[rhelv6-list] Unable to activate SELinux

Simon Reber S.Reber at lcsys.ch
Wed Jun 13 12:05:35 UTC 2012 

Hi all,

I'm having trouble to active SELinux on our RHEL 6 Linux system.
We have some sort of special installation framework (cobbler and puppet)
and initially disabled SELinux (which is fine)

[output from Kickstart]
...
selinux --disabled
...
%packages --excludedocs --nobase
kernel
yum
openssh-server
openssh-clients
audit
logrotate
tmpwatch
vixie-cron
crontabs
ksh
ntp
perl
bind-utils
sudo
which
sendmail
wget
redhat-lsb
rsync
authconfig
lsof
unzip
sharutils
logwatch
libacl
nfs-utils
lcsetup
-firstboot
-tftp-server
-system-config-soundcard
-libselinux-python
-selinux-policy
-libselinux-utils
-selinux-policy-targeted
...

But for some high Security Risk systems, it's required to turn it on
anyway.
So I followed the guidance on:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi
ty-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enab
ling_and_Disabling_SELinux.html to enable SELinux again on these systems

Unfortunately does the system not initiate SELinux correctly nor do I
see any hint where the problem is:

tgl90a-8401 root:/etc/init $ sestatus
SELinux status:                 disabled
tgl90a-8401 root:/etc/init $ cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


The only thing I can see is:
tgl90a-8401 root:/etc/init $ cat /var/log/messages
Jun 13 13:41:30 tgl90a-8401 kernel: SELinux:  Initializing.


Does anybody know if I need additional packages on the system or any
special setting set?
	If tried "permissive" mode with /.autorelable - which didn't
work either
	I also installed @Base Group to ensure nothing is missing - but
still the same result

I've tried it with the same setup on RHEL 5 which perfectly worked - but
not on RHEL 6!
	So I'm really looking forward to get some hints/tips

Thanks and all the best,
Si

More information about the rhelv6-list mailing list