[SOLVED] Can not enable SELinux.

Support for security such as Firewalls and securing linux
Post Reply
maplebonsai
Posts: 6
Joined: 2012/04/17 02:52:58

[SOLVED] Can not enable SELinux.

Post by maplebonsai » 2012/04/17 03:15:13

I recently migrated an OVH kimsufi to CentOS 6.2. After making a few configurations I checked SELinux status and was surprised to see it was disabled. However, the configuration file shows it as enabled. I'm unable to start it with any commands and would really appreciate any help or tips anyone can offer.

I followed the SELinux section in the RHEL man and still can't enable it. Setting selinux=permissive and relabeling the file system did not work either. I think OVH may have it disabled in a bootfile or kernel. Thanks in advance for helping!

uname
[code]Linux hostname.com 3.2.13-grsec-xxxx-grs-ipv6-64 #1 SMP Thu Mar 29 09:48:59 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux[/code]
/etc/selinux/config
[code]# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted[/code]
rpm -qa | grep selinux
[code]selinux-policy-3.7.19-126.el6_2.10.noarch
selinux-policy-targeted-3.7.19-126.el6_2.10.noarch
libselinux-python-2.0.94-5.2.el6.x86_64
libselinux-2.0.94-5.2.el6.x86_64
libselinux-utils-2.0.94-5.2.el6.x86_64[/code]
rpm -qa | grep policycoreutils
[code]policycoreutils-python-2.0.83-19.21.el6_2.x86_64
policycoreutils-2.0.83-19.21.el6_2.x86_64[/code]
rpm -qa | grep setroubleshoot
[code]
setroubleshoot-plugins-3.0.16-1.el6.noarch
setroubleshoot-server-3.0.38-2.1.el6.x86_64
setroubleshoot-3.0.38-2.1.el6.x86_64[/code]
getenforce
[code]Disabled[/code]

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

[SOLVED] Can not enable SELinux.

Post by pschaff » 2012/04/17 03:37:14

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

Never heard of an [url=https://www.google.com/search?q=OVH+kimsufi&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a]OVH kimsufi[/url] but google sure turns up some negative stuff quickly. That non-CentOS kernel is a likely cause. Have you tried a standard kernel? How did you go about "migrating"?

If more help is needed then please [url=http://www.centos.org/modules/newbb/viewtopic.php?topic_id=28723&forum=54]provide more information about your system[/url] by running "./getinfo.sh" and showing us the output file.

maplebonsai
Posts: 6
Joined: 2012/04/17 02:52:58

Re: Can not enable SELinux.

Post by maplebonsai » 2012/04/17 04:10:40

^^

Thanks! Kimsufi's are simply dedicated servers that are self-managed. If you actually read the posts on google you'll quickly realize that stupid people do stupid things and then they complain about them on the internet...lol

Anyway, I'm aware of the the "custom" kernel, but am very hesitant to try and modify the kernel since it's the actual server is remote and I only have ssh access. I really don't want to brick it if it won't boot. Also, I should have used a better term than "migrate" I simply requested a new install with CentOS 6. Here is my getinfo....and thanks again for helping!

http://pastebin.centos.org/38688

User avatar
TrevorH
Forum Moderator
Posts: 30160
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Can not enable SELinux.

Post by TrevorH » 2012/04/17 09:25:32

The OVH supplied kernel uses grsec which is an alternative to selinux and mutually incompatible. I have no idea why OVH install a non-standard kernel but it has been discussed recently on IRC with no obvious conclusion.

maplebonsai
Posts: 6
Joined: 2012/04/17 02:52:58

Re: Can not enable SELinux.

Post by maplebonsai » 2012/04/17 12:12:16

Thanks for the info Trevor. Looks like selinux is a no go with an OVH kernel. I'll look into replacing the kernel or remotely installing genuine CentOS with vnc. :roll:

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: Can not enable SELinux.

Post by pschaff » 2012/04/17 12:47:12

Sounds like a plan. Please let us know how that goes.

maplebonsai
Posts: 6
Joined: 2012/04/17 02:52:58

Re: Can not enable SELinux.

Post by maplebonsai » 2012/04/18 04:27:54

I successfully installed stock CentOS 6.2 on the server remotely. I basically followed a forum post from OVH and everything went really well. Attempting to rebuild the kernel seemed tricky and not comprehensive enough. SELinux is now enforcing and this thread is done! :-D

http://forum.ovh.co.uk/showthread.php?t=4991

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: [SOLVED] Can not enable SELinux.

Post by pschaff » 2012/04/18 17:06:14

Thanks for reporting back. Marking this thread [SOLVED] for posterity.

Post Reply

Return to “CentOS 6 - Security Support”