CentOS 7 Minimal Can't Enable SELinux

Support for security such as Firewalls and securing linux
Post Reply
fKnMonster
Posts: 5
Joined: 2018/01/25 14:24:55

CentOS 7 Minimal Can't Enable SELinux

Post by fKnMonster » 2018/01/25 14:30:06

I'm trying to setup nginx and php7 using this guide here: https://www.howtoforge.com/tutorial/how ... -centos-7/

I'm currently using CentOS 7 Minimal and running into some issues setting up up the SELinux. At the bottom of the guide, it says to run sestatus and it should show it's enabled and enforcing, however, mine just shows disabled;

Code: Select all

# sestatus
SELinux status:                 disabled
I've been looking all over the internet and cannot for the life of me figure out how to get this enabled so any suggestions or tips would be very much appreciated!

I'm also on my PC all day so any questions for me, and I'll answer quickly :)

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS 7 Minimal Can't Enable SELinux

Post by TrevorH » 2018/01/25 15:53:23

Is /etc/sysconfig/selinux a symlink to ../selinux/config ? It should be. Does it contain the line

SELINUX=enforcing

?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

fKnMonster
Posts: 5
Joined: 2018/01/25 14:24:55

Re: CentOS 7 Minimal Can't Enable SELinux

Post by fKnMonster » 2018/01/26 13:59:21

TrevorH wrote:Is /etc/sysconfig/selinux a symlink to ../selinux/config ? It should be. Does it contain the line

SELINUX=enforcing

?

Yes to both;

https://imgur.com/a/O2OpF

However everytime I run setenforce Enforcing, I get setenforce: SELinux is disabled

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS 7 Minimal Can't Enable SELinux

Post by TrevorH » 2018/01/26 15:01:13

And the contents of /proc/cmdline?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

fKnMonster
Posts: 5
Joined: 2018/01/25 14:24:55

Re: CentOS 7 Minimal Can't Enable SELinux

Post by fKnMonster » 2018/01/26 15:38:41

TrevorH wrote:And the contents of /proc/cmdline?
/proc/cmdline only contains

Code: Select all

quiet

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS 7 Minimal Can't Enable SELinux

Post by TrevorH » 2018/01/26 15:53:30

Really? That's unusual. Is this a physical machine? Or a VM of some description? If a VM what does `virt-what` say?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

fKnMonster
Posts: 5
Joined: 2018/01/25 14:24:55

Re: CentOS 7 Minimal Can't Enable SELinux

Post by fKnMonster » 2018/01/26 15:56:52

TrevorH wrote:Really? That's unusual. Is this a physical machine? Or a VM of some description? If a VM what does `virt-what` say?
Yeah, it's a VM.

virt-what shows

Code: Select all

openvz

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS 7 Minimal Can't Enable SELinux

Post by TrevorH » 2018/01/26 16:53:10

Right, openvz is a container not a VM and that also explains why you cannot enable selinux. The host controls the kernel and you don't have a VM as such.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

fKnMonster
Posts: 5
Joined: 2018/01/25 14:24:55

Re: CentOS 7 Minimal Can't Enable SELinux

Post by fKnMonster » 2018/01/26 17:12:25

TrevorH wrote:Right, openvz is a container not a VM and that also explains why you cannot enable selinux. The host controls the kernel and you don't have a VM as such.
ahhh, well that explains why this isn't working.

Do I need SELinux, or can I just ignore it then? I've never heard of it until now.

Post Reply