Tuesday, July 18, 2006

SELinux Strict Policy on Fedora Core 5

Fedora Core 5 will not successfully boot using the SELinux strict policy. It seems that the policy is soooo strict, that it will not let init execute. Here's a work around, for those of you that have too much sanity and patience.

1. Edit /boot/grub/grub.conf, and remove rhgb from the each kernel line.
2. Edit /etc/inittab and set the runlevel to 3.
3. Edit /etc/sysconfig/selinux and set SELINUX to permissive and SELINUXTYPE to strict.
4. Edit /etc/rc.d/rc.local and append the following line:
        setenforce 1
5. Execute the command touch /.autorelabel.
6. Add an unprivileged user and assign a password, as root is about to become impotent.
7. Reboot.

During this reboot, you will see a message about relabeling the file system. This will take several minutes. The system will start in the Permissive mode, then will switch to strict. Congratulations, and good luck... You'll need it.

No comments:

Post a Comment