Re: FC2 SELinux Installation issue (Newbie)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks! I checked /etc/sysconfig/selinux file and set "SELinux=enforcing" (in all the documentation I read, I have never seen this file mentioned anywhere). Of course, now I have another problem. When I boot into SELinux kernel, I am asked to enter runlevel (I put either 3 or 5 and got the same results). After that I get whole bunch of "avc: denied {read} message for /bin/bash and the system just hangs. Is my policy set up wrong? Can someone point me to a sample policy I can test on my machine? I would really appreciate that!
Thanks,


Olga Gelbart
Department of Computer Science
The George Washington University

Don Patterson wrote:

Because SELinux is disabled by default in FC2, you need to change the
SELinux mode to either permissive mode or enforcing mode. It sounds like you
may have this set to "SELINUX=Disabled" in the configuration file, which
turns enforcing off and skips loading a policy at boot. See
http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/index.html#id29341
53 for more information.

Don Patterson
Tresys Technology
www.tresys.com

-----Original Message-----
From: fedora-selinux-list-bounces@xxxxxxxxxx
[mailto:fedora-selinux-list-bounces@xxxxxxxxxx] On Behalf Of Olga Gelbart
Sent: Friday, June 25, 2004 3:26 PM
To: Fedora SELinux support list for users & developers.
Subject: FC2 SELinux Installation issue (Newbie)

Hello everyone,
Sorry for a newbie question. I have never worked with SELinux before.
I am a doctoral student in computer science, and as part of my research project I have to install SELinux. I have a FC2 (2.6.6 kernel) machine. I downloaded, compiled and installed an SELinux-patched 2.6.6 kernel from NSA, then I installed the user utilities (policycoreutils, libselinux, etc -- downloaded from NSA's website as well). Since I have FC2, I am assuming that I don't need to install patched utitilies, since they are now included into FC2. I only have root user at this point, so I didn't edit the default policy file that came with the installation. I just did a 'make relabel' and booted into the SELinux kernel. If I just log in and run, for e.g., "ls -Z" I get the error that the kernel has to support SELinux. If I then cd into /etc/security/selinux/src/policy and do a "make load", then 'ls -Z' or 'id' work properly and show me the context. Now if I reboot, it the system forgets what I just did, and I have to do a 'make load' again.
Something is not starting up at boot, I would guess. I tried 'selinux=1' at boot, but that doesn't change anything.


I would really appreciate it it anyone has any suggestions.

thanks a lot,
Olga Gelbart
Department of Computer Science
The George Washington University

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux