How do I enable SELinux when booting a ramdisk from a CD/DVD?
Posted
by
JeffG
on Server Fault
See other posts from Server Fault
or by JeffG
Published on 2011-03-03T21:34:25Z
Indexed on
2011/03/07
16:11 UTC
Read the original article
Hit count: 435
I have a bootable DVD which boots the same Kernel as the Hard Drive (which uses SELinux). I have copied /etc/selinux and all kernel modules to my ramdisk, and have tried various combinations of selinux=1
and selinux 1
with enforcing 1
and enforcing 0
. as Kernel boot parameters. All files contained in the checkpolicy, libselinux, policycoreutils, selinux-policy and selinux-policy-targeted rpms have also been copied into the ramdisk tree.
After the system boots from the ramdisk, I check dmesg:
% dmesg | grep -i selinux
Kernel command line: initrd=idrd.img ramdisk_size=110476 selinux=1
SELinux: Initializing.
SELinux: Starting in permissive mode
selinux_register_security: Registering secondary module capability
SElinux: Registering netfilter hooks
But SELinux isn't running:
% /usr/sbin/getenforce
Disabled
% /usr/sbin/setenforce 1
/usr/sbin/setenforce: SELinux is disabled
Neither /var/log/messages
nor /proc/kmsg
hold clues.
© Server Fault or respective owner