Getting Started¶
This page serves as a guide on how to get started with selcraft, generating and building custom SELinux policies.
Installation¶
As a first step, selcraft needs to be installed. It is currently available on PyPI.
# Install it via pip
$ pip install selcraft
# Verify the installation
$ selcraft --version
0.1.1
Usage¶
After installing selcraft, continue by creating an initial policy configuration:
$ selcraft init --with-defaults
Created policy configuration: <current-directory>/my-policy.yml
Edit the generated policy configuration template based on the requirements of your (containerized) applications. Check out the examples section or view the full schema.
After applying the changes, continue by generating the SELinux policy files with selcraft:
$ selcraft generate --config myapp.yaml --output-dir ./build
Created policy files: ./build
The ./build directory contains the following files:
<policy-name>.[te|fc|if]: The actual SELinux policy files specifying types, file contexts and allow rules<policy-name>.spec: The specification file for building the SELinux policy RPMbuild.sh: A bash script for compiling the SELinux policy filesContainerfile: A Containerfile with all dependencies for building the RPMMakefile: A Makefile with targets for building the RPM (non-)containerized- [Optional]
<policy-name>.conf: A drop-in configuration for QM for mounting a directory with an Unix Domain Socket if a QM application needs access to it
The RPM can be built by navigating into the ./build directory and running the respective Makefile target:
$ cd ./build
$ make containerized-build
...