How to get TrouSerS up and running with an SELinux policy. Kent Yoder <kyoder@users.sf.net> This howto assumes a Fedora Core 4 install. 1. Install and load the device driver # wget http://download.fedora.redhat.com/pub/fedora/linux/core/4/SRPMS/kernel-2.6.11-1.1369_FC4.src.rpm # rpm -ivh kernel-2.6.11-1.1369_FC4.src.rpm # cd /usr/src/redhat/SPECS # rpmbuild -bp ./kernel-2.6.spec # cd /usr/src/redhat/BUILD/kernel-2.6.11/linux-2.6.11 # make menuconfig - Goto Device Drivers > Character Devices > TPM Devices - enable the drivers # make # make modules_install # make install # reboot # modprobe tpm_atmel (or others...) 2. Build and install trousers in the system location. The SELinux policy assumes that trousers is installed in the system location. To change these, edit the trousers.fc file. # tar zxvf trousers-0.2.1.tar.gz # cd trousers-0.2.1 # ./configure --prefix=/usr # make # make install 3. Install the SELinux policy sources # yum install selinux-policy-targeted-sources.noarch 4. Install the trousers te and fc files and load the policy # cp ./dist/fedora/trousers.te /etc/selinux/targeted/src/policy/domains/program # cp ./dist/fedora/trousers.fc /etc/selinux/targeted/src/policy/file_contexts/program # cd /etc/selinux/targeted/src/policy # make clean # make reload # make install # make relabel At this point, there should be a trousers-specific type for /dev/tpm0: # ls -Z /dev/tpm* crw-rw---- root root system_u:object_r:tcsd_device_t /dev/tpm0 Also, checking the security context of the running tcsd should show it running with the tcsd_t type: # ps -Zef |grep tcsd root:system_r:tcsd_t root 16362 1 0 15:10 ? 00:00:00 /usr/sbin/tcsd 5. That should be it! Send bugs and questions to trousers-users@lists.sf.net. |