Bug 486354 - Cannot boot RHEL5.3 with strict enforcing selinux
Cannot boot RHEL5.3 with strict enforcing selinux
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
x86_64 Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Walsh
: SELinux
Depends On:
  Show dependency treegraph
Reported: 2009-02-19 09:01 EST by josh.kayse
Modified: 2009-09-02 03:59 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-02 03:59:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description josh.kayse 2009-02-19 09:01:22 EST
Description of problem:
Using a default installation of RHEL 5.3 with strict selinux policy you cannot boot in enforcing.

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
1. Install RHEL5.3
2. Install selinux-policy-strict
3. Set SELINUX=enforcing and SELINUXTYPE=strict
4. Run restorecon -Ri /
5. Reboot
Actual results:
Cannot boot.

Expected results:
Boots successfully

Additional info:
It is fixed using the policy located at http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/
Comment 1 rob 2009-02-19 09:48:27 EST
http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/ currently contains:
selinux-policy-strict-2.4.6-212.el5 which boots.
Comment 2 Daniel Walsh 2009-02-19 10:47:42 EST
Yes strict and MLS policies are only supported for use with a professional services engagement, but I have been working to fix problems in 5.3 strict policy which you see in the preliminary 5.4 policy.

I also have added the guest user so you can build policies for a least privileged user.

Fixed in selinux-policy-strict-2.4.6-212.el5
Comment 8 errata-xmlrpc 2009-09-02 03:59:55 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.