Description of problem: can not enable selinux. also: SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.23, searching for an older version. SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.22, searching for an older version. SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.21, searching for an older version. SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.20, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.23: No such file or directory load_policy: Can't load policy: No such file or directory What is that supposed to mean? Why it can not downgrade it? Why does it want to downgrade? How to fix it? # l /etc/selinux/targeted/policy/ total 13816 drwxr-xr-x 2 root root 94 2008-04-30 17:50:59.132440645 +0300 . drwxr-xr-x 7 root root 4096 2008-04-30 17:50:59.145440593 +0300 .. -rw-r--r-- 1 root root 2082160 2005-02-10 10:26:36.512454000 +0200 policy.18.rpmsave -rw------- 1 root root 310020 2005-11-27 01:39:13.940573000 +0200 policy.20 -rw------- 1 root root 3903703 2007-11-03 18:27:54.034319022 +0200 policy.21 -rw-r--r-- 1 root root 3903715 2008-04-10 00:41:17.384481625 +0300 policy.22 -rw------- 1 root root 3903727 2008-04-30 17:50:59.132440645 +0300 policy.23 Version-Release number of selected component (if applicable): 3.3.1-42 How reproducible: always selinux-policy-3.0.8-44 worked earlier, but I have not tried downgrading to it as of yet. Steps to Reproduce: 1. load_policy 2. 3. Actual results: policy load fails, selinux stays disabled Expected results: loading of policy Additional info:
Have you upgraded to the latest kernel? You should be able to remove all of the policy files except for 23. But you need to have the latest kernel and initrd setup.
No, I do not have latest kernel or initrd. I have only latest kernel that works. Nothing about such things are in the dependencies of selinux-policy. load_policy says nothing related to any kernel versions or initrd. I downgraded to selinux-policy-targeted-3.0.8-44.fc8, it had policy.21, I try again: SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.21, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.23: No such file or directory load_policy: Can't load policy: No such file or directory Uh oh, well I ran "load_policy -i" , seems to last for some hours... does not tell what it is doing, or estimates about completion... yes I could sysrq+w or reboot... Oh now it finished. SELinux: policy loaded with handle_unknown=allow All this black magic... a bit over my head, though I have used Linux only for 14 years.
You are running rawhide, so the kernel/upstart/selinux policy/SysVinit/libselinux/libsepol/checkpolicy/libsemanage have all upgraded. I have no idea why the latest rawhide soon to be Fedora 9 kernel will not work on your machine, but I know that all of the latest stuff will not work properly with a very old kernel/initrd.
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
just make the /etc/selinux/config ********************************************************************* # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted ********************************************************************* and then #init 6; waitting unitl you have 3 cups of coffee so login and do #sestatus if it shows disable you can run #load_policy -qi just V ing....