From: Stephen Smalley <sds@tycho.nsa.gov>
To: imsand@puzzle.ch
Cc: "Justin P. Mattock" <justinmattock@gmail.com>, selinux@tycho.nsa.gov
Subject: Re: Enable selinux in SLES 11
Date: Tue, 24 Aug 2010 10:48:50 -0400 [thread overview]
Message-ID: <1282661330.23429.50.camel@moss-pluto.epoch.ncsc.mil> (raw)
In-Reply-To: <18511.193.5.216.100.1282658950.squirrel@mail.puzzle.ch>
On Tue, 2010-08-24 at 16:09 +0200, imsand@puzzle.ch wrote:
> Unfortunately it doesn't work. I've done all steps described in here:
> http://thetoms-random-thoughts.blogspot.com/2008/12/selinux-on-opensuse-111.html
> but this doesn't seems to work for sles 11.
> Anybody out there, who was able to run selinux on sles 11?
> I've got some other questions?
> * what happens if the policy is not found? what would sestatus report?
> * are there some good debug options for selinux? logs? any other hints?
> (dmesg shows nothing related to selinux)
I've only seen successful reports of getting SELinux to run with
OpenSUSE 11.2 and later, and even that hasn't been trivial. I haven't
seen any reports of getting it to work with SLES 11. But you should ask
Novell about it.
If policy is not found, then sestatus will report disabled. No policy
loaded is treated the same as SELinux disabled as far as userspace is
concerned.
Was SELinux built into your kernel?
$ grep selinux_init /proc/kallsyms
<some address> t selinux_init
<some address> t __initcall_selinux_init
Was SELinux enabled at boot?
$ dmesg | grep SELinux
SELinux: Initializing.
SELinux: Starting in permissive mode
...
Is SELinux enabled in the kernel?
$ grep selinuxfs /proc/filesystems
Do you have a policy installed under /etc/selinux/targeted?
$ ls -l /etc/selinux/targeted/policy
Was your policy loaded?
$ dmesg | grep SELinux
...
SELinux: Completing initialization.
SELinux: Setting up existing superblocks.
...
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2010-08-24 14:48 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-23 13:23 Enable selinux in SLES 11 imsand
2010-08-23 15:49 ` Stephen Smalley
2010-08-23 16:54 ` Justin P. Mattock
2010-08-24 7:14 ` imsand
2010-08-24 13:30 ` Justin P. Mattock
2010-08-24 14:09 ` imsand
2010-08-24 14:44 ` Justin P. Mattock
2010-08-25 7:53 ` imsand
2010-08-25 13:41 ` Justin P. Mattock
2010-08-25 19:03 ` Stephen Smalley
2010-08-24 14:48 ` Stephen Smalley [this message]
2010-08-26 7:37 ` Thomas
2010-08-26 7:32 ` Thomas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1282661330.23429.50.camel@moss-pluto.epoch.ncsc.mil \
--to=sds@tycho.nsa.gov \
--cc=imsand@puzzle.ch \
--cc=justinmattock@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.