On 08/13/2014 09:50 AM, Gordan Bobic wrote:
On 2014-08-13 14:39, Robert Moskowitz wrote:
On 08/12/2014 05:19 PM, Gordan Bobic wrote:
On 08/12/2014 09:56 PM, Robert Moskowitz wrote:
So I go to do my first semanage after installing selinux-policy and
rebooting then installing policycoreutils-python:

semanage port -a -t ssh_port_t -p tcp nnnn

and get the error:

/usr/sbin/semanage: SELinux policy is not managed or store cannot be
accessed.

So whatelse is needed?

It could be a number of things. Have you loaded a policy? What do you get from:
semodule -l

If you touch /.autorelabel and reboot that might fix it.

If you are still getting a problem, this thread has a reasonable summary of other possible issues:

Have you looked at this page for possible solutions?
http://en.it-usenet.org/thread/16387/2623/

So first I checked that the F19 base I used had working SELinux, and
it did.  Then I rebooted my RSEL and went to this thread and tried the
first check discussed:

# sestatus
SELinux status:                 disabled

Well I guess we know were to start!  Something important is probably
NOT installed.  When I asked here what to install to get SELinux and
was told to install selinux-policy which I did.  It seems that is not
enough.  Further in the message starting the thread, the following
modules are listed:

kernel26-selinux-2.6.31
selinux-coreutils-7.6
selinux-pam-1.1.0
refpolicy-2.20091117
selinux-sysvinit-2.86
checkpolicy-2.0.20
libselinux-2.0.89
libsemanage-2.0.42
libsepol-2.0.41
selinux-usr-policycoreutils-2.0.77
sepolgen-1.0.18

Which of these are part of the base tarball?  Which do I need to add?

First things first - do you have a file called:
/etc/selinux/config
and does it contain lines:
SELINUX=enabled
SELINUXTYPE=targeted

# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Secondly, try:

cat /tmp/packages <<EOF
kernel-selinux
selinux-coreutils
selinux-pam
refpolicy
selinux-sysvinit
checkpolicy
libselinux
libsemanage
libsepol
selinux-usr-policycoreutils
sepolgen
EOF

This did not work, it failed with:

cat: /tmp/packages: No such file or directory

So I used my cat magic I learned over on the postfix list:

cat <<EOF>/tmp/packages || exit 1

And that built the temp file.

yum install `cat /tmp/packages`

and see if that installs any thing additional.

Huston, we have a problem:

Setting up Install Process
No package kernel-selinux available.
No package selinux-coreutils available.
No package selinux-pam available.
No package refpolicy available.
No package selinux-sysvinit available.
Package checkpolicy-2.0.22-1.el6.armv5tel already installed and latest version Package libselinux-2.0.94-5.el6.armv5tel already installed and latest version Package libsemanage-2.0.43-4.2.el6.armv5tel already installed and latest version

Package libsepol-2.0.41-4.el6.armv5tel already installed and latest version
No package selinux-usr-policycoreutils available.
No package sepolgen available.
Nothing to do

====================================================

Help?


_______________________________________________
users mailing list
[email protected]
http://lists.redsleeve.org/mailman/listinfo/users

Reply via email to