How to install SELinux Policy Editor(Ver1.2)
2005. 09.02
By Yuichi Nakamura <ynakam@gwu.edu>

This is intall document for SELinux Policy Editor and simplified policy.
Installing from RPM are described, how to install from source, see README in source code.

1. Before INSTALL
(1) What should you install ?
SELinux Policy Editor is composed of simplified policy and GUI.
Must component is simplified poilcy.
GUI is optional. Without GUI, you can use simplified policy.
But with GUI, SELinux becomes much easier.
To use GUI, you need webmin(www.webmin.com).

(2) Supported environment

Fedora Core4, TurboLinux10 Server, Asianux 2
Fedora Core 4 is prefered.
Note that our tool is experimental, may contain serious bugs.
We have no responsibility for the damage that is caused by our tool.
Policy is under construction, now limited serveces are supported.

- !Notice : If you want to install in  TurboLinux10 Server
You have to add "selinux=1" as boot parameter in /boot/grub/grub.conf .

2. Install
2.1 . Download files
Download following files from   http://sourceforge.net/projects/seedit/.
(1) Simplified Policy Compiler(Must)
seedit-converter-1.2.0-1.i386.rpm
(2) Sample policy (Must)
Download file for your Linux distribution.
- seedit-policy-1.2.0-FC4.noarch.rpm (For Fedora Core4)
- seedit-policy-1.2.0-AX2.noarch.rpm (For Asianux2.0)
- seedit-policy-1.2.0-TL10S.noarch.rpm (For TurboLinux10 Server)

(3) GUI (optional)
If you want to use GUI, download.
- seedit-gui-1.2.0-1.noarch.rpm

(4)Documents(optional)
- seedit-doc-1.2.0-1.noarch.rpm

2.2 Installing simplified policy
# rpm -ivh seedit-converter seedit-policy
# rpm -ivh seedit-doc

2.3 Installing GUI(Optional)
If you want GUI, install here.
If you do not use GUI, go to 2.4.

(1) Install perl-Net-SSLeay(For Fedora Core4)
# yum install perl-Net-SSLeay
(2) Install Webmin
Dowload webmin RPM package from  http://www.webmin.com/ .
(3) Install GUI
# rpm -ivh seedit-gui*.rpm webmin*.rpm

2.4 After installing RPM
(1) Reboot.
# reboot
After  reboot, all files are relabeled, it takes time.
( Note for Turbo Linux 10 Server:
 Relabel is not done, you have to do manually.  After login ,type "fixfiles restore" )

(2) Reboot again.
# reboot
Because domain and type label is incorrect..

(3) Relabel some files
# restorecon -R /etc /tmp /dev 
# cd /etc/selinux/seedit/src/policy
# make diffrelabel
(! When using turbolinux 10 server
# cd /etc/selinux/seedit/src/policy
# ./restorecon -R /etc /tmp /dev
# make diffrelabel
)
There will be some warning, and error messages, you can neglect them.

(4) Reboot again
# reboot
Install has been finished!
Note that SELinux is "permissive mode" here.

3. Make sure whether install is sucessful
(1) sestatus
# sestatus
SELinux status: enabled
...
Policy from config file: seedit
...

(3) Test GUI
Start webmin
# /etc/init.d/webmin stop
# /etc/init.d/webmin start
Access webmin by   https://<your hostname>:10000/
login webmin,  username "root" password "<your root password>"
SELinux menu is in "system" menu.

(4) switch to enforcing mode
# setenforce 1
And test applications.

(5) Edit policy
If  application does not run in enforcing mode, (and it runs on permissive mode )
you might have to add policy.
And daemon programs which runs as initrc_t domain, you have to create domain.
When you edit simplified policy, see Configuring SELinux by Simplified Policy.
If you want to use GUI, see manual.

When policy is enough, switch to enforcing mode from boot.
Edit  /etc/selinux/config like below. 
SELINUX=enforcing
SELINUXTYPE=seedit

4. Uninstall

#rpm -e e seedit-converter seedit-policy seedit-gui seedit-doc
and reboot.
At next time , system boots permissive mode in targeted policy.
This means,
the contents of /etc/selinux/config is
SELINUX=permissive
SELINUXTYPE=seedit