I'm new to SELinux, and have been banging my head against the wall on how to change from the targeted to the strict policy on my Fedora 7 box. I just figured out how to do it, and thought that it would be a good thing to have in the archive so others might more easily find a solution.
1 - Install the strict policy using the package manager. I used selinux-policy-strict-2.6.4-29.fc.noarch. 2 - Using the SELinux Administration tool, set the "system default policy type" to "strict". 3 - Set the "system default enforcing mode" to "permissive". 4 - Check "Relabel on next reboot". 3 - Reboot
If you leave enforcing mode set to the default of "enforcing" you'll get this error on reboot:
/sbin/init: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Permission denied Kernel panic - not syncing: Attempted to kill init!
Note, you can also make these changes via the command line by editing /etc/selinux/config, setup a relabel by touching /.autorelabel and rebooting.
Hope that helps someone.
--Patrick