Welcome to my website. I am always posting links to photo albums, art, technology and other creations. Everything that you will see on my numerous personal sites is powered by the formVistaTM Website Management Engine.

icon.linkedin.jpgicon.twitter.jpg

  • Configuring CentOS to run SELinux in Strict Mode
    08/29/2011 5:05PM

    I am in the process of setting up some CentOS/RHEL 6 servers to run SELinux in strict mode.? What follows are notes, links to online resources and things that I am discovering along the way.? Once I am finished I will go back and re-write it to follow more of a how-to/guide type format.? In the meantime, it might seem a bit disjointed.

    Links/Resources:

    • http://wiki.centos.org/HowTos/SELinux
    • http://fedoraproject.org/wiki/SELinux
    • http://www.centos.org/docs/5/html/Deployment_Guide-en-US/rhlcommon-chapter-0001.html
    • http://www.nsa.gov/research/selinux/index.shtml

    MaintLog Notes:

    • Make sure that the selinux-policy-strict package (and deps) are installed:
    • # yum install selinux-policy-strict
    • After installing the policy I was unable to reboot as I hadn't relabeled the file system properly.? If having problems booting try:
    • # genhomedircon
    • # touch /.autorelabel
    • # reboot
    • After successfully booting with strict mode enabled you will not be able to do the things that you would normally expect as a root user.?This is because your root shell does not have access to the system administrator role.? To do so invoke the newrole command:
    • # newrole -r sysadmin_r
    • LEFTOFF: it seems semanage isn't installed.? I'll need to restart with selinux disabled to install it so that I can sort out running newrole properly:? see: http://www.spinics.net/lists/selinux/msg09681.html
    • Make sure that the semanage package is installed: # yum install libsemanage


Advanced Search

Categories

Archives