FC6 SELinux issues

[Daniel J Walsh]

Gene Czarcinski wrote:
> On Thursday 05 October 2006 10:29, Daniel J Walsh wrote:
>   
>> MLS Policy is a server only policy.  IE We don not support X-Windows.  
>> So if you want to change to MLS you need to remove all X-Windows
>> software and relabel.  Then it should work, but you need to understand
>> how an MLS environment works.
>>     
>
> OK, I can understand that.  However, the release notes (or some other release 
> documentation) should point this out.  Given this situation and vmware, I 
> will create some server-only guests to try things out.
>
>   
>> Strict policy is not heavily tested in Fedora.  Most people run
>> targeted.  We will look at any problems that you have with it, though.
>>     
>
> Ditto on documentation.  When I first tried SELinux in FC2, "strict" was it 
> but everything more or less worked.
>
>   
A lot has changed since FC2 :^)
> At this point, I have no idea as to the kernel panic cause on the Dell 350 and 
> may not be able to address that given other circumstances.  However, I did 
> notice that a number of services did have startup and/or shutdown 
> problems ... this occurred on both strict and mls although at this point I do 
> not know if they are the same services.
>
>   
>> There is not that much difference between strict and targeted policy at
>> this point on the system space side and I want to work on adding
>> Userspace confinement via targeted policy and booleans in the future.  
>> So people can begin to confine userspace if they so choose.
>>     
>
> Given the same services, some do not work properly under strict but function 
> just fine under targeted.
>   
Please get avc messages for any case where this happens.