File: README.selinux

package info (click to toggle)
trousers 0.3.1-7
  • links: PTS, VCS
  • area: main
  • in suites: lenny
  • size: 6,308 kB
  • ctags: 5,711
  • sloc: ansic: 66,046; sh: 8,764; makefile: 570
file content (58 lines) | stat: -rw-r--r-- 1,827 bytes parent folder | download | duplicates (7)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

How to get TrouSerS up and running with an SELinux policy.
Kent Yoder <kyoder@users.sf.net>

This howto assumes a Fedora Core 4 install.

1. Install and load the device driver
 # wget http://download.fedora.redhat.com/pub/fedora/linux/core/4/SRPMS/kernel-2.6.11-1.1369_FC4.src.rpm
 # rpm -ivh kernel-2.6.11-1.1369_FC4.src.rpm
 # cd /usr/src/redhat/SPECS
 # rpmbuild -bp ./kernel-2.6.spec
 # cd /usr/src/redhat/BUILD/kernel-2.6.11/linux-2.6.11
 # make menuconfig
   - Goto Device Drivers > Character Devices > TPM Devices
   - enable the drivers
 # make
 # make modules_install
 # make install
 # reboot
 # modprobe tpm_atmel (or others...)

2. Build and install trousers in the system location. The SELinux policy assumes
   that trousers is installed in the system location. To change these, edit
   the trousers.fc file.

 # tar zxvf trousers-0.2.1.tar.gz
 # cd trousers-0.2.1
 # ./configure --prefix=/usr
 # make
 # make install

3. Install the SELinux policy sources

 # yum install selinux-policy-targeted-sources.noarch

4. Install the trousers te and fc files and load the policy

 # cp ./dist/fedora/trousers.te /etc/selinux/targeted/src/policy/domains/program
 # cp ./dist/fedora/trousers.fc /etc/selinux/targeted/src/policy/file_contexts/program
 # cd /etc/selinux/targeted/src/policy
 # make clean
 # make reload
 # make install
 # make relabel

 At this point, there should be a trousers-specific type for /dev/tpm0:

 # ls -Z /dev/tpm*
 crw-rw----  root     root     system_u:object_r:tcsd_device_t  /dev/tpm0

 Also, checking the security context of the running tcsd should show it running
with the tcsd_t type:

 # ps -Zef |grep tcsd
 root:system_r:tcsd_t            root     16362     1  0 15:10 ?        00:00:00 /usr/sbin/tcsd

5. That should be it!  Send bugs and questions to trousers-users@lists.sf.net.