Vidiot wrote: >> It's probably an upgrade bug in FC6 installer. > > :-( > >> First thing I would check is if there's anything in /etc/selinux that >> got created with extension .rpmnew (check timestamps to make sure >> .rpmnew files are newer than config files, there's probability some of >> them were from FC2 updates). Probably most important will be policy.18 >> and file_contexts files. If there is, just move them into place (for >> example mv policy.18 policy.18.orig followed by mv policy.18.rpmnew >> policy.18). > > None of the files you mention exist. My bad, on FC6 it's policy.21 (policy.18 is from older versions, for example the version used in RHEL4) They should exist in subdirectories of /etc/selinux. The exact location depends on type of policy you installed and/or want to use. For example policy.21 should be /etc/selinux/targeted/policy/policy.21 if you are using targeted policy. There's several different SELinux policies you can install and use on the system (such as targeted or strict). Most commonly the targeted policy is used. Each policy would go into its own directory tree under /etc/selinux. For example, targeted policy would go into /etc/selinux/targeted, while strict policy would go under /etc/selinux/strict. If you can't find policy.21 file at all, check that you have selinux-policy and selinux-policy-targeted RPM packages installed (assuming targeted policy is the one you want to use). If you don't have them, than install them as you would normally do (for example using yum). If you have them, but you don't have policy.21 file, reinstall those RPMs (download them, and install them manually using rpm -Uhv --allfiles --oldpackage --replacefiles). Also, check that you have policycoreutils RPM. If you don't have it, install it. Commands such as restorecon and chcon, which are essential utilities for SELinux are port of that package. > BTW, when I bring up the firewall GUI and select the SElinux tab, it shows > disabled and everything is grey'd out, i.e., can't enable it. It could be it's grayed out because you are missing selinux-policy and/or selinux-policy-targeted RPMs on the system. BTW, what is this FC6 box used for? If it's just an laptop or desktop system that has no services running on it (such as HTTP daemon for example), there's little use for SELinux on it. Especially if you are using targeted policy (default). Targeted SELinux policy "targets" and restricts only specific services. Everything else is more or less unrestricted. That's why targeted policy is named targeted. So if system is not running anything that targeted policy restricts, there's little point in having SELinux enabled on the system. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
