Hi Guys, This is driving me nuts & I wonder if someone could help. My RPi3 is running a minimal install of CentOS7 which is running SELinux in Permissive Mode but I would like to enable Enforcing Mode. However, it doesn't seem to matter what I do, I just cannot get the setting to stick. Could someone please suggest what I might be doing wrong?
I have tried editing the /etc/selinux/config & running the touch /.autorelabel (my pics are too large for the post...sorry) but but to no avail. I have tried the setenforce command, which I understand is more of a runtime command but it does work however every time I reboot the setting goes back to permissive.
TIA
Roly
Cannot enable SELinux Enforcing Mode
-
- Posts: 5
- Joined: 2016/03/13 21:38:47
Cannot enable SELinux Enforcing Mode
Just because you can do a thing, does not always mean that you should
Re: Cannot enable SELinux Enforcing Mode
Make sure that /etc/sysconfig/selinux is a symlink to /etc/selinux/config and that you have SELINUX=enforcing in that file.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 5
- Joined: 2016/03/13 21:38:47
Re: Cannot enable SELinux Enforcing Mode
Thanks TrevorH, I think everythig is setup the way it should be
- Attachments
-
- SELinux01.JPG (124.22 KiB) Viewed 5406 times
Just because you can do a thing, does not always mean that you should
Re: Cannot enable SELinux Enforcing Mode
The only other thing I can think of is that you have set it permissive on the kernel command line. What's in /proc/cmdline?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 5
- Joined: 2016/03/13 21:38:47
Re: Cannot enable SELinux Enforcing Mode
I have never seen this location referenced in all the stuff that I have read on SELinux so I don't know how to read this but this is what it looks like...thank you for your continued support
- Attachments
-
- output from /proc/cmdline
- SELinux02.JPG (46.79 KiB) Viewed 5377 times
Just because you can do a thing, does not always mean that you should
Re: Cannot enable SELinux Enforcing Mode
So that's where it's coming from but this is not where you alter it. The /proc filesystem is a "view" onto the the kernel's internals and /proc/cmdline just shows you what arguments were used to boot the kernel. Since this an rpi, I am not sure where y ou would change this lot but it is the "selinux=1 security=selinux enforcing=0" bit on the end of that line that causes you to come up in permissive mode - more specifically it's the enforcing=0 bit.
This appears to be a documented thing and instructions for enabling it are in the selinux section of https://wiki.centos.org/SpecialInterest ... a4c17bfd-3
This appears to be a documented thing and instructions for enabling it are in the selinux section of https://wiki.centos.org/SpecialInterest ... a4c17bfd-3
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 5
- Joined: 2016/03/13 21:38:47
Re: Cannot enable SELinux Enforcing Mode
You are a f***ing star Trevor, Thank you so much. I really don't know how I missed this. Next time I am out in Brighton, I live in Eatbourne, I will happily buy you a beer. Thanks once again
Just because you can do a thing, does not always mean that you should