[SOLVED] Can not enable SELinux.

Support for security such as Firewalls and securing linux
maplebonsai
Posts: 6
Joined: 2012/04/17 02:52:58

[SOLVED] Can not enable SELinux.

Postby maplebonsai » 2012/04/17 03:15:13

I recently migrated an OVH kimsufi to CentOS 6.2. After making a few configurations I checked SELinux status and was surprised to see it was disabled. However, the configuration file shows it as enabled. I'm unable to start it with any commands and would really appreciate any help or tips anyone can offer.

I followed the SELinux section in the RHEL man and still can't enable it. Setting selinux=permissive and relabeling the file system did not work either. I think OVH may have it disabled in a bootfile or kernel. Thanks in advance for helping!

uname

Code: Select all

Linux hostname.com 3.2.13-grsec-xxxx-grs-ipv6-64 #1 SMP Thu Mar 29 09:48:59 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

/etc/selinux/config

Code: Select all

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

rpm -qa | grep selinux

Code: Select all

selinux-policy-3.7.19-126.el6_2.10.noarch
selinux-policy-targeted-3.7.19-126.el6_2.10.noarch
libselinux-python-2.0.94-5.2.el6.x86_64
libselinux-2.0.94-5.2.el6.x86_64
libselinux-utils-2.0.94-5.2.el6.x86_64

rpm -qa | grep policycoreutils

Code: Select all

policycoreutils-python-2.0.83-19.21.el6_2.x86_64
policycoreutils-2.0.83-19.21.el6_2.x86_64

rpm -qa | grep setroubleshoot

Code: Select all

setroubleshoot-plugins-3.0.16-1.el6.noarch
setroubleshoot-server-3.0.38-2.1.el6.x86_64
setroubleshoot-3.0.38-2.1.el6.x86_64

getenforce

Code: Select all

Disabled

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

[SOLVED] Can not enable SELinux.

Postby pschaff » 2012/04/17 03:37:14

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

Never heard of an OVH kimsufi but google sure turns up some negative stuff quickly. That non-CentOS kernel is a likely cause. Have you tried a standard kernel? How did you go about "migrating"?

If more help is needed then please provide more information about your system by running "./getinfo.sh" and showing us the output file.

maplebonsai
Posts: 6
Joined: 2012/04/17 02:52:58

Re: Can not enable SELinux.

Postby maplebonsai » 2012/04/17 04:10:40

^^

Thanks! Kimsufi's are simply dedicated servers that are self-managed. If you actually read the posts on google you'll quickly realize that stupid people do stupid things and then they complain about them on the internet...lol

Anyway, I'm aware of the the "custom" kernel, but am very hesitant to try and modify the kernel since it's the actual server is remote and I only have ssh access. I really don't want to brick it if it won't boot. Also, I should have used a better term than "migrate" I simply requested a new install with CentOS 6. Here is my getinfo....and thanks again for helping!

http://pastebin.centos.org/38688

User avatar
TrevorH
Forum Moderator
Posts: 15631
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Can not enable SELinux.

Postby TrevorH » 2012/04/17 09:25:32

The OVH supplied kernel uses grsec which is an alternative to selinux and mutually incompatible. I have no idea why OVH install a non-standard kernel but it has been discussed recently on IRC with no obvious conclusion.

maplebonsai
Posts: 6
Joined: 2012/04/17 02:52:58

Re: Can not enable SELinux.

Postby maplebonsai » 2012/04/17 12:12:16

Thanks for the info Trevor. Looks like selinux is a no go with an OVH kernel. I'll look into replacing the kernel or remotely installing genuine CentOS with vnc. :roll:

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Can not enable SELinux.

Postby pschaff » 2012/04/17 12:47:12

Sounds like a plan. Please let us know how that goes.

maplebonsai
Posts: 6
Joined: 2012/04/17 02:52:58

Re: Can not enable SELinux.

Postby maplebonsai » 2012/04/18 04:27:54

I successfully installed stock CentOS 6.2 on the server remotely. I basically followed a forum post from OVH and everything went really well. Attempting to rebuild the kernel seemed tricky and not comprehensive enough. SELinux is now enforcing and this thread is done! :-D

http://forum.ovh.co.uk/showthread.php?t=4991

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: [SOLVED] Can not enable SELinux.

Postby pschaff » 2012/04/18 17:06:14

Thanks for reporting back. Marking this thread [SOLVED] for posterity.


Return to “CentOS 6 - Security Support”

Who is online

Users browsing this forum: No registered users and 3 guests