Description of problem:Setting enforcing to permissive and policy to targeted doesn't enable selinux. Version-Release number of selected component (if applicable): setroubleshoot-plugins-2.0.16-1.fc11.noarch setools-3.3.5-8.fc11.i586 setools-libs-3.3.5-8.fc11.i586 PolicyKit-gnome-libs-0.9.2-3.fc11.i586 setroubleshoot-server-2.1.8-1.fc11.i586 setools-libs-tcl-3.3.5-8.fc11.i586 selinux-policy-targeted-3.6.12-39.fc11.noarch PolicyKit-0.9-6.fc11.i586 setools-gui-3.3.5-8.fc11.i586 setools-console-3.3.5-8.fc11.i586 PolicyKit-gnome-0.9.2-3.fc11.i586 selinux-policy-3.6.12-39.fc11.noarch setroubleshoot-2.1.8-1.fc11.i586 How reproducible:Allways Steps to Reproduce: 1. use system-config-selinux to set enforcing to permissive and policy to targeted. 2.Reboot system - no relabeling is taking place and system just boots without selinux enabled. 3. Actual results: No selinux enabled. Expected results: Selinux enabled Additional info:
Correction - I am unable to enable selinux in any way. setenforce reports SELinux is disabled. With kernel parameter "enforcing=1" the boot process hangs. And kernel parameter selinux=1 has no effect at all. What happened is that I had a problem with selinux and I thought remving all packages and reinstalling them could solve it. But at a certain moment I was unable to start the system anymore because libselinux.so.1 was missing. I rescue booted from the cd and copied the file back and afterwards started reinstalling all the relevant packages. But this has caused the problem I have now I think. I have compared all the settings with another running system and checked if the /etc/sysconfig/selinux symlink pointed to ../selinux/config. Still, no luck. setsebool or setenforce keep reporting that selinux is disabled. What do I have to do now? Regards, Eddie.
Do you have selinux-policy-targeted installed? Do you have a file in /etc/selinux/targeted/policy/policy.*
yes, I have. ls -l /etc/selinux/targeted/policy/ total 3616 -rw-r--r-- 1 root root 3697110 2009-05-25 23:37 policy.24 Regards, Eddie.
If I run "checkpolicy -b /etc/selinux/targeted/policy/policy.24" checkpolicy: loading policy configuration from /etc/selinux/targeted/policy/policy.24 libsepol.policydb_index_others: security: 8 users, 11 roles, 2722 types, 127 bools libsepol.policydb_index_others: security: 1 sens, 1024 cats libsepol.policydb_index_others: security: 74 classes, 123719 rules, 151140 cond rules checkpolicy: MLS policy, but non-MLS is specified However I find no other information about it. Has it got to do something with it?
Do I have to install selinux-policy-mls too as well?
No. Can you ping me on Freenode dwalsh, and we can discuss this.
I think you can close this bug. Thank you again for your help. Regards, Eddie.