Yes, if you want to have user roles and domains, you need strict policy.
targeted policy lacks the infrastructure for user roles and domains; it
only knows about daemons.
Ah, unfortunately RHEL4 didn't ship with a strict policy included.
You can take it up with your Red Hat support person, or grab the
selinux-policy-strict* packages from Fedora Core (in the latter case,
you will likely want to also upgrade your other SELinux-related
packages, e.g. libsepol, libsepol-devel, libselinux, libselinux-devel,
checkpolicy, policycoreutils, setools, setools-gui).
That is a bummer ! I read that redhat (even in rhel5) is not supporting the
strict policy. Since we're running a lot of 3rd party products (oracle,
websphere, openview, controlm, ...) , i doubt that managment will be willing
to take the risk of running unsupported.
I'll have to address my supperiors, but i fear it might be over-and-out for
selinux.
Neverrtheless, thanks for the support and your time !