selinux disables its self

Support for security such as Firewalls and securing linux
Post Reply
vimalabhi89
Posts: 1
Joined: 2018/10/02 15:29:16

selinux disables its self

Post by vimalabhi89 » 2018/10/02 15:37:12

Hi,

I have a same issue but have no clue what is causing this.

Code: Select all

type=MAC_STATUS msg=audit(1538406353.064:7562): enforcing=0 old_enforcing=1 auid=0 ses=620
type=USER_AVC msg=audit(1538406353.656:7563): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received setenforce notice (enforcing=0)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Above is what I see in the logs. It seems the user is root and the process corresponding to pid = 1 is systemd

I've tried changing the config file under /etc/selinux/config an rebooting, but it automatically gets disabled bu the getenforce returns "Permissive"
I'm having a hard time figuring out why the config files changes itslef

User avatar
TrevorH
Forum Moderator
Posts: 23879
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: selinux disables its self

Post by TrevorH » 2018/10/02 15:50:31

I split your topic away from viewtopic.php?f=17&t=63065 as that's about CentOS 6 and since you mention systemd, it's obvious that you are using 7.

There's not enough info in what you've given us so far to tell what is happening. The audit lines you give were issued at 2018-10-01 15:05:53 so look in /var/log/cron to see if anything ran at that time. Look in /var/log/messages to see what happened at that time. Check /var/log/secure too. Also look in /proc/cmdline to see what's being passed to the kernel at boot time.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

hunter86_bg
Posts: 1422
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: selinux disables its self

Post by hunter86_bg » 2018/10/03 15:57:49

vimalabhi89 wrote:
2018/10/02 15:37:12
Hi,

I have a same issue but have no clue what is causing this.

Code: Select all

type=MAC_STATUS msg=audit(1538406353.064:7562): enforcing=0 old_enforcing=1 auid=0 ses=620
type=USER_AVC msg=audit(1538406353.656:7563): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received setenforce notice (enforcing=0)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Above is what I see in the logs. It seems the user is root and the process corresponding to pid = 1 is systemd

I've tried changing the config file under /etc/selinux/config an rebooting, but it automatically gets disabled bu the getenforce returns "Permissive"
I'm having a hard time figuring out why the config files changes itslef
As a temporary solution , you can disable the ability to switch to permissive until finding the source.
To do that you can run

Code: Select all

setsebool -P secure_mode_policyload on 
If you don't want the restriction to survive a reboot you can omit '-P':

Code: Select all

setsebool secure_mode_policy load on 

User avatar
TrevorH
Forum Moderator
Posts: 23879
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: selinux disables its self

Post by TrevorH » 2018/10/03 16:21:05

Is /etc/sysconfig/selinux a symlink to ../selinux/config ? It should be. Also if /etc/selinux/config is missing entirely then it defaults to permissive mode.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply