1.a. Verify Available Policy
Managed policy (2006.1+)
You must be in sysadm_r to perform this action.
A binary policy must be available in /etc/selinux/{strict,targeted}/policy. If it is missing, then install the policy.
Code ListingĀ 1: Install policy |
# semodule -n -B
|
Unmanaged policy (pre 2006.1+)
You must be in sysadm_r to perform these actions.
An appropriate binary policy version must be available in /etc/security/selinux. For example, for policy version 17, /etc/security/selinux/policy.17 must exist. If it is missing, first adjust the policy (Makefile). Then compile and install the policy.
Code ListingĀ 2: Install policy |
# cd /etc/security/selinux/src/policy # make clean # make install |
1.b. Verify Init Can Load the Policy
The final check is to ensure init can load the policy. Run ldd on init, and if libselinux is not in the output, remerge sysvinit.
Code ListingĀ 3: |
# ldd /sbin/init linux-gate.so.1 => (0xffffe000) libselinux.so.1 => /lib/libselinux.so.1 (0x40025000) libc.so.6 => /lib/libc.so.6 (0x40035000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) |
Now reboot so init gains the correct context, and loads the policy.