FC3 Strict Policy

[Jeremy Utley]

Hello Everyone!

I'm trying my first foray into experimenting with SELinux, and am
failing before I even get very far.  I've installed Fedora Core 3 and
have enabled the SELinux strict policy.  The only way I can log into
the system now is if I put the system into permissive mode.  Here's
the denied errors I'm getting:

May 27 15:15:18 localhost kernel: audit(1117232118.583:0): avc: 
denied  { getattr } for  pid=4380 exe=/sbin/unix_chkpwd
path=/var/run/winbindd dev=sda1 ino=1653914
scontext=system_u:system_r:system_chkpwd_t
tcontext=system_u:object_r:var_run_t tclass=dir
May 27 15:15:18 localhost kernel: audit(1117232118.586:0): avc:  denied  { read
write } for  pid=4381 exe=/sbin/unix_chkpwd name=tty2 dev=tmpfs
ino=2025 scontext=system_u:system_r:system_chkpwd_t
tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file
May 27 15:15:18 localhost kernel: audit(1117232118.589:0): avc: 
denied  { getattr } for  pid=4291 exe=/bin/login
path=/var/run/winbindd dev=sda1 ino=1653914
scontext=system_u:system_r:local_login_t
tcontext=system_u:object_r:var_run_t tclass=dir
May 27 15:15:18 localhost kernel: audit(1117232118.590:0): avc: 
denied  { getattr } for  pid=4291 exe=/bin/login path=/root dev=sda1
ino=1864129 scontext=system_u:system_r:local_login_t
tcontext=root:object_r:staff_home_dir_t tclass=dir

The system is fully up to date via yum.  I realize some problems can
be expected when using the strict policy as opposed to targeted - but
I can't believe the strict policy would ship in a configuration that
prevents logging into the system.

Anyone got any suggestions - I can't believe I'm the only person who's
faced this, but I did a lot of searching online and couldn't find
anything.

Jeremy