Installing MLS policy on Fedora 9

Stephen Smalley sds at tycho.nsa.gov
Fri Nov 21 18:38:33 UTC 2008


On Fri, 2008-11-21 at 12:08 -0500, Elihu Smails wrote:
> I have installed Fedora 9 and wanted to install the MLS Policy.  I
> performed the following steps:
> 
> 1. Install Fedora 9
> 2. Install Patches
> 3. Reboot
> 4. yum install -y selinux-policy-mls
> 5. Open /etc/selinux/config and change the following:
> SELINUX=enforcing
> SELINUXTYPE=targeted
> 
> to
> 
> SELINUX=permissive
> SELINUXTYPE=mls
> 
> 6. touch /.autorelabel
> 7. Reboot.  The relabelling works fine
> 8. Set SELINUX to enforcing in /etc/selinux/config
> 9. Reboot.  I get many error messages about the file system and it
> drops me into a single user shell.
> 
> Can someone please tell me what the proper steps are.

I think we'd have to see the details of the errors, but the LSPP
configuration only covers a subset of the system and of course was for a
specific set of RHEL5 packages.

If you boot permissive instead, what avc messages do you get?

-- 
Stephen Smalley
National Security Agency




More information about the selinux mailing list