1 2How to get TrouSerS up and running with an SELinux policy. 3Kent Yoder <kyoder@users.sf.net> 4 5This howto assumes a Fedora Core 4 install. 6 71. Install and load the device driver 8 # wget http://download.fedora.redhat.com/pub/fedora/linux/core/4/SRPMS/kernel-2.6.11-1.1369_FC4.src.rpm 9 # rpm -ivh kernel-2.6.11-1.1369_FC4.src.rpm 10 # cd /usr/src/redhat/SPECS 11 # rpmbuild -bp ./kernel-2.6.spec 12 # cd /usr/src/redhat/BUILD/kernel-2.6.11/linux-2.6.11 13 # make menuconfig 14 - Goto Device Drivers > Character Devices > TPM Devices 15 - enable the drivers 16 # make 17 # make modules_install 18 # make install 19 # reboot 20 # modprobe tpm_atmel (or others...) 21 222. Build and install trousers in the system location. The SELinux policy assumes 23 that trousers is installed in the system location. To change these, edit 24 the trousers.fc file. 25 26 # tar zxvf trousers-0.2.1.tar.gz 27 # cd trousers-0.2.1 28 # ./configure --prefix=/usr 29 # make 30 # make install 31 323. Install the SELinux policy sources 33 34 # yum install selinux-policy-targeted-sources.noarch 35 364. Install the trousers te and fc files and load the policy 37 38 # cp ./dist/fedora/trousers.te /etc/selinux/targeted/src/policy/domains/program 39 # cp ./dist/fedora/trousers.fc /etc/selinux/targeted/src/policy/file_contexts/program 40 # cd /etc/selinux/targeted/src/policy 41 # make clean 42 # make reload 43 # make install 44 # make relabel 45 46 At this point, there should be a trousers-specific type for /dev/tpm0: 47 48 # ls -Z /dev/tpm* 49 crw-rw---- root root system_u:object_r:tcsd_device_t /dev/tpm0 50 51 Also, checking the security context of the running tcsd should show it running 52with the tcsd_t type: 53 54 # ps -Zef |grep tcsd 55 root:system_r:tcsd_t root 16362 1 0 15:10 ? 00:00:00 /usr/sbin/tcsd 56 575. That should be it! Send bugs and questions to trousers-users@lists.sf.net. 58 59