1#!/bin/sh 2# SPDX-License-Identifier: GPL-2.0 3if [ `id -u` -ne 0 ]; then 4 echo "$0: must be root to install the selinux policy" 5 exit 1 6fi 7SF=`which setfiles` 8if [ $? -eq 1 ]; then 9 if [ -f /sbin/setfiles ]; then 10 SF="/usr/setfiles" 11 else 12 echo "no selinux tools installed: setfiles" 13 exit 1 14 fi 15fi 16 17cd mdp 18 19CP=`which checkpolicy` 20VERS=`$CP -V | awk '{print $1}'` 21 22./mdp policy.conf file_contexts 23$CP -o policy.$VERS policy.conf 24 25mkdir -p /etc/selinux/dummy/policy 26mkdir -p /etc/selinux/dummy/contexts/files 27 28cp file_contexts /etc/selinux/dummy/contexts/files 29cp dbus_contexts /etc/selinux/dummy/contexts 30cp policy.$VERS /etc/selinux/dummy/policy 31FC_FILE=/etc/selinux/dummy/contexts/files/file_contexts 32 33if [ ! -d /etc/selinux ]; then 34 mkdir -p /etc/selinux 35fi 36if [ ! -f /etc/selinux/config ]; then 37 cat > /etc/selinux/config << EOF 38SELINUX=enforcing 39SELINUXTYPE=dummy 40EOF 41else 42 TYPE=`cat /etc/selinux/config | grep "^SELINUXTYPE" | tail -1 | awk -F= '{ print $2 '}` 43 if [ "eq$TYPE" != "eqdummy" ]; then 44 selinuxenabled 45 if [ $? -eq 0 ]; then 46 echo "SELinux already enabled with a non-dummy policy." 47 echo "Exiting. Please install policy by hand if that" 48 echo "is what you REALLY want." 49 exit 1 50 fi 51 mv /etc/selinux/config /etc/selinux/config.mdpbak 52 grep -v "^SELINUXTYPE" /etc/selinux/config.mdpbak >> /etc/selinux/config 53 echo "SELINUXTYPE=dummy" >> /etc/selinux/config 54 fi 55fi 56 57cd /etc/selinux/dummy/contexts/files 58$SF file_contexts / 59 60mounts=`cat /proc/$$/mounts | egrep "ext2|ext3|xfs|jfs|ext4|ext4dev|gfs2" | awk '{ print $2 '}` 61$SF file_contexts $mounts 62 63 64dodev=`cat /proc/$$/mounts | grep "/dev "` 65if [ "eq$dodev" != "eq" ]; then 66 mount --move /dev /mnt 67 $SF file_contexts /dev 68 mount --move /mnt /dev 69fi 70