Enabling the strict policy on Fedora 7
Patrick McNeal
mcneal at umich.edu
Thu Aug 2 18:36:54 UTC 2007
I'm new to SELinux, and have been banging my head against the wall on
how to change from the targeted to the strict policy on my Fedora 7
box. I just figured out how to do it, and thought that it would be a
good thing to have in the archive so others might more easily find a
solution.
1 - Install the strict policy using the package manager. I used
selinux-policy-strict-2.6.4-29.fc.noarch.
2 - Using the SELinux Administration tool, set the "system default
policy type" to "strict".
3 - Set the "system default enforcing mode" to "permissive".
4 - Check "Relabel on next reboot".
3 - Reboot
If you leave enforcing mode set to the default of "enforcing" you'll
get this error on reboot:
/sbin/init: error while loading shared libraries: libsepol.so.1:
failed to map segment from shared object: Permission denied
Kernel panic - not syncing: Attempted to kill init!
Note, you can also make these changes via the command line by
editing /etc/selinux/config, setup a relabel by
touching /.autorelabel and rebooting.
Hope that helps someone.
--Patrick
More information about the fedora-selinux-list
mailing list