Red Hat Bugzilla – Bug 486354
Cannot boot RHEL5.3 with strict enforcing selinux
Last modified: 2009-09-02 03:59:55 EDT
Description of problem:
Using a default installation of RHEL 5.3 with strict selinux policy you cannot boot in enforcing.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install RHEL5.3
2. Install selinux-policy-strict
3. Set SELINUX=enforcing and SELINUXTYPE=strict
4. Run restorecon -Ri /
It is fixed using the policy located at http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/
http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/ currently contains:
selinux-policy-strict-2.4.6-212.el5 which boots.
Yes strict and MLS policies are only supported for use with a professional services engagement, but I have been working to fix problems in 5.3 strict policy which you see in the preliminary 5.4 policy.
I also have added the guest user so you can build policies for a least privileged user.
Fixed in selinux-policy-strict-2.4.6-212.el5
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.