On 08/13/2014 09:50 AM, Gordan Bobic wrote:
On 2014-08-13 14:39, Robert Moskowitz wrote:
On 08/12/2014 05:19 PM, Gordan Bobic wrote:
On 08/12/2014 09:56 PM, Robert Moskowitz wrote:
So I go to do my first semanage after installing selinux-policy and
rebooting then installing policycoreutils-python:
semanage port -a -t ssh_port_t -p tcp nnnn
and get the error:
/usr/sbin/semanage: SELinux policy is not managed or store cannot be
accessed.
So whatelse is needed?
It could be a number of things. Have you loaded a policy? What do
you get from:
semodule -l
If you touch /.autorelabel and reboot that might fix it.
If you are still getting a problem, this thread has a reasonable
summary of other possible issues:
Have you looked at this page for possible solutions?
http://en.it-usenet.org/thread/16387/2623/
So first I checked that the F19 base I used had working SELinux, and
it did. Then I rebooted my RSEL and went to this thread and tried the
first check discussed:
# sestatus
SELinux status: disabled
Well I guess we know were to start! Something important is probably
NOT installed. When I asked here what to install to get SELinux and
was told to install selinux-policy which I did. It seems that is not
enough. Further in the message starting the thread, the following
modules are listed:
kernel26-selinux-2.6.31
selinux-coreutils-7.6
selinux-pam-1.1.0
refpolicy-2.20091117
selinux-sysvinit-2.86
checkpolicy-2.0.20
libselinux-2.0.89
libsemanage-2.0.42
libsepol-2.0.41
selinux-usr-policycoreutils-2.0.77
sepolgen-1.0.18
Which of these are part of the base tarball? Which do I need to add?
First things first - do you have a file called:
/etc/selinux/config
and does it contain lines:
SELINUX=enabled
SELINUXTYPE=targeted
# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Secondly, try:
cat /tmp/packages <<EOF
kernel-selinux
selinux-coreutils
selinux-pam
refpolicy
selinux-sysvinit
checkpolicy
libselinux
libsemanage
libsepol
selinux-usr-policycoreutils
sepolgen
EOF
This did not work, it failed with:
cat: /tmp/packages: No such file or directory
So I used my cat magic I learned over on the postfix list:
cat <<EOF>/tmp/packages || exit 1
And that built the temp file.
yum install `cat /tmp/packages`
and see if that installs any thing additional.
Huston, we have a problem:
Setting up Install Process
No package kernel-selinux available.
No package selinux-coreutils available.
No package selinux-pam available.
No package refpolicy available.
No package selinux-sysvinit available.
Package checkpolicy-2.0.22-1.el6.armv5tel already installed and latest
version
Package libselinux-2.0.94-5.el6.armv5tel already installed and latest
version
Package libsemanage-2.0.43-4.2.el6.armv5tel already installed and latest
version
Package libsepol-2.0.41-4.el6.armv5tel already installed and latest version
No package selinux-usr-policycoreutils available.
No package sepolgen available.
Nothing to do
====================================================
Help?
_______________________________________________
users mailing list
[email protected]
http://lists.redsleeve.org/mailman/listinfo/users
