Bug 205893 - Strict policy not functional
Summary: Strict policy not functional
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
(Show other bugs)
Version: 6
Hardware: All Linux
medium
urgent
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-09-09 17:07 UTC by Ralf Spenneberg
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-18 17:18:16 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Ralf Spenneberg 2006-09-09 17:07:16 UTC
Description of problem:
The SELinux strict policy results in a disabled SELinux.

Version-Release number of selected component (if applicable):
2.3.13-3

How reproducible:
Always

Steps to Reproduce:
1. Install selinux-policy-strict
2. Configure /etc/selinux/config to: SELINUX=permissive, SELINUXTYPE=strict
3. Touch /.autorelabel
4. Reboot
  
Actual results:
No relabeling occurs. SELinux disabled

Expected results:
Relabeling. Strict policy loaded.

Additional info:

Comment 1 Darwin H. Webb 2006-09-12 02:19:15 UTC
rebooting for relabel to strict.
Policy avc on sepol (seems to be exec ) denied
Thus selinux can not continue with relable and halts.
Kernel trys to kill init.
dead, power off.

FC6T2 Desktop with all updates,

Darwin

Comment 2 Daniel Walsh 2006-09-13 17:59:37 UTC
I believe to get this to work, you need to boot in permissive mode, relabel,
then reboot in enforcing mode.


Note You need to log in before you can comment on or make changes to this bug.