PDA

View Full Version : problems with selinux config doesnt take.


thequestion
4th April 2007, 10:16 PM
I'm having troubles with selinux. I edit selinux's config file (etc/selinux/config) to

SELINUX=enforcing (from disabled)

and

SELINUXTYPE=strict (from targeted)

I reboot and check if the changes took place with "selinuxenabled && echo $?" but I get nothing, from what I gather it should say 0 if it is enabled.

so I check back at the config file but it's correct, the changes I made is still there, yet after I reboot yet again the startup doesnt take them.

anyone know what it might be?

pete_1967
5th April 2007, 12:29 AM
Did you relabel your filesystem after you enabled SELinux?

"I reboot and check if the changes took place with "selinuxenabled && echo $?" but I get nothing, from what I gather it should say 0 if it is enabled."

Exit status 0 means it's enabled, you won't see any output from your command if and when it is enabled, you'll only see exit status if it's disabled - so, in brief: yes, your SELinux is enabled.

thequestion
5th April 2007, 07:40 AM
no I havent relabled, and I've checked again selinux is not on, I check with sestatus and it says:

sestatus
SELinux status: disabled

[root@fedora policy]# getenforce
Disabled

and my config file.
SELINUX=permissive
SELINUXTYPE=targeted
SETLOCALDEFS=0

I have rebooted several times.

Also when I try to manually start the policy file I get this:

[root@fedora policy]# /usr/sbin/load_policy /etc/selinux/targeted/policy/policy.21
/usr/sbin/load_policy: Warning! Policy file argument (/etc/selinux/targeted/policy/policy.21) is no longer supported, installed policy is always loaded. Continuing...

pete_1967
5th April 2007, 09:50 AM
To start with, relabel your system. You have to do it every time you stop/start it or change the policy.