SkillAgentSearch skills...

Selinux

PKGBUILDs to build SELinux enabled packages for Arch Linux

GenerateConvertImprove

Install / Use

/learn @archlinuxhardened/Selinux
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

build

PKGBUILDs for SELinux support in Arch Linux

Complete documentation will soon be available at: https://wiki.archlinux.org/index.php/SELinux

Authors

Authors are credited in the PKGBUILD file for each package.

Binary repository

The releases page functions as a pacman repository. It can also be used when installing Arch Linux using base-selinux -package instead of plain base.

To use it, add the following lines to your /etc/pacman.conf:

[selinux]
Server = https://github.com/archlinuxhardened/selinux/releases/download/ArchLinux-SELinux
SigLevel = Never

While the repository remains unsigned, SigLevel has to be set to Never.

Build order

Remember to build as a non-root user, and to keep a root logged-in console to install packages (especially for sudo/shadow/pam packages).

First, we build all packages from the SELinux userspace project. They do not replace any official Arch Linux packages:

  • libsepol
  • libselinux
  • secilc
  • checkpolicy
  • setools
  • libsemanage
  • semodule-utils
  • policycoreutils
  • selinux-dbus-config
  • selinux-gui
  • selinux-python
  • selinux-sandbox
  • mcstrans
  • restorecond

This makes it possible to install a pacman hook which relabels files when installing and updating packages:

  • selinux-alpm-hook

Now we start replacing core packages:

  • pambase-selinux
  • pam-selinux
  • coreutils-selinux shadow-selinux cronie-selinux sudo-selinux
  • util-linux-selinux
  • systemd-selinux
  • logrotate-selinux
  • dbus-selinux

Optional but very nice to have:

  • openssh-selinux findutils-selinux iproute2-selinux psmisc-selinux

Policy

There is not yet a SELinux policy for Arch. To build a policy, here are some useful links:

  • https://github.com/SELinuxProject/refpolicy The Reference Policy
  • https://github.com/pebenito/refpolicy ongoing work to include a systemd policy in the refpolicy (announcement: http://oss.tresys.com/pipermail/refpolicy/2014-October/007430.html)
  • http://anonscm.debian.org/cgit/selinux/refpolicy.git/tree/debian/patches Debian patches for refpolicy package (including systemd patches)
  • https://github.com/selinux-policy/selinux-policy/tree/rawhide-base Fedora policy

Related Skills

node-connect

339.5k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

frontend-design

83.9k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

openai-whisper-api

339.5k

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).

commit-push-pr

83.9k

Commit, push, and open a PR

archlinuxhardened

View profile

View on GitHub
GitHub Stars172
CategoryDevelopment
Updated11d ago
Forks32
archlinuxhardened/selinux

Languages

Shell

Security Score

80/100

Audited on Mar 17, 2026

No findings