Re: [CentOS] Regd: SeLinux Configuration
Dear All, I have tried with your previous suggestion of adding selinux=1 enforcing=1 to the kernel line in my grub.conf file and my grub configuration details are below # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You do not have a /boot partition. This means that # all kernel and initrd paths are relative to /, eg. # root (hd0,0) # kernel /boot/vmlinuz-version ro root=/dev/hda1 # initrd /boot/initrd-version.img #boot=/dev/hda default=0 timeout=5 splashimage=(hd0,0)/boot/grub/splash.xpm.gz hiddenmenu title CentOS-4 i386 (2.6.9-42.EL) root (hd0,0) kernel /boot/vmlinuz-2.6.9-42.EL ro root=LABEL=/ rhgb quiet selinux=1 enforcing=1 initrd /boot/initrd-2.6.9-42.EL.img and I have executed the cat /proc/cmdline and its output is auto BOOT_IMAGE=linux ro BOOT_FILE=/boot/vmlinuz-2.6.9-42.EL rhgb quiet root=LABEL=/ I don't know i have added correctly selinux=1 enforcing=1 to the kernel line in my grub.conf file. If i am wrong please guide me where can i add the selinux=1 enforcing=1 to the kernel line in my grub.conf file Regards -S.Balaji Did you try my previous suggestion of adding selinux=1 enforcing=1 to the kernel line in your grub.conf? While you're at it .. make sure that you're editing /boot/grub/grub.conf .. most people use /etc/grub.conf .. which is a symlink to /boot/grub/grub.conf .. if the symlink is broken and /etc/grub.conf is an independent file, you can edit it all day and not affect grub. Same goes for /etc/selinux/config which is the real file, and /etc/sysconfig/selinux which is what most people edit. Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
Dear All, I have executed the following command at centos pc and command output are placed below [EMAIL PROTECTED] ~]# rpm -qa | grep -i -e selinux libselinux-devel-1.19.1-7.2 selinux-doc-1.14.1-1 libselinux-1.19.1-7.2 selinux-policy-targeted-sources-1.17.30-2.140 selinux-policy-targeted-1.17.30-2.140 [EMAIL PROTECTED] ~]# cat /proc/cmdline auto BOOT_IMAGE=linux ro BOOT_FILE=/boot/vmlinuz-2.6.9-42.EL rhgb quiet root=LABEL=/ Regards -S.Balaji Barry Brimer wrote: I have enabled selinux using GUI tools, but i have getting same SELinux is disabled message. What is the output of rpm -qa | grep -i -e selinux and cat /proc/cmdline ?? Are you using a CentOS supplied kernel, or your own kernel? I suppose you would try adding selinux=1 enforcing=1 to the end of your kernel line in your grub.conf, although I've never needed to do that to get SELinux to activate. Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
I have executed the following command at centos pc and command output are placed below [EMAIL PROTECTED] ~]# rpm -qa | grep -i -e selinux libselinux-devel-1.19.1-7.2 selinux-doc-1.14.1-1 libselinux-1.19.1-7.2 selinux-policy-targeted-sources-1.17.30-2.140 selinux-policy-targeted-1.17.30-2.140 [EMAIL PROTECTED] ~]# cat /proc/cmdline auto BOOT_IMAGE=linux ro BOOT_FILE=/boot/vmlinuz-2.6.9-42.EL rhgb quiet root=LABEL=/ Regards -S.Balaji Did you try my previous suggestion of adding selinux=1 enforcing=1 to the kernel line in your grub.conf? While you're at it .. make sure that you're editing /boot/grub/grub.conf .. most people use /etc/grub.conf .. which is a symlink to /boot/grub/grub.conf .. if the symlink is broken and /etc/grub.conf is an independent file, you can edit it all day and not affect grub. Same goes for /etc/selinux/config which is the real file, and /etc/sysconfig/selinux which is what most people edit. Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
I have enabled selinux using GUI tools, but i have getting same SELinux is disabled message. What is the output of rpm -qa | grep -i -e selinux and cat /proc/cmdline ?? Are you using a CentOS supplied kernel, or your own kernel? I suppose you would try adding selinux=1 enforcing=1 to the end of your kernel line in your grub.conf, although I've never needed to do that to get SELinux to activate. Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
Balaji wrote: Dear All, I have executed the following command and i have changed the /etc/selinux/config file and reboot the PC also setenforce 1 i have getting the following message only setenforce: SELinux is disabled Try using the GUI tools to enable and configure SELinux. Let us know if anything changes or not. Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
Dear All, Find attached the grub boot loader configuration file /boot/grub/grub.conf Regards -S.Balaji Barry Brimer wrote: Please post /boot/grub/grub.conf as well. There may be an selinux or enforcing parameter on the kernel line that is producing unexpected results. # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/vgroot/LogVol02 # initrd /initrd-version.img #boot=/dev/hda default=2 timeout=5 password --md5 $1$KzqM8$cLC0UIaUN8QwVAlwDMGWl0 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Red Hat Enterprise Linux ES (2.6.9-34.ELhugemem) root (hd0,0) kernel /vmlinuz-2.6.9-34.ELhugemem ro root=/dev/vgroot/LogVol02 rhgb quiet initrd /initrd-2.6.9-34.ELhugemem.img title Red Hat Enterprise Linux ES (2.6.9-34.ELsmp) root (hd0,0) kernel /vmlinuz-2.6.9-34.ELsmp ro root=/dev/vgroot/LogVol02 rhgb quiet initrd /initrd-2.6.9-34.ELsmp.img title Red Hat Enterprise Linux ES (2.6.9-34.EL) root (hd0,0) kernel /vmlinuz-2.6.9-34.EL ro root=/dev/vgroot/LogVol02 rhgb quiet initrd /initrd-2.6.9-34.EL.img ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
Dear All, I have wrongly attached RHEL grub configuration with previous mail and now I am attached the CentOS grub boot loader configuration file /boot/grub/grub.conf Regards -S.Balaji Balaji wrote: Dear All, Find attached the grub boot loader configuration file /boot/grub/grub.conf Regards -S.Balaji Barry Brimer wrote: Please post /boot/grub/grub.conf as well. There may be an selinux or enforcing parameter on the kernel line that is producing unexpected results. # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You do not have a /boot partition. This means that # all kernel and initrd paths are relative to /, eg. # root (hd0,0) # kernel /boot/vmlinuz-version ro root=/dev/hda1 # initrd /boot/initrd-version.img #boot=/dev/hda default=0 timeout=5 splashimage=(hd0,0)/boot/grub/splash.xpm.gz hiddenmenu title CentOS-4 i386 (2.6.9-42.EL) root (hd0,0) kernel /boot/vmlinuz-2.6.9-42.EL ro root=LABEL=/ rhgb quiet initrd /boot/initrd-2.6.9-42.EL.img ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
On Wed, 15 Oct 2008, Balaji wrote: Dear All, Find attached the grub boot loader configuration file /boot/grub/grub.conf Regards -S.Balaji Barry Brimer wrote: Please post /boot/grub/grub.conf as well. There may be an selinux or enforcing parameter on the kernel line that is producing unexpected results. I don't see anything in your grub.conf that alters how SELinux is handled. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
Balaji wrote: * Can any one help me or guide me to 1. Enable the selinux setenforce 1 Use getenforce to determine the current status of selinux. Look in /etc/selinux/config for details of policy being used - e.g. targeted. 2. Selinux Customize my own policy man setsebool man getsebool These will help you modify options in the supplied policies. For example, use getsebool -a | grep http to list all selinux options and filter the list for those pertaining to http. You can of course create your own policy and local customisations based on audit logs etc, but I've not ventured down this path myself. Others on the list will be able to assist if you need to go that way. Hope that gets you started :) Cheers, Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
Dear All, I have executed the following command and i have changed the /etc/selinux/config file and reboot the PC also setenforce 1 i have getting the following message only setenforce: SELinux is disabled Regards -S.Balaji Ian Blackwell wrote: Balaji wrote: * Can any one help me or guide me to 1. Enable the selinux setenforce 1 Use getenforce to determine the current status of selinux. Look in /etc/selinux/config for details of policy being used - e.g. targeted. 2. Selinux Customize my own policy man setsebool man getsebool These will help you modify options in the supplied policies. For example, use getsebool -a | grep http to list all selinux options and filter the list for those pertaining to http. You can of course create your own policy and local customisations based on audit logs etc, but I've not ventured down this path myself. Others on the list will be able to assist if you need to go that way. Hope that gets you started :) Cheers, Ian ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regd: SeLinux Configuration
Balaji wrote: Dear All, I have executed the following command and i have changed the /etc/selinux/config file and reboot the PC also setenforce 1 i have getting the following message only setenforce: SELinux is disabled Please post your /etc/selinux/config file. Thanks, Ian PS: Please bottom post and trim messages - these are the guidelines for this list. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
