On Wednesday, September 20, 2017 at 2:54:31 PM UTC+2, cooloutac wrote: > On Wednesday, September 20, 2017 at 4:41:58 AM UTC-4, pels wrote: > > I'd like to activate SELINUX(enforcing) in VMs (f25 and f25-minimal), but > > fails: > > > > [ 1.510532] audit: type=1404 audit(1505894636.317:2): enforcing=1 > > old_enforcing=0 auid=4294967295 ses=4294967295 > > [ 1.601491] audit: type=1403 audit(1505894636.408:3): policy loaded > > auid=4294967295 ses=4294967295 > > [ 1.605815] systemd[1]: Successfully loaded SELinux policy in 95.611ms. > > [ 1.617897] systemd[1]: Failed to mount tmpfs at /run: Permission denied > > [.[0;1;31m!!!!!!.[0m] Failed to mount API filesystems, freezing. > > [ 1.621206] systemd[1]: Freezing execution. > > > > I had it enabled in fedora 24 but after upgrading failed > > I create a new template (f25 and f25-minimal) with same effect. > > > > I have tried to reset SELinux to its initial state: > > yum remove selinux-policy > > rm -rf /etc/selinux > > yum install selinux-policy-targeted > > fixfiles -f -F relabel > > reboot > > > > Any ideas? > > > > Thank you very much > > > > Best Regards > > Is this a vm, if so do we really care if systemd is running in it? You > sure thats selinux? what does sestatus say? > > When googling this error seems people have same issue when running docker. > And you have to set seccomp to unconfined.
Thank you cooloutac -Is this a vm It happens in Templates and VMs. -Is this a vm, if so do we really care if systemd is running in it? The problem is when i enable SELINUX VMs/templates doesn't "boot" or fail to start. If I disable SELINUX, the templates/VMs start whithout problems and systemd is activated. -You sure thats selinux? Yes i'm pretty sure, it's exactly the same config that i had in fedora24. In dom0 qvm-prefs -s fedora-25 kernelopts "nopat security=selinux selinux=1" and in VMs/Templats /etc/selinux/config SELINUX=enforcing SELINUXTYPE=targeted Default selinux config -what does sestatus say? I can't execute anything in template/VMs in dom0: qvm-run fedora-25 --nogui -pass-io -u root "sestatus" Error(fedora-25): Domain 'fedora-25':qreexec not connected -When googling this error seems people have same issue when running docker. And you have to set seccomp to unconfined Yes, i've read it, but i don't know how disable seccomp and the consequences... Could you make me a big favour and try to activate SELINUX? Thank you very much Best regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/acdebd73-c631-456c-97a7-77ae399fc9b3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.