Re: Unable to activate SELinux (on RHEL 6.2)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/13/2012 08:14 AM, Simon Reber wrote:
> Hi all,
> 
> I'm having trouble to active SELinux on our RHEL 6 Linux system. We have
> some sort of special installation framework (cobbler and puppet) and
> initially disabled SELinux (which is fine)
> 
> [output from Kickstart] ... selinux --disabled ... %packages --excludedocs
> --nobase kernel yum openssh-server openssh-clients audit logrotate 
> tmpwatch vixie-cron crontabs ksh ntp perl bind-utils sudo which sendmail 
> wget redhat-lsb rsync authconfig lsof unzip sharutils logwatch libacl 
> nfs-utils lcsetup -firstboot -tftp-server -system-config-soundcard 
> -libselinux-python -selinux-policy -libselinux-utils 
> -selinux-policy-targeted ...
> 
> But for some high Security Risk systems, it's required to turn it on 
> anyway. So I followed the guidance on: 
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi 
> ty-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enab 
> ling_and_Disabling_SELinux.html to enable SELinux again on these systems
> 
> Unfortunately does the system not initiate SELinux correctly nor do I see
> any hint where the problem is:
> 
> tgl90a-8401 root:/etc/init $ sestatus SELinux status:
> disabled tgl90a-8401 root:/etc/init $ cat /etc/selinux/config # This file
> controls the state of SELinux on the system. # SELINUX= can take one of
> these three values: #     enforcing - SELinux security policy is enforced. 
> #     permissive - SELinux prints warnings instead of enforcing. #
> disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE=
> can take one of these two values: #     targeted - Targeted processes are
> protected, #     mls - Multi Level Security protection. 
> SELINUXTYPE=targeted
> 
> 
> The only thing I can see is: tgl90a-8401 root:/etc/init $ cat
> /var/log/messages Jun 13 13:41:30 tgl90a-8401 kernel: SELinux:
> Initializing.
> 
> 
> Does anybody know if I need additional packages on the system or any 
> special setting set? If tried "permissive" mode with /.autorelable - which
> didn't work either I also installed @Base Group to ensure nothing is
> missing - but still the same result
> 
> I've tried it with the same setup on RHEL 5 which perfectly worked - but 
> not on RHEL 6! So I'm really looking forward to get some hints/tips
> 
> Thanks and all the best, Si
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 

Do you have selinux-policy-targeted package installed?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/YioAACgkQrlYvE4MpobMTLACfRNVKTiMaNIdP0R4KeS59srbl
nUkAoOXefWtKyw+Dciq1Yt1N2hmQdr2Y
=dNZV
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux