[rhelv6-list] Unable to activate SELinux

Simon Reber S.Reber at lcsys.ch
Wed Jun 13 13:33:07 UTC 2012 

> On Wed, 2012-06-13 at 14:56 +0200, Simon Reber wrote:
> > Yes, both packages have been installed:
> >
> > tgl90a-8401 root:/etc/init $ rpm -qa | grep selinux-policy
> > selinux-policy-targeted-3.7.19-126.el6_2.10.noarch
> > selinux-policy-3.7.19-126.el6_2.10.noarch
> 
> What happens if you try to manually load the policy now?
> load_policy -i
That somehow did the trick (that didn't came to my mind so far ;-):

tgl90a-8401 root:/etc/init $ load_policy -i
tgl90a-8401 root:/etc/init $
tgl90a-8401 root:/etc/init $ dmesg
...
SELinux: 2048 avtab hash slots, 226005 rules.
SELinux: 2048 avtab hash slots, 226005 rules.
SELinux:  9 users, 12 roles, 3578 types, 179 bools, 1 sens, 1024 cats
SELinux:  81 classes, 226005 rules
SELinux:  Completing initialization.
SELinux:  Setting up existing superblocks.
SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses
genfs_contexts
SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
SELinux: initialized (dev cgroup, type cgroup), uses genfs_contexts
SELinux: initialized (dev vmblock, type vmblock), uses genfs_contexts
SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses
genfs_contexts
SELinux: initialized (dev dm-3, type ext4), uses xattr
SELinux: initialized (dev dm-2, type ext4), uses xattr
SELinux: initialized (dev dm-4, type ext4), uses xattr
SELinux: initialized (dev dm-6, type ext4), uses xattr
SELinux: initialized (dev dm-5, type ext4), uses xattr
SELinux: initialized (dev sda1, type ext3), uses xattr
SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
SELinux: initialized (dev dm-0, type ext4), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev selinuxfs, type selinuxfs), uses
genfs_contexts
SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs
SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses transition
SIDs
SELinux: initialized (dev devpts, type devpts), uses transition SIDs
SELinux: initialized (dev inotifyfs, type inotifyfs), uses
genfs_contexts
SELinux: initialized (dev anon_inodefs, type anon_inodefs), uses
genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
SELinux: initialized (dev devtmpfs, type devtmpfs), uses transition SIDs
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev proc, type proc), uses genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts

tgl90a-8401 root:/etc/init $ sestatus -v
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
Policy version:                 24
Policy from config file:        targeted

Process contexts:
Current context:                system_u:system_r:kernel_t:s0
Init context:                   system_u:system_r:kernel_t:s0
/sbin/mingetty                  system_u:system_r:kernel_t:s0
/usr/sbin/sshd                  system_u:system_r:kernel_t:s0

File contexts:
Controlling term:               system_u:object_r:devpts_t:s0
/etc/passwd                     system_u:object_r:file_t:s0
/etc/shadow                     system_u:object_r:file_t:s0
/bin/bash                       system_u:object_r:shell_exec_t:s0
/bin/login                      system_u:object_r:login_exec_t:s0
/bin/sh                         system_u:object_r:bin_t:s0 ->
system_u:object_r:shell_exec_t:s0
/sbin/agetty                    system_u:object_r:getty_exec_t:s0
/sbin/init                      system_u:object_r:init_exec_t:s0
/sbin/mingetty                  system_u:object_r:getty_exec_t:s0
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t:s0
tgl90a-8401 root:/etc/init $
tgl90a-8401 root:/etc/init $ getenforce
Permissive
tgl90a-8401 root:/etc/init $


According the configuration this is correct and it seems to be running
now.
So I assume that something is missing within the startup framework ...

Do you know what startup script SELinux has/required?
	I couldn't find any

Thanks and all the best,
Si

More information about the rhelv6-list mailing list