Here is the .config SELINUX stuff - I tried with the 'CHECKREQPROT'
value to 1 too.
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
On Apr 13, 2006, at 3:17 PM, joe@xxxxxxxxxxxxxxxxx wrote:
Hi Ken,
the config seems to be okay (for me ;-)... Compiling the kernel...
what configuration did you use there? Here ist the redhat-default:
[root@hornet 2.6.9-34.EL-i686]# pwd
/usr/src/kernels/2.6.9-34.EL-i686
[root@hornet 2.6.9-34.EL-i686]# grep SELINUX .config
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
# CONFIG_SECURITY_SELINUX_MLS is not set
[root@hornet 2.6.9-34.EL-i686]#
cu,
Joe
Here are the contents:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
Not sure what I'm looking for.
On Apr 13, 2006, at 1:45 PM, joe@xxxxxxxxxxxxxxxxx wrote:
Hi Ken,
did you take a look at the config (/etc/selinux/config)?
cu,
Joe
Hello....
I am running RH Enterprise Advanced Server V4 Update 3 with the RHN
kernel of 2.6.9-34.EL, with SELINUX enabled with enforcing enabled.
I compiled and installed the 2.6.16.4 kernel from kernel.org, but
a boot
with that yields:
Enforcing mode requested but no policy loaded. Halting now.
Kernel panic - not syncing: Attempted to kill init?
If I add 'enforcing=0' to the boot string in grub and boot
2.6.16.4,
things work
fine, I believe because I told it to not enforce selinux. With
that
scenario:
-----
[root@iscsi-vm ~]# sestatus
SELinux status: disabled
[root@iscsi-vm ~]# getenforce
Disabled
-----
I would like to keep SElinux enabled and enforcing with the new
kernel - can
somebody provide insight as to why this is happening and what to do
about it?
Thanks..
Ken Kleiner
System Manager
UMass Lowell
Computer Science Department
(978) 934-3645
ken@xxxxxxxxxx
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?
subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?
subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Ken Kleiner
System Manager
UMass Lowell
Computer Science Department
(978) 934-3645
ken@xxxxxxxxxx
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Ken Kleiner
System Manager
UMass Lowell
Computer Science Department
(978) 934-3645
ken@xxxxxxxxxx
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
