What filesystem is applied to your disk and its various partitions?
For this to work, that FS has to be one that supports SELinux labeling (seclabel).
You are right---if what you are using doesn't support that, you are dead in the water (currently).
What options do you have to change to an SELinux-compliant FS?
From: Thomas Downing <tdowning@xxxxxxxxxx>
To: selinux@xxxxxxxxxxxxx
Sent: Friday, January 29, 2016 12:25 PM
Subject: Newbie question on fixfiles
Hi,
I need to get SELinux running on an appliance we are building, not based on a
distro that already supports SELinux.
I've got all the userspace stuff built, (including setools3) without any
warnings or errors. I followed instructions for installing and loading
refpolicy, no warnings or errors. (Except the python tools, which all import
selinux.py, which does not seem to be included in the source tree.)
I'm booting with kernel options "security=selinux selinux=1", and dmesg shows
SELinux initializing, and no errors or warnings.
sestatus output:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: refpolicy
Current mode: permissive
Mode from config file: permissive
Policy MLS status: disabled
Policy deny_unknown status: denied
Max kernel policy version: 30
Problem is: fixfiles does not actually label anything, and the underlying reason
is that none of the mounted disk filesystems (all ext4) have option 'seclabel'.
Any pointers?
Also, given the absence of the seclabel option, I question if the kernel part
of SELinux is in fact really happy...and if it isn't, I'm dead in the water
anyway.
Thanks much,
Thomas Downing
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
