On 2014-08-13 15:04, Robert Moskowitz wrote:
On 08/13/2014 09:50 AM, Gordan Bobic wrote:
On 2014-08-13 14:39, Robert Moskowitz wrote:
On 08/12/2014 05:19 PM, Gordan Bobic wrote:
On 08/12/2014 09:56 PM, Robert Moskowitz wrote:
So I go to do my first semanage after installing selinux-policy and
rebooting then installing policycoreutils-python:
semanage port -a -t ssh_port_t -p tcp nnnn
and get the error:
/usr/sbin/semanage: SELinux policy is not managed or store cannot
be
accessed.
So whatelse is needed?
It could be a number of things. Have you loaded a policy? What do
you get from:
semodule -l
If you touch /.autorelabel and reboot that might fix it.
If you are still getting a problem, this thread has a reasonable
summary of other possible issues:
Have you looked at this page for possible solutions?
http://en.it-usenet.org/thread/16387/2623/
So first I checked that the F19 base I used had working SELinux, and
it did. Then I rebooted my RSEL and went to this thread and tried
the
first check discussed:
# sestatus
SELinux status: disabled
Well I guess we know were to start! Something important is probably
NOT installed. When I asked here what to install to get SELinux and
was told to install selinux-policy which I did. It seems that is not
enough. Further in the message starting the thread, the following
modules are listed:
kernel26-selinux-2.6.31
selinux-coreutils-7.6
selinux-pam-1.1.0
refpolicy-2.20091117
selinux-sysvinit-2.86
checkpolicy-2.0.20
libselinux-2.0.89
libsemanage-2.0.42
libsepol-2.0.41
selinux-usr-policycoreutils-2.0.77
sepolgen-1.0.18
Which of these are part of the base tarball? Which do I need to add?
First things first - do you have a file called:
/etc/selinux/config
and does it contain lines:
SELINUX=enabled
SELINUXTYPE=targeted
# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Secondly, try:
cat /tmp/packages <<EOF
kernel-selinux
selinux-coreutils
selinux-pam
refpolicy
selinux-sysvinit
checkpolicy
libselinux
libsemanage
libsepol
selinux-usr-policycoreutils
sepolgen
EOF
This did not work, it failed with:
cat: /tmp/packages: No such file or directory
So I used my cat magic I learned over on the postfix list:
cat <<EOF>/tmp/packages || exit 1
And that built the temp file.
yum install `cat /tmp/packages`
and see if that installs any thing additional.
Huston, we have a problem:
Setting up Install Process
No package kernel-selinux available.
No package selinux-coreutils available.
No package selinux-pam available.
No package refpolicy available.
No package selinux-sysvinit available.
Package checkpolicy-2.0.22-1.el6.armv5tel already installed and latest
version
Package libselinux-2.0.94-5.el6.armv5tel already installed and latest
version
Package libsemanage-2.0.43-4.2.el6.armv5tel already installed and
latest version
Package libsepol-2.0.41-4.el6.armv5tel already installed and latest
version
No package selinux-usr-policycoreutils available.
No package sepolgen available.
Nothing to do
That's probably because F19 is 7 generations newer than EL6, so the
package names
have changed somewhat. On EL6 I have these:
$ rpm -qa | grep selinux | sort
libselinux-2.0.94-5.3.el6_4.1.x86_64
libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
libselinux-python-2.0.94-5.3.el6_4.1.x86_64
libselinux-utils-2.0.94-5.3.el6_4.1.x86_64
selinux-policy-3.7.19-231.el6_5.1.noarch
selinux-policy-targeted-3.7.19-231.el6_5.1.noarch
So that should be all that's required. The chances are it's a
configuration issue somewhere, but I'm not sure where it might be.
I've not used selinux on ARM because none of the kernels that
ship with any of my devices have selinux built in.
Gordan
_______________________________________________
users mailing list
[email protected]
http://lists.redsleeve.org/mailman/listinfo/users
