Hi all,
I'm having trouble to active SELinux on our RHEL 6 Linux system.
We have some sort of special installation framework (cobbler and puppet)
and initially disabled SELinux (which is fine)
[output from Kickstart]
...
selinux --disabled
...
%packages --excludedocs --nobase
kernel
yum
openssh-server
openssh-clients
audit
logrotate
tmpwatch
vixie-cron
crontabs
ksh
ntp
perl
bind-utils
sudo
which
sendmail
wget
redhat-lsb
rsync
authconfig
lsof
unzip
sharutils
logwatch
libacl
nfs-utils
lcsetup
-firstboot
-tftp-server
-system-config-soundcard
-libselinux-python
-selinux-policy
-libselinux-utils
-selinux-policy-targeted
...
But for some high Security Risk systems, it's required to turn it on
anyway.
So I followed the guidance on:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi
ty-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enab
ling_and_Disabling_SELinux.html to enable SELinux again on these systems
Unfortunately does the system not initiate SELinux correctly nor do I
see any hint where the problem is:
tgl90a-8401 root:/etc/init $ sestatus
SELinux status: disabled
tgl90a-8401 root:/etc/init $ cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
The only thing I can see is:
tgl90a-8401 root:/etc/init $ cat /var/log/messages
Jun 13 13:41:30 tgl90a-8401 kernel: SELinux: Initializing.
Does anybody know if I need additional packages on the system or any
special setting set?
If tried "permissive" mode with /.autorelable - which didn't
work either
I also installed @Base Group to ensure nothing is missing - but
still the same result
I've tried it with the same setup on RHEL 5 which perfectly worked - but
not on RHEL 6!
So I'm really looking forward to get some hints/tips
Thanks and all the best,
Si