secPaver is a tool to help OS administrators define security policies of different security mechanisms for applications.
Now secPaver supports SELinux security mechanisms. And AppArmor will be supported soon.
(1) Dependency packages
To build secPaver, the following packages are required:
To build SELinux engine plugin, the following packages are also required:
To run SELinux engine plugin, the following packages are required:
(2) Download source code
git clone https://gitee.com/openeuler/secpaver.git
(3) Build and install
cd secpaver make
Build SELinux engine plugin:
Install (after at least one engine plugin is built):
engine：A software module for generating security policy based on a given security mechanism. An engine in secPaver is loaded as a software plugin.
secPaver uses client/server architecture; the server process is pavd, and the client process is pav.
(1) Start pavd process
systemctl start pavd
(2) Check loaded policy generator plugins
# pav engine list Name Description selinux SELinux policy generator
(3) Create a template project and modify it
pav project create my_demo .
(4) Build project to policy
pav project build -d ./my_demo --engine selinux
(5) List generated policies
# pav policy list Name Status my_demo_selinux disable
(6) Install policy
# pav policy install my_demo_selinux [info]: install SELinux policy module [info]: start to restore file context [info]: Finish installing policy
(7) Uninstall policy
# pav policy uninstall my_demo_selinux [info]: uninstall SELinux policy module [info]: restore file context [info]: Finish uninstalling policy uninstalling
(8) Export policy package
# pav policy export my_demo_selinux . Finish exporting: export_my_demo_selinux.zip
Command manual: secPaver Command Manual
User manual：secPaver User Manual
We welcome new contributors to the project, and are pleased to provide guidance and assistance to new contributors. Before you contribute code, you need to sign CLA。
：Code submit frequency
：React/respond to issue & PR etc.
：Well-balanced team members and collaboration
：Recent popularity of project
：Star counts, download counts etc.