On 13/06/2012 13:05, Simon Reber wrote:
Hi all,
I'm having trouble to active SELinux on our RHEL 6 Linux system.
We have some sort of special installation framework (cobbler and puppet)
and initially disabled SELinux (which is fine)
[output from Kickstart]
...
selinux --disabled
...
%packages --excludedocs --nobase
kernel
yum
openssh-server
openssh-clients
audit
logrotate
tmpwatch
vixie-cron
crontabs
ksh
ntp
perl
bind-utils
sudo
which
sendmail
wget
redhat-lsb
rsync
authconfig
lsof
unzip
sharutils
logwatch
libacl
nfs-utils
lcsetup
-firstboot
-tftp-server
-system-config-soundcard
-libselinux-python
-selinux-policy
-libselinux-utils
-selinux-policy-targeted
...
But for some high Security Risk systems, it's required to turn it on
anyway.
So I followed the guidance on:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi
ty-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enab
ling_and_Disabling_SELinux.html to enable SELinux again on these systems
Unfortunately does the system not initiate SELinux correctly nor do I
see any hint where the problem is:
tgl90a-8401 root:/etc/init $ sestatus
SELinux status: disabled
tgl90a-8401 root:/etc/init $ cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
The only thing I can see is:
tgl90a-8401 root:/etc/init $ cat /var/log/messages
Jun 13 13:41:30 tgl90a-8401 kernel: SELinux: Initializing.
Does anybody know if I need additional packages on the system or any
special setting set?
If tried "permissive" mode with /.autorelable - which didn't
work either
I also installed @Base Group to ensure nothing is missing - but
still the same result
I've tried it with the same setup on RHEL 5 which perfectly worked - but
not on RHEL 6!
So I'm really looking forward to get some hints/tips
Thanks and all the best,
Si
Are you sure you are installing the packages needed for SE?
@Base does not include any SE packages. I think you will want
selinux-policy and selinux-policy-targeted as this gives the default SE
policy for the system.
Regards,
Tris
*************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity
to whom they are addressed. If you have received this email
in error please notify postmas...@bgfl.org
The views expressed within this email are those of the
individual, and not necessarily those of the organisation
*************************************************************
_______________________________________________
rhelv6-list mailing list
rhelv6-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv6-list
