> I'm having trouble to active SELinux on our RHEL 6 Linux
system. We have
> some sort of special installation framework (cobbler and puppet) and
> initially disabled SELinux (which is fine)
>
> [output from Kickstart] ... selinux --disabled ... %packages --excludedocs
> --nobase kernel yum openssh-server openssh-clients audit logrotate
> tmpwatch vixie-cron crontabs ksh ntp perl bind-utils sudo which sendmail
> wget redhat-lsb rsync authconfig lsof unzip sharutils logwatch libacl
> nfs-utils lcsetup -firstboot -tftp-server -system-config-soundcard
> -libselinux-python -selinux-policy -libselinux-utils
> -selinux-policy-targeted ...
>
> But for some high Security Risk systems, it's required to turn it on
> anyway. So I followed the guidance on:
>
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi
> ty-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enab
> ling_and_Disabling_SELinux.html to enable SELinux again on these systems
>
> Unfortunately does the system not initiate SELinux correctly nor do I see
> any hint where the problem is:
>
> tgl90a-8401 root:/etc/init $ sestatus SELinux status:
> disabled tgl90a-8401 root:/etc/init $ cat /etc/selinux/config # This file
> controls the state of SELinux on the system. # SELINUX= can take one of
> these three values: # enforcing - SELinux security policy is enforced.
> # permissive - SELinux prints warnings instead of enforcing. #
> disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE=
> can take one of these two values: # targeted - Targeted processes are
> protected, # mls - Multi Level Security protection.
> SELINUXTYPE=targeted
>
>
> The only thing I can see is: tgl90a-8401 root:/etc/init $ cat
> /var/log/messages Jun 13 13:41:30 tgl90a-8401 kernel: SELinux:
> Initializing.
>
>
> Does anybody know if I need additional packages on the system or any
> special setting set? If tried "permissive" mode with /.autorelable -
which
> didn't work either I also installed @Base Group to ensure nothing is
> missing - but still the same result
>
> I've tried it with the same setup on RHEL 5 which perfectly worked - but
> not on RHEL 6! So I'm really looking forward to get some hints/tips
>
> Thanks and all the best, Si
>
> -- selinux mailing list selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>
Do you have selinux-policy-targeted package installed?
Yes, both packages have been installed:
tgl90a-8401 root:/etc/init $ rpm -qa | grep selinux-policy
selinux-policy-targeted-3.7.19-126.el6_2.10.noarch
selinux-policy-3.7.19-126.el6_2.10.noarch
Like I said, I strictly followed the instruction on
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securit...
-> In section 5.4.1.1 the packages are stated and all of them have been installed
tgl90a-8401 root:/etc/init $ rpm -qa | grep sel
libselinux-2.0.94-5.2.el6.x86_64
libselinux-ruby-2.0.94-5.2.el6.x86_64
libselinux-python-2.0.94-5.2.el6.x86_64
selinux-policy-targeted-3.7.19-126.el6_2.10.noarch
libselinux-utils-2.0.94-5.2.el6.x86_64
selinux-policy-3.7.19-126.el6_2.10.noarch
tgl90a-8401 root:/etc/init $ rpm -qa | grep set
setserial-2.17-25.el6.x86_64
setools-libs-python-3.3.7-4.el6.x86_64
setuptool-1.19.9-3.el6.x86_64
setools-libs-3.3.7-4.el6.x86_64
setroubleshoot-plugins-3.0.16-1.el6.noarch
setroubleshoot-3.0.38-2.1.el6.x86_64
setroubleshoot-server-3.0.38-2.1.el6.x86_64
Thanks and all the best,
Si