FC5, SELinux strict, and kickstart
Shintaro Fujiwara
shin216 at xf7.so-net.ne.jp
Tue Oct 10 14:32:50 UTC 2006
I run a server on strict policy.
I tell you what I did.
First you should put your network plug off.
And set permissive strict.
And you should make a module by /var/log/messages
And reboot.
Then you should make a module by audit.log
You should make a module every service, because
you want to make it strict.
I suggest you to make it Enforcing and every time
you get denied messages, you allow one by one.
You can consule SELinux FAQ or Mr. Dan Walsh's blog.
I struggled on cron for a month, but you can
consult interfaces conserning cron.
I advise you take advantage on interfaces.
Patience is all you need.
You will be rewarded.
Anyway, strict policy I heard not tested well,
so, if you succeeded, please let us know.
I somehow managed apache,mysql,postgresql,
dns,no-ip(my original)...
And remember no one can complain what you did.
Security is a private issue but don't bother anybody.
2006-10-10 (火) の 09:23 -0400 に David Nedrow さんは書きました:
> Has anyone successfully installed FC5 while specifying the strict
> policy via kickstart?
>
> I've made the changes recommended in the FC5 SELinux FAQ (adding %
> package entry for selinux-policy-strict and lokkit/touch lines to
> kickstart), but when the system boots everything seems to hang. If I
> boot permissive, I see a ton of entries in the audit log that appear
> to relate to virtually every step of the boot process.
>
> The odd thing is, if I install manually from the DVD, everything
> works fine. It's only when I try an automated network build that
> things seem to fall apart.
>
>
> Does this question more properly belong to the kickstart list?
>
> Any help will be appreciated.
>
> -David
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the selinux
mailing list