How do I enable SELinux when booting a ramdisk from a CD/DVD?

Posted by JeffG on Server Fault See other posts from Server Fault or by JeffG
Published on 2011-03-03T21:34:25Z Indexed on 2011/03/07 16:11 UTC
Read the original article Hit count: 440

Filed under:
|

I have a bootable DVD which boots the same Kernel as the Hard Drive (which uses SELinux). I have copied /etc/selinux and all kernel modules to my ramdisk, and have tried various combinations of selinux=1 and selinux 1 with enforcing 1 and enforcing 0. as Kernel boot parameters. All files contained in the checkpolicy, libselinux, policycoreutils, selinux-policy and selinux-policy-targeted rpms have also been copied into the ramdisk tree.

After the system boots from the ramdisk, I check dmesg:

% dmesg | grep -i selinux
Kernel command line: initrd=idrd.img ramdisk_size=110476 selinux=1
SELinux: Initializing.
SELinux: Starting in permissive mode
selinux_register_security: Registering secondary module capability
SElinux: Registering netfilter hooks

But SELinux isn't running:

% /usr/sbin/getenforce
Disabled
% /usr/sbin/setenforce 1
/usr/sbin/setenforce: SELinux is disabled

Neither /var/log/messages nor /proc/kmsg hold clues.

© Server Fault or respective owner

Related posts about linux

Related posts about selinux