Configuring CentOS to run SELinux in Strict Mode

I am in the process of setting up some CentOS/RHEL 6 servers to run SELinux in strict mode. What follows are notes, links to online resources and things that I am discovering along the way. Once I am finished I will go back and re-write it to follow more of a how-to/guide type format. In the meantime, it might seem a bit disjointed.



MaintLog Notes:

  • Make sure that the selinux-policy-strict package (and deps) are installed:
  • # yum install selinux-policy-strict
  • After installing the policy I was unable to reboot as I hadn’t relabeled the file system properly. If having problems booting try:
  • # genhomedircon
  • # touch /.autorelabel
  • # reboot
  • After successfully booting with strict mode enabled you will not be able to do the things that you would normally expect as a root user.This is because your root shell does not have access to the system administrator role. To do so invoke the newrole command:
  • # newrole -r sysadmin_r
  • LEFTOFF: it seems semanage isn’t installed. I’ll need to restart with selinux disabled to install it so that I can sort out running newrole properly:? see:
  • Make sure that the semanage package is installed: # yum install libsemanage

Leave a Reply