Unable to activate SELinux (on RHEL 6.2)
Trevor Hemsley
trevor.hemsley at ntlworld.com
Wed Jun 13 14:05:14 UTC 2012
On 13/06/12 13:14, Simon Reber wrote:
> Hi all,
>
> I'm having trouble to active SELinux on our RHEL 6 Linux system.
> We have some sort of special installation framework (cobbler and puppet)
> and initially disabled SELinux (which is fine)
> tgl90a-8401 root:/etc/init $ sestatus
> SELinux status: disabled
You can override this on the kernel command line using 'selinux=0' so
worth looking in /boot/grub/grub.conf
> tgl90a-8401 root:/etc/init $ cat /etc/selinux/config
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> # enforcing - SELinux security policy is enforced.
> # permissive - SELinux prints warnings instead of enforcing.
> # disabled - No SELinux policy is loaded.
> SELINUX=permissive
> # SELINUXTYPE= can take one of these two values:
> # targeted - Targeted processes are protected,
> # mls - Multi Level Security protection.
> SELINUXTYPE=targeted
Also worth checking that /etc/sysconfig/selinux is a symlink to
/etc/selinux/config or if it's a hard link then check the inode numbers
are the same.
>
>
> The only thing I can see is:
> tgl90a-8401 root:/etc/init $ cat /var/log/messages
> Jun 13 13:41:30 tgl90a-8401 kernel: SELinux: Initializing.
>
>
> Does anybody know if I need additional packages on the system or any
> special setting set?
> If tried "permissive" mode with /.autorelable - which didn't
> work either
It's /.autorelabel not /.autorelable and only takes effect on a reboot
(which you didn't explicitly mention doing though I presume you did).
More information about the selinux
mailing list