I have been running FC6T3 plus updates and an even more recent install from FC6 development (selinux targeted and enforcing) and everything is looking very good. Since I follow the LSPP list and know that a lot of work has been done with the mls policy for RHEL 5 (and FC6), I thought I would give it a try. Before I spend time putting in bugzilla reports since it going to take time to gather the documentation, I am hoping some of this is known. This testing was done with clean installs on hardware and using vmware. 1. install selinux-policy-mls and switch to it using the system-config-security tool ... then reboot and do the relabeling (enforcing=0). Then reboot again (enforcing=1) ... oops, an almost immediate kernel panic! 2. OK, get the system back up in targeted mode. I then thought I would try strict ... install selinx-policy-strict ... then reboot and do the relabeling (enforcing=0). Ten reboot again (enforcing=1) ... better ... no kernel panic ... but not much better since some services fail starting and, when I logon as root, I cannot do anything. This is NOT GOOD!!! 3. While doing the above tests, I tried using the system-config-security gui tool to change the policy. I booted up with enforcing=0 and then tried the tool to change back to targeted. Since I run targeted with enforcing, I left the tool specification as enforcing. Unfortunately, the tool sets enforcing for the runtime system BEFORE it changes /etc/sysconfig/selinux file. Folks, this does not look ready for prime time as close as we are to final! While I do not expect everything to work, I do expect a bit more than what I got. From what I saw, this should be easily repeatable by developers. As I said, it is going to take me a bit of time to gather documentation for bugzilla reports. I hope that someone out there can give these policies a try to see if they can duplicate what I experienced. -- Gene Czarcinski -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
