On Thursday, September 21, 2017 at 4:40:42 AM UTC-4, pels wrote: > On Wednesday, September 20, 2017 at 2:54:31 PM UTC+2, cooloutac wrote: > > On Wednesday, September 20, 2017 at 4:41:58 AM UTC-4, pels wrote: > > > I'd like to activate SELINUX(enforcing) in VMs (f25 and f25-minimal), but > > > fails: > > > > > > [ 1.510532] audit: type=1404 audit(1505894636.317:2): enforcing=1 > > > old_enforcing=0 auid=4294967295 ses=4294967295 > > > [ 1.601491] audit: type=1403 audit(1505894636.408:3): policy loaded > > > auid=4294967295 ses=4294967295 > > > [ 1.605815] systemd[1]: Successfully loaded SELinux policy in 95.611ms. > > > [ 1.617897] systemd[1]: Failed to mount tmpfs at /run: Permission > > > denied > > > [.[0;1;31m!!!!!!.[0m] Failed to mount API filesystems, freezing. > > > [ 1.621206] systemd[1]: Freezing execution. > > > > > > I had it enabled in fedora 24 but after upgrading failed > > > I create a new template (f25 and f25-minimal) with same effect. > > > > > > I have tried to reset SELinux to its initial state: > > > yum remove selinux-policy > > > rm -rf /etc/selinux > > > yum install selinux-policy-targeted > > > fixfiles -f -F relabel > > > reboot > > > > > > Any ideas? > > > > > > Thank you very much > > > > > > Best Regards > > > > Is this a vm, if so do we really care if systemd is running in it? You > > sure thats selinux? what does sestatus say? > > > > When googling this error seems people have same issue when running docker. > > And you have to set seccomp to unconfined. > > Thank you cooloutac > > -Is this a vm > It happens in Templates and VMs. > > -Is this a vm, if so do we really care if systemd is running in it? > The problem is when i enable SELINUX VMs/templates doesn't "boot" or fail to > start. > If I disable SELINUX, the templates/VMs start whithout problems and systemd > is activated. > > -You sure thats selinux? > Yes i'm pretty sure, it's exactly the same config that i had in fedora24. > In dom0 > qvm-prefs -s fedora-25 kernelopts "nopat security=selinux selinux=1" > and in VMs/Templats > /etc/selinux/config > > SELINUX=enforcing > SELINUXTYPE=targeted > > Default selinux config > > -what does sestatus say? > I can't execute anything in template/VMs > in dom0: > qvm-run fedora-25 --nogui -pass-io -u root "sestatus" > Error(fedora-25): Domain 'fedora-25':qreexec not connected > > -When googling this error seems people have same issue when running docker. > And you have to set seccomp to unconfined > > Yes, i've read it, but i don't know how disable seccomp and the > consequences... > > > Could you make me a big favour and try to activate SELINUX? > > Thank you very much > > Best regards
Probably only useful in the template vm. But still not sure how beneficial it would be was my point though. Its probably not compatible with qubes, sounds like it breaks qrexec, maybe not worth the headache man. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c633a9b0-58a3-4b20-80a9-8b6fd7b1f81e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
