private levelctrl - 0.6 - beta

levelctrl is a userland tool which compiles security policies 
for the private Linux Security Module.

This is a beta version thus there aren't all switches fully 
implemented. It means aswell that the code is not cleaned up.


- Prerequisite

. Linux 2.5.x/2.6.x Kernel with LSM and sysfs support
. Private Linux Security Module 
  (http://www.drugphish.ch/~jonny/private.html)
 
- How to build/install

. make

- How to install a policy

. load the private module before installing a policy
. mount sysfs filesystem: mount -t sysfs sysfs <sysfs dir> 
. edit priv.conf to adjust it to your gusto (read CONFIG for configuration
  options)
. levelctrl -c priv.conf -o priv.out, where priv.out is the output
  file for the current plaintext policy
. cat priv.out > <sysfs dir>/privfs/policy
. echo -n "END > <sysfs dir>/privfs/policy to apply 
  your policy (residing in level 0 then)

If you need to rebuild your policy in level 0 use 
'echo -n "CLEAR > <sysfs dir>/privfs/policy' beforehand, to
wipeout your old policy.

- How to raise a securelevel 

either use levelctrl
. levelctrl -s <new securelevel> 

or manually
. echo -n "n" > <sysfs dir>/privfs/level
  to raise the securelevel to n

- Configuration hint

Private does not inherit the restrictions from a preceding 
securelevel to the next. If you want (and you want that) raising 
strictness with each level you have to configure it that way.
The initial priv.conf is configured that way.


report bugs to jonny@drugphish.ch.
tested on linux 2.6.0-test3.
published under GPLv2.