1*53ee8cc1Swenshuai.xi#!/bin/sh 2*53ee8cc1Swenshuai.xiif [ `id -u` -ne 0 ]; then 3*53ee8cc1Swenshuai.xi echo "$0: must be root to install the selinux policy" 4*53ee8cc1Swenshuai.xi exit 1 5*53ee8cc1Swenshuai.xifi 6*53ee8cc1Swenshuai.xiSF=`which setfiles` 7*53ee8cc1Swenshuai.xiif [ $? -eq 1 ]; then 8*53ee8cc1Swenshuai.xi if [ -f /sbin/setfiles ]; then 9*53ee8cc1Swenshuai.xi SF="/usr/setfiles" 10*53ee8cc1Swenshuai.xi else 11*53ee8cc1Swenshuai.xi echo "no selinux tools installed: setfiles" 12*53ee8cc1Swenshuai.xi exit 1 13*53ee8cc1Swenshuai.xi fi 14*53ee8cc1Swenshuai.xifi 15*53ee8cc1Swenshuai.xi 16*53ee8cc1Swenshuai.xicd mdp 17*53ee8cc1Swenshuai.xi 18*53ee8cc1Swenshuai.xiCP=`which checkpolicy` 19*53ee8cc1Swenshuai.xiVERS=`$CP -V | awk '{print $1}'` 20*53ee8cc1Swenshuai.xi 21*53ee8cc1Swenshuai.xi./mdp policy.conf file_contexts 22*53ee8cc1Swenshuai.xi$CP -o policy.$VERS policy.conf 23*53ee8cc1Swenshuai.xi 24*53ee8cc1Swenshuai.ximkdir -p /etc/selinux/dummy/policy 25*53ee8cc1Swenshuai.ximkdir -p /etc/selinux/dummy/contexts/files 26*53ee8cc1Swenshuai.xi 27*53ee8cc1Swenshuai.xicp file_contexts /etc/selinux/dummy/contexts/files 28*53ee8cc1Swenshuai.xicp dbus_contexts /etc/selinux/dummy/contexts 29*53ee8cc1Swenshuai.xicp policy.$VERS /etc/selinux/dummy/policy 30*53ee8cc1Swenshuai.xiFC_FILE=/etc/selinux/dummy/contexts/files/file_contexts 31*53ee8cc1Swenshuai.xi 32*53ee8cc1Swenshuai.xiif [ ! -d /etc/selinux ]; then 33*53ee8cc1Swenshuai.xi mkdir -p /etc/selinux 34*53ee8cc1Swenshuai.xifi 35*53ee8cc1Swenshuai.xiif [ ! -f /etc/selinux/config ]; then 36*53ee8cc1Swenshuai.xi cat > /etc/selinux/config << EOF 37*53ee8cc1Swenshuai.xiSELINUX=enforcing 38*53ee8cc1Swenshuai.xiSELINUXTYPE=dummy 39*53ee8cc1Swenshuai.xiEOF 40*53ee8cc1Swenshuai.xielse 41*53ee8cc1Swenshuai.xi TYPE=`cat /etc/selinux/config | grep "^SELINUXTYPE" | tail -1 | awk -F= '{ print $2 '}` 42*53ee8cc1Swenshuai.xi if [ "eq$TYPE" != "eqdummy" ]; then 43*53ee8cc1Swenshuai.xi selinuxenabled 44*53ee8cc1Swenshuai.xi if [ $? -eq 0 ]; then 45*53ee8cc1Swenshuai.xi echo "SELinux already enabled with a non-dummy policy." 46*53ee8cc1Swenshuai.xi echo "Exiting. Please install policy by hand if that" 47*53ee8cc1Swenshuai.xi echo "is what you REALLY want." 48*53ee8cc1Swenshuai.xi exit 1 49*53ee8cc1Swenshuai.xi fi 50*53ee8cc1Swenshuai.xi mv /etc/selinux/config /etc/selinux/config.mdpbak 51*53ee8cc1Swenshuai.xi grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config 52*53ee8cc1Swenshuai.xi echo "SELINUXTYPE=dummy" >> /etc/selinux/config 53*53ee8cc1Swenshuai.xi fi 54*53ee8cc1Swenshuai.xifi 55*53ee8cc1Swenshuai.xi 56*53ee8cc1Swenshuai.xicd /etc/selinux/dummy/contexts/files 57*53ee8cc1Swenshuai.xi$SF file_contexts / 58*53ee8cc1Swenshuai.xi 59*53ee8cc1Swenshuai.ximounts=`cat /proc/$$/mounts | egrep "ext2|ext3|xfs|jfs|ext4|ext4dev|gfs2" | awk '{ print $2 '}` 60*53ee8cc1Swenshuai.xi$SF file_contexts $mounts 61*53ee8cc1Swenshuai.xi 62*53ee8cc1Swenshuai.xi 63*53ee8cc1Swenshuai.xidodev=`cat /proc/$$/mounts | grep "/dev "` 64*53ee8cc1Swenshuai.xiif [ "eq$dodev" != "eq" ]; then 65*53ee8cc1Swenshuai.xi mount --move /dev /mnt 66*53ee8cc1Swenshuai.xi $SF file_contexts /dev 67*53ee8cc1Swenshuai.xi mount --move /mnt /dev 68*53ee8cc1Swenshuai.xifi 69*53ee8cc1Swenshuai.xi 70