CentOS

Try to set /etc/sysconfig/selinux to enforcing, reboot and check if the Gnome Display Manager can start.
Regarding SELinux troubleshooting check this short thread

hunter86_bg wrote:Try to set /etc/sysconfig/selinux to enforcing, reboot and check if the Gnome Display Manager can start.

The Gnome Display Manager always return to Login-Screen. It's not possible to run a Desktop as user.
Therefore I have again in /etc/sysconfig/selinux

Code: Select all

SELINUX=permissive

I think that is Ok. for me.

Only the message on gdm-Login-Screen

Code: Select all

Unfähig einen gültigen Kontakt zu erhalten für BENUTZER

is distempering.

with regards
Ch. Hanisch

So run in permissive mode and then look at your audit log to determine _why_ it doesn't work. You can use our wiki selinux page to work through the steps required to identify the problems and create a policy file (or maybe you have a mislabeled file that stops things from working in which case relabeling that file or the entire filesystem will fix it).

Useful resources for SELinux: http://wiki.centos.org/HowTos/SELinux | http://wiki.centos.org/TipsAndTricks/SelinuxBooleans | http://docs.fedoraproject.org/en-US/Fed ... ced_Linux/ | http://www.youtube.com/watch?v=bQqX3RWn0Yw | http://opensource.com/business/13/11/se ... licy-guide

Hello,
the solution is found.
in this Link https://centoshelp.org/security/selinux ... eshooting/
this was the solution:
Reset SELinux to its initial state:

Code: Select all

yum remove selinux-policy
rm -rf /etc/selinux
yum install selinux-policy-targeted
fixfiles -f -F relabel
reboot

I have now:

Code: Select all

$ sudo sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

an the system works fine.

with regards
Ch. Hanisch

I had a very similar experience with CentOS 7.3.

I updated /etc/sysconfig/selinux to use these values:
SELINUX=permissive
SELINUXTYPE=minimum

I performed a reboot and was unable to access CentOS normally or through rescue mode. I would see these errors popup during boot and it would eventually just hang:

Code: Select all

[FAILED] Failed to start Authorization Manager.
See 'systemctl status polkit.service' for details.
[DEPEND] Dependency failed for Dynamic System Tuning Daemon

[FAILED] Failed to start Import network configuration from initramfs.
See 'systemctl status rhel-import-state.service' for details.

[FAILED] Failed to start Login Service.
See 'systemctl status systemd-logind.service' for details.

Ultimately I ended up removing selinux-policy and ran fixfiles as the previous poster recommended. I did not re-install selinux-policy, just remove and the fixfiles command.

At CentOS boot screen, selected "Troubleshoot", then highlighted the option to Rescue System (pressed tab to append -> console=ttyS1,115200n8 since I was connecting over a console connection), selected default option to automatically mount existing CentOS install, then ran these commands:
yum remove selinux-policy
chroot /mnt/sysimage
fixfiles -f -F relabel
exit
reboot

If you want to re-install selinux-policy like the previous poster suggested, be sure to run this command first to get internet connectivity:
dhclient [INTERFACE_NAME]

Thanks!

CentOS

[solved]SELINUX=disabled - It's Ok?

Re: SELINUX=disabled - It's Ok?

Re: SELINUX=disabled - It's Ok?

Re: SELINUX=disabled - It's Ok?

Re: SELINUX=disabled - It's Ok?

Re: [solved]SELINUX=disabled - It's Ok?