From: guido@trentalancia.net (Guido Trentalancia)
Date: Sat, 29 Oct 2016 23:22:37 +0200
Subject: [refpolicy] I want to use refpolicy in centos 7
In-Reply-To: <8dde386aff5e14f9d20bb3ec592cbea@cvwapp03.nm.nhnsystem.com>
References: <8dde386aff5e14f9d20bb3ec592cbea@cvwapp03.nm.nhnsystem.com>
Message-ID: <1477776157.2484.3.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello again.

On Thu, 27/10/2016 at 17.21 +0900, ??? via refpolicy wrote:
> I install centos7 and use targeted policy
> 
> But i want to use refpolicy for modifying policy so i did?download
> using?following steps
> 1. #git clone https://github.com/TresysTechnology/refpolicy.git
> 
> 2.?#cd refpolicy
> 3. #git submodule init
> 4. #git submodule update
> 5. Change build.conf file
> Type=mls
> NAME = refpolicy
> MONOLITHIC = y
> 6. #make install-src

Also, remember the correct sequence is:

# (make conf)
# make install-src
# make policy
# make install
# make load

in the Reference Policy directory.

> 7. cd /etc/selinux/refpolicy/src/policy/
> 8. #Make load

I think step 7 is wrong.

> 9. #Cd /etc/selinux and?Change config file
> SELINUX = permissive
> SELINUXTYPE = refpolicy
> 10. #touch /.autorelabel

You can also relabel from the Reference Policy directory by issuing:

# make relabel

after you have installed the new policy.

> 11. #Reboot
> 
> After desktop is rebooted
> 12. #setenforce 1
> 13. ...... permission deny
> 14. #Sestatus
> ....
> Loaded policy name: targeted ???(refolicy -> targeted)
> Current mode : enforcing
> ....
> Mode from config file : error (permission denied)???
> 
> What shuoud i do?
> Helps me...?