[SOLVED] Can not enable SELinux.

Support for security such as Firewalls and securing linux

[SOLVED] Can not enable SELinux.

Postby maplebonsai » 2012/04/17 03:15:13

I recently migrated an OVH kimsufi to CentOS 6.2. After making a few configurations I checked SELinux status and was surprised to see it was disabled. However, the configuration file shows it as enabled. I'm unable to start it with any commands and would really appreciate any help or tips anyone can offer.

I followed the SELinux section in the RHEL man and still can't enable it. Setting selinux=permissive and relabeling the file system did not work either. I think OVH may have it disabled in a bootfile or kernel. Thanks in advance for helping!

uname
Code: Select all
Linux hostname.com 3.2.13-grsec-xxxx-grs-ipv6-64 #1 SMP Thu Mar 29 09:48:59 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

/etc/selinux/config
Code: Select all
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

rpm -qa | grep selinux
Code: Select all
selinux-policy-3.7.19-126.el6_2.10.noarch
selinux-policy-targeted-3.7.19-126.el6_2.10.noarch
libselinux-python-2.0.94-5.2.el6.x86_64
libselinux-2.0.94-5.2.el6.x86_64
libselinux-utils-2.0.94-5.2.el6.x86_64

rpm -qa | grep policycoreutils
Code: Select all
policycoreutils-python-2.0.83-19.21.el6_2.x86_64
policycoreutils-2.0.83-19.21.el6_2.x86_64

rpm -qa | grep setroubleshoot
Code: Select all
setroubleshoot-plugins-3.0.16-1.el6.noarch
setroubleshoot-server-3.0.38-2.1.el6.x86_64
setroubleshoot-3.0.38-2.1.el6.x86_64

getenforce
Code: Select all
Disabled
maplebonsai
 
Posts: 6
Joined: 2012/04/17 02:52:58

[SOLVED] Can not enable SELinux.

Postby pschaff » 2012/04/17 03:37:14

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

Never heard of an OVH kimsufi but google sure turns up some negative stuff quickly. That non-CentOS kernel is a likely cause. Have you tried a standard kernel? How did you go about "migrating"?

If more help is needed then please provide more information about your system by running "./getinfo.sh" and showing us the output file.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: Can not enable SELinux.

Postby maplebonsai » 2012/04/17 04:10:40

^^

Thanks! Kimsufi's are simply dedicated servers that are self-managed. If you actually read the posts on google you'll quickly realize that stupid people do stupid things and then they complain about them on the internet...lol

Anyway, I'm aware of the the "custom" kernel, but am very hesitant to try and modify the kernel since it's the actual server is remote and I only have ssh access. I really don't want to brick it if it won't boot. Also, I should have used a better term than "migrate" I simply requested a new install with CentOS 6. Here is my getinfo....and thanks again for helping!

http://pastebin.centos.org/38688
maplebonsai
 
Posts: 6
Joined: 2012/04/17 02:52:58

Re: Can not enable SELinux.

Postby TrevorH » 2012/04/17 09:25:32

The OVH supplied kernel uses grsec which is an alternative to selinux and mutually incompatible. I have no idea why OVH install a non-standard kernel but it has been discussed recently on IRC with no obvious conclusion.
User avatar
TrevorH
Forum Moderator
 
Posts: 9106
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Can not enable SELinux.

Postby maplebonsai » 2012/04/17 12:12:16

Thanks for the info Trevor. Looks like selinux is a no go with an OVH kernel. I'll look into replacing the kernel or remotely installing genuine CentOS with vnc. :roll:
maplebonsai
 
Posts: 6
Joined: 2012/04/17 02:52:58

Re: Can not enable SELinux.

Postby pschaff » 2012/04/17 12:47:12

Sounds like a plan. Please let us know how that goes.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: Can not enable SELinux.

Postby maplebonsai » 2012/04/18 04:27:54

I successfully installed stock CentOS 6.2 on the server remotely. I basically followed a forum post from OVH and everything went really well. Attempting to rebuild the kernel seemed tricky and not comprehensive enough. SELinux is now enforcing and this thread is done! :-D

http://forum.ovh.co.uk/showthread.php?t=4991
maplebonsai
 
Posts: 6
Joined: 2012/04/17 02:52:58

Re: [SOLVED] Can not enable SELinux.

Postby pschaff » 2012/04/18 17:06:14

Thanks for reporting back. Marking this thread [SOLVED] for posterity.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America


Return to CentOS 6 - Security Support

Who is online

Users browsing this forum: No registered users and 2 guests