16cd6a6acSopenharmony_ciSELinux Userspace 26cd6a6acSopenharmony_ci================= 36cd6a6acSopenharmony_ci 46cd6a6acSopenharmony_ci 56cd6a6acSopenharmony_ci[](https://github.com/SELinuxProject/selinux/actions/workflows/run_tests.yml) 66cd6a6acSopenharmony_ci[](https://github.com/SELinuxProject/selinux/actions/workflows/vm_testsuite.yml) 76cd6a6acSopenharmony_ci[](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#selinux) 86cd6a6acSopenharmony_ci[](https://github.com/SELinuxProject/selinux/actions/workflows/cifuzz.yml) 96cd6a6acSopenharmony_ci 106cd6a6acSopenharmony_ciPlease submit all bug reports and patches to <selinux@vger.kernel.org>. 116cd6a6acSopenharmony_ci 126cd6a6acSopenharmony_ciSubscribe by sending "subscribe selinux" in the body of an email 136cd6a6acSopenharmony_cito <majordomo@vger.kernel.org>. 146cd6a6acSopenharmony_ci 156cd6a6acSopenharmony_ciArchive of this mailing list is available on https://lore.kernel.org/selinux/. 166cd6a6acSopenharmony_ci 176cd6a6acSopenharmony_ci 186cd6a6acSopenharmony_ciInstallation 196cd6a6acSopenharmony_ci------------ 206cd6a6acSopenharmony_ci 216cd6a6acSopenharmony_ciSELinux libraries and tools are packaged in several Linux distributions: 226cd6a6acSopenharmony_ci 236cd6a6acSopenharmony_ci* Alpine Linux (https://pkgs.alpinelinux.org/package/edge/testing/x86/policycoreutils) 246cd6a6acSopenharmony_ci* Arch Linux User Repository (https://aur.archlinux.org/packages/policycoreutils/) 256cd6a6acSopenharmony_ci* Buildroot (https://git.buildroot.net/buildroot/tree/package/policycoreutils) 266cd6a6acSopenharmony_ci* Debian and Ubuntu (https://packages.debian.org/sid/policycoreutils) 276cd6a6acSopenharmony_ci* Gentoo (https://packages.gentoo.org/packages/sys-apps/policycoreutils) 286cd6a6acSopenharmony_ci* RHEL and Fedora (https://src.fedoraproject.org/rpms/policycoreutils) 296cd6a6acSopenharmony_ci* Yocto Project (http://git.yoctoproject.org/cgit/cgit.cgi/meta-selinux/tree/recipes-security/selinux) 306cd6a6acSopenharmony_ci* and many more (https://repology.org/project/policycoreutils/versions) 316cd6a6acSopenharmony_ci 326cd6a6acSopenharmony_ci 336cd6a6acSopenharmony_ciBuilding and testing 346cd6a6acSopenharmony_ci-------------------- 356cd6a6acSopenharmony_ci 366cd6a6acSopenharmony_ciBuild dependencies on Fedora: 376cd6a6acSopenharmony_ci 386cd6a6acSopenharmony_ci```sh 396cd6a6acSopenharmony_ci# For C libraries and programs 406cd6a6acSopenharmony_cidnf install \ 416cd6a6acSopenharmony_ci audit-libs-devel \ 426cd6a6acSopenharmony_ci bison \ 436cd6a6acSopenharmony_ci bzip2-devel \ 446cd6a6acSopenharmony_ci CUnit-devel \ 456cd6a6acSopenharmony_ci diffutils \ 466cd6a6acSopenharmony_ci flex \ 476cd6a6acSopenharmony_ci gcc \ 486cd6a6acSopenharmony_ci gettext \ 496cd6a6acSopenharmony_ci glib2-devel \ 506cd6a6acSopenharmony_ci make \ 516cd6a6acSopenharmony_ci libcap-devel \ 526cd6a6acSopenharmony_ci libcap-ng-devel \ 536cd6a6acSopenharmony_ci pam-devel \ 546cd6a6acSopenharmony_ci pcre-devel \ 556cd6a6acSopenharmony_ci xmlto 566cd6a6acSopenharmony_ci 576cd6a6acSopenharmony_ci# For Python and Ruby bindings 586cd6a6acSopenharmony_cidnf install \ 596cd6a6acSopenharmony_ci python3-devel \ 606cd6a6acSopenharmony_ci ruby-devel \ 616cd6a6acSopenharmony_ci swig 626cd6a6acSopenharmony_ci``` 636cd6a6acSopenharmony_ci 646cd6a6acSopenharmony_ciBuild dependencies on Debian: 656cd6a6acSopenharmony_ci 666cd6a6acSopenharmony_ci```sh 676cd6a6acSopenharmony_ci# For C libraries and programs 686cd6a6acSopenharmony_ciapt-get install --no-install-recommends --no-install-suggests \ 696cd6a6acSopenharmony_ci bison \ 706cd6a6acSopenharmony_ci flex \ 716cd6a6acSopenharmony_ci gawk \ 726cd6a6acSopenharmony_ci gcc \ 736cd6a6acSopenharmony_ci gettext \ 746cd6a6acSopenharmony_ci make \ 756cd6a6acSopenharmony_ci libaudit-dev \ 766cd6a6acSopenharmony_ci libbz2-dev \ 776cd6a6acSopenharmony_ci libcap-dev \ 786cd6a6acSopenharmony_ci libcap-ng-dev \ 796cd6a6acSopenharmony_ci libcunit1-dev \ 806cd6a6acSopenharmony_ci libglib2.0-dev \ 816cd6a6acSopenharmony_ci libpcre3-dev \ 826cd6a6acSopenharmony_ci pkgconf \ 836cd6a6acSopenharmony_ci python3 \ 846cd6a6acSopenharmony_ci python3-distutils \ 856cd6a6acSopenharmony_ci systemd \ 866cd6a6acSopenharmony_ci xmlto 876cd6a6acSopenharmony_ci 886cd6a6acSopenharmony_ci# For Python and Ruby bindings 896cd6a6acSopenharmony_ciapt-get install --no-install-recommends --no-install-suggests \ 906cd6a6acSopenharmony_ci python3-dev \ 916cd6a6acSopenharmony_ci ruby-dev \ 926cd6a6acSopenharmony_ci swig 936cd6a6acSopenharmony_ci``` 946cd6a6acSopenharmony_ci 956cd6a6acSopenharmony_ciTo build and install everything under a private directory, run: 966cd6a6acSopenharmony_ci 976cd6a6acSopenharmony_ci make clean distclean 986cd6a6acSopenharmony_ci 996cd6a6acSopenharmony_ci make DESTDIR=~/obj install install-rubywrap install-pywrap 1006cd6a6acSopenharmony_ci 1016cd6a6acSopenharmony_ciOn Debian `PYTHON_SETUP_ARGS=--install-layout=deb` needs to be set when installing the python wrappers in order to create the correct python directory structure. 1026cd6a6acSopenharmony_ci 1036cd6a6acSopenharmony_ciTo run tests with the built libraries and programs, several paths (relative to `$DESTDIR`) need to be added to variables `$LD_LIBRARY_PATH`, `$PATH` and `$PYTHONPATH`. 1046cd6a6acSopenharmony_ciThis can be done using [./scripts/env_use_destdir](./scripts/env_use_destdir): 1056cd6a6acSopenharmony_ci 1066cd6a6acSopenharmony_ci DESTDIR=~/obj ./scripts/env_use_destdir make test 1076cd6a6acSopenharmony_ci 1086cd6a6acSopenharmony_ciSome tests require the reference policy to be installed (for example in `python/sepolgen`). 1096cd6a6acSopenharmony_ciIn order to run these ones, instructions similar to the ones in section `install` of [./.travis.yml](./.travis.yml) can be executed. 1106cd6a6acSopenharmony_ci 1116cd6a6acSopenharmony_ciTo install as the default system libraries and binaries 1126cd6a6acSopenharmony_ci(overwriting any previously installed ones - dangerous!), 1136cd6a6acSopenharmony_cion x86_64, run: 1146cd6a6acSopenharmony_ci 1156cd6a6acSopenharmony_ci make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel 1166cd6a6acSopenharmony_ci 1176cd6a6acSopenharmony_cior on x86 (32-bit), run: 1186cd6a6acSopenharmony_ci 1196cd6a6acSopenharmony_ci make install install-pywrap relabel 1206cd6a6acSopenharmony_ci 1216cd6a6acSopenharmony_ciThis may render your system unusable if the upstream SELinux userspace 1226cd6a6acSopenharmony_cilacks library functions or other dependencies relied upon by your 1236cd6a6acSopenharmony_cidistribution. If it breaks, you get to keep both pieces. 1246cd6a6acSopenharmony_ci 1256cd6a6acSopenharmony_ci 1266cd6a6acSopenharmony_ci## Setting CFLAGS 1276cd6a6acSopenharmony_ci 1286cd6a6acSopenharmony_ciSetting CFLAGS during the make process will cause the omission of many defaults. While the project strives 1296cd6a6acSopenharmony_cito provide a reasonable set of default flags, custom CFLAGS could break the build, or have other undesired 1306cd6a6acSopenharmony_cichanges on the build output. Thus, be very careful when setting CFLAGS. CFLAGS that are encouraged to be 1316cd6a6acSopenharmony_ciset when overriding are: 1326cd6a6acSopenharmony_ci 1336cd6a6acSopenharmony_ci- -fno-semantic-interposition for gcc or compilers that do not do this. clang does this by default. clang-10 and up 1346cd6a6acSopenharmony_ci will support passing this flag, but ignore it. Previous clang versions fail. 1356cd6a6acSopenharmony_ci 1366cd6a6acSopenharmony_ci 1376cd6a6acSopenharmony_cimacOS 1386cd6a6acSopenharmony_ci----- 1396cd6a6acSopenharmony_ci 1406cd6a6acSopenharmony_ciTo install libsepol on macOS (mainly for policy analysis): 1416cd6a6acSopenharmony_ci 1426cd6a6acSopenharmony_ci cd libsepol; make PREFIX=/usr/local install 1436cd6a6acSopenharmony_ci 1446cd6a6acSopenharmony_ciThis requires GNU coreutils: 1456cd6a6acSopenharmony_ci 1466cd6a6acSopenharmony_ci brew install coreutils 147
