Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

The strict policy model no longer exists. These days the strict policy model is merged into the targeted policy model.

This means that the targeted policy model can be tuned to (roughly) the equivalent of the old strict policy model.

In a nutshell this can be done by associating your Linux identities with SELinux identities that are associated with roles that are associated with strict types (LOL)

After that you would disable both the unconfined, as well as the unconfineduser policy modules (in permissive mode), and relabel the file system

As for the MLS policy model: I sincerely doubt that this policy model works on Fedora currently due to systemd. The security policy probably needs to be adjusted to the new system/session manager.

I do have some videos about MLS policy in RHEL6 (not so much on enabled it, but more on how to use it):

https://www.youtube.com/watch?v=HRMC2gKCax4

https://www.youtube.com/watch?v=qeJUC753wg0

The strict policy model no longer exists. These days the strict policy model is merged into the targeted policy model.

This means that the targeted policy model can be tuned to (roughly) the equivalent of the old strict policy model.

In a nutshell this can be done by associating your Linux identities with SELinux identities that are associated with roles that are associated with strict types (LOL)

After that you would disable both the unconfined, as well as the unconfineduser policy modules (in permissive mode), and relabel the file systemsystem (restorecon -R -v -F /), and then reboot

As for the MLS policy model: I sincerely doubt that this policy model works on Fedora currently due to systemd. The security policy probably needs to be adjusted to the new system/session manager.

I do have some videos about MLS policy in RHEL6 (not so much on enabled it, but more on how to use it):

https://www.youtube.com/watch?v=HRMC2gKCax4

https://www.youtube.com/watch?v=qeJUC753wg0

The strict policy model no longer exists. These days the strict policy model is merged into the targeted policy model.

This means that the targeted policy model can be tuned to (roughly) the equivalent of the old strict policy model.

In a nutshell this can be done by associating your Linux identities with SELinux identities that are associated with roles that are associated with strict types (LOL)

After that you would disable both the unconfined, as well as the unconfineduser policy modules (in permissive mode), relabel the file system (restorecon -R -v -F /), and then reboot

As for the MLS policy model: I sincerely doubt that this policy model works on Fedora currently due to systemd. The security policy probably needs to be adjusted to the new system/session manager.

I do have some videos about MLS policy in RHEL6 (not so much on enabled enabling it, but more on how to use it):

https://www.youtube.com/watch?v=HRMC2gKCax4

https://www.youtube.com/watch?v=qeJUC753wg0