SELinux Policy Editor Install Guide(for Ver 2.1))

This document shows how to install SELinux Policy Editor.

1 Supported platform

Supported Platforms are Fedora Core 6 and Cent OS 4.3(should work in Fedora Core 5, Redhat Enterprise Linux 4).

2 Install from RPMs

How to install is different according to your distro.

2.1 Install rpm(Fedora Core)

seedit is included in Fedora Extras, so you can easily install by yum.

#yum install seedit-gui

If you do not want GUI, type following.

#yum install seedit-policy

Next, initialize SEEdit and reboot.

# /usr/sbin/seedit-init
# reboot

/usr/bin/seedit-init is command that will prepare system to use seedit. It edits /etc/selinux/config, initialize policy , launch auditd service, etc.
When system restarts, some relabeling process run. It takes some minutes.

2.2 Install rpm(CentOS)

You can easily install from RPM

Install required package
You need checkpolicy,audit package.
```
# yum install checkpolicy audit
```
Obtain files
Download seedit, seedit-policy,seedit-gui RPM packages from below URL.
```
http://seedit.sourceforge.net/download.html
```
If you do not have X Window System, you do not need seedit-gui package.
Install rpms Install rpm and initialize SELinux Policy Editor by following commands.
```
$ su 
# rpm -ivh seedit-*.rpm
# /usr/sbin/seedit-init
# reboot
```
/usr/bin/seedit-init is command that will prepare system to use seedit. It edits /etc/selinux/config, initialize policy , launch auditd service, etc.
When system restarts, some relabeling process run. It takes some minutes.
Notice about CentOS 4
If you are using CentOS4, there is a bug in SELinux's relabel command. If you have installed strict policy, or have enabled RBAC before, you have to run following command.
```
# setfiles /etc/selinux/seedit/contexts/files/file_contexts  / -F -vv
# reboot
```

2.3 That's it!

You can make sure seedit is installed by following command.

# sestatus
SELinux status:                 enabled
Current mode:                   permissive
Mode from config file:          permissive
...
Policy from config file:        seedit

Policy used in seedit is seedit. /etc/seedit/policy, simplified policy is installed, we edit it. And it is converted to usual SELinux Policy, and installed under /etc/selinux/seedit.
Note that simplified policy is installed as permissive mode. In permissive mode, SELinux is not protecting your system. It is only a test mode. To be a enforcing mode, see .
To make sure seedit is installed, go to section 3.

2.4 What's affected?

In this installation process , /etc/selinux/config is changed like below.

SELINUX=permissive	
SELINUXTYPE=seedit

Our system does not interfere with other existing system components except that.

2.5 Uninstall

If you want to uninstall. Do following.

# rpm -e seedit-policy seedit seedit-gui
# reboot

You system will restart as SELinux targeted policy(Fedora Core5 default) and permissive mode(SELinux is effectively disabled).

3 Make sure seedit is installed

If you are using X Window System, from Gnome menu, . Choose Application $\rightarrow$ System Tool $\rightarrow$ SELinux Policy Editor, or type seedit-gui from Gnome terminal. You will see window like 1.

**Figure 1:** SELinux Policy Editor Control Panel

Then select Status, you will see 2.

**Figure 2:** Status

If it shows seedit installed: yes, installation is success!.

From command line, if result of sestatus shows following, installation is successful.

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
...
Policy from config file:        seedit

Next, see SELinux Policy Editor Administration Guide.

About this document ...

SELinux Policy Editor Install Guide(for Ver 2.1))

This document was generated using the LaTeX2HTML translator Version 2002-2-1 (1.71)

The command line arguments were:
latex2html -local_icons -show_section_numbers -link 2 -split +0 install.tex

The translation was initiated by Yuichi Nakamura on 2007-02-13

Yuichi Nakamura 2007-02-13