Description of problem: The SELinux strict policy results in a disabled SELinux. Version-Release number of selected component (if applicable): 2.3.13-3 How reproducible: Always Steps to Reproduce: 1. Install selinux-policy-strict 2. Configure /etc/selinux/config to: SELINUX=permissive, SELINUXTYPE=strict 3. Touch /.autorelabel 4. Reboot Actual results: No relabeling occurs. SELinux disabled Expected results: Relabeling. Strict policy loaded. Additional info:
rebooting for relabel to strict. Policy avc on sepol (seems to be exec ) denied Thus selinux can not continue with relable and halts. Kernel trys to kill init. dead, power off. FC6T2 Desktop with all updates, Darwin
I believe to get this to work, you need to boot in permissive mode, relabel, then reboot in enforcing mode.