RefpolicyRepoCheckout

From SELinux Wiki
Jump to: navigation, search

The Reference Policy git repository may require a git policy compiler toolchain to compile.

Reference Policy may be checked out by:

$ git clone https://github.com/TresysTechnology/refpolicy.git
$ cd refpolicy
$ git submodule init
$ git submodule update

https://github.com/TresysTechnology/refpolicy/wiki/RepositoryCheckout may have further instructions. This will result in a refpolicy directory created in the current directory with the Reference Policy sources. For the remainder of this section, this directory will be referred to as the top of the refpolicy sources, and relative paths will use this directory as their reference.

If you have a modules.conf, it should be placed in the policy/ directory. If you do not, one can be generated:

$ make conf

This will create a default modules.conf, which has all Reference Policy modules enabled as loadable modules, except those which are required to be in the base module. This can also be ran when a modules.conf already exists, and in that case, any new modules not listed in the modules.conf will be added to the file (existing module settings will be preserved).

The build settings, such as setting the policy type (standard, mcs, mls), and Linux distributionThe build.conf is at the top of the refpolicy sources. These should be changed as necessary. For additional information on these options, refer to section 2 of the README file in the top of the refpolicy sources. Typically the TYPE and the DISTRO options will need to be changed.

To build the policy, simply run make:

$ make

This will compile the policy and place the files in the top level of the refpolicy sources.