SELinux Policy Editor Install Guide(for Ver 2.0))
This document shows how to install SELinux Policy Editor.
1 Install from RPMs
Supported Platforms are Fedora Core5 and Cent OS 4.3(should work in Redhat
Enterprise Linux 4).
You can easily install from RPM
- Install required package
You need checkpolicy,audit package.
# yum install checkpolicy audit
- Obtain files
Download seedit-converter-2.0.x.rpm and seedit-policy-2.0.x-(your
distro).rpm,seedit-gui-2.0.x.rpm, seedit-doc-2.0.x.rpm
from below URL.
http://seedit.sourceforge.net/download.html
If you do not have X Window System, you do not need seedit-gui package.
- Install rpms
Install rpm and restart by following commands.
$ su
# rpm -ivh seedit-*.rpm
# reboot
- Initialization
When system restarts, some relabeling process run. It takes some
minutes.
After install, auditd service is also running. auditd service is to take
detailed SELinux log in /var/log/audit/audit.log.
- Notice about CentOS 4
If you are using CentOS4, there is a bug in SELinux's relabel command.
If you have installed strict policy, or have enabled RBAC before,
you have to run following command.
# setfiles /etc/selinux/seedit/contexts/files/file_contexts / -F -vv
# reboot
- That's it!
You can make sure seedit is installed by following command.
# sestatus
SELinux status: enabled
Current mode: permissive
Mode from config file: permissive
...
Policy from config file: seedit
Note that simplified policy is installed as permissive mode.
In permissive mode, SELinux is not protecting your system. It is
only a test mode. To be a enforcing mode, see ![[*]](crossref.png)
.
To make sure seedit is installed, go to section 3.
In this installation process ,
/etc/selinux/config is changed like below.
SELINUX=permissive
SELINUXTYPE=seedit
Our system does not interfere with other existing system components
except that.
If you want to uninstall. Do following.
# rpm -e seedit-policy seedit-converter
# reboot
You system will restart as SELinux targeted policy(Fedora Core5 default)
and permissive mode(SELinux is effectively disabled).
- Obtain files
Download seedit-converter-2.0.x.tgz and seedit-policy-2.0.x.tgz
From below URL.
http://sourceforge.net/project/showfiles.php?group_id=135756
- Build and install
# tar czvf seedit-*.tgz
# cd seedit-converter
# make install DISTRO=(FC5 or COS4)
# cd ..
# cd seedit-policy
# make install DISTRO=(FC5 or COS4)
# cd seedit-gui
# make install
# touch /.autorelabel
# reboot
At first login do following.
#seedit-restorecon -R /etc
#seedit-load
#reboot
- uninstall
You can go back to Fedora Core5 default by following.
Modify /etc/selinux/config like below.
SELINUXTYPE=seedit
-->
SELINUXTYPE=targeted
And
#touch /.autorelabel
#reboot
3 Make sure seedit is installed
If you are using X Window System, from Gnome menu,
. Choose Desktop 
Manage SELinux
Policy Editor.
You will see window like 1
Figure 1:
SELinux Policy Editor Control Panel
 |
Then select Status, you will see 2.
Figure 2:
Status
 |
If it shows seedit installed: yes, installation is success!.
From command line, if result of sestatus shows following, installation
is successful.
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
...
Policy from config file: seedit
Next, see SELinux Policy Editor Administration Guide.
SELinux Policy Editor Install Guide(for Ver 2.0))
This document was generated using the
LaTeX2HTML translator Version 2002-2-1 (1.70)
Copyright © 1993, 1994, 1995, 1996,
Nikos Drakos,
Computer Based Learning Unit, University of Leeds.
Copyright © 1997, 1998, 1999,
Ross Moore,
Mathematics Department, Macquarie University, Sydney.
The command line arguments were:
latex2html -local_icons -show_section_numbers -link 2 -split +0 install.tex
The translation was initiated by on 2006-07-05
2006-07-05