FC2 SELinux Installation issue (Newbie)

Olga Gelbart rosa at gwu.edu
Fri Jun 25 21:28:50 UTC 2004

Thanks! I checked /etc/sysconfig/selinux file and set 
"SELinux=enforcing" (in all the documentation I read, I have never seen 
this file mentioned anywhere). Of course, now I have another problem. 
When I boot into SELinux kernel, I am asked to enter runlevel (I put 
either 3 or 5 and got the same results). After that I get whole bunch of 
"avc: denied {read} message for /bin/bash and the system just hangs. Is 
my policy set up wrong? Can someone point me to a sample policy I can 
test on my machine? I would really appreciate that!

Olga Gelbart
Department of Computer Science
The George Washington University

Don Patterson wrote:

>Because SELinux is disabled by default in FC2, you need to change the
>SELinux mode to either permissive mode or enforcing mode. It sounds like you
>may have this set to "SELINUX=Disabled" in the configuration file, which
>turns enforcing off and skips loading a policy at boot. See
>53 for more information.
>Don Patterson
>Tresys Technology
>-----Original Message-----
>From: fedora-selinux-list-bounces at redhat.com
>[mailto:fedora-selinux-list-bounces at redhat.com] On Behalf Of Olga Gelbart
>Sent: Friday, June 25, 2004 3:26 PM
>To: Fedora SELinux support list for users & developers.
>Subject: FC2 SELinux Installation issue (Newbie)
>Hello everyone,
>    Sorry for a newbie question. I have never worked with SELinux before.
>    I am a doctoral student in computer science, and as part of my 
>research project I have to install SELinux. I have a FC2 (2.6.6 kernel) 
>machine. I downloaded, compiled and installed an SELinux-patched 2.6.6 
>kernel from NSA, then I installed the user utilities (policycoreutils, 
>libselinux, etc -- downloaded from NSA's website as well). Since I have 
>FC2, I am assuming that I don't need to install patched utitilies, since 
>they are now included into FC2.  I only have  root user at this point, 
>so I didn't edit the default policy file that came with the 
>installation. I just did a 'make relabel' and booted into the SELinux 
>kernel. If I just log in and run, for e.g., "ls -Z" I get the error that 
>the kernel has to support SELinux. If I then cd into 
>/etc/security/selinux/src/policy and do a "make load", then 'ls -Z' or 
>'id' work properly and show me the context. Now if I reboot, it the 
>system forgets what I just did, and I have to do a 'make load' again.
>Something is not starting up at boot, I would guess. I tried 'selinux=1' 
>at boot, but that doesn't change anything.
>I would really appreciate it it anyone has any suggestions.
>thanks a lot,
>Olga Gelbart
>Department of Computer Science
>The George Washington University
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com

More information about the selinux mailing list