4. Run install_policy.sh::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) 		cd scripts/selinux
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) 		sh install_policy.sh
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) Step 4 will create a new dummy policy valid for your
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) kernel, with a single selinux user, role, and type.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) It will compile the policy, will set your ``SELINUXTYPE`` to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) ``dummy`` in ``/etc/selinux/config``, install the compiled policy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) as ``dummy``, and relabel your filesystem.
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.