Lines Matching full:policy
13 Targeted policy with perf_event_open() access control capabilities:
15 1. Download selinux-policy SRPM package (e.g. selinux-policy-3.14.4-48.fc31.src.rpm on FC31)
18 # rpm -Uhv selinux-policy-3.14.4-48.fc31.src.rpm
22 # rpmbuild -bp selinux-policy.spec
24 3. Place patch below at rpmbuild/BUILD/selinux-policy-b86eaaf4dbcf2d51dd4432df7185c0eaf3cbcc02
27 # patch -p1 < selinux-policy-perf-events-perfmon.patch
28 patching file policy/flask/access_vectors
29 patching file policy/flask/security_classes
30 # cat selinux-policy-perf-events-perfmon.patch
31 diff -Nura a/policy/flask/access_vectors b/policy/flask/access_vectors
32 --- a/policy/flask/access_vectors 2020-02-04 18:19:53.000000000 +0300
33 +++ b/policy/flask/access_vectors 2020-02-28 23:37:25.000000000 +0300
58 diff -Nura a/policy/flask/security_classes b/policy/flask/security_classes
59 --- a/policy/flask/security_classes 2020-02-04 18:19:53.000000000 +0300
60 +++ b/policy/flask/security_classes 2020-02-28 21:35:17.000000000 +0300
69 4. Get into rpmbuild/SPECS directory and build policy packages from patched sources:
71 # rpmbuild --noclean --noprep -ba selinux-policy.spec
79 -rw-r--r--. 1 root root 112K Mar 20 12:16 selinux-policy-3.14.4-48.fc31.noarch.rpm
80 -rw-r--r--. 1 root root 1.2M Mar 20 12:17 selinux-policy-devel-3.14.4-48.fc31.noarch.rpm
81 -rw-r--r--. 1 root root 2.3M Mar 20 12:17 selinux-policy-doc-3.14.4-48.fc31.noarch.rpm
82 -rw-r--r--. 1 root root 12M Mar 20 12:17 selinux-policy-minimum-3.14.4-48.fc31.noarch.rpm
83 -rw-r--r--. 1 root root 4.5M Mar 20 12:16 selinux-policy-mls-3.14.4-48.fc31.noarch.rpm
84 -rw-r--r--. 1 root root 111K Mar 20 12:16 selinux-policy-sandbox-3.14.4-48.fc31.noarch.rpm
85 -rw-r--r--. 1 root root 14M Mar 20 12:17 selinux-policy-targeted-3.14.4-48.fc31.noarch.rpm
90 # rpm -Uhv rpmbuild/RPMS/noarch/selinux-policy-*
92 6. Enable SELinux Permissive mode for Targeted policy, if not already done so:
98 # enforcing - SELinux security policy is enforced.
100 # disabled - No SELinux policy is loaded.
104 # minimum - Modification of targeted policy. Only selected processes are protected.
112 8. Reboot machine and it will label filesystems and load Targeted policy into the kernel;
132 processes. MAC policy settings (e.g. SELinux) can be loaded into the kernel
139 Enforced MAC policy settings (SELinux) can limit access to performance
141 more perf_event access control information and adjusting the policy.
154 To make sure that access is limited by MAC policy settings inspect system
165 In order to open access to perf_event_open() syscall MAC policy settings can
167 policy module extending base policy settings. Perf related policy module can
169 Run the command below to generate my-perf.te policy extension file with
191 now be allowed by the policy settings. Check access running Perf like this:
208 The generated perf-event.pp related policy extension module can be removed
235 …ject.org/pub/fedora/linux/updates/31/Everything/SRPMS/Packages/s/selinux-policy-3.14.4-49.fc31.src…