Hello Thomas, I think I don't have any SELINUX support on the kernel: [root@X ~]# egrep CONFIG_SECURITY_SELINUX /lib/modules/$(uname -r)/config I tried with an older kernel on a different machine: [root ~@Y]$ egrep SELI /boot/config-3.10.0-693.11.6.el7.x86_64 CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_DISABLE=y CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 # CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set But again this is an old kernel. Do the modules stayed the same? Thanks! -----Original Message----- From: Thomas Cameron <thomas.cameron@xxxxxxxxxxxxxxx> Sent: Tuesday, September 17, 2019 15:41 To: selinux@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: SELinux disabled after installation through Kickstart This mail originated from outside our organisation - thomas.cameron@xxxxxxxxxxxxxxx On 9/17/19 1:41 PM, Jose Vicente Nunez wrote: > Hello all, > > I did a installation through Kickstart and installed a custom kernel; On my kickstart file I explicitly told kickstart to warn about violations but not to enforce: > > selinux --permissive > > However after the system comes up I can see than SELinux is completely disabled: > > [root@X ~]# getenforce > Disabled > > My /etc/selinux/config seems to have the right settings: > > SELINUX=permissive > SELINUXTYPE=targeted > > Any pointers where I can look up for issues? > Could be my custom kernel who is causing this issue? > > I'm learning the ropes with SELinux so any help will be greatly appreciated. > > Thanks. > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe > send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: > https://clicktime.symantec.com/3EgrZ2j2A83SR957H1kq4Co6H2?u=https%3A%2 > F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F > List Guidelines: > https://clicktime.symantec.com/34hskBxxfQn4F1MfvS8b5um6H2?u=https%3A%2 > F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines > List Archives: > https://clicktime.symantec.com/35Zyhb6sQoq1Mvas99YVNn36H2?u=https%3A%2 > F%2Flists.fedoraproject.org%2Farchives%2Flist%2Fselinux%40lists.fedora > project.org It's probably either 1) your custom kernel - you didn't compile selinux support in, or 2) your kickstart is so stripped down that you don't have what you need for selinux to work. I'm leaning towards 1. Thomas _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://clicktime.symantec.com/3EgrZ2j2A83SR957H1kq4Co6H2?u=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F List Guidelines: https://clicktime.symantec.com/34hskBxxfQn4F1MfvS8b5um6H2?u=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines List Archives: https://clicktime.symantec.com/35Zyhb6sQoq1Mvas99YVNn36H2?u=https%3A%2F%2Flists.fedoraproject.org%2Farchives%2Flist%2Fselinux%40lists.fedoraproject.org _________________________________________________________________________________________________________________________________________________________________________________________________________________________________ This message is for information purposes only, it is not a recommendation, advice, offer or solicitation to buy or sell a product or service nor an official confirmation of any transaction. It is directed at persons who are professionals and is not intended for retail customer use. Intended for recipient only. This message is subject to the terms at: www.barclays.com/emaildisclaimer. For important disclosures, please see: www.barclays.com/salesandtradingdisclaimer regarding market commentary from Barclays Sales and/or Trading, who are active market participants; and in respect of Barclays Research, including disclosures relating to specific issuers, please see http://publicresearch.barclays.com. ______________________________________________________________________________________________________________________________________________________________________ If you are incorporated or operating in Australia, please see https://www.home.barclays/disclosures/importantapacdisclosures.html for important disclosure. ______________________________________________________________________________________________________________________________________________________________________ ______________________________________________________________________________________________________________________________________________________________________ How we use personal information see our privacy notice https://www.investmentbank.barclays.com/disclosures/personalinformationuse.html _________________________________________________________________________________________________________________________________________________________________________________________________________________________________ _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
