AFAIK, only 'targeted' policy is applied by default on a freshly installed Fedora. How can I enable 'strict' or 'mls' policies? Do they work out-of-the-box?
Are they even maintained?
The strict policy model no longer exists. These days the strict policy model is merged into the targeted policy model.
This means that the targeted policy model can be tuned to (roughly) the equivalent of the old strict policy model.
In a nutshell this can be done by associating your Linux identities with SELinux identities that are associated with roles that are associated with strict types (LOL)
After that you would disable both the unconfined, as well as the unconfineduser policy modules (in permissive mode), relabel the file system (restorecon -R -v -F /), and then reboot
As for the MLS policy model: I sincerely doubt that this policy model works on Fedora currently due to systemd. The security policy probably needs to be adjusted to the new system/session manager.
I do have some videos about MLS policy in RHEL6 (not so much on enabling it, but more on how to use it):
Hello, they are fully maintained. May I know the reason why you want to enable them? Because it does not make much sense to enable them on a workstation, they are intended for multi-user or server environments. There is some good documentation out there, for example:
There you can read more about MLS or STRICT modes, how to enable them and work with them. But it is likely that STRICT policy will stop your workstation from working and MLS policy will make no change until you define first level. But I am not an expert, read the docs :-D
Asked: 2013-11-21 23:59:22 -0600
Seen: 721 times
Last updated: Nov 22 '13
Ask Fedora is community maintained and Red Hat or Fedora Project is not responsible for content. Content on this site is licensed under a CC-BY-SA 3.0 license.
