AW: Re: AW: SElinux boot error with new kernel and RHAS V4 U3
Ken Kleiner
ken at cs.uml.edu
Thu Apr 13 19:25:59 UTC 2006
Here is the .config SELINUX stuff - I tried with the 'CHECKREQPROT'
value to 1 too.
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
On Apr 13, 2006, at 3:17 PM, joe at illegal-access.de wrote:
> Hi Ken,
>
> the config seems to be okay (for me ;-)... Compiling the kernel...
> what configuration did you use there? Here ist the redhat-default:
>
> [root at hornet 2.6.9-34.EL-i686]# pwd
> /usr/src/kernels/2.6.9-34.EL-i686
> [root at hornet 2.6.9-34.EL-i686]# grep SELINUX .config
> CONFIG_SECURITY_SELINUX=y
> CONFIG_SECURITY_SELINUX_BOOTPARAM=y
> CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
> CONFIG_SECURITY_SELINUX_DISABLE=y
> CONFIG_SECURITY_SELINUX_DEVELOP=y
> CONFIG_SECURITY_SELINUX_AVC_STATS=y
> # CONFIG_SECURITY_SELINUX_MLS is not set
> [root at hornet 2.6.9-34.EL-i686]#
>
> cu,
> Joe
>
>
>> Here are the contents:
>>
>> # This file controls the state of SELinux on the system.
>> # SELINUX= can take one of these three values:
>> # enforcing - SELinux security policy is enforced.
>> # permissive - SELinux prints warnings instead of enforcing.
>> # disabled - SELinux is fully disabled.
>> SELINUX=enforcing
>> # SELINUXTYPE= type of policy in use. Possible values are:
>> # targeted - Only targeted network daemons are protected.
>> # strict - Full SELinux protection.
>> SELINUXTYPE=targeted
>>
>> Not sure what I'm looking for.
>>
>>
>> On Apr 13, 2006, at 1:45 PM, joe at illegal-access.de wrote:
>>
>>> Hi Ken,
>>>
>>> did you take a look at the config (/etc/selinux/config)?
>>>
>>> cu,
>>> Joe
>>>
>>>
>>>
>>>> Hello....
>>>>
>>>> I am running RH Enterprise Advanced Server V4 Update 3 with the RHN
>>>> kernel of 2.6.9-34.EL, with SELINUX enabled with enforcing enabled.
>>>>
>>>> I compiled and installed the 2.6.16.4 kernel from kernel.org, but
>>>> a boot
>>>> with that yields:
>>>> Enforcing mode requested but no policy loaded. Halting now.
>>>> Kernel panic - not syncing: Attempted to kill init?
>>>>
>>>> If I add 'enforcing=0' to the boot string in grub and boot
>>>> 2.6.16.4,
>>>> things work
>>>> fine, I believe because I told it to not enforce selinux. With
>>>> that
>>>> scenario:
>>>> -----
>>>> [root at iscsi-vm ~]# sestatus
>>>> SELinux status: disabled
>>>> [root at iscsi-vm ~]# getenforce
>>>> Disabled
>>>> -----
>>>>
>>>> I would like to keep SElinux enabled and enforcing with the new
>>>> kernel - can
>>>> somebody provide insight as to why this is happening and what to do
>>>> about it?
>>>>
>>>> Thanks..
>>>>
>>>> Ken Kleiner
>>>> System Manager
>>>> UMass Lowell
>>>> Computer Science Department
>>>> (978) 934-3645
>>>> ken at cs.uml.edu
>>>>
>>>>
>>>>
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request at redhat.com?
>>>> subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?
>>> subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> Ken Kleiner
>> System Manager
>> UMass Lowell
>> Computer Science Department
>> (978) 934-3645
>> ken at cs.uml.edu
>>
>>
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
Ken Kleiner
System Manager
UMass Lowell
Computer Science Department
(978) 934-3645
ken at cs.uml.edu
More information about the redhat-list
mailing list