1#!/bin/sh 2if [ `id -u` -ne 0 ]; then 3 echo "$0: must be root to install the selinux policy" 4 exit 1 5fi 6SF=`which setfiles` 7if [ $? -eq 1 ]; then 8 if [ -f /sbin/setfiles ]; then 9 SF="/usr/setfiles" 10 else 11 echo "no selinux tools installed: setfiles" 12 exit 1 13 fi 14fi 15 16cd mdp 17 18CP=`which checkpolicy` 19VERS=`$CP -V | awk '{print $1}'` 20 21./mdp policy.conf file_contexts 22$CP -o policy.$VERS policy.conf 23 24mkdir -p /etc/selinux/dummy/policy 25mkdir -p /etc/selinux/dummy/contexts/files 26 27cp file_contexts /etc/selinux/dummy/contexts/files 28cp dbus_contexts /etc/selinux/dummy/contexts 29cp policy.$VERS /etc/selinux/dummy/policy 30FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts 31 32if [ ! -d /etc/selinux ]; then 33 mkdir -p /etc/selinux 34fi 35if [ ! -f /etc/selinux/config ]; then 36 cat > /etc/selinux/config << EOF 37SELINUX=enforcing 38SELINUXTYPE=dummy 39EOF 40else 41 TYPE=`cat /etc/selinux/config | grep "^SELINUXTYPE" | tail -1 | awk -F= '{ print $2 '}` 42 if [ "eq$TYPE" != "eqdummy" ]; then 43 selinuxenabled 44 if [ $? -eq 0 ]; then 45 echo "SELinux already enabled with a non-dummy policy." 46 echo "Exiting. Please install policy by hand if that" 47 echo "is what you REALLY want." 48 exit 1 49 fi 50 mv /etc/selinux/config /etc/selinux/config.mdpbak 51 grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config 52 echo "SELINUXTYPE=dummy" >> /etc/selinux/config 53 fi 54fi 55 56cd /etc/selinux/dummy/contexts/files 57$SF file_contexts / 58 59mounts=`cat /proc/$$/mounts | egrep "ext2|ext3|xfs|jfs|ext4|ext4dev|gfs2" | awk '{ print $2 '}` 60$SF file_contexts $mounts 61 62 63dodev=`cat /proc/$$/mounts | grep "/dev "` 64if [ "eq$dodev" != "eq" ]; then 65 mount --move /dev /mnt 66 $SF file_contexts /dev 67 mount --move /mnt /dev 68fi 69 70