[rhelv6-list] Unable to activate SELinux

Tris Hoar trishoar at bgfl.org
Wed Jun 13 12:36:03 UTC 2012 

On 13/06/2012 13:05, Simon Reber wrote:
> Hi all,
>
> I'm having trouble to active SELinux on our RHEL 6 Linux system.
> We have some sort of special installation framework (cobbler and puppet)
> and initially disabled SELinux (which is fine)
>
> [output from Kickstart]
> ...
> selinux --disabled
> ...
> %packages --excludedocs --nobase
> kernel
> yum
> openssh-server
> openssh-clients
> audit
> logrotate
> tmpwatch
> vixie-cron
> crontabs
> ksh
> ntp
> perl
> bind-utils
> sudo
> which
> sendmail
> wget
> redhat-lsb
> rsync
> authconfig
> lsof
> unzip
> sharutils
> logwatch
> libacl
> nfs-utils
> lcsetup
> -firstboot
> -tftp-server
> -system-config-soundcard
> -libselinux-python
> -selinux-policy
> -libselinux-utils
> -selinux-policy-targeted
> ...
>
> But for some high Security Risk systems, it's required to turn it on
> anyway.
> So I followed the guidance on:
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi
> ty-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enab
> ling_and_Disabling_SELinux.html to enable SELinux again on these systems
>
> Unfortunately does the system not initiate SELinux correctly nor do I
> see any hint where the problem is:
>
> tgl90a-8401 root:/etc/init $ sestatus
> SELinux status:                 disabled
> tgl90a-8401 root:/etc/init $ cat /etc/selinux/config
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> #     enforcing - SELinux security policy is enforced.
> #     permissive - SELinux prints warnings instead of enforcing.
> #     disabled - No SELinux policy is loaded.
> SELINUX=permissive
> # SELINUXTYPE= can take one of these two values:
> #     targeted - Targeted processes are protected,
> #     mls - Multi Level Security protection.
> SELINUXTYPE=targeted
>
>
> The only thing I can see is:
> tgl90a-8401 root:/etc/init $ cat /var/log/messages
> Jun 13 13:41:30 tgl90a-8401 kernel: SELinux:  Initializing.
>
>
> Does anybody know if I need additional packages on the system or any
> special setting set?
> 	If tried "permissive" mode with /.autorelable - which didn't
> work either
> 	I also installed @Base Group to ensure nothing is missing - but
> still the same result
>
> I've tried it with the same setup on RHEL 5 which perfectly worked - but
> not on RHEL 6!
> 	So I'm really looking forward to get some hints/tips
>
> Thanks and all the best,
> Si
>
>

Are you sure you are installing the packages needed for SE?

@Base does not include any SE packages. I think you will want 
selinux-policy and selinux-policy-targeted as this gives the default SE 
policy for the system.

Regards,

Tris



*************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity 
to whom they are addressed. If you have received this email 
in error please notify postmaster at bgfl.org

The views expressed within this email are those of the 
individual, and not necessarily those of the organisation
*************************************************************

More information about the rhelv6-list mailing list