diff options
| author | Igor Pashev <pashev.igor@gmail.com> | 2012-11-25 14:36:20 +0000 |
|---|---|---|
| committer | Igor Pashev <pashev.igor@gmail.com> | 2012-11-25 14:36:20 +0000 |
| commit | c3649a2def02c41d837ae1f79dda729ccb91e677 (patch) | |
| tree | bea46dff212fdef977fe9094a70a939e8cc21885 /README.selinux | |
| download | trousers-c3649a2def02c41d837ae1f79dda729ccb91e677.tar.gz | |
Imported Upstream version 0.3.9upstream/0.3.9upstream
Diffstat (limited to 'README.selinux')
| -rw-r--r-- | README.selinux | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/README.selinux b/README.selinux new file mode 100644 index 0000000..acae591 --- /dev/null +++ b/README.selinux @@ -0,0 +1,58 @@ + +How to get TrouSerS up and running with an SELinux policy. +Kent Yoder <kyoder@users.sf.net> + +This howto assumes a Fedora Core 4 install. + +1. Install and load the device driver + # wget http://download.fedora.redhat.com/pub/fedora/linux/core/4/SRPMS/kernel-2.6.11-1.1369_FC4.src.rpm + # rpm -ivh kernel-2.6.11-1.1369_FC4.src.rpm + # cd /usr/src/redhat/SPECS + # rpmbuild -bp ./kernel-2.6.spec + # cd /usr/src/redhat/BUILD/kernel-2.6.11/linux-2.6.11 + # make menuconfig + - Goto Device Drivers > Character Devices > TPM Devices + - enable the drivers + # make + # make modules_install + # make install + # reboot + # modprobe tpm_atmel (or others...) + +2. Build and install trousers in the system location. The SELinux policy assumes + that trousers is installed in the system location. To change these, edit + the trousers.fc file. + + # tar zxvf trousers-0.2.1.tar.gz + # cd trousers-0.2.1 + # ./configure --prefix=/usr + # make + # make install + +3. Install the SELinux policy sources + + # yum install selinux-policy-targeted-sources.noarch + +4. Install the trousers te and fc files and load the policy + + # cp ./dist/fedora/trousers.te /etc/selinux/targeted/src/policy/domains/program + # cp ./dist/fedora/trousers.fc /etc/selinux/targeted/src/policy/file_contexts/program + # cd /etc/selinux/targeted/src/policy + # make clean + # make reload + # make install + # make relabel + + At this point, there should be a trousers-specific type for /dev/tpm0: + + # ls -Z /dev/tpm* + crw-rw---- root root system_u:object_r:tcsd_device_t /dev/tpm0 + + Also, checking the security context of the running tcsd should show it running +with the tcsd_t type: + + # ps -Zef |grep tcsd + root:system_r:tcsd_t root 16362 1 0 15:10 ? 00:00:00 /usr/sbin/tcsd + +5. That should be it! Send bugs and questions to trousers-users@lists.sf.net. + |