AW: Re: AW: SElinux boot error with new kernel and RHAS V4 U3
joe at illegal-access.de
joe at illegal-access.de
Thu Apr 13 19:17:10 UTC 2006
Hi Ken,
the config seems to be okay (for me ;-)... Compiling the kernel... what configuration did you use there? Here ist the redhat-default:
[root at hornet 2.6.9-34.EL-i686]# pwd
/usr/src/kernels/2.6.9-34.EL-i686
[root at hornet 2.6.9-34.EL-i686]# grep SELINUX .config
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
# CONFIG_SECURITY_SELINUX_MLS is not set
[root at hornet 2.6.9-34.EL-i686]#
cu,
Joe
>Here are the contents:
>
># This file controls the state of SELinux on the system.
># SELINUX= can take one of these three values:
># enforcing - SELinux security policy is enforced.
># permissive - SELinux prints warnings instead of enforcing.
># disabled - SELinux is fully disabled.
>SELINUX=enforcing
># SELINUXTYPE= type of policy in use. Possible values are:
># targeted - Only targeted network daemons are protected.
># strict - Full SELinux protection.
>SELINUXTYPE=targeted
>
>Not sure what I'm looking for.
>
>
>On Apr 13, 2006, at 1:45 PM, joe at illegal-access.de wrote:
>
>> Hi Ken,
>>
>> did you take a look at the config (/etc/selinux/config)?
>>
>> cu,
>> Joe
>>
>>
>>
>>> Hello....
>>>
>>> I am running RH Enterprise Advanced Server V4 Update 3 with the RHN
>>> kernel of 2.6.9-34.EL, with SELINUX enabled with enforcing enabled.
>>>
>>> I compiled and installed the 2.6.16.4 kernel from kernel.org, but
>>> a boot
>>> with that yields:
>>> Enforcing mode requested but no policy loaded. Halting now.
>>> Kernel panic - not syncing: Attempted to kill init?
>>>
>>> If I add 'enforcing=0' to the boot string in grub and boot 2.6.16.4,
>>> things work
>>> fine, I believe because I told it to not enforce selinux. With that
>>> scenario:
>>> -----
>>> [root at iscsi-vm ~]# sestatus
>>> SELinux status: disabled
>>> [root at iscsi-vm ~]# getenforce
>>> Disabled
>>> -----
>>>
>>> I would like to keep SElinux enabled and enforcing with the new
>>> kernel - can
>>> somebody provide insight as to why this is happening and what to do
>>> about it?
>>>
>>> Thanks..
>>>
>>> Ken Kleiner
>>> System Manager
>>> UMass Lowell
>>> Computer Science Department
>>> (978) 934-3645
>>> ken at cs.uml.edu
>>>
>>>
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>
>Ken Kleiner
>System Manager
>UMass Lowell
>Computer Science Department
>(978) 934-3645
>ken at cs.uml.edu
>
>
>
>--
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list