/selinux

PKGBUILDs to build SELinux enabled packages for Arch Linux

Primary LanguageShell

build

PKGBUILDs for SELinux support in Arch Linux

Complete documentation will soon be available at: https://wiki.archlinux.org/index.php/SELinux

Authors

Authors are credited in the PKGBUILD file for each package.

Binary repository

The releases page functions as a pacman repository. It can also be used when installing Arch Linux using base-selinux -package instead of plain base.

To use it, add the following lines to your /etc/pacman.conf:

[selinux]
Server = https://github.com/archlinuxhardened/selinux/releases/download/ArchLinux-SELinux
SigLevel = Never

While the repository remains unsigned, SigLevel has to be set to Never.

Build order

Remember to build as a non-root user, and to keep a root logged-in console to install packages (especially for sudo/shadow/pam packages).

First, we build all packages from the SELinux userspace projet. They do not replace any official Arch Linux packages:

  • libsepol
  • libselinux
  • secilc
  • checkpolicy
  • setools
  • libsemanage
  • semodule-utils
  • policycoreutils
  • selinux-dbus-config
  • selinux-gui
  • selinux-python
  • selinux-sandbox
  • mcstrans
  • restorecond

This makes it possible to install a pacman hook which relabels files when installing and updating packages:

  • selinux-alpm-hook

Now we start replacing core packages:

  • pambase-selinux
  • pam-selinux
  • coreutils-selinux shadow-selinux cronie-selinux sudo-selinux
  • util-linux-selinux
  • systemd-selinux
  • logrotate-selinux
  • dbus-selinux

Optional but very nice to have:

  • openssh-selinux findutils-selinux iproute2-selinux psmisc-selinux

Policy

There is not yet a SELinux policy for Arch. To build a policy, here are some useful links: