| |
| How to get TrouSerS up and running with an SELinux policy. |
| Kent Yoder <kyoder@users.sf.net> |
| |
| This howto assumes a Fedora Core 4 install. |
| |
| 1. Install and load the device driver |
| # wget http://download.fedora.redhat.com/pub/fedora/linux/core/4/SRPMS/kernel-2.6.11-1.1369_FC4.src.rpm |
| # rpm -ivh kernel-2.6.11-1.1369_FC4.src.rpm |
| # cd /usr/src/redhat/SPECS |
| # rpmbuild -bp ./kernel-2.6.spec |
| # cd /usr/src/redhat/BUILD/kernel-2.6.11/linux-2.6.11 |
| # make menuconfig |
| - Goto Device Drivers > Character Devices > TPM Devices |
| - enable the drivers |
| # make |
| # make modules_install |
| # make install |
| # reboot |
| # modprobe tpm_atmel (or others...) |
| |
| 2. Build and install trousers in the system location. The SELinux policy assumes |
| that trousers is installed in the system location. To change these, edit |
| the trousers.fc file. |
| |
| # tar zxvf trousers-0.2.1.tar.gz |
| # cd trousers-0.2.1 |
| # ./configure --prefix=/usr |
| # make |
| # make install |
| |
| 3. Install the SELinux policy sources |
| |
| # yum install selinux-policy-targeted-sources.noarch |
| |
| 4. Install the trousers te and fc files and load the policy |
| |
| # cp ./dist/fedora/trousers.te /etc/selinux/targeted/src/policy/domains/program |
| # cp ./dist/fedora/trousers.fc /etc/selinux/targeted/src/policy/file_contexts/program |
| # cd /etc/selinux/targeted/src/policy |
| # make clean |
| # make reload |
| # make install |
| # make relabel |
| |
| At this point, there should be a trousers-specific type for /dev/tpm0: |
| |
| # ls -Z /dev/tpm* |
| crw-rw---- root root system_u:object_r:tcsd_device_t /dev/tpm0 |
| |
| Also, checking the security context of the running tcsd should show it running |
| with the tcsd_t type: |
| |
| # ps -Zef |grep tcsd |
| root:system_r:tcsd_t root 16362 1 0 15:10 ? 00:00:00 /usr/sbin/tcsd |
| |
| 5. That should be it! Send bugs and questions to trousers-users@lists.sf.net. |
| |