From: guido@trentalancia.net (Guido Trentalancia) Date: Mon, 30 Jan 2017 21:55:25 +0100 Subject: [refpolicy] Install Directory for Reference Policy? In-Reply-To: References: Message-ID: <1485809725.14345.4.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello again. On Mon, 16/01/2017 at 20.24 -0800, Naftuli Kay via refpolicy wrote: > I'm on Ubuntu 16.04 and I've just compiled the reference policy via: > > git clone https://github.com/TresysTechnology/refpolicy.git > cd refpolicy > git submodule init > git submodule update > git checkout RELEASE_2_20161023 > ( cd policy/modules/contrib && git checkout RELEASE_2_20161023 ) > make conf > make install > > My build.conf looks like this: > > TYPE = standard > NAME = refpolicy > DISTRO = debian > UNK_PERMS = deny > DIRECT_INITRC = n > SYSTEMD = y > MONOLITHIC = n > UBAC = y > CUSTOM_BUILDOPT = > MLS_SENS = 16 > MLS_CATS = 1024 > MCS_CATS = 1024 > QUIET = n > > Pretty normal stuff. > > Unfortunately, though it properly loads at the time of "make > install," > it isn't installed into the expected directory by my distro. You shouldn't worry about the installation directory. The path that is being used should be fine. Part of the policy goes under /etc/selinux and part goes under /usr/share/selinux. > Apparently, Ubuntu wants the binary files to be located at > /etc/selinux/$NAME. The upstream "selinux-policy-default" package > installs its dependencies to /etc/selinux/default and its contents > can > be viewed here: http://pastebin.com/8fXvdFUA > > Is there a variable I need to set to have the reference policy > install > itself/copy its files following this pattern to > /etc/selinux/refpolicy? The problem is that your "make load" build step fails, as far as I remember, and that is why you are not getting the policy.29 file in /etc/selinux/refpolicy. Can you try changing the TYPE of the policy in build.conf from "standard" to "mcs" and perform all the build steps again ? Also, please perform the build steps from the development directory located in your home and not on the installation subdirectory of /etc/selinux/refpolicy. Regards, Guido