Red Hat Bugzilla – Bug 502515
Setting enforcing to permissive and policy to targeted doesn't enable selinux.
Last modified: 2009-05-26 16:10:27 EDT
Description of problem:Setting enforcing to permissive and policy to targeted doesn't enable selinux.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. use system-config-selinux to set enforcing to permissive and policy to targeted.
2.Reboot system - no relabeling is taking place and system just boots without selinux enabled.
Actual results: No selinux enabled.
Expected results: Selinux enabled
Correction - I am unable to enable selinux in any way.
setenforce reports SELinux is disabled.
With kernel parameter "enforcing=1" the boot process hangs. And kernel parameter selinux=1 has no effect at all.
What happened is that I had a problem with selinux and I thought remving all packages and reinstalling them could solve it. But at a certain moment I was unable to start the system anymore because libselinux.so.1 was missing. I rescue booted from the cd and copied the file back and afterwards started reinstalling all the relevant packages. But this has caused the problem I have now I think.
I have compared all the settings with another running system and checked if the /etc/sysconfig/selinux symlink pointed to ../selinux/config.
Still, no luck. setsebool or setenforce keep reporting that selinux is disabled.
What do I have to do now?
Do you have selinux-policy-targeted installed?
Do you have a file in /etc/selinux/targeted/policy/policy.*
yes, I have.
ls -l /etc/selinux/targeted/policy/
-rw-r--r-- 1 root root 3697110 2009-05-25 23:37 policy.24
If I run "checkpolicy -b /etc/selinux/targeted/policy/policy.24"
checkpolicy: loading policy configuration from /etc/selinux/targeted/policy/policy.24
libsepol.policydb_index_others: security: 8 users, 11 roles, 2722 types, 127 bools
libsepol.policydb_index_others: security: 1 sens, 1024 cats
libsepol.policydb_index_others: security: 74 classes, 123719 rules, 151140 cond rules
checkpolicy: MLS policy, but non-MLS is specified
However I find no other information about it.
Has it got to do something with it?
Do I have to install selinux-policy-mls too as well?
No. Can you ping me on Freenode dwalsh, and we can discuss this.
I think you can close this bug. Thank you again for your help.