summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-10-10 12:44:43 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2008-10-10 12:44:43 -0700
commitc54dcd8ec9f05c8951d1e622e90904aef95379f9 (patch)
tree6f657b3ec509975c0f295197156e2bbc530457a2 /Documentation
parentb11ce8a26d26ed9019a8803aa90d580b52f23e79 (diff)
parent9ac684fc38cf17fbd25c0c9e388713c5ddfa3b14 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: selinux: Fix an uninitialized variable BUG/panic in selinux_secattr_to_sid() selinux: use default proc sid on symlinks file capabilities: uninline cap_safe_nice Update selinux info in MAINTAINERS and Kconfig help text SELinux: add gitignore file for mdp script SELinux: add boundary support and thread context assignment securityfs: do not depend on CONFIG_SECURITY selinux: add support for installing a dummy policy (v2) security: add/fix security kernel-doc selinux: Unify for- and while-loop style selinux: conditional expression type validation was off-by-one smack: limit privilege by label SELinux: Fix a potentially uninitialised variable in SELinux hooks SELinux: trivial, remove unneeded local variable SELinux: Trivial minor fixes that change C null character style make selinux_write_opts() static
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/DocBook/kernel-api.tmpl1
-rw-r--r--Documentation/SELinux.txt27
2 files changed, 28 insertions, 0 deletions
diff --git a/Documentation/DocBook/kernel-api.tmpl b/Documentation/DocBook/kernel-api.tmpl
index f5696ba9ae9..9d0058e788e 100644
--- a/Documentation/DocBook/kernel-api.tmpl
+++ b/Documentation/DocBook/kernel-api.tmpl
@@ -283,6 +283,7 @@ X!Earch/x86/kernel/mca_32.c
<chapter id="security">
<title>Security Framework</title>
!Isecurity/security.c
+!Esecurity/inode.c
</chapter>
<chapter id="audit">
diff --git a/Documentation/SELinux.txt b/Documentation/SELinux.txt
new file mode 100644
index 00000000000..07eae00f331
--- /dev/null
+++ b/Documentation/SELinux.txt
@@ -0,0 +1,27 @@
+If you want to use SELinux, chances are you will want
+to use the distro-provided policies, or install the
+latest reference policy release from
+ http://oss.tresys.com/projects/refpolicy
+
+However, if you want to install a dummy policy for
+testing, you can do using 'mdp' provided under
+scripts/selinux. Note that this requires the selinux
+userspace to be installed - in particular you will
+need checkpolicy to compile a kernel, and setfiles and
+fixfiles to label the filesystem.
+
+ 1. Compile the kernel with selinux enabled.
+ 2. Type 'make' to compile mdp.
+ 3. Make sure that you are not running with
+ SELinux enabled and a real policy. If
+ you are, reboot with selinux disabled
+ before continuing.
+ 4. Run install_policy.sh:
+ cd scripts/selinux
+ sh install_policy.sh
+
+Step 4 will create a new dummy policy valid for your
+kernel, with a single selinux user, role, and type.
+It will compile the policy, will set your SELINUXTYPE to
+dummy in /etc/selinux/config, install the compiled policy
+as 'dummy', and relabel your filesystem.