SELinux Doesn't Switch to âEnforcingâ Mode
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I have a minimal CentOS 7.5.1804 (Core) system and trying to change SELinux mode from Disabled to Enforcing but when I tried to change mode using setenforce 1
command, I got an error message says:setenforce: SELINUX is disabled
I changed /etc/selinux/config file as follows:
# This file controls the state of SELinux on the system.`
# SELINUX= can take one of these three values:`
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are pr$
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
I rebooted system a couple of times but still SELinux is disabled.
Where am I suppose to check now? Is there any other mechanism above /etc/selinux/config file that can manipulate SELinux status?
Note 1 : I didn't install and configure CentOS 7 on the machine at first hand. So, certain customization might have been done after the installation. System currently has three SELinux policy packages as follows:
selinux-policy-minimum
selinux-policy-mls
selinux-policy-targeted
Note 2 : This question is similar with SELINUX won't enable and i know it has closed with an off-topic flag. But it closed because the user is on linode with a linode provided (custom) kernel that doesn't support SELinux (as Stephen Harris says in comments)
centos selinux
add a comment |Â
up vote
1
down vote
favorite
I have a minimal CentOS 7.5.1804 (Core) system and trying to change SELinux mode from Disabled to Enforcing but when I tried to change mode using setenforce 1
command, I got an error message says:setenforce: SELINUX is disabled
I changed /etc/selinux/config file as follows:
# This file controls the state of SELinux on the system.`
# SELINUX= can take one of these three values:`
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are pr$
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
I rebooted system a couple of times but still SELinux is disabled.
Where am I suppose to check now? Is there any other mechanism above /etc/selinux/config file that can manipulate SELinux status?
Note 1 : I didn't install and configure CentOS 7 on the machine at first hand. So, certain customization might have been done after the installation. System currently has three SELinux policy packages as follows:
selinux-policy-minimum
selinux-policy-mls
selinux-policy-targeted
Note 2 : This question is similar with SELINUX won't enable and i know it has closed with an off-topic flag. But it closed because the user is on linode with a linode provided (custom) kernel that doesn't support SELinux (as Stephen Harris says in comments)
centos selinux
5
cat /proc/cmdline there is probably selinux=0 enforcing=0. if so - change your grub configuration.
â Alexander
Aug 29 at 8:16
some RHEL documentation. Note the required packages in chapter 4.3. look for Alexander's provided offending toggles in /etc/default/grub (+ man grub2-mkconfig)
â A.B
Aug 29 at 21:09
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have a minimal CentOS 7.5.1804 (Core) system and trying to change SELinux mode from Disabled to Enforcing but when I tried to change mode using setenforce 1
command, I got an error message says:setenforce: SELINUX is disabled
I changed /etc/selinux/config file as follows:
# This file controls the state of SELinux on the system.`
# SELINUX= can take one of these three values:`
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are pr$
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
I rebooted system a couple of times but still SELinux is disabled.
Where am I suppose to check now? Is there any other mechanism above /etc/selinux/config file that can manipulate SELinux status?
Note 1 : I didn't install and configure CentOS 7 on the machine at first hand. So, certain customization might have been done after the installation. System currently has three SELinux policy packages as follows:
selinux-policy-minimum
selinux-policy-mls
selinux-policy-targeted
Note 2 : This question is similar with SELINUX won't enable and i know it has closed with an off-topic flag. But it closed because the user is on linode with a linode provided (custom) kernel that doesn't support SELinux (as Stephen Harris says in comments)
centos selinux
I have a minimal CentOS 7.5.1804 (Core) system and trying to change SELinux mode from Disabled to Enforcing but when I tried to change mode using setenforce 1
command, I got an error message says:setenforce: SELINUX is disabled
I changed /etc/selinux/config file as follows:
# This file controls the state of SELinux on the system.`
# SELINUX= can take one of these three values:`
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are pr$
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
I rebooted system a couple of times but still SELinux is disabled.
Where am I suppose to check now? Is there any other mechanism above /etc/selinux/config file that can manipulate SELinux status?
Note 1 : I didn't install and configure CentOS 7 on the machine at first hand. So, certain customization might have been done after the installation. System currently has three SELinux policy packages as follows:
selinux-policy-minimum
selinux-policy-mls
selinux-policy-targeted
Note 2 : This question is similar with SELINUX won't enable and i know it has closed with an off-topic flag. But it closed because the user is on linode with a linode provided (custom) kernel that doesn't support SELinux (as Stephen Harris says in comments)
centos selinux
centos selinux
asked Aug 29 at 8:11
Halil Y. Ãevik
345
345
5
cat /proc/cmdline there is probably selinux=0 enforcing=0. if so - change your grub configuration.
â Alexander
Aug 29 at 8:16
some RHEL documentation. Note the required packages in chapter 4.3. look for Alexander's provided offending toggles in /etc/default/grub (+ man grub2-mkconfig)
â A.B
Aug 29 at 21:09
add a comment |Â
5
cat /proc/cmdline there is probably selinux=0 enforcing=0. if so - change your grub configuration.
â Alexander
Aug 29 at 8:16
some RHEL documentation. Note the required packages in chapter 4.3. look for Alexander's provided offending toggles in /etc/default/grub (+ man grub2-mkconfig)
â A.B
Aug 29 at 21:09
5
5
cat /proc/cmdline there is probably selinux=0 enforcing=0. if so - change your grub configuration.
â Alexander
Aug 29 at 8:16
cat /proc/cmdline there is probably selinux=0 enforcing=0. if so - change your grub configuration.
â Alexander
Aug 29 at 8:16
some RHEL documentation. Note the required packages in chapter 4.3. look for Alexander's provided offending toggles in /etc/default/grub (+ man grub2-mkconfig)
â A.B
Aug 29 at 21:09
some RHEL documentation. Note the required packages in chapter 4.3. look for Alexander's provided offending toggles in /etc/default/grub (+ man grub2-mkconfig)
â A.B
Aug 29 at 21:09
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
I did some researches considering comments of Alexander and A.B. Solution steps that I implemented as follows:
- In
/etc/grub.d/
directory, a file called40_custom
contains an expression asselinux=0
(btw I was seeing the same expression at grub bootloader menu). I changed it toselinux=1
. - Executing command
grub2-mkconfig -0 /boot/grub2/grub.cfg
. Executing ends successfully. - I checked once again if
/etc/selinux/config
file has theSELINUX=enforcing
expression.
After a reboot, SELinux getenforce
command shows Enforcing
.
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
I did some researches considering comments of Alexander and A.B. Solution steps that I implemented as follows:
- In
/etc/grub.d/
directory, a file called40_custom
contains an expression asselinux=0
(btw I was seeing the same expression at grub bootloader menu). I changed it toselinux=1
. - Executing command
grub2-mkconfig -0 /boot/grub2/grub.cfg
. Executing ends successfully. - I checked once again if
/etc/selinux/config
file has theSELINUX=enforcing
expression.
After a reboot, SELinux getenforce
command shows Enforcing
.
add a comment |Â
up vote
2
down vote
accepted
I did some researches considering comments of Alexander and A.B. Solution steps that I implemented as follows:
- In
/etc/grub.d/
directory, a file called40_custom
contains an expression asselinux=0
(btw I was seeing the same expression at grub bootloader menu). I changed it toselinux=1
. - Executing command
grub2-mkconfig -0 /boot/grub2/grub.cfg
. Executing ends successfully. - I checked once again if
/etc/selinux/config
file has theSELINUX=enforcing
expression.
After a reboot, SELinux getenforce
command shows Enforcing
.
add a comment |Â
up vote
2
down vote
accepted
up vote
2
down vote
accepted
I did some researches considering comments of Alexander and A.B. Solution steps that I implemented as follows:
- In
/etc/grub.d/
directory, a file called40_custom
contains an expression asselinux=0
(btw I was seeing the same expression at grub bootloader menu). I changed it toselinux=1
. - Executing command
grub2-mkconfig -0 /boot/grub2/grub.cfg
. Executing ends successfully. - I checked once again if
/etc/selinux/config
file has theSELINUX=enforcing
expression.
After a reboot, SELinux getenforce
command shows Enforcing
.
I did some researches considering comments of Alexander and A.B. Solution steps that I implemented as follows:
- In
/etc/grub.d/
directory, a file called40_custom
contains an expression asselinux=0
(btw I was seeing the same expression at grub bootloader menu). I changed it toselinux=1
. - Executing command
grub2-mkconfig -0 /boot/grub2/grub.cfg
. Executing ends successfully. - I checked once again if
/etc/selinux/config
file has theSELINUX=enforcing
expression.
After a reboot, SELinux getenforce
command shows Enforcing
.
answered Aug 31 at 13:10
Halil Y. Ãevik
345
345
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f465448%2fselinux-doesnt-switch-to-enforcing-mode%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
5
cat /proc/cmdline there is probably selinux=0 enforcing=0. if so - change your grub configuration.
â Alexander
Aug 29 at 8:16
some RHEL documentation. Note the required packages in chapter 4.3. look for Alexander's provided offending toggles in /etc/default/grub (+ man grub2-mkconfig)
â A.B
Aug 29 at 21:09