From: guido@trentalancia.net (Guido Trentalancia) Date: Wed, 18 Jan 2017 00:11:25 +0100 Subject: [refpolicy] Install Directory for Reference Policy? In-Reply-To: References: <8978CC35-BED8-451C-BB84-F2335A256ADE@chaschperli.ch> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello. If you do "make conf" before "make install" it will override the configuration that you have previously created (including the name of the policy and therefore its location). Try the following sequence from the top-level directory where you have the policy source (for example as checked out from git or extracted from a release): make clean make conf edit build.conf to suit your needs (including the name of the policy, for example "refpolicy") make install-src make policy make install edit /etc/selinux/config to select the new policy make load That is it. The next time you build it, don't issue "make conf" again, it is just to get an initial build configuration file. I hope it helps. Regards, Guido On the 17th of January 2017 19:21:09 CET, Naftuli Kay via refpolicy wrote: >I have followed the given instructions and I still don't have my >policy installed in the right place: > >cd /etc/selinux/refpolicy/src/policy >make clean >make bare >make conf >make install > >Compare output of tree -L 2 /etc/selinux/default: >http://pastebin.com/vwtbrjfY > >with output of tree -L 2 /etc/selinux/refpolicy: >http://pastebin.com/aDUCEzq0 >Thanks, > - Naftuli Kay > > >On Tue, Jan 17, 2017 at 10:09 AM, Naftuli Kay >wrote: >> I have not, I was unfortunately not aware of it. Following >instructions now. >> Thanks, >> - Naftuli Kay >> >> >> On Mon, Jan 16, 2017 at 9:05 PM, Thomas >wrote: >>> Did you follow the guide? >>> https://github.com/TresysTechnology/refpolicy/wiki/UseRefpolicy >>> >>> And i think semanage requires the -S switch to operate on a non >loaded >>> policy store: >>> >>> -S, --store >>> Select and alternate SELinux store to manage >>> >>> -thomas >>> >>> Am 17. Januar 2017 05:24:40 MEZ schrieb Naftuli Kay via refpolicy >>> : >>>> >>>> I'm on Ubuntu 16.04 and I've just compiled the reference policy >via: >>>> >>>> git clone https://github.com/TresysTechnology/refpolicy.git >>>> cd refpolicy >>>> git submodule init >>>> git submodule update >>>> git checkout RELEASE_2_20161023 >>>> ( cd policy/modules/contrib && git checkout RELEASE_2_20161023 ) >>>> make conf >>>> make install >>>> >>>> My build.conf looks like this: >>>> >>>> TYPE = standard >>>> NAME = refpolicy >>>> DISTRO = debian >>>> UNK_PERMS = deny >>>> DIRECT_INITRC = n >>>> SYSTEMD = y >>>> MONOLITHIC = n >>>> UBAC = y >>>> CUSTOM_BUILDOPT = >>>> MLS_SENS = 16 >>>> MLS_CATS = 1024 >>>> MCS_CATS = 1024 >>>> QUIET = n >>>> >>>> Pretty normal stuff. >>>> >>>> Unfortunately, though it properly loads at the time of "make >install," >>>> it isn't installed into the expected directory by my distro. >>>> Apparently, Ubuntu wants the binary files to be located at >>>> /etc/selinux/$NAME. The upstream "selinux-policy-default" package >>>> installs its dependencies to /etc/selinux/default and its contents >can >>>> be viewed here: http://pastebin.com/8fXvdFUA >>>> >>>> Is there a variable I need to set to have the reference policy >install >>>> itself/copy its files following this pattern to >>>> /etc/selinux/refpolicy? >>>> ________________________________ >>>> >>>> refpolicy mailing list >>>> refpolicy at oss.tresys.com >>>> http://oss.tresys.com/mailman/listinfo/refpolicy >_______________________________________________ >refpolicy mailing list >refpolicy at oss.tresys.com >http://oss.tresys.com/mailman/listinfo/refpolicy