Bug 502515

Summary: Setting enforcing to permissive and policy to targeted doesn't enable selinux.
Product: [Fedora] Fedora Reporter: Eddie Lania <eddie>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: low    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-05-26 20:10:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eddie Lania 2009-05-25 15:58:49 UTC 
Description of problem:Setting enforcing to permissive and policy to targeted doesn't enable selinux.


Version-Release number of selected component (if applicable):
setroubleshoot-plugins-2.0.16-1.fc11.noarch
setools-3.3.5-8.fc11.i586
setools-libs-3.3.5-8.fc11.i586
PolicyKit-gnome-libs-0.9.2-3.fc11.i586
setroubleshoot-server-2.1.8-1.fc11.i586
setools-libs-tcl-3.3.5-8.fc11.i586
selinux-policy-targeted-3.6.12-39.fc11.noarch
PolicyKit-0.9-6.fc11.i586
setools-gui-3.3.5-8.fc11.i586
setools-console-3.3.5-8.fc11.i586
PolicyKit-gnome-0.9.2-3.fc11.i586
selinux-policy-3.6.12-39.fc11.noarch
setroubleshoot-2.1.8-1.fc11.i586


How reproducible:Allways


Steps to Reproduce:
1. use system-config-selinux to set enforcing to permissive and policy to targeted.

2.Reboot system - no relabeling is taking place and system just boots without selinux enabled.

3.
  
Actual results: No selinux enabled.


Expected results: Selinux enabled


Additional info:
Comment 1 Eddie Lania 2009-05-26 12:14:07 UTC 
Correction - I am unable to enable selinux in any way.

setenforce reports SELinux is disabled.

With kernel parameter "enforcing=1" the boot process hangs. And kernel parameter selinux=1 has no effect at all.

What happened is that I had a problem with selinux and I thought remving all packages and reinstalling them could solve it. But at a certain moment I was unable to start the system anymore because libselinux.so.1 was missing. I rescue booted from the cd and copied the file back and afterwards started reinstalling all the relevant packages. But this has caused the problem I have now I think.

I have compared all the settings with another running system and checked if the /etc/sysconfig/selinux symlink pointed to ../selinux/config.

Still, no luck. setsebool or setenforce keep reporting that selinux is disabled.

What do I have to do now?


Regards,

Eddie.
Comment 2 Daniel Walsh 2009-05-26 12:53:03 UTC 
Do you have selinux-policy-targeted installed?

Do you have a file in /etc/selinux/targeted/policy/policy.*
Comment 3 Eddie Lania 2009-05-26 14:56:01 UTC 
yes, I have.

ls -l /etc/selinux/targeted/policy/
total 3616
-rw-r--r-- 1 root root 3697110 2009-05-25 23:37 policy.24

Regards,

Eddie.
Comment 4 Eddie Lania 2009-05-26 15:12:18 UTC 
If I run "checkpolicy -b /etc/selinux/targeted/policy/policy.24"

checkpolicy:  loading policy configuration from /etc/selinux/targeted/policy/policy.24
libsepol.policydb_index_others: security:  8 users, 11 roles, 2722 types, 127 bools
libsepol.policydb_index_others: security: 1 sens, 1024 cats
libsepol.policydb_index_others: security:  74 classes, 123719 rules, 151140 cond rules
checkpolicy:  MLS policy, but non-MLS is specified

However I find no other information about it.

Has it got to do something with it?
Comment 5 Eddie Lania 2009-05-26 15:16:13 UTC 
Do I have to install selinux-policy-mls too as well?
Comment 6 Daniel Walsh 2009-05-26 15:52:56 UTC 
No.  Can you ping me on Freenode dwalsh, and we can discuss this.
Comment 7 Eddie Lania 2009-05-26 19:44:10 UTC 
I think you can close this bug. Thank you again for your help.

Regards,

Eddie.