On 09/15/2017 11:30 AM, Gour wrote:
On Fri, 15 Sep 2017 10:39:41 +0800
Ed Greshko <ed.greshko(a)greshko.com> wrote:
> You didn't say what error, if any, you're hitting when you try to
> reboot with selinux enabled.
Well, bunch of services were not able to start...
> Without knowing that, this is a guess. You may need to relabel.
>
> Edit the /etc/selinux/config to set "enforcing"
>
> Then....
>
> touch /.autorelabel
> reboot
I was trying that, but didn't work, so had to go via the:
disabled --> permissive --> enforcing
route in order to restore previous status of my system:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 30
Sincerely,
Gour
Hi,
Could you boot in permissive mode, try to reproduce (start broken
services) and then attach output of:
# ausearch -m AVC,USE_AVC -ts today
Thanks,
Lukas.
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.