How do I enable SELinux when booting a ramdisk from a CD/DVD?
- by JeffG
I have a bootable DVD which boots the same Kernel as the Hard Drive (which uses SELinux). I have copied /etc/selinux and all kernel modules to my ramdisk, and have tried various combinations of selinux=1 and selinux 1 with enforcing 1 and enforcing 0. as Kernel boot parameters. All files contained in the checkpolicy, libselinux, policycoreutils, selinux-policy and selinux-policy-targeted rpms have also been copied into the ramdisk tree.
After the system boots from the ramdisk, I check dmesg:
% dmesg | grep -i selinux
Kernel command line: initrd=idrd.img ramdisk_size=110476 selinux=1
SELinux: Initializing.
SELinux: Starting in permissive mode
selinux_register_security: Registering secondary module capability
SElinux: Registering netfilter hooks
But SELinux isn't running:
% /usr/sbin/getenforce
Disabled
% /usr/sbin/setenforce 1
/usr/sbin/setenforce: SELinux is disabled
Neither /var/log/messages nor /proc/kmsg hold clues.