Solved

how to enable Selinux

Posted on 2014-09-11
7
409 Views
Last Modified: 2014-09-11
I try to enable Selinux from this site,http://wiki.eri.ucsb.edu/sysadm/SELinux , but it didn't work, On linux shell, I tried this command as follows

root@vps# getenforce

Disabled

root@vps#setenforece 1

setenforce: SELinux is disabled

root@vps# getenforce

Disabled

change the file at /etc/sysconfig/selinux from changing SELINUX=enforcing to SELINUX=disabled

reboot, but it didn't work.

On the link instruction, why turn on Selinux need to SELINUX=disabled ?
And how I know selinux is enabled or not ?

Please advise
0
Comment
Question by:rwniceing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 23

Assisted Solution

by:savone
savone earned 100 total points
ID: 40318167
Edit  /etc/selinux/config and make sure it is enforcing.

The file should look like this when done:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


Reboot the system to load selinux.
0
 
LVL 1

Author Comment

by:rwniceing
ID: 40318175
Yes  I did,

but when getenforce it still echo

Disabled

I talk to my hosting company said
We use OpenVZ virtualization (most popular VPS virtualization system), which doesn't support selinux for security reasons, i am sorry, but we have no option to enable it.

Is the main reason from the hosting company statement that is why
always get "Disabled" from getenforce ?
0
 
LVL 1

Author Comment

by:rwniceing
ID: 40318180
Whatever I try, I always get this

root@vps#setenforece 1

setenforce: SELinux is disabled
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 4

Assisted Solution

by:exploitedj
exploitedj earned 400 total points
ID: 40318215
Ok, the first thing to check is what does sestatus return for the "SELinux status: "

If that line returns disabled that means that you disabled it before a reboot. Think of this like the main breaker on your house. If it is off, the circuit breakers between enforcing and permissive won't mean much.

If that is the case you can set your  /etc/sysconfig/selinux to "SELINUX=enforcing"  then reboot.
The sestatus "SELinux status: " should now return "enabled". Now you can use set enforce to switch between enforcing and permissive.

Permissive is different than Disabled. It is SUPER IMPORTANT to understand how "Disabling" impacts policies relabeling. This is not uncommon and can lead to many headaches. Fedora documentation does a good job describing this. As do Dan Walsh's blogs. He is pretty much "the Man" with SeLinux.

Note - This may not fall into this thread but you typically want to avoid Disabling in SeLinux, even when troubleshooting, as you can undo a lot of policy label changes if you didn't set them properly. Go with Permissive as you gain your footing and if you need to figure out if SElinux is messing something up.
0
 
LVL 1

Author Comment

by:rwniceing
ID: 40318219
savone and exploitedj thanks for your reply,  exploitedj ,command result as follows

root@vps [~]# sestatus
SELinux status:                 disabled

Please read this post
http://www.experts-exchange.com/OS/Linux/Q_28516844.html

You agree hosting company has such ability ?
0
 
LVL 4

Accepted Solution

by:
exploitedj earned 400 total points
ID: 40318240
I just commented there and came here to double check that the virtualization was with OpenVZ. Guess so since you are the question asker in both?
0
 
LVL 1

Author Closing Comment

by:rwniceing
ID: 40318255
Thanks for all of your reply
0

Featured Post

Learn by Doing. Anytime. Anywhere.

Do you like to learn by doing?
Our labs and exercises give you the chance to do just that: Learn by performing actions on real environments.

Hands-on, scenario-based labs give you experience on real environments provided by us so you don't have to worry about breaking anything.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question