SELinux零知识学习三、SELinux应用层源码下载、编译和安装

接前一篇文章：SELinux零知识学习二、相识

本文介绍如何下载、编译和安装SELinux应用层源码，以生成如getenforce、setenforce等工具。

一、SELinux Userspace源码下载

1. 源码主页

源码GitHub地址如下：

https://github.com/SELinuxProject/selinux

页面如下所示：

2. 下载指定版本

从上图中可以看到，最新稳定版本为3.5。

选择此版本进行下载。点击上图中链接进入以下页面：

下翻页面到最下方，如下图所示：

点击上图中的Source code(tar.gz)进行下载，实际链接为：https://github.com/SELinuxProject/selinux/archive/refs/tags/3.5.tar.gz。

3. 源码解压

源码下载后的文件为selinux-3.5.tar.gz。将其放到指定目录。

解压源码，命令及结果如下：

$ tar zxvf selinux-3.5.tar.gz 
……
selinux-3.5/secilc/test/policy.cil
selinux-3.5/semodule-utils/
selinux-3.5/semodule-utils/.gitignore
selinux-3.5/semodule-utils/LICENSE
selinux-3.5/semodule-utils/Makefile
selinux-3.5/semodule-utils/VERSION
selinux-3.5/semodule-utils/semodule_expand/
selinux-3.5/semodule-utils/semodule_expand/Makefile
selinux-3.5/semodule-utils/semodule_expand/ru/
selinux-3.5/semodule-utils/semodule_expand/ru/semodule_expand.8
selinux-3.5/semodule-utils/semodule_expand/semodule_expand.8
selinux-3.5/semodule-utils/semodule_expand/semodule_expand.c
selinux-3.5/semodule-utils/semodule_link/
selinux-3.5/semodule-utils/semodule_link/Makefile
selinux-3.5/semodule-utils/semodule_link/ru/
selinux-3.5/semodule-utils/semodule_link/ru/semodule_link.8
selinux-3.5/semodule-utils/semodule_link/semodule_link.8
selinux-3.5/semodule-utils/semodule_link/semodule_link.c
selinux-3.5/semodule-utils/semodule_package/
selinux-3.5/semodule-utils/semodule_package/Makefile
selinux-3.5/semodule-utils/semodule_package/ru/
selinux-3.5/semodule-utils/semodule_package/ru/semodule_package.8
selinux-3.5/semodule-utils/semodule_package/ru/semodule_unpackage.8
selinux-3.5/semodule-utils/semodule_package/semodule_package.8
selinux-3.5/semodule-utils/semodule_package/semodule_package.c
selinux-3.5/semodule-utils/semodule_package/semodule_unpackage.8
selinux-3.5/semodule-utils/semodule_package/semodule_unpackage.c

解压后进入到源码根目录。

$ cd selinux-3.5/

$ ls
checkpolicy   CONTRIBUTING.md  gui       libselinux   libsepol  Makefile  policycoreutils  README.md    sandbox  secilc       semodule-utils
CleanSpec.mk  dbus             lgtm.yml  libsemanage  LICENSE   mcstrans  python           restorecond  scripts  SECURITY.md  VERSION

$ ls -l
总计 92
drwxrwxr-x  4 penghao penghao 4096  2月23日 21:16 checkpolicy
-rw-rw-r--  1 penghao penghao   93  2月23日 21:16 CleanSpec.mk
-rw-rw-r--  1 penghao penghao 3722  2月23日 21:16 CONTRIBUTING.md
drwxrwxr-x  2 penghao penghao 4096  2月23日 21:16 dbus
drwxrwxr-x  4 penghao penghao 4096  2月23日 21:16 gui
-rw-rw-r--  1 penghao penghao  108  2月23日 21:16 lgtm.yml
drwxrwxr-x  6 penghao penghao 4096  2月23日 21:16 libselinux
drwxrwxr-x  8 penghao penghao 4096  2月23日 21:16 libsemanage
drwxrwxr-x  9 penghao penghao 4096  2月23日 21:16 libsepol
-rw-rw-r--  1 penghao penghao  289  2月23日 21:16 LICENSE
-rw-rw-r--  1 penghao penghao 1285  2月23日 21:16 Makefile
drwxrwxr-x  6 penghao penghao 4096  2月23日 21:16 mcstrans
drwxrwxr-x 15 penghao penghao 4096  2月23日 21:16 policycoreutils
drwxrwxr-x  8 penghao penghao 4096  2月23日 21:16 python
-rw-rw-r--  1 penghao penghao 5504  2月23日 21:16 README.md
drwxrwxr-x  3 penghao penghao 4096  2月23日 21:16 restorecond
drwxrwxr-x  4 penghao penghao 4096  2月23日 21:16 sandbox
drwxrwxr-x  3 penghao penghao 4096  2月23日 21:16 scripts
drwxrwxr-x  4 penghao penghao 4096  2月23日 21:16 secilc
-rw-rw-r--  1 penghao penghao 3202  2月23日 21:16 SECURITY.md
drwxrwxr-x  5 penghao penghao 4096  2月23日 21:16 semodule-utils
-rw-rw-r--  1 penghao penghao    4  2月23日 21:16 VERSION

二、SELinux Userspace源码编译

1. 清除

执行以下命令清除前次编译残余，命令及结果如下：

$ make clean distclean
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libsepol”
make -C src clean
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libsepol/src”
rm -f libsepol.pc libsepol.map assertion.o avrule_block.o avtab.o boolean_record.o booleans.o conditional.o constraint.o context.o context_record.o debug.o ebitmap.o expand.o handle.o hashtab.o hierarchy.o ibendport_record.o ibendports.o ibpkey_record.o ibpkeys.o iface_record.o interfaces.o kernel_to_cil.o kernel_to_common.o kernel_to_conf.o link.o mls.o module.o module_to_cil.o node_record.o nodes.o optimize.o polcaps.o policydb.o policydb_convert.o policydb_public.o policydb_validate.o port_record.o ports.o services.o sidtab.o symtab.o user_record.o users.o util.o write.o ../cil/src/cil.o ../cil/src/cil_binary.o ../cil/src/cil_build_ast.o ../cil/src/cil_copy_ast.o ../cil/src/cil_find.o ../cil/src/cil_fqn.o ../cil/src/cil_lexer.o ../cil/src/cil_list.o ../cil/src/cil_log.o ../cil/src/cil_mem.o ../cil/src/cil_parser.o ../cil/src/cil_policy.o ../cil/src/cil_post.o ../cil/src/cil_reset_ast.o ../cil/src/cil_resolve_ast.o ../cil/src/cil_stack.o ../cil/src/cil_strpool.o ../cil/src/cil_symtab.o ../cil/src/cil_tree.o ../cil/src/cil_verify.o ../cil/src/cil_write_ast.o assertion.lo avrule_block.lo avtab.lo boolean_record.lo booleans.lo conditional.lo constraint.lo context.lo context_record.lo debug.lo ebitmap.lo expand.lo handle.lo hashtab.lo hierarchy.lo ibendport_record.lo ibendports.lo ibpkey_record.lo ibpkeys.lo iface_record.lo interfaces.lo kernel_to_cil.lo kernel_to_common.lo kernel_to_conf.lo link.lo mls.lo module.lo module_to_cil.lo node_record.lo nodes.lo optimize.lo polcaps.lo policydb.lo policydb_convert.lo policydb_public.lo policydb_validate.lo port_record.lo ports.lo services.lo sidtab.lo symtab.lo user_record.lo users.lo util.lo write.lo ../cil/src/cil.lo ../cil/src/cil_binary.lo ../cil/src/cil_build_ast.lo ../cil/src/cil_copy_ast.lo ../cil/src/cil_find.lo ../cil/src/cil_fqn.lo ../cil/src/cil_lexer.lo ../cil/src/cil_list.lo ../cil/src/cil_log.lo ../cil/src/cil_mem.lo ../cil/src/cil_parser.lo ../cil/src/cil_policy.lo ../cil/src/cil_post.lo ../cil/src/cil_reset_ast.lo ../cil/src/cil_resolve_ast.lo ../cil/src/cil_stack.lo ../cil/src/cil_strpool.lo ../cil/src/cil_symtab.lo ../cil/src/cil_tree.lo ../cil/src/cil_verify.lo ../cil/src/cil_write_ast.lo libsepol.a  libsepol.so.2 libsepol.so ../cil/src/cil_lexer.c
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libsepol/src”
make -C utils clean
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libsepol/utils”
rm -f chkcon sepol_check_access sepol_compute_av sepol_compute_member sepol_compute_relabel sepol_validate_transition *.o 
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libsepol/utils”
make -C tests clean
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libsepol/tests”
rm -f debug.o helpers.o libsepol-tests.o test-common.o test-cond.o test-deps.o test-downgrade.o test-ebitmap.o test-expander-attr-map.o test-expander-roles.o test-expander-users.o test-expander.o test-linker-cond-map.o test-linker-roles.o test-linker-types.o test-linker.o test-neverallow.o libsepol-tests
rm -f policies/test-cond/refpolicy-base.conf.std policies/test-deps/base-metreq.conf.std policies/test-deps/base-notmetreq.conf.std policies/test-deps/modreq-attr-global.conf.std policies/test-deps/modreq-attr-opt.conf.std policies/test-deps/modreq-bool-global.conf.std policies/test-deps/modreq-bool-opt.conf.std policies/test-deps/modreq-obj-global.conf.std policies/test-deps/modreq-obj-opt.conf.std policies/test-deps/modreq-perm-global.conf.std policies/test-deps/modreq-perm-opt.conf.std policies/test-deps/modreq-role-global.conf.std policies/test-deps/modreq-role-opt.conf.std policies/test-deps/modreq-type-global.conf.std policies/test-deps/modreq-type-opt.conf.std policies/test-deps/module.conf.std policies/test-deps/small-base.conf.std policies/test-expander/alias-base.conf.std policies/test-expander/alias-module.conf.std policies/test-expander/base-base-only.conf.std policies/test-expander/module.conf.std policies/test-expander/role-base.conf.std policies/test-expander/role-module.conf.std policies/test-expander/small-base.conf.std policies/test-expander/user-base.conf.std policies/test-expander/user-module.conf.std policies/test-hooks/cmp_policy.conf.std policies/test-hooks/module_add_role_allow_trans.conf.std policies/test-hooks/module_add_symbols.conf.std policies/test-hooks/small-base.conf.std policies/test-linker/module1.conf.std policies/test-linker/module2.conf.std policies/test-linker/small-base.conf.std policies/test-neverallow/policy.conf.std policies/test-cond/refpolicy-base.conf.mls policies/test-deps/base-metreq.conf.mls policies/test-deps/base-notmetreq.conf.mls policies/test-deps/modreq-attr-global.conf.mls policies/test-deps/modreq-attr-opt.conf.mls policies/test-deps/modreq-bool-global.conf.mls policies/test-deps/modreq-bool-opt.conf.mls policies/test-deps/modreq-obj-global.conf.mls policies/test-deps/modreq-obj-opt.conf.mls policies/test-deps/modreq-perm-global.conf.mls policies/test-deps/modreq-perm-opt.conf.mls policies/test-deps/modreq-role-global.conf.mls policies/test-deps/modreq-role-opt.conf.mls policies/test-deps/modreq-type-global.conf.mls policies/test-deps/modreq-type-opt.conf.mls policies/test-deps/module.conf.mls policies/test-deps/small-base.conf.mls policies/test-expander/alias-base.conf.mls policies/test-expander/alias-module.conf.mls policies/test-expander/base-base-only.conf.mls policies/test-expander/module.conf.mls policies/test-expander/role-base.conf.mls policies/test-expander/role-module.conf.mls policies/test-expander/small-base.conf.mls policies/test-expander/user-base.conf.mls policies/test-expander/user-module.conf.mls policies/test-hooks/cmp_policy.conf.mls policies/test-hooks/module_add_role_allow_trans.conf.mls policies/test-hooks/module_add_symbols.conf.mls policies/test-hooks/small-base.conf.mls policies/test-linker/module1.conf.mls policies/test-linker/module2.conf.mls policies/test-linker/small-base.conf.mls policies/test-neverallow/policy.conf.mls
rm -f policies/test-downgrade/policy.hi policies/test-downgrade/policy.lo
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libsepol/tests”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libsepol”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libselinux”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/include”
rm -f selinux/*~
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/include”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/src”
rm -f python-3.10selinuxswig_python_wrap.lo python-3.10_selinux.so python-3.10audit2why.lo python-3.10audit2why.so
python3 setup.py clean
running clean
rm -rf build *~ \#* *pyc .#* selinux.egg-info/
rm -f selinuxswig_ruby_wrap.lo  ruby_selinux.so
rm -f libselinux.pc avc.o avc_internal.o avc_sidtab.o booleans.o callbacks.o canonicalize_context.o checkAccess.o check_context.o checkreqprot.o compute_av.o compute_create.o compute_member.o compute_relabel.o compute_user.o context.o deny_unknown.o disable.o enabled.o fgetfilecon.o freecon.o freeconary.o fsetfilecon.o get_context_list.o get_default_type.o get_initial_context.o getenforce.o getfilecon.o getpeercon.o init.o is_customizable_type.o label.o label_db.o label_file.o label_media.o label_support.o label_x.o lgetfilecon.o load_policy.o lsetfilecon.o mapping.o matchmediacon.o matchpathcon.o policyvers.o procattr.o query_user_context.o regex.o reject_unknown.o selinux_check_securetty_context.o selinux_config.o selinux_internal.o selinux_restorecon.o sestatus.o setenforce.o setexecfilecon.o setfilecon.o setrans_client.o seusers.o sha1.o stringrep.o validatetrans.o avc.lo avc_internal.lo avc_sidtab.lo booleans.lo callbacks.lo canonicalize_context.lo checkAccess.lo check_context.lo checkreqprot.lo compute_av.lo compute_create.lo compute_member.lo compute_relabel.lo compute_user.lo context.lo deny_unknown.lo disable.lo enabled.lo fgetfilecon.lo freecon.lo freeconary.lo fsetfilecon.lo get_context_list.lo get_default_type.lo get_initial_context.lo getenforce.lo getfilecon.lo getpeercon.lo init.lo is_customizable_type.lo label.lo label_db.lo label_file.lo label_media.lo label_support.lo label_x.lo lgetfilecon.lo load_policy.lo lsetfilecon.lo mapping.lo matchmediacon.lo matchpathcon.lo policyvers.lo procattr.lo query_user_context.lo regex.lo reject_unknown.lo selinux_check_securetty_context.lo selinux_config.lo selinux_internal.lo selinux_restorecon.lo sestatus.lo setenforce.lo setexecfilecon.lo setfilecon.lo setrans_client.lo seusers.lo sha1.lo stringrep.lo validatetrans.lo libselinux.a  libselinux.so.1 libselinux.so *.o *.lo *~
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/src”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/utils”
rm -f avcstat compute_av compute_create compute_member compute_relabel getconlist getdefaultcon getenforce getfilecon getpidcon getpidprevcon getsebool getseuser matchpathcon policyvers sefcontext_compile selabel_digest selabel_get_digests_all_partial_matches selabel_lookup selabel_lookup_best_match selabel_partial_match selinux_check_access selinux_check_securetty_context selinuxenabled selinuxexeccon setenforce setfilecon togglesebool validatetrans *.o *~
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/utils”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/man”
make[2]: 对“clean”无需做任何事。make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/man”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libselinux”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libsemanage”
make -C src clean
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libsemanage/src”
rm -f libsemanage.pc boolean_record.o booleans_active.o booleans_activedb.o booleans_file.o booleans_local.o booleans_policy.o booleans_policydb.o compressed_file.o context_record.o database.o database_activedb.o database_file.o database_join.o database_llist.o database_policydb.o debug.o direct_api.o fcontext_record.o fcontexts_file.o fcontexts_local.o fcontexts_policy.o genhomedircon.o handle.o ibendport_record.o ibendports_file.o ibendports_local.o ibendports_policy.o ibendports_policydb.o ibpkey_record.o ibpkeys_file.o ibpkeys_local.o ibpkeys_policy.o ibpkeys_policydb.o iface_record.o interfaces_file.o interfaces_local.o interfaces_policy.o interfaces_policydb.o modules.o node_record.o nodes_file.o nodes_local.o nodes_policy.o nodes_policydb.o parse_utils.o policy_components.o port_record.o ports_file.o ports_local.o ports_policy.o ports_policydb.o semanage_store.o seuser_record.o seusers_file.o seusers_local.o seusers_policy.o sha256.o user_base_record.o user_extra_record.o user_record.o users_base_file.o users_base_policydb.o users_extra_file.o users_join.o users_local.o users_policy.o utilities.o conf-scan.o conf-parse.o boolean_record.lo booleans_active.lo booleans_activedb.lo booleans_file.lo booleans_local.lo booleans_policy.lo booleans_policydb.lo compressed_file.lo context_record.lo database.lo database_activedb.lo database_file.lo database_join.lo database_llist.lo database_policydb.lo debug.lo direct_api.lo fcontext_record.lo fcontexts_file.lo fcontexts_local.lo fcontexts_policy.lo genhomedircon.lo handle.lo ibendport_record.lo ibendports_file.lo ibendports_local.lo ibendports_policy.lo ibendports_policydb.lo ibpkey_record.lo ibpkeys_file.lo ibpkeys_local.lo ibpkeys_policy.lo ibpkeys_policydb.lo iface_record.lo interfaces_file.lo interfaces_local.lo interfaces_policy.lo interfaces_policydb.lo modules.lo node_record.lo nodes_file.lo nodes_local.lo nodes_policy.lo nodes_policydb.lo parse_utils.lo policy_components.lo port_record.lo ports_file.lo ports_local.lo ports_policy.lo ports_policydb.lo semanage_store.lo seuser_record.lo seusers_file.lo seusers_local.lo seusers_policy.lo sha256.lo user_base_record.lo user_extra_record.lo user_record.lo users_base_file.lo users_base_policydb.lo users_extra_file.lo users_join.lo users_local.lo users_policy.lo utilities.lo conf-scan.lo conf-parse.lo libsemanage.a libsemanage.so.2 python-3.10semanageswig_wrap.lo python-3.10_semanage.so ruby_semanage.so libsemanage.so conf-parse.c conf-parse.h conf-scan.c *.o *.lo *~
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libsemanage/src”
make -C tests clean
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libsemanage/tests”
rm -rf libsemanage-tests.o test_bool.o test_fcontext.o test_handle.o test_ibendport.o test_iface.o test_node.o test_other.o test_port.o test_semanage_store.o test_user.o test_utilities.o utilities.o test_bool.policy test_fcontext.policy test_handle.policy test_ibendport.policy test_iface.policy test_node.policy test_port.policy test_user.policy libsemanage-tests
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libsemanage/tests”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libsemanage”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/checkpolicy”
rm -f checkpolicy checkmodule y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o policy_define.o checkpolicy.o y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o policy_define.o checkmodule.o y.tab.c y.tab.h lex.yy.c
make -C test clean
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/checkpolicy/test”
rm -f dispol dismod *.o 
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/checkpolicy/test”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/checkpolicy”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/secilc”
rm -f secilc
rm -f secilc.o
rm -f secil2conf
rm -f secil2conf.o
rm -f secil2tree
rm -f secil2tree.o
rm -f policy.*
rm -f file_contexts
rm -f secilc.8
rm -f secil2conf.8
rm -f secil2tree.8
rm -f opt-actual.cil
rm -f opt-actual.bin
make -C docs clean
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/secilc/docs”
rm -rf /home/penghao/SELinux_related/selinux-3.5/secilc/docs/html
rm -rf /home/penghao/SELinux_related/selinux-3.5/secilc/docs/pdf
rm -rf /home/penghao/SELinux_related/selinux-3.5/secilc/docs/tmp
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/secilc/docs”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/secilc”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/setfiles”
rm -f setfiles restorecon restorecon_xattr *.o
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/setfiles”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/load_policy”
rm -f load_policy *.o 
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/load_policy”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/newrole”
rm -f newrole *.o 
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/newrole”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/run_init”
rm -f open_init_pty run_init *.o 
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/run_init”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/secon”
rm -f *.o core* secon *~ *.bak
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/secon”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/sestatus”
rm -f sestatus *.o
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/sestatus”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/semodule”
rm -f semodule *.o genhomedircon
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/semodule”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/setsebool”
rm -f setsebool *.o
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/setsebool”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/scripts”
make[2]: 对“clean”无需做任何事。make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/scripts”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/po”
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/po”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/man”
make[2]: 对“clean”无需做任何事。make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/man”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/hll”
make[3]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/hll/pp”
rm -f pp pp.o
make[3]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/hll/pp”
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils/hll”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/policycoreutils”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/dbus”
make[1]: 对“clean”无需做任何事。make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/dbus”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/gui”
(cd po && make clean)
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/gui/po”
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/gui/po”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/gui”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/mcstrans”
rm -f *~ \#*
make -C src clean
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/mcstrans/src”
rm -f    mcstransd mcstrans.o mcscolor.o mcstransd.o mls_level.o *~ \#*
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/mcstrans/src”
make -C utils clean
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/mcstrans/utils”
rm -f transcon untranscon *.o *~ \#*
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/mcstrans/utils”
make -C man clean
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/mcstrans/man”
rm -f *~ \#*
rm -f man5/*~ man5/\#*
rm -f man8/*~ man8/\#*
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/mcstrans/man”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/mcstrans”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/python”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/python/sepolicy”
python3 setup.py clean
running clean
rm -rf build *~ \#* *pyc .#* sepolicy.egg-info/
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/python/sepolicy”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/python/audit2allow”
rm -f *~ *.o sepolgen-ifgen-attr-helper test_dummy_policy
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/python/audit2allow”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/python/semanage”
make[2]: 对“clean”无需做任何事。make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/python/semanage”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/python/sepolgen”
make -C src clean
make[3]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/python/sepolgen/src”
make -C sepolgen clean
make[4]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/python/sepolgen/src/sepolgen”
rm -f parser.out parsetab.py
rm -f *~ *.pyc
rm -rf __pycache__
make[4]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/python/sepolgen/src/sepolgen”
make -C share clean
make[4]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/python/sepolgen/src/share”
rm -f *~
make[4]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/python/sepolgen/src/share”
rm -f *~ *.pyc
rm -f parser.out parsetab.py
make[3]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/python/sepolgen/src”
make -C tests clean
make[3]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/python/sepolgen/tests”
rm -f *~ *.pyc
rm -f parser.out parsetab.py
rm -f out.txt
rm -f module_compile_test.fc
rm -f module_compile_test.if
rm -f module_compile_test.pp
rm -f output
rm -rf __pycache__ tmp
make[3]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/python/sepolgen/tests”
rm -f *~ *.pyc
rm -f parser.out parsetab.py
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/python/sepolgen”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/python/chcat”
make[2]: 对“clean”无需做任何事。make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/python/chcat”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/python/po”
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/python/po”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/python”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/restorecond”
rm -f restorecond *.o *~
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/restorecond”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/sandbox”
rm -f seunshare *.o *~
(cd po && make clean)
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/sandbox/po”
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/sandbox/po”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/sandbox”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/semodule-utils”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/semodule-utils/semodule_package”
rm -f semodule_package semodule_unpackage *.o
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/semodule-utils/semodule_package”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/semodule-utils/semodule_link”
rm -f semodule_link *.o
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/semodule-utils/semodule_link”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/semodule-utils/semodule_expand”
rm -f semodule_expand *.o
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/semodule-utils/semodule_expand”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/semodule-utils”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libselinux”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/include”
rm -f selinux/*~
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/include”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/src”
rm -f python-3.10selinuxswig_python_wrap.lo python-3.10_selinux.so python-3.10audit2why.lo python-3.10audit2why.so
python3 setup.py clean
running clean
rm -rf build *~ \#* *pyc .#* selinux.egg-info/
rm -f selinuxswig_ruby_wrap.lo  ruby_selinux.so
rm -f libselinux.pc avc.o avc_internal.o avc_sidtab.o booleans.o callbacks.o canonicalize_context.o checkAccess.o check_context.o checkreqprot.o compute_av.o compute_create.o compute_member.o compute_relabel.o compute_user.o context.o deny_unknown.o disable.o enabled.o fgetfilecon.o freecon.o freeconary.o fsetfilecon.o get_context_list.o get_default_type.o get_initial_context.o getenforce.o getfilecon.o getpeercon.o init.o is_customizable_type.o label.o label_db.o label_file.o label_media.o label_support.o label_x.o lgetfilecon.o load_policy.o lsetfilecon.o mapping.o matchmediacon.o matchpathcon.o policyvers.o procattr.o query_user_context.o regex.o reject_unknown.o selinux_check_securetty_context.o selinux_config.o selinux_internal.o selinux_restorecon.o sestatus.o setenforce.o setexecfilecon.o setfilecon.o setrans_client.o seusers.o sha1.o stringrep.o validatetrans.o avc.lo avc_internal.lo avc_sidtab.lo booleans.lo callbacks.lo canonicalize_context.lo checkAccess.lo check_context.lo checkreqprot.lo compute_av.lo compute_create.lo compute_member.lo compute_relabel.lo compute_user.lo context.lo deny_unknown.lo disable.lo enabled.lo fgetfilecon.lo freecon.lo freeconary.lo fsetfilecon.lo get_context_list.lo get_default_type.lo get_initial_context.lo getenforce.lo getfilecon.lo getpeercon.lo init.lo is_customizable_type.lo label.lo label_db.lo label_file.lo label_media.lo label_support.lo label_x.lo lgetfilecon.lo load_policy.lo lsetfilecon.lo mapping.lo matchmediacon.lo matchpathcon.lo policyvers.lo procattr.lo query_user_context.lo regex.lo reject_unknown.lo selinux_check_securetty_context.lo selinux_config.lo selinux_internal.lo selinux_restorecon.lo sestatus.lo setenforce.lo setexecfilecon.lo setfilecon.lo setrans_client.lo seusers.lo sha1.lo stringrep.lo validatetrans.lo libselinux.a  libselinux.so.1 libselinux.so *.o *.lo *~
rm -f selinuxswig_python_wrap.c selinuxswig_ruby_wrap.c selinuxswig_python_wrap.c selinuxswig_python_exception.i python-3.10_selinux.so selinux.py
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/src”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/utils”
rm -f avcstat compute_av compute_create compute_member compute_relabel getconlist getdefaultcon getenforce getfilecon getpidcon getpidprevcon getsebool getseuser matchpathcon policyvers sefcontext_compile selabel_digest selabel_get_digests_all_partial_matches selabel_lookup selabel_lookup_best_match selabel_partial_match selinux_check_access selinux_check_securetty_context selinuxenabled selinuxexeccon setenforce setfilecon togglesebool validatetrans *.o *~
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/utils”
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/man”
make[2]: 对“distclean”无需做任何事。make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libselinux/man”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libselinux”
make[1]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libsemanage”
make -C src distclean
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libsemanage/src”
rm -f libsemanage.pc boolean_record.o booleans_active.o booleans_activedb.o booleans_file.o booleans_local.o booleans_policy.o booleans_policydb.o compressed_file.o context_record.o database.o database_activedb.o database_file.o database_join.o database_llist.o database_policydb.o debug.o direct_api.o fcontext_record.o fcontexts_file.o fcontexts_local.o fcontexts_policy.o genhomedircon.o handle.o ibendport_record.o ibendports_file.o ibendports_local.o ibendports_policy.o ibendports_policydb.o ibpkey_record.o ibpkeys_file.o ibpkeys_local.o ibpkeys_policy.o ibpkeys_policydb.o iface_record.o interfaces_file.o interfaces_local.o interfaces_policy.o interfaces_policydb.o modules.o node_record.o nodes_file.o nodes_local.o nodes_policy.o nodes_policydb.o parse_utils.o policy_components.o port_record.o ports_file.o ports_local.o ports_policy.o ports_policydb.o semanage_store.o seuser_record.o seusers_file.o seusers_local.o seusers_policy.o sha256.o user_base_record.o user_extra_record.o user_record.o users_base_file.o users_base_policydb.o users_extra_file.o users_join.o users_local.o users_policy.o utilities.o conf-scan.o conf-parse.o boolean_record.lo booleans_active.lo booleans_activedb.lo booleans_file.lo booleans_local.lo booleans_policy.lo booleans_policydb.lo compressed_file.lo context_record.lo database.lo database_activedb.lo database_file.lo database_join.lo database_llist.lo database_policydb.lo debug.lo direct_api.lo fcontext_record.lo fcontexts_file.lo fcontexts_local.lo fcontexts_policy.lo genhomedircon.lo handle.lo ibendport_record.lo ibendports_file.lo ibendports_local.lo ibendports_policy.lo ibendports_policydb.lo ibpkey_record.lo ibpkeys_file.lo ibpkeys_local.lo ibpkeys_policy.lo ibpkeys_policydb.lo iface_record.lo interfaces_file.lo interfaces_local.lo interfaces_policy.lo interfaces_policydb.lo modules.lo node_record.lo nodes_file.lo nodes_local.lo nodes_policy.lo nodes_policydb.lo parse_utils.lo policy_components.lo port_record.lo ports_file.lo ports_local.lo ports_policy.lo ports_policydb.lo semanage_store.lo seuser_record.lo seusers_file.lo seusers_local.lo seusers_policy.lo sha256.lo user_base_record.lo user_extra_record.lo user_record.lo users_base_file.lo users_base_policydb.lo users_extra_file.lo users_join.lo users_local.lo users_policy.lo utilities.lo conf-scan.lo conf-parse.lo libsemanage.a libsemanage.so.2 python-3.10semanageswig_wrap.lo python-3.10_semanage.so ruby_semanage.so libsemanage.so conf-parse.c conf-parse.h conf-scan.c *.o *.lo *~
rm -f semanageswig_wrap.c semanageswig_ruby_wrap.c semanageswig_python_exception.i  python-3.10_semanage.so semanage.py 
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libsemanage/src”
make -C tests distclean
make[2]: 进入目录“/home/penghao/SELinux_related/selinux-3.5/libsemanage/tests”
rm -rf libsemanage-tests.o test_bool.o test_fcontext.o test_handle.o test_ibendport.o test_iface.o test_node.o test_other.o test_port.o test_semanage_store.o test_user.o test_utilities.o utilities.o test_bool.policy test_fcontext.policy test_handle.policy test_ibendport.policy test_iface.policy test_node.policy test_port.policy test_user.policy libsemanage-tests
make[2]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libsemanage/tests”
make[1]: 离开目录“/home/penghao/SELinux_related/selinux-3.5/libsemanage”

2. 编译安装

运行以下命令进行编译和安装，命令及结果如下：

$ sudo make DESTDIR=/ install install-pywrap
……
cc -O2 -Werror -Wall -Wextra -Wfloat-equal -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wmissing-prototypes -Wnull-dereference -Wpointer-arith -Wshadow -Wstrict-prototypes -Wundef -Wunused -Wwrite-strings -fno-common -I//usr/include -I../include -D_GNU_SOURCE -c -o seuser_record.o seuser_record.c
cc -O2 -Werror -Wall -Wextra -Wfloat-equal -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wmissing-prototypes -Wnull-dereference -Wpointer-arith -Wshadow -Wstrict-prototypes -Wundef -Wunused -Wwrite-strings -fno-common -I//usr/include -I../include -D_GNU_SOURCE -c -o seusers_file.o seusers_file.c
cc -O2 -Werror -Wall -Wextra -Wfloat-equal -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wmissing-prototypes -Wnull-dereference -Wpointer-arith -Wshadow -Wstrict-prototypes -Wundef -Wunused -Wwrite-strings -fno-common -I//usr/include -I../include -D_GNU_SOURCE -c -o seusers_local.o seusers_local.c
seusers_local.c:11:10: 致命错误：libaudit.h：没有那个文件或目录   11 | #include <libaudit.h>
      |          ^~~~~~~~~~~~
编译中断。make[2]: *** [Makefile:111：seusers_local.o] 错误 1
make[2]: 离开目录“/home/penghao/SELinux_Related/selinux-3.5/libsemanage/src”
make[1]: *** [Makefile:15：install] 错误 2
make[1]: 离开目录“/home/penghao/SELinux_Related/selinux-3.5/libsemanage”
make: *** [Makefile:40：install] 错误 1

出现了错误：seusers_local.c:11:10: 致命错误：libaudit.h：没有那个文件或目录。如何解决？

这里要先安装Audit应用层。请参见下一篇章进行Audit应用的源码下载、编译和安装。之后再回到此处。

————————————————————————————————————————————————————
————————————————————————————————————————————————————

能到这里的，想必已经完成了Audit相关组件的安装了。再次执行编译安装命令，结果如下：

$ sudo make DESTDIR=/ install install-pywrap
……
cc -O2 -Werror -Wall -Wextra -Wfloat-equal -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wmissing-prototypes -Wnull-dereference -Wpointer-arith -Wshadow -Wstrict-prototypes -Wundef -Wunused -Wwrite-strings -fno-common -I//usr/include -DHAVE_DBUS -pthread -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include   -c -o watch.o watch.c
cc -L//usr/lib -L//usr/lib -o restorecond restore.o restorecond.o utmpwatcher.o stringslist.o user.o watch.o -lselinux -lgio-2.0 -lgobject-2.0 -lglib-2.0
[ -d //usr/share/man/man8 ] || mkdir -p //usr/share/man/man8
mkdir -p //usr/sbin
install -m 755 restorecond //usr/sbin
install -m 644 restorecond.8 //usr/share/man/man8
for lang in ru ; do \
        if [ -e ${lang} ] ; then \
                [ -d //usr/share/man/${lang}/man8 ] || mkdir -p //usr/share/man/${lang}/man8 ; \
                install -m 644 ${lang}/*.8 //usr/share/man/${lang}/man8/ ; \
        fi ; \
done
mkdir -p //etc/rc.d/init.d
install -m 755 restorecond.init //etc/rc.d/init.d/restorecond
mkdir -p //etc/selinux
install -m 644 restorecond.conf //etc/selinux/restorecond.conf
install -m 644 restorecond_user.conf //etc/selinux/restorecond_user.conf
mkdir -p //etc/xdg/autostart
install -m 644 restorecond.desktop //etc/xdg/autostart/restorecond.desktop
mkdir -p //usr/share/dbus-1/services
install -m 644 org.selinux.Restorecond.service  //usr/share/dbus-1/services/org.selinux.Restorecond.service
mkdir -p //usr/lib/systemd/system
install -m 644 restorecond.service //usr/lib/systemd/system
mkdir -p //usr/lib/systemd/user
install -m 644 restorecond_user.service //usr/lib/systemd/user
make[1]: 离开目录“/home/penghao/SELinux_Related/selinux-3.5/restorecond”
make[1]: 进入目录“/home/penghao/SELinux_Related/selinux-3.5/sandbox”
cc -O2 -Werror -Wall -Wextra -Wfloat-equal -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wmissing-prototypes -Wnull-dereference -Wpointer-arith -Wshadow -Wstrict-prototypes -Wundef -Wunused -Wwrite-strings -fno-common -I//usr/include -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra -W   -c -o seunshare.o seunshare.c
seunshare.c:22:10: 致命错误：cap-ng.h：没有那个文件或目录   22 | #include <cap-ng.h>
      |          ^~~~~~~~~~
编译中断。make[1]: *** [<内置>：seunshare.o] 错误 1
make[1]: 离开目录“/home/penghao/SELinux_Related/selinux-3.5/sandbox”
make: *** [Makefile:40：install] 错误 1

可以看到，虽然前一个问题解决了，但还是有错误：seunshare.c:22:10: 致命错误：cap-ng.h：没有那个文件或目录   22 | #include <cap-ng.h>。这个错误又该如何解决？

这里要先安装libcap-ng。请参见下下篇章进行libcap-ng的源码下载、编译和安装。之后再回到此处。

————————————————————————————————————————————————————
————————————————————————————————————————————————————

能到这里的，想必已经完成了libcap-ng相关组件的安装了。再次执行编译安装命令，结果如下：

penghao@Ding-Perlis-MP26JBT0:~/SELinux_Related/selinux-3.5$ sudo make DESTDIR=/ install install-pywrap
……
python3 -m pip install --prefix=/usr `test -n "/" && echo --root / --ignore-installed --no-deps`  .
Processing /home/penghao/SELinux_Related/selinux-3.5/libselinux/src
  Preparing metadata (setup.py) ... done
Using legacy 'setup.py install' for selinux, since package 'wheel' is not installed.
Installing collected packages: selinux
  Running setup.py install for selinux ... done
Successfully installed selinux-3.5
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
WARNING: You are using pip version 22.0.4; however, version 23.0.1 is available.
You should consider upgrading via the '/usr/local/bin/python3 -m pip install --upgrade pip' command.
install -m 644 selinux.py //usr/lib/python3.10/site-packages/selinux/__init__.py
ln -sf --relative //usr/lib/python3.10/site-packages/selinux/_selinux.cpython-310-x86_64-linux-gnu.so //usr/lib/python3.10/site-packages/_selinux.cpython-310-x86_64-linux-gnu.so
make[2]: 离开目录“/home/penghao/SELinux_Related/selinux-3.5/libselinux/src”
make[1]: 离开目录“/home/penghao/SELinux_Related/selinux-3.5/libselinux”
make[1]: 进入目录“/home/penghao/SELinux_Related/selinux-3.5/libsemanage”
make -C src install-pywrap
make[2]: 进入目录“/home/penghao/SELinux_Related/selinux-3.5/libsemanage/src”
bash -e exception.sh > semanageswig_python_exception.i || (rm -f semanageswig_python_exception.i ; false)
swig -Wall -python -o semanageswig_wrap.c -outdir ./ semanageswig_python.i
cc -O2 -Werror -Wall -Wextra -Wfloat-equal -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wmissing-prototypes -Wnull-dereference -Wpointer-arith -Wshadow -Wstrict-prototypes -Wundef -Wunused -Wwrite-strings -fno-common -I//usr/include -I../include -D_GNU_SOURCE -Wno-error -Wno-unused-but-set-variable -Wno-unused-variable -Wno-shadow -Wno-unused-parameter -Wno-missing-prototypes -I/usr/include/python3.10 -fPIC -DSHARED -c -o python-3.10semanageswig_wrap.lo semanageswig_wrap.c
在函数‘SWIG_Python_NewShadowInstance’中,
    内联自‘SWIG_Python_NewPointerObj.constprop’于 semanageswig_wrap.c:2684:22:
semanageswig_wrap.c:2539:13: 警告：potential null pointer dereference [-Wnull-dereference]
 2539 |   PyObject *newraw = data->newraw;
      |             ^~~~~~
cc -O2 -Werror -Wall -Wextra -Wfloat-equal -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wmissing-prototypes -Wnull-dereference -Wpointer-arith -Wshadow -Wstrict-prototypes -Wundef -Wunused -Wwrite-strings -fno-common -I//usr/include -I../include -D_GNU_SOURCE -L//usr/lib -L//usr/lib -L. -shared -o python-3.10_semanage.so python-3.10semanageswig_wrap.lo -lsemanage 
test -d //usr/lib/python3.10/site-packages || install -m 755 -d //usr/lib/python3.10/site-packages
install -m 755 python-3.10_semanage.so //usr/lib/python3.10/site-packages/_semanage.cpython-310-x86_64-linux-gnu.so
install -m 644 semanage.py //usr/lib/python3.10/site-packages
make[2]: 离开目录“/home/penghao/SELinux_Related/selinux-3.5/libsemanage/src”
make[1]: 离开目录“/home/penghao/SELinux_Related/selinux-3.5/libsemanage”

3. 拷贝配置文件

拷贝config文件到/etc/selinux/下。config文件内容如下：

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# default - equivalent to the old strict and targeted policies
# mls     - Multi-Level Security (for military and educational use)
# src     - Custom policy built from source
SELINUXTYPE=default

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

拷贝前：

$ ls /etc/selinux/
restorecond.conf  restorecond_user.conf  semanage.conf

拷贝后：

$ ls /etc/selinux/
config  restorecond.conf  restorecond_user.conf  semanage.conf

至此，SELinux应用层源码下载、编译和安装就全部完成了。

此时尝试执行getenforce命令，如下所示：

$ getenforce
Disabled

尝试执行setenforce命令，如下所示：

$ setenforce 1
setenforce: SELinux is disabled

尝试执行sestatus命令，如下所示：

$ sestatus -v
SELinux status:                 disabled

先不管结果，至少getenforce、setenforce和sestatus命令已经有了：

$ which setenforce
/usr/sbin/setenforce

$ which getenforce
/usr/sbin/getenforce

$ which sestatus
/usr/bin/sestatus

这就说明SELinux应用层已经组件安装完成了。

至于“SELinux is disabled”的问题（上一篇博客中也有提及），则请参见后续专门文章。