> > I'm having trouble to active SELinux on our RHEL 6 Linux system. We have > > some sort of special installation framework (cobbler and puppet) and > > initially disabled SELinux (which is fine) > > > > [output from Kickstart] ... selinux --disabled ... %packages --excludedocs > > --nobase kernel yum openssh-server openssh-clients audit logrotate > > tmpwatch vixie-cron crontabs ksh ntp perl bind-utils sudo which sendmail > > wget redhat-lsb rsync authconfig lsof unzip sharutils logwatch libacl > > nfs-utils lcsetup -firstboot -tftp-server -system-config-soundcard > > -libselinux-python -selinux-policy -libselinux-utils > > -selinux-policy-targeted ... > > > > But for some high Security Risk systems, it's required to turn it on > > anyway. So I followed the guidance on: > > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi > > ty-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enab > > ling_and_Disabling_SELinux.html to enable SELinux again on these systems > > > > Unfortunately does the system not initiate SELinux correctly nor do I see > > any hint where the problem is: > > > > tgl90a-8401 root:/etc/init $ sestatus SELinux status: > > disabled tgl90a-8401 root:/etc/init $ cat /etc/selinux/config # This file > > controls the state of SELinux on the system. # SELINUX= can take one of > > these three values: # enforcing - SELinux security policy is enforced. > > # permissive - SELinux prints warnings instead of enforcing. # > > disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE= > > can take one of these two values: # targeted - Targeted processes are > > protected, # mls - Multi Level Security protection. > > SELINUXTYPE=targeted > > > > > > The only thing I can see is: tgl90a-8401 root:/etc/init $ cat > > /var/log/messages Jun 13 13:41:30 tgl90a-8401 kernel: SELinux: > > Initializing. > > > > > > Does anybody know if I need additional packages on the system or any > > special setting set? If tried "permissive" mode with /.autorelable - which > > didn't work either I also installed @Base Group to ensure nothing is > > missing - but still the same result > > > > I've tried it with the same setup on RHEL 5 which perfectly worked - but > > not on RHEL 6! So I'm really looking forward to get some hints/tips > > > > Thanks and all the best, Si > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > > Do you have selinux-policy-targeted package installed? Yes, both packages have been installed: tgl90a-8401 root:/etc/init $ rpm -qa | grep selinux-policy selinux-policy-targeted-3.7.19-126.el6_2.10.noarch selinux-policy-3.7.19-126.el6_2.10.noarch Like I said, I strictly followed the instruction on http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html -> In section 5.4.1.1 the packages are stated and all of them have been installed tgl90a-8401 root:/etc/init $ rpm -qa | grep sel libselinux-2.0.94-5.2.el6.x86_64 libselinux-ruby-2.0.94-5.2.el6.x86_64 libselinux-python-2.0.94-5.2.el6.x86_64 selinux-policy-targeted-3.7.19-126.el6_2.10.noarch libselinux-utils-2.0.94-5.2.el6.x86_64 selinux-policy-3.7.19-126.el6_2.10.noarch tgl90a-8401 root:/etc/init $ rpm -qa | grep set setserial-2.17-25.el6.x86_64 setools-libs-python-3.3.7-4.el6.x86_64 setuptool-1.19.9-3.el6.x86_64 setools-libs-3.3.7-4.el6.x86_64 setroubleshoot-plugins-3.0.16-1.el6.noarch setroubleshoot-3.0.38-2.1.el6.x86_64 setroubleshoot-server-3.0.38-2.1.el6.x86_64 Thanks and all the best, Si -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
