Bug 205893 - Strict policy not functional
Summary: Strict policy not functional
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict
Version: 6
Hardware: All
OS: Linux
medium
urgent
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-09-09 17:07 UTC by Ralf Spenneberg
Modified: 2007-11-30 22:11 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2006-09-18 17:18:16 UTC


Attachments (Terms of Use)

Description Ralf Spenneberg 2006-09-09 17:07:16 UTC
Description of problem:
The SELinux strict policy results in a disabled SELinux.

Version-Release number of selected component (if applicable):
2.3.13-3

How reproducible:
Always

Steps to Reproduce:
1. Install selinux-policy-strict
2. Configure /etc/selinux/config to: SELINUX=permissive, SELINUXTYPE=strict
3. Touch /.autorelabel
4. Reboot
  
Actual results:
No relabeling occurs. SELinux disabled

Expected results:
Relabeling. Strict policy loaded.

Additional info:

Comment 1 Darwin H. Webb 2006-09-12 02:19:15 UTC
rebooting for relabel to strict.
Policy avc on sepol (seems to be exec ) denied
Thus selinux can not continue with relable and halts.
Kernel trys to kill init.
dead, power off.

FC6T2 Desktop with all updates,

Darwin

Comment 2 Daniel Walsh 2006-09-13 17:59:37 UTC
I believe to get this to work, you need to boot in permissive mode, relabel,
then reboot in enforcing mode.


Note You need to log in before you can comment on or make changes to this bug.