59 lines
1.8 KiB
Plaintext
59 lines
1.8 KiB
Plaintext
|
|
How to get TrouSerS up and running with an SELinux policy.
|
|
Kent Yoder <kyoder@users.sf.net>
|
|
|
|
This howto assumes a Fedora Core 4 install.
|
|
|
|
1. Install and load the device driver
|
|
# wget http://download.fedora.redhat.com/pub/fedora/linux/core/4/SRPMS/kernel-2.6.11-1.1369_FC4.src.rpm
|
|
# rpm -ivh kernel-2.6.11-1.1369_FC4.src.rpm
|
|
# cd /usr/src/redhat/SPECS
|
|
# rpmbuild -bp ./kernel-2.6.spec
|
|
# cd /usr/src/redhat/BUILD/kernel-2.6.11/linux-2.6.11
|
|
# make menuconfig
|
|
- Goto Device Drivers > Character Devices > TPM Devices
|
|
- enable the drivers
|
|
# make
|
|
# make modules_install
|
|
# make install
|
|
# reboot
|
|
# modprobe tpm_atmel (or others...)
|
|
|
|
2. Build and install trousers in the system location. The SELinux policy assumes
|
|
that trousers is installed in the system location. To change these, edit
|
|
the trousers.fc file.
|
|
|
|
# tar zxvf trousers-0.2.1.tar.gz
|
|
# cd trousers-0.2.1
|
|
# ./configure --prefix=/usr
|
|
# make
|
|
# make install
|
|
|
|
3. Install the SELinux policy sources
|
|
|
|
# yum install selinux-policy-targeted-sources.noarch
|
|
|
|
4. Install the trousers te and fc files and load the policy
|
|
|
|
# cp ./dist/fedora/trousers.te /etc/selinux/targeted/src/policy/domains/program
|
|
# cp ./dist/fedora/trousers.fc /etc/selinux/targeted/src/policy/file_contexts/program
|
|
# cd /etc/selinux/targeted/src/policy
|
|
# make clean
|
|
# make reload
|
|
# make install
|
|
# make relabel
|
|
|
|
At this point, there should be a trousers-specific type for /dev/tpm0:
|
|
|
|
# ls -Z /dev/tpm*
|
|
crw-rw---- root root system_u:object_r:tcsd_device_t /dev/tpm0
|
|
|
|
Also, checking the security context of the running tcsd should show it running
|
|
with the tcsd_t type:
|
|
|
|
# ps -Zef |grep tcsd
|
|
root:system_r:tcsd_t root 16362 1 0 15:10 ? 00:00:00 /usr/sbin/tcsd
|
|
|
|
5. That should be it! Send bugs and questions to trousers-users@lists.sf.net.
|
|
|