RE: Unable to activate SELinux (on RHEL 6.2)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: selinux-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:selinux-
> bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Simon Reber
> Sent: 13 June 2012 13:57
> 
> > > I'm having trouble to active SELinux on our RHEL 6 Linux system. We
> > > have some sort of special installation framework (cobbler and
> > > puppet) and initially disabled SELinux (which is fine)
> > >
> > > [output from Kickstart] ... selinux --disabled ... %packages
> > > --excludedocs --nobase kernel yum openssh-server openssh-clients
> > > audit logrotate tmpwatch vixie-cron crontabs ksh ntp perl bind-
> utils
> > > sudo which sendmail wget redhat-lsb rsync authconfig lsof unzip
> > > sharutils logwatch libacl nfs-utils lcsetup -firstboot -tftp-server
> > > -system-config-soundcard -libselinux-python -selinux-policy
> > > -libselinux-utils -selinux-policy-targeted ...
> > >
> > > But for some high Security Risk systems, it's required to turn it
> on
> > > anyway. So I followed the guidance on:
> > > http://docs.redhat.com/docs/en-
> US/Red_Hat_Enterprise_Linux/6/html/Se
> > > curi
> > > ty-Enhanced_Linux/sect-Security-Enhanced_Linux-
> Working_with_SELinux-
> > > Enab ling_and_Disabling_SELinux.html to enable SELinux again on
> > > these systems
> > >
> > > Unfortunately does the system not initiate SELinux correctly nor do
> > > I see any hint where the problem is:
> > >
> > > tgl90a-8401 root:/etc/init $ sestatus SELinux status:
> > > disabled tgl90a-8401 root:/etc/init $ cat /etc/selinux/config #
> This
> > > file controls the state of SELinux on the system. # SELINUX= can
> take one of
> > > these three values: #     enforcing - SELinux security policy is
> enforced.
> > > #     permissive - SELinux prints warnings instead of enforcing. #
> > > disabled - No SELinux policy is loaded. SELINUX=permissive #
> SELINUXTYPE=
> > > can take one of these two values: #     targeted - Targeted
> processes are
> > > protected, #     mls - Multi Level Security protection.
> > > SELINUXTYPE=targeted
> > >
> > >
> > > The only thing I can see is: tgl90a-8401 root:/etc/init $ cat
> > > /var/log/messages Jun 13 13:41:30 tgl90a-8401 kernel: SELinux:
> > > Initializing.
> > >
> > >
> > > Does anybody know if I need additional packages on the system or
> any
> > > special setting set? If tried "permissive" mode with /.autorelable
> -
> > > which didn't work either I also installed @Base Group to ensure
> > > nothing is missing - but still the same result
> > >
> > > I've tried it with the same setup on RHEL 5 which perfectly worked
> -
> > > but not on RHEL 6! So I'm really looking forward to get some
> > > hints/tips
> > >
> > > Thanks and all the best, Si
> > >
> > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > > https://admin.fedoraproject.org/mailman/listinfo/selinux
> > >
> >
> > Do you have selinux-policy-targeted package installed?
> Yes, both packages have been installed:
> 
> tgl90a-8401 root:/etc/init $ rpm -qa | grep selinux-policy selinux-
> policy-targeted-3.7.19-126.el6_2.10.noarch
> selinux-policy-3.7.19-126.el6_2.10.noarch
> 
> Like I said, I strictly followed the instruction on
> http://docs.redhat.com/docs/en-
> US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-
> Security-Enhanced_Linux-Working_with_SELinux-
> Enabling_and_Disabling_SELinux.html
> 	-> In section 5.4.1.1 the packages are stated and all of them
> have been installed
> 
> tgl90a-8401 root:/etc/init $ rpm -qa | grep sel
> libselinux-2.0.94-5.2.el6.x86_64
> libselinux-ruby-2.0.94-5.2.el6.x86_64
> libselinux-python-2.0.94-5.2.el6.x86_64
> selinux-policy-targeted-3.7.19-126.el6_2.10.noarch
> libselinux-utils-2.0.94-5.2.el6.x86_64
> selinux-policy-3.7.19-126.el6_2.10.noarch
> 
> tgl90a-8401 root:/etc/init $ rpm -qa | grep set
> setserial-2.17-25.el6.x86_64
> setools-libs-python-3.3.7-4.el6.x86_64
> setuptool-1.19.9-3.el6.x86_64
> setools-libs-3.3.7-4.el6.x86_64
> setroubleshoot-plugins-3.0.16-1.el6.noarch
> setroubleshoot-3.0.38-2.1.el6.x86_64
> setroubleshoot-server-3.0.38-2.1.el6.x86_64

What about 

$ rpm -qa \*sem\*
libsemanage-2.0.43-4.1.el6.x86_64

This is interesting:

$ rpm -q --whatrequires libsemanage
no package requires libsemanage

I'm fairly certain that isn't true.


Moray.
“To err is human; to purr, feline.”






--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux