This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 486354 - Cannot boot RHEL5.3 with strict enforcing selinux
Cannot boot RHEL5.3 with strict enforcing selinux
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.3
x86_64 Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Walsh
BaseOS QE
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-19 09:01 EST by josh.kayse
Modified: 2009-09-02 03:59 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-02 03:59:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description josh.kayse 2009-02-19 09:01:22 EST
Description of problem:
Using a default installation of RHEL 5.3 with strict selinux policy you cannot boot in enforcing.

Version-Release number of selected component (if applicable):

selinux-policy-devel-2.4.6-203.el5
selinux-policy-2.4.6-203.el5
selinux-policy-targeted-2.4.6-203.el5
selinux-policy-strict-2.4.6-203.el5


How reproducible:
Always

Steps to Reproduce:
1. Install RHEL5.3
2. Install selinux-policy-strict
3. Set SELINUX=enforcing and SELINUXTYPE=strict
4. Run restorecon -Ri /
5. Reboot
  
Actual results:
Cannot boot.

Expected results:
Boots successfully

Additional info:
It is fixed using the policy located at http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/
Comment 1 rob 2009-02-19 09:48:27 EST
http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/ currently contains:
selinux-policy-strict-2.4.6-212.el5 which boots.
Comment 2 Daniel Walsh 2009-02-19 10:47:42 EST
Yes strict and MLS policies are only supported for use with a professional services engagement, but I have been working to fix problems in 5.3 strict policy which you see in the preliminary 5.4 policy.

I also have added the guest user so you can build policies for a least privileged user.

Fixed in selinux-policy-strict-2.4.6-212.el5
Comment 8 errata-xmlrpc 2009-09-02 03:59:55 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1242.html

Note You need to log in before you can comment on or make changes to this bug.