diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-10 15:44:43 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-10 15:44:43 -0400 |
| commit | c54dcd8ec9f05c8951d1e622e90904aef95379f9 (patch) | |
| tree | 6f657b3ec509975c0f295197156e2bbc530457a2 /Documentation | |
| parent | b11ce8a26d26ed9019a8803aa90d580b52f23e79 (diff) | |
| parent | 9ac684fc38cf17fbd25c0c9e388713c5ddfa3b14 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
selinux: Fix an uninitialized variable BUG/panic in selinux_secattr_to_sid()
selinux: use default proc sid on symlinks
file capabilities: uninline cap_safe_nice
Update selinux info in MAINTAINERS and Kconfig help text
SELinux: add gitignore file for mdp script
SELinux: add boundary support and thread context assignment
securityfs: do not depend on CONFIG_SECURITY
selinux: add support for installing a dummy policy (v2)
security: add/fix security kernel-doc
selinux: Unify for- and while-loop style
selinux: conditional expression type validation was off-by-one
smack: limit privilege by label
SELinux: Fix a potentially uninitialised variable in SELinux hooks
SELinux: trivial, remove unneeded local variable
SELinux: Trivial minor fixes that change C null character style
make selinux_write_opts() static
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/DocBook/kernel-api.tmpl | 1 | ||||
| -rw-r--r-- | Documentation/SELinux.txt | 27 |
2 files changed, 28 insertions, 0 deletions
diff --git a/Documentation/DocBook/kernel-api.tmpl b/Documentation/DocBook/kernel-api.tmpl index f5696ba9ae96..9d0058e788e5 100644 --- a/Documentation/DocBook/kernel-api.tmpl +++ b/Documentation/DocBook/kernel-api.tmpl | |||
| @@ -283,6 +283,7 @@ X!Earch/x86/kernel/mca_32.c | |||
| 283 | <chapter id="security"> | 283 | <chapter id="security"> |
| 284 | <title>Security Framework</title> | 284 | <title>Security Framework</title> |
| 285 | !Isecurity/security.c | 285 | !Isecurity/security.c |
| 286 | !Esecurity/inode.c | ||
| 286 | </chapter> | 287 | </chapter> |
| 287 | 288 | ||
| 288 | <chapter id="audit"> | 289 | <chapter id="audit"> |
diff --git a/Documentation/SELinux.txt b/Documentation/SELinux.txt new file mode 100644 index 000000000000..07eae00f3314 --- /dev/null +++ b/Documentation/SELinux.txt | |||
| @@ -0,0 +1,27 @@ | |||
| 1 | If you want to use SELinux, chances are you will want | ||
| 2 | to use the distro-provided policies, or install the | ||
| 3 | latest reference policy release from | ||
| 4 | http://oss.tresys.com/projects/refpolicy | ||
| 5 | |||
| 6 | However, if you want to install a dummy policy for | ||
| 7 | testing, you can do using 'mdp' provided under | ||
| 8 | scripts/selinux. Note that this requires the selinux | ||
| 9 | userspace to be installed - in particular you will | ||
| 10 | need checkpolicy to compile a kernel, and setfiles and | ||
| 11 | fixfiles to label the filesystem. | ||
| 12 | |||
| 13 | 1. Compile the kernel with selinux enabled. | ||
| 14 | 2. Type 'make' to compile mdp. | ||
| 15 | 3. Make sure that you are not running with | ||
| 16 | SELinux enabled and a real policy. If | ||
| 17 | you are, reboot with selinux disabled | ||
| 18 | before continuing. | ||
| 19 | 4. Run install_policy.sh: | ||
| 20 | cd scripts/selinux | ||
| 21 | sh install_policy.sh | ||
| 22 | |||
| 23 | Step 4 will create a new dummy policy valid for your | ||
| 24 | kernel, with a single selinux user, role, and type. | ||
| 25 | It will compile the policy, will set your SELINUXTYPE to | ||
| 26 | dummy in /etc/selinux/config, install the compiled policy | ||
| 27 | as 'dummy', and relabel your filesystem. | ||