-----Original Message-----
From: selinux-bounces(a)lists.fedoraproject.org [mailto:selinux-
bounces(a)lists.fedoraproject.org] On Behalf Of Simon Reber
Sent: 13 June 2012 13:57
> > I'm having trouble to active SELinux on our RHEL 6 Linux system. We
> > have some sort of special installation framework (cobbler and
> > puppet) and initially disabled SELinux (which is fine)
> >
> > [output from Kickstart] ... selinux --disabled ... %packages
> > --excludedocs --nobase kernel yum openssh-server openssh-clients
> > audit logrotate tmpwatch vixie-cron crontabs ksh ntp perl bind-
utils
> > sudo which sendmail wget redhat-lsb rsync authconfig lsof unzip
> > sharutils logwatch libacl nfs-utils lcsetup -firstboot -tftp-server
> > -system-config-soundcard -libselinux-python -selinux-policy
> > -libselinux-utils -selinux-policy-targeted ...
> >
> > But for some high Security Risk systems, it's required to turn it
on
> > anyway. So I followed the guidance on:
> >
http://docs.redhat.com/docs/en-
US/Red_Hat_Enterprise_Linux/6/html/Se
> > curi
> > ty-Enhanced_Linux/sect-Security-Enhanced_Linux-
Working_with_SELinux-
> > Enab ling_and_Disabling_SELinux.html to enable SELinux again on
> > these systems
> >
> > Unfortunately does the system not initiate SELinux correctly nor do
> > I see any hint where the problem is:
> >
> > tgl90a-8401 root:/etc/init $ sestatus SELinux status:
> > disabled tgl90a-8401 root:/etc/init $ cat /etc/selinux/config #
This
> > file controls the state of SELinux on the system. # SELINUX= can
take one of
> > these three values: # enforcing - SELinux security policy is
enforced.
> > # permissive - SELinux prints warnings instead of enforcing. #
> > disabled - No SELinux policy is loaded. SELINUX=permissive #
SELINUXTYPE=
> > can take one of these two values: # targeted - Targeted
processes are
> > protected, # mls - Multi Level Security protection.
> > SELINUXTYPE=targeted
> >
> >
> > The only thing I can see is: tgl90a-8401 root:/etc/init $ cat
> > /var/log/messages Jun 13 13:41:30 tgl90a-8401 kernel: SELinux:
> > Initializing.
> >
> >
> > Does anybody know if I need additional packages on the system or
any
> > special setting set? If tried "permissive" mode with /.autorelable
-
> > which didn't work either I also installed @Base Group to ensure
> > nothing is missing - but still the same result
> >
> > I've tried it with the same setup on RHEL 5 which perfectly worked
-
> > but not on RHEL 6! So I'm really looking forward to get some
> > hints/tips
> >
> > Thanks and all the best, Si
> >
> > -- selinux mailing list selinux(a)lists.fedoraproject.org
> >
https://admin.fedoraproject.org/mailman/listinfo/selinux
> >
>
> Do you have selinux-policy-targeted package installed?
Yes, both packages have been installed:
tgl90a-8401 root:/etc/init $ rpm -qa | grep selinux-policy selinux-
policy-targeted-3.7.19-126.el6_2.10.noarch
selinux-policy-3.7.19-126.el6_2.10.noarch
Like I said, I strictly followed the instruction on
http://docs.redhat.com/docs/en-
US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-
Security-Enhanced_Linux-Working_with_SELinux-
Enabling_and_Disabling_SELinux.html
-> In section 5.4.1.1 the packages are stated and all of them
have been installed
tgl90a-8401 root:/etc/init $ rpm -qa | grep sel
libselinux-2.0.94-5.2.el6.x86_64
libselinux-ruby-2.0.94-5.2.el6.x86_64
libselinux-python-2.0.94-5.2.el6.x86_64
selinux-policy-targeted-3.7.19-126.el6_2.10.noarch
libselinux-utils-2.0.94-5.2.el6.x86_64
selinux-policy-3.7.19-126.el6_2.10.noarch
tgl90a-8401 root:/etc/init $ rpm -qa | grep set
setserial-2.17-25.el6.x86_64
setools-libs-python-3.3.7-4.el6.x86_64
setuptool-1.19.9-3.el6.x86_64
setools-libs-3.3.7-4.el6.x86_64
setroubleshoot-plugins-3.0.16-1.el6.noarch
setroubleshoot-3.0.38-2.1.el6.x86_64
setroubleshoot-server-3.0.38-2.1.el6.x86_64
What about
$ rpm -qa \*sem\*
libsemanage-2.0.43-4.1.el6.x86_64
This is interesting:
$ rpm -q --whatrequires libsemanage
no package requires libsemanage
I'm fairly certain that isn't true.
Moray.
“To err is human; to purr, feline.”