I run a server on strict policy. I tell you what I did. First you should put your network plug off. And set permissive strict. And you should make a module by /var/log/messages And reboot. Then you should make a module by audit.log You should make a module every service, because you want to make it strict. I suggest you to make it Enforcing and every time you get denied messages, you allow one by one. You can consule SELinux FAQ or Mr. Dan Walsh's blog. I struggled on cron for a month, but you can consult interfaces conserning cron. I advise you take advantage on interfaces. Patience is all you need. You will be rewarded. Anyway, strict policy I heard not tested well, so, if you succeeded, please let us know. I somehow managed apache,mysql,postgresql, dns,no-ip(my original)... And remember no one can complain what you did. Security is a private issue but don't bother anybody. 2006-10-10 (火) の 09:23 -0400 に David Nedrow さんは書きました: > Has anyone successfully installed FC5 while specifying the strict > policy via kickstart? > > I've made the changes recommended in the FC5 SELinux FAQ (adding % > package entry for selinux-policy-strict and lokkit/touch lines to > kickstart), but when the system boots everything seems to hang. If I > boot permissive, I see a ton of entries in the audit log that appear > to relate to virtually every step of the boot process. > > The odd thing is, if I install manually from the DVD, everything > works fine. It's only when I try an automated network build that > things seem to fall apart. > > > Does this question more properly belong to the kickstart list? > > Any help will be appreciated. > > -David > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
