[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Enabling the strict policy on Fedora 7
- From: Patrick McNeal <mcneal umich edu>
- To: fedora-selinux-list redhat com
- Subject: Enabling the strict policy on Fedora 7
- Date: Thu, 2 Aug 2007 14:36:54 -0400
I'm new to SELinux, and have been banging my head against the wall on
how to change from the targeted to the strict policy on my Fedora 7
box. I just figured out how to do it, and thought that it would be a
good thing to have in the archive so others might more easily find a
solution.
1 - Install the strict policy using the package manager. I used
selinux-policy-strict-2.6.4-29.fc.noarch.
2 - Using the SELinux Administration tool, set the "system default
policy type" to "strict".
3 - Set the "system default enforcing mode" to "permissive".
4 - Check "Relabel on next reboot".
3 - Reboot
If you leave enforcing mode set to the default of "enforcing" you'll
get this error on reboot:
/sbin/init: error while loading shared libraries: libsepol.so.1:
failed to map segment from shared object: Permission denied
Kernel panic - not syncing: Attempted to kill init!
Note, you can also make these changes via the command line by
editing /etc/selinux/config, setup a relabel by
touching /.autorelabel and rebooting.
Hope that helps someone.
--Patrick
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]