On Fri, Jan 12, 2018 at 04:53:36AM -0000, rbs s wrote:
I had followed the tutorial  earlier. But in that case, on system restart, boot fails
with an error:
systemd : Failed to initialize SELinux context: No such file or directory".
Then I had to set the boot parameter selinux=0 to boot it.
So next I tried using "make load". And since the config file said SELINUXTYPE
can take one of the 3 values listed in it(targeted, minimum, mls), I got confused and
didn't change the value.
The comment in /etc/selinux/config in Fedora is little bit misleading.
It applies only for Fedora provided policies targeted, mls and minimum.
But if you need to use your own policy with a different name, you need
to change SELINUXTYPE, see man selinux_config:
The policy_name entry is used to identify the policy type, and becomes the
directory name of where the policy and its configuration files are located.
The entry can be determined using the sestatus(8) command or
The policy_name is relative to a path that is defined within the SELinux
subsystem that can be retrieved by using selinux_path(3). An example entry retrieved by
The policy_name is then appended to this and becomes the 'policy
root' location that can be retrieved by selinux_policy_root_path(3). An example entry
The actual binary policy is located relative to this directory and also has
a policy name pre-allocated. This information can be retrieved using
selinux_binary_policy_path(3). An example entry retrieved by selinux_binary_policy_path(3)
The binary policy name has by convention the SELinux policy version that it
supports appended to it. The maximum policy version supported by the kernel can be
determined using the sestatus(8) command or security_policyvers(3). An example binary
policy file with
the version is:
If you want to use refpolicy which is stored in /etc/selinux/refpolicy
you need to set