求救!selinux 无法激活

漏洞扫描、网关、防火墙、补丁升级、数据备份和迁移、系统故障排除
回复
shimingzhou
帖子: 256
注册时间: 2008-06-28 6:14
送出感谢: 1 次
接收感谢: 6 次

求救!selinux 无法激活

#1

帖子 shimingzhou » 2008-07-13 10:13

求救!Selinux无法激活
我重新编译了内核,允许selinux ,禁止了apparmor。
cat /proc/cmdline 如下:
BOOT_IMAGE=2.6.24.4.se-rt-sm2 root=/dev/sda5 splash resume=/dev/sda1 splash=silent selinux=1 apparmor=0 vga=791
我能成功挂载 selinuxfs 到 /selinux :
ls /selinux 如下:

[root@localhost selinux]# ls /selinux/
access commit_pending_bools disable mls user
avc/ compat_net enforce null
booleans/ context initial_contexts/ policyvers
checkreqprot create load reject_unknown
class/ deny_unknown member relabel

cat /etc/selinux/config 结果如下:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=permissive
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0



dmesg |grep selinux 如下:
Command line: BOOT_IMAGE=2.6.24.4.se-rt-sm2 root=/dev/sda5 splash resume=/dev/sda1 splash=silent selinux=1 apparmor=0 vga=791 s
Kernel command line: BOOT_IMAGE=2.6.24.4.se-rt-sm2 root=/dev/sda5 splash resume=/dev/sda1 splash=silent selinux=1 apparmor=0 vga=791 s
selinux_register_security: Registering secondary module capability



看样子好象selinux 应该已经激活了,但是getenforce 总是显示Disabled.
id -Z
id: --context (-Z) works only on an SELinux-enabled kernel

ls -Z 显示文件目录的 selinux context 总是 "?"
ps -Z 显示进程的selinux context label 总是 "kernel"

运行了selinuxenabled 命令也没用,结果还是一样
不知道问题出在哪里,请大侠出招!

[ 本帖最后由 smzhou 于 2008-7-13 10:06 编辑 ]
回复

回到 “服务器维护和硬件相关”