SELinux Doesn't Switch to “Enforcing” Mode

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I have a minimal CentOS 7.5.1804 (Core) system and trying to change SELinux mode from Disabled to Enforcing but when I tried to change mode using setenforce 1 command, I got an error message says:
setenforce: SELINUX is disabled



I changed /etc/selinux/config file as follows:



# This file controls the state of SELinux on the system.`
# SELINUX= can take one of these three values:`
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are pr$
# mls - Multi Level Security protection.
SELINUXTYPE=targeted


I rebooted system a couple of times but still SELinux is disabled.



Where am I suppose to check now? Is there any other mechanism above /etc/selinux/config file that can manipulate SELinux status?



Note 1 : I didn't install and configure CentOS 7 on the machine at first hand. So, certain customization might have been done after the installation. System currently has three SELinux policy packages as follows:



selinux-policy-minimum
selinux-policy-mls
selinux-policy-targeted


Note 2 : This question is similar with SELINUX won't enable and i know it has closed with an off-topic flag. But it closed because the user is on linode with a linode provided (custom) kernel that doesn't support SELinux (as Stephen Harris says in comments)










share|improve this question

















  • 5




    cat /proc/cmdline there is probably selinux=0 enforcing=0. if so - change your grub configuration.
    – Alexander
    Aug 29 at 8:16










  • some RHEL documentation. Note the required packages in chapter 4.3. look for Alexander's provided offending toggles in /etc/default/grub (+ man grub2-mkconfig)
    – A.B
    Aug 29 at 21:09














up vote
1
down vote

favorite












I have a minimal CentOS 7.5.1804 (Core) system and trying to change SELinux mode from Disabled to Enforcing but when I tried to change mode using setenforce 1 command, I got an error message says:
setenforce: SELINUX is disabled



I changed /etc/selinux/config file as follows:



# This file controls the state of SELinux on the system.`
# SELINUX= can take one of these three values:`
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are pr$
# mls - Multi Level Security protection.
SELINUXTYPE=targeted


I rebooted system a couple of times but still SELinux is disabled.



Where am I suppose to check now? Is there any other mechanism above /etc/selinux/config file that can manipulate SELinux status?



Note 1 : I didn't install and configure CentOS 7 on the machine at first hand. So, certain customization might have been done after the installation. System currently has three SELinux policy packages as follows:



selinux-policy-minimum
selinux-policy-mls
selinux-policy-targeted


Note 2 : This question is similar with SELINUX won't enable and i know it has closed with an off-topic flag. But it closed because the user is on linode with a linode provided (custom) kernel that doesn't support SELinux (as Stephen Harris says in comments)










share|improve this question

















  • 5




    cat /proc/cmdline there is probably selinux=0 enforcing=0. if so - change your grub configuration.
    – Alexander
    Aug 29 at 8:16










  • some RHEL documentation. Note the required packages in chapter 4.3. look for Alexander's provided offending toggles in /etc/default/grub (+ man grub2-mkconfig)
    – A.B
    Aug 29 at 21:09












up vote
1
down vote

favorite









up vote
1
down vote

favorite











I have a minimal CentOS 7.5.1804 (Core) system and trying to change SELinux mode from Disabled to Enforcing but when I tried to change mode using setenforce 1 command, I got an error message says:
setenforce: SELINUX is disabled



I changed /etc/selinux/config file as follows:



# This file controls the state of SELinux on the system.`
# SELINUX= can take one of these three values:`
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are pr$
# mls - Multi Level Security protection.
SELINUXTYPE=targeted


I rebooted system a couple of times but still SELinux is disabled.



Where am I suppose to check now? Is there any other mechanism above /etc/selinux/config file that can manipulate SELinux status?



Note 1 : I didn't install and configure CentOS 7 on the machine at first hand. So, certain customization might have been done after the installation. System currently has three SELinux policy packages as follows:



selinux-policy-minimum
selinux-policy-mls
selinux-policy-targeted


Note 2 : This question is similar with SELINUX won't enable and i know it has closed with an off-topic flag. But it closed because the user is on linode with a linode provided (custom) kernel that doesn't support SELinux (as Stephen Harris says in comments)










share|improve this question













I have a minimal CentOS 7.5.1804 (Core) system and trying to change SELinux mode from Disabled to Enforcing but when I tried to change mode using setenforce 1 command, I got an error message says:
setenforce: SELINUX is disabled



I changed /etc/selinux/config file as follows:



# This file controls the state of SELinux on the system.`
# SELINUX= can take one of these three values:`
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are pr$
# mls - Multi Level Security protection.
SELINUXTYPE=targeted


I rebooted system a couple of times but still SELinux is disabled.



Where am I suppose to check now? Is there any other mechanism above /etc/selinux/config file that can manipulate SELinux status?



Note 1 : I didn't install and configure CentOS 7 on the machine at first hand. So, certain customization might have been done after the installation. System currently has three SELinux policy packages as follows:



selinux-policy-minimum
selinux-policy-mls
selinux-policy-targeted


Note 2 : This question is similar with SELINUX won't enable and i know it has closed with an off-topic flag. But it closed because the user is on linode with a linode provided (custom) kernel that doesn't support SELinux (as Stephen Harris says in comments)







centos selinux






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Aug 29 at 8:11









Halil Y. Çevik

345




345







  • 5




    cat /proc/cmdline there is probably selinux=0 enforcing=0. if so - change your grub configuration.
    – Alexander
    Aug 29 at 8:16










  • some RHEL documentation. Note the required packages in chapter 4.3. look for Alexander's provided offending toggles in /etc/default/grub (+ man grub2-mkconfig)
    – A.B
    Aug 29 at 21:09












  • 5




    cat /proc/cmdline there is probably selinux=0 enforcing=0. if so - change your grub configuration.
    – Alexander
    Aug 29 at 8:16










  • some RHEL documentation. Note the required packages in chapter 4.3. look for Alexander's provided offending toggles in /etc/default/grub (+ man grub2-mkconfig)
    – A.B
    Aug 29 at 21:09







5




5




cat /proc/cmdline there is probably selinux=0 enforcing=0. if so - change your grub configuration.
– Alexander
Aug 29 at 8:16




cat /proc/cmdline there is probably selinux=0 enforcing=0. if so - change your grub configuration.
– Alexander
Aug 29 at 8:16












some RHEL documentation. Note the required packages in chapter 4.3. look for Alexander's provided offending toggles in /etc/default/grub (+ man grub2-mkconfig)
– A.B
Aug 29 at 21:09




some RHEL documentation. Note the required packages in chapter 4.3. look for Alexander's provided offending toggles in /etc/default/grub (+ man grub2-mkconfig)
– A.B
Aug 29 at 21:09










1 Answer
1






active

oldest

votes

















up vote
2
down vote



accepted










I did some researches considering comments of Alexander and A.B. Solution steps that I implemented as follows:



  1. In /etc/grub.d/ directory, a file called 40_custom contains an expression as selinux=0 (btw I was seeing the same expression at grub bootloader menu). I changed it to selinux=1.

  2. Executing commandgrub2-mkconfig -0 /boot/grub2/grub.cfg. Executing ends successfully.

  3. I checked once again if /etc/selinux/config file has the SELINUX=enforcing expression.

After a reboot, SELinux getenforce command shows Enforcing.






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f465448%2fselinux-doesnt-switch-to-enforcing-mode%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote



    accepted










    I did some researches considering comments of Alexander and A.B. Solution steps that I implemented as follows:



    1. In /etc/grub.d/ directory, a file called 40_custom contains an expression as selinux=0 (btw I was seeing the same expression at grub bootloader menu). I changed it to selinux=1.

    2. Executing commandgrub2-mkconfig -0 /boot/grub2/grub.cfg. Executing ends successfully.

    3. I checked once again if /etc/selinux/config file has the SELINUX=enforcing expression.

    After a reboot, SELinux getenforce command shows Enforcing.






    share|improve this answer
























      up vote
      2
      down vote



      accepted










      I did some researches considering comments of Alexander and A.B. Solution steps that I implemented as follows:



      1. In /etc/grub.d/ directory, a file called 40_custom contains an expression as selinux=0 (btw I was seeing the same expression at grub bootloader menu). I changed it to selinux=1.

      2. Executing commandgrub2-mkconfig -0 /boot/grub2/grub.cfg. Executing ends successfully.

      3. I checked once again if /etc/selinux/config file has the SELINUX=enforcing expression.

      After a reboot, SELinux getenforce command shows Enforcing.






      share|improve this answer






















        up vote
        2
        down vote



        accepted







        up vote
        2
        down vote



        accepted






        I did some researches considering comments of Alexander and A.B. Solution steps that I implemented as follows:



        1. In /etc/grub.d/ directory, a file called 40_custom contains an expression as selinux=0 (btw I was seeing the same expression at grub bootloader menu). I changed it to selinux=1.

        2. Executing commandgrub2-mkconfig -0 /boot/grub2/grub.cfg. Executing ends successfully.

        3. I checked once again if /etc/selinux/config file has the SELINUX=enforcing expression.

        After a reboot, SELinux getenforce command shows Enforcing.






        share|improve this answer












        I did some researches considering comments of Alexander and A.B. Solution steps that I implemented as follows:



        1. In /etc/grub.d/ directory, a file called 40_custom contains an expression as selinux=0 (btw I was seeing the same expression at grub bootloader menu). I changed it to selinux=1.

        2. Executing commandgrub2-mkconfig -0 /boot/grub2/grub.cfg. Executing ends successfully.

        3. I checked once again if /etc/selinux/config file has the SELINUX=enforcing expression.

        After a reboot, SELinux getenforce command shows Enforcing.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Aug 31 at 13:10









        Halil Y. Çevik

        345




        345



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f465448%2fselinux-doesnt-switch-to-enforcing-mode%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?