1 files changed, 69 insertions, 0 deletions
diff --git a/scripts/selinux/install_policy.sh b/scripts/selinux/install_policy.sh
new file mode 100644
index 000000000000..7b9ccf61f8f9
--- /dev/null
+++ b/scripts/selinux/install_policy.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+if [ `id -u` -ne 0 ]; then
+        echo "$0: must be root to install the selinux policy"
+        exit 1
+fi
+SF=`which setfiles`
+if [ $? -eq 1 ]; then
+        if [ -f /sbin/setfiles ]; then
+                SF="/usr/setfiles"
+        else
+                echo "no selinux tools installed: setfiles"
+                exit 1
+        fi
+fi
+cd mdp
+CP=`which checkpolicy`
+VERS=`$CP -V | awk '{print $1}'`
+./mdp policy.conf file_contexts
+$CP -o policy.$VERS policy.conf
+mkdir -p /etc/selinux/dummy/policy
+mkdir -p /etc/selinux/dummy/contexts/files
+cp file_contexts /etc/selinux/dummy/contexts/files
+cp dbus_contexts /etc/selinux/dummy/contexts
+cp policy.$VERS /etc/selinux/dummy/policy
+FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts
+if [ ! -d /etc/selinux ]; then
+        mkdir -p /etc/selinux
+fi
+if [ ! -f /etc/selinux/config ]; then
+        cat > /etc/selinux/config << EOF
+SELINUX=enforcing
+SELINUXTYPE=dummy
+EOF
+else
+        TYPE=`cat /etc/selinux/config | grep "^SELINUXTYPE" | tail -1 | awk -F= '{ print $2 '}`
+        if [ "eq$TYPE" != "eqdummy" ]; then
+                selinuxenabled
+                if [ $? -eq 0 ]; then
+                        echo "SELinux already enabled with a non-dummy policy."
+                        echo "Exiting.  Please install policy by hand if that"
+                        echo "is what you REALLY want."
+                        exit 1
+                fi
+                mv /etc/selinux/config /etc/selinux/config.mdpbak
+                grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config
+                echo "SELINUXTYPE=dummy" >> /etc/selinux/config
+        fi
+fi
+cd /etc/selinux/dummy/contexts/files
+$SF file_contexts /
+mounts=`cat /proc/$$/mounts | egrep "ext2|ext3|xfs|jfs|ext4|ext4dev|gfs2" | awk '{ print $2 '}`
+$SF file_contexts $mounts
+dodev=`cat /proc/$$/mounts | grep "/dev "`
+if [ "eq$dodev" != "eq" ]; then
+        mount --move /dev /mnt
+        $SF file_contexts /dev
+        mount --move /mnt /dev
+fi

diff --git a/scripts/selinux/install_policy.sh b/scripts/selinux/install_policy.sh new file mode 100644 index 000000000000..7b9ccf61f8f9 --- /dev/null +++ b/scripts/selinux/install_policy.sh
@@ -0,0 +1,69 @@
	1	#!/bin/sh
	2	if [ `id -u` -ne 0 ]; then
	3	echo "$0: must be root to install the selinux policy"
	4	exit 1
	5	fi
	6	SF=`which setfiles`
	7	if [ $? -eq 1 ]; then
	8	if [ -f /sbin/setfiles ]; then
	9	SF="/usr/setfiles"
	10	else
	11	echo "no selinux tools installed: setfiles"
	12	exit 1
	13	fi
	14	fi
	15
	16	cd mdp
	17
	18	CP=`which checkpolicy`
	19	VERS=`$CP -V \| awk '{print $1}'`
	20
	21	./mdp policy.conf file_contexts
	22	$CP -o policy.$VERS policy.conf
	23
	24	mkdir -p /etc/selinux/dummy/policy
	25	mkdir -p /etc/selinux/dummy/contexts/files
	26
	27	cp file_contexts /etc/selinux/dummy/contexts/files
	28	cp dbus_contexts /etc/selinux/dummy/contexts
	29	cp policy.$VERS /etc/selinux/dummy/policy
	30	FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts
	31
	32	if [ ! -d /etc/selinux ]; then
	33	mkdir -p /etc/selinux
	34	fi
	35	if [ ! -f /etc/selinux/config ]; then
	36	cat > /etc/selinux/config << EOF
	37	SELINUX=enforcing
	38	SELINUXTYPE=dummy
	39	EOF
	40	else
	41	TYPE=`cat /etc/selinux/config \| grep "^SELINUXTYPE" \| tail -1 \| awk -F= '{ print $2 '}`
	42	if [ "eq$TYPE" != "eqdummy" ]; then
	43	selinuxenabled
	44	if [ $? -eq 0 ]; then
	45	echo "SELinux already enabled with a non-dummy policy."
	46	echo "Exiting. Please install policy by hand if that"
	47	echo "is what you REALLY want."
	48	exit 1
	49	fi
	50	mv /etc/selinux/config /etc/selinux/config.mdpbak
	51	grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config
	52	echo "SELINUXTYPE=dummy" >> /etc/selinux/config
	53	fi
	54	fi
	55
	56	cd /etc/selinux/dummy/contexts/files
	57	$SF file_contexts /
	58
	59	mounts=`cat /proc/$$/mounts \| egrep "ext2\|ext3\|xfs\|jfs\|ext4\|ext4dev\|gfs2" \| awk '{ print $2 '}`
	60	$SF file_contexts $mounts
	61
	62
	63	dodev=`cat /proc/$$/mounts \| grep "/dev "`
	64	if [ "eq$dodev" != "eq" ]; then
	65	mount --move /dev /mnt
	66	$SF file_contexts /dev
	67	mount --move /mnt /dev
	68	fi
	69