> -----Original Message----- > From: selinux-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:selinux- > bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Simon Reber > Sent: 13 June 2012 13:57 > > > > I'm having trouble to active SELinux on our RHEL 6 Linux system. We > > > have some sort of special installation framework (cobbler and > > > puppet) and initially disabled SELinux (which is fine) > > > > > > [output from Kickstart] ... selinux --disabled ... %packages > > > --excludedocs --nobase kernel yum openssh-server openssh-clients > > > audit logrotate tmpwatch vixie-cron crontabs ksh ntp perl bind- > utils > > > sudo which sendmail wget redhat-lsb rsync authconfig lsof unzip > > > sharutils logwatch libacl nfs-utils lcsetup -firstboot -tftp-server > > > -system-config-soundcard -libselinux-python -selinux-policy > > > -libselinux-utils -selinux-policy-targeted ... > > > > > > But for some high Security Risk systems, it's required to turn it > on > > > anyway. So I followed the guidance on: > > > http://docs.redhat.com/docs/en- > US/Red_Hat_Enterprise_Linux/6/html/Se > > > curi > > > ty-Enhanced_Linux/sect-Security-Enhanced_Linux- > Working_with_SELinux- > > > Enab ling_and_Disabling_SELinux.html to enable SELinux again on > > > these systems > > > > > > Unfortunately does the system not initiate SELinux correctly nor do > > > I see any hint where the problem is: > > > > > > tgl90a-8401 root:/etc/init $ sestatus SELinux status: > > > disabled tgl90a-8401 root:/etc/init $ cat /etc/selinux/config # > This > > > file controls the state of SELinux on the system. # SELINUX= can > take one of > > > these three values: # enforcing - SELinux security policy is > enforced. > > > # permissive - SELinux prints warnings instead of enforcing. # > > > disabled - No SELinux policy is loaded. SELINUX=permissive # > SELINUXTYPE= > > > can take one of these two values: # targeted - Targeted > processes are > > > protected, # mls - Multi Level Security protection. > > > SELINUXTYPE=targeted > > > > > > > > > The only thing I can see is: tgl90a-8401 root:/etc/init $ cat > > > /var/log/messages Jun 13 13:41:30 tgl90a-8401 kernel: SELinux: > > > Initializing. > > > > > > > > > Does anybody know if I need additional packages on the system or > any > > > special setting set? If tried "permissive" mode with /.autorelable > - > > > which didn't work either I also installed @Base Group to ensure > > > nothing is missing - but still the same result > > > > > > I've tried it with the same setup on RHEL 5 which perfectly worked > - > > > but not on RHEL 6! So I'm really looking forward to get some > > > hints/tips > > > > > > Thanks and all the best, Si > > > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > > > > > Do you have selinux-policy-targeted package installed? > Yes, both packages have been installed: > > tgl90a-8401 root:/etc/init $ rpm -qa | grep selinux-policy selinux- > policy-targeted-3.7.19-126.el6_2.10.noarch > selinux-policy-3.7.19-126.el6_2.10.noarch > > Like I said, I strictly followed the instruction on > http://docs.redhat.com/docs/en- > US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect- > Security-Enhanced_Linux-Working_with_SELinux- > Enabling_and_Disabling_SELinux.html > -> In section 5.4.1.1 the packages are stated and all of them > have been installed > > tgl90a-8401 root:/etc/init $ rpm -qa | grep sel > libselinux-2.0.94-5.2.el6.x86_64 > libselinux-ruby-2.0.94-5.2.el6.x86_64 > libselinux-python-2.0.94-5.2.el6.x86_64 > selinux-policy-targeted-3.7.19-126.el6_2.10.noarch > libselinux-utils-2.0.94-5.2.el6.x86_64 > selinux-policy-3.7.19-126.el6_2.10.noarch > > tgl90a-8401 root:/etc/init $ rpm -qa | grep set > setserial-2.17-25.el6.x86_64 > setools-libs-python-3.3.7-4.el6.x86_64 > setuptool-1.19.9-3.el6.x86_64 > setools-libs-3.3.7-4.el6.x86_64 > setroubleshoot-plugins-3.0.16-1.el6.noarch > setroubleshoot-3.0.38-2.1.el6.x86_64 > setroubleshoot-server-3.0.38-2.1.el6.x86_64 What about $ rpm -qa \*sem\* libsemanage-2.0.43-4.1.el6.x86_64 This is interesting: $ rpm -q --whatrequires libsemanage no package requires libsemanage I'm fairly certain that isn't true. Moray. “To err is human; to purr, feline.” -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
