RE: SELinux disabled after installation through Kickstart

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Thomas,

I think I don't have any SELINUX support on the kernel:

[root@X ~]# egrep CONFIG_SECURITY_SELINUX /lib/modules/$(uname -r)/config

I tried with an older kernel on a different machine:

[root ~@Y]$ egrep SELI /boot/config-3.10.0-693.11.6.el7.x86_64 
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set

But again this is an old kernel. Do the modules stayed the same?

Thanks!


-----Original Message-----
From: Thomas Cameron <thomas.cameron@xxxxxxxxxxxxxxx> 
Sent: Tuesday, September 17, 2019 15:41
To: selinux@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: SELinux disabled after installation through Kickstart


This mail originated from outside our organisation - thomas.cameron@xxxxxxxxxxxxxxx

On 9/17/19 1:41 PM, Jose Vicente Nunez wrote:
> Hello all,
>
> I did a installation through Kickstart and installed a custom kernel; On my kickstart file I explicitly told kickstart to warn about violations but not to enforce:
>
> selinux --permissive
>
> However after the system comes up I can see than SELinux is completely disabled:
>
> [root@X ~]# getenforce
> Disabled
>
> My /etc/selinux/config seems to have the right settings:
>
> SELINUX=permissive
> SELINUXTYPE=targeted
>
> Any pointers where I can look up for issues?
> Could be my custom kernel who is causing this issue?
>
> I'm learning the ropes with SELinux so any help will be greatly appreciated.
>
> Thanks.
> _______________________________________________
> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe 
> send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: 
> https://clicktime.symantec.com/3EgrZ2j2A83SR957H1kq4Co6H2?u=https%3A%2
> F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F
> List Guidelines: 
> https://clicktime.symantec.com/34hskBxxfQn4F1MfvS8b5um6H2?u=https%3A%2
> F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines
> List Archives: 
> https://clicktime.symantec.com/35Zyhb6sQoq1Mvas99YVNn36H2?u=https%3A%2
> F%2Flists.fedoraproject.org%2Farchives%2Flist%2Fselinux%40lists.fedora
> project.org

It's probably either 1) your custom kernel - you didn't compile selinux support in, or 2) your kickstart is so stripped down that you don't have what you need for selinux to work.

I'm leaning towards 1.

Thomas
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://clicktime.symantec.com/3EgrZ2j2A83SR957H1kq4Co6H2?u=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F
List Guidelines: https://clicktime.symantec.com/34hskBxxfQn4F1MfvS8b5um6H2?u=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines
List Archives: https://clicktime.symantec.com/35Zyhb6sQoq1Mvas99YVNn36H2?u=https%3A%2F%2Flists.fedoraproject.org%2Farchives%2Flist%2Fselinux%40lists.fedoraproject.org

_________________________________________________________________________________________________________________________________________________________________________________________________________________________________

This message is for information purposes only, it is not a recommendation, advice, offer or solicitation to buy or sell a product or service nor an official confirmation of any transaction. It is directed at persons who are professionals and is not intended for retail customer use. Intended for recipient only. This message is subject to the terms at: www.barclays.com/emaildisclaimer.

For important disclosures, please see: www.barclays.com/salesandtradingdisclaimer regarding market commentary from Barclays Sales and/or Trading, who are active market participants; and in respect of Barclays Research, including disclosures relating to specific issuers, please see http://publicresearch.barclays.com.

______________________________________________________________________________________________________________________________________________________________________
If you are incorporated or operating in Australia, please see https://www.home.barclays/disclosures/importantapacdisclosures.html for important disclosure.
______________________________________________________________________________________________________________________________________________________________________
______________________________________________________________________________________________________________________________________________________________________
How we use personal information  see our privacy notice https://www.investmentbank.barclays.com/disclosures/personalinformationuse.html
_________________________________________________________________________________________________________________________________________________________________________________________________________________________________
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux