Bug 502515 - Setting enforcing to permissive and policy to targeted doesn't enable selinux.
Summary: Setting enforcing to permissive and policy to targeted doesn't enable selinux.
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-05-25 15:58 UTC by Eddie Lania
Modified: 2009-05-26 20:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-05-26 20:10:27 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Eddie Lania 2009-05-25 15:58:49 UTC 
Description of problem:Setting enforcing to permissive and policy to targeted doesn't enable selinux.


Version-Release number of selected component (if applicable):
setroubleshoot-plugins-2.0.16-1.fc11.noarch
setools-3.3.5-8.fc11.i586
setools-libs-3.3.5-8.fc11.i586
PolicyKit-gnome-libs-0.9.2-3.fc11.i586
setroubleshoot-server-2.1.8-1.fc11.i586
setools-libs-tcl-3.3.5-8.fc11.i586
selinux-policy-targeted-3.6.12-39.fc11.noarch
PolicyKit-0.9-6.fc11.i586
setools-gui-3.3.5-8.fc11.i586
setools-console-3.3.5-8.fc11.i586
PolicyKit-gnome-0.9.2-3.fc11.i586
selinux-policy-3.6.12-39.fc11.noarch
setroubleshoot-2.1.8-1.fc11.i586


How reproducible:Allways


Steps to Reproduce:
1. use system-config-selinux to set enforcing to permissive and policy to targeted.

2.Reboot system - no relabeling is taking place and system just boots without selinux enabled.

3.
  
Actual results: No selinux enabled.


Expected results: Selinux enabled


Additional info:
Comment 1 Eddie Lania 2009-05-26 12:14:07 UTC 
Correction - I am unable to enable selinux in any way.

setenforce reports SELinux is disabled.

With kernel parameter "enforcing=1" the boot process hangs. And kernel parameter selinux=1 has no effect at all.

What happened is that I had a problem with selinux and I thought remving all packages and reinstalling them could solve it. But at a certain moment I was unable to start the system anymore because libselinux.so.1 was missing. I rescue booted from the cd and copied the file back and afterwards started reinstalling all the relevant packages. But this has caused the problem I have now I think.

I have compared all the settings with another running system and checked if the /etc/sysconfig/selinux symlink pointed to ../selinux/config.

Still, no luck. setsebool or setenforce keep reporting that selinux is disabled.

What do I have to do now?


Regards,

Eddie.
Comment 2 Daniel Walsh 2009-05-26 12:53:03 UTC 
Do you have selinux-policy-targeted installed?

Do you have a file in /etc/selinux/targeted/policy/policy.*
Comment 3 Eddie Lania 2009-05-26 14:56:01 UTC 
yes, I have.

ls -l /etc/selinux/targeted/policy/
total 3616
-rw-r--r-- 1 root root 3697110 2009-05-25 23:37 policy.24

Regards,

Eddie.
Comment 4 Eddie Lania 2009-05-26 15:12:18 UTC 
If I run "checkpolicy -b /etc/selinux/targeted/policy/policy.24"

checkpolicy:  loading policy configuration from /etc/selinux/targeted/policy/policy.24
libsepol.policydb_index_others: security:  8 users, 11 roles, 2722 types, 127 bools
libsepol.policydb_index_others: security: 1 sens, 1024 cats
libsepol.policydb_index_others: security:  74 classes, 123719 rules, 151140 cond rules
checkpolicy:  MLS policy, but non-MLS is specified

However I find no other information about it.

Has it got to do something with it?
Comment 5 Eddie Lania 2009-05-26 15:16:13 UTC 
Do I have to install selinux-policy-mls too as well?
Comment 6 Daniel Walsh 2009-05-26 15:52:56 UTC 
No.  Can you ping me on Freenode dwalsh, and we can discuss this.
Comment 7 Eddie Lania 2009-05-26 19:44:10 UTC 
I think you can close this bug. Thank you again for your help.

Regards,

Eddie.
Note You need to log in before you can comment on or make changes to this bug.