Bug 205893 - Strict policy not functional
Strict policy not functional
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
6
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-09 13:07 EDT by Ralf Spenneberg
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-18 13:18:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ralf Spenneberg 2006-09-09 13:07:16 EDT
Description of problem:
The SELinux strict policy results in a disabled SELinux.

Version-Release number of selected component (if applicable):
2.3.13-3

How reproducible:
Always

Steps to Reproduce:
1. Install selinux-policy-strict
2. Configure /etc/selinux/config to: SELINUX=permissive, SELINUXTYPE=strict
3. Touch /.autorelabel
4. Reboot
  
Actual results:
No relabeling occurs. SELinux disabled

Expected results:
Relabeling. Strict policy loaded.

Additional info:
Comment 1 Darwin H. Webb 2006-09-11 22:19:15 EDT
rebooting for relabel to strict.
Policy avc on sepol (seems to be exec ) denied
Thus selinux can not continue with relable and halts.
Kernel trys to kill init.
dead, power off.

FC6T2 Desktop with all updates,

Darwin
Comment 2 Daniel Walsh 2006-09-13 13:59:37 EDT
I believe to get this to work, you need to boot in permissive mode, relabel,
then reboot in enforcing mode.

Note You need to log in before you can comment on or make changes to this bug.