Do you have selinux-policy and selinux-policy-targeted packages installed?

On Fri, Dec 23, 2016 at 2:58 PM, Fabian Arrotin arrfab@centos.org wrote:

On 23/12/16 02:49, Robert Moskowitz wrote:

...

This is on a Cubieboard2 with the OS on a sata HD:

I followed the instructions on the wiki

vi /etc/sysconfig/selinux <- change from "permissive" to "enforcing" vi /boot/extlinux/extlinux.conf <- change the "enforce=0" to "enforce=1" touch /.autorelabel

I then rebooted and the following appears on the console log:

[ OK ] Reached target Switch Root. Starting Switch Root... [ 10.682159] systemd-journald[129]: Received SIGTERM from PID 1 (systemd). [ 11.306507] systemd[1]: Failed to load SELinux policy. [!!!!!!] Failed to load SELinux policy, freezing.

Note that /boot is sda1 and / is sda3

I am awaiting guidance.

thank you

Hmm, the way I do it is :

• ensure enforce=1 in extlinux.conf (but keep /etc/sysconfig/selinux to

permissive)

• touch /.autorelabel && systemc reboot

Than wait and when it's finally online, "setenforce 1" and then /etc/sysconfig/selinux to enforcing

-- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab

---

Arm-dev mailing list Arm-dev@centos.org https://lists.centos.org/mailman/listinfo/arm-dev

On 12/23/2016 10:07 AM, Gordan Bobic wrote:

Do you have selinux-policy and selinux-policy-targeted packages installed?

Yes they are both installed in the base image. And when I do a yum update after installing chrony, I see:

[ 505.622712] SELinux: Class binder not defined in policy. [ 505.628184] SELinux: the above unknown classes and permissions will be allowed [ 509.043371] SELinux: Context unconfined_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid (unmapped). [ 510.548875] SELinux: Context system_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid (unmapped).

Don't know if these are a problem or not...

Now on to try Fabian's recommendations.

On Fri, Dec 23, 2016 at 2:58 PM, Fabian Arrotin <arrfab@centos.org mailto:arrfab@centos.org> wrote:

On 23/12/16 02:49, Robert Moskowitz wrote:
> This is on a Cubieboard2 with the OS on a sata HD:
>
> I followed the instructions on the wiki
>
> vi /etc/sysconfig/selinux <- change from "permissive" to "enforcing"
> vi /boot/extlinux/extlinux.conf <- change the "enforce=0" to
"enforce=1"
> touch /.autorelabel
>
> I then rebooted and the following appears on the console log:
>
> [  OK  ] Reached target Switch Root.
>          Starting Switch Root...
> [   10.682159] systemd-journald[129]: Received SIGTERM from PID 1
> (systemd).
> [   11.306507] systemd[1]: Failed to load SELinux policy.
> [!!!!!!] Failed to load SELinux policy, freezing.
>
>
> Note that /boot is sda1 and / is sda3
>
> I am awaiting guidance.
>
> thank you
>

Hmm, the way I do it is :
- ensure enforce=1 in extlinux.conf (but keep
/etc/sysconfig/selinux to
permissive)
- touch /.autorelabel && systemc reboot

Than wait and when it's finally online, "setenforce 1" and then
/etc/sysconfig/selinux to enforcing

--
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab


_______________________________________________
Arm-dev mailing list
Arm-dev@centos.org <mailto:Arm-dev@centos.org>
https://lists.centos.org/mailman/listinfo/arm-dev
<https://lists.centos.org/mailman/listinfo/arm-dev>

---

Arm-dev mailing list Arm-dev@centos.org https://lists.centos.org/mailman/listinfo/arm-dev

On 12/23/2016 10:14 AM, Robert Moskowitz wrote:

On 12/23/2016 09:58 AM, Fabian Arrotin wrote:

...

On 23/12/16 02:49, Robert Moskowitz wrote:

...

This is on a Cubieboard2 with the OS on a sata HD:

I followed the instructions on the wiki

vi /etc/sysconfig/selinux <- change from "permissive" to "enforcing" vi /boot/extlinux/extlinux.conf <- change the "enforce=0" to "enforce=1" touch /.autorelabel

I then rebooted and the following appears on the console log:

[ OK ] Reached target Switch Root. Starting Switch Root... [ 10.682159] systemd-journald[129]: Received SIGTERM from PID 1 (systemd). [ 11.306507] systemd[1]: Failed to load SELinux policy. [!!!!!!] Failed to load SELinux policy, freezing.

Note that /boot is sda1 and / is sda3

I am awaiting guidance.

thank you

Hmm, the way I do it is :

• ensure enforce=1 in extlinux.conf (but keep /etc/sysconfig/selinux to

permissive)

• touch /.autorelabel && systemc reboot

Than wait and when it's finally online, "setenforce 1" and then /etc/sysconfig/selinux to enforcing

Then, perhaps you need to adjust the wiki.

I will change things back and retry.

Looks like just switching back to permissive and enforce=0 does not set everything back.

[ OK ] Started Tell Plymouth To Write Out Runtime Data. [FAILED] Failed to start Import network configuration from initramfs. See 'systemctl status rhel-import-state.service' for details.

*** Warning -- SELinux permissive policy relabel is required. *** Relabeling could take a very long time, depending on file *** system size and speed of hard drives. Error getting authority: Error initializing authority: Could not connect: No suc h file or directory (g-io-error-quark, 1) [ 24.400218] systemd-shutdown[1]: Sending SIGTERM to remaining processes...

. . . [ OK ] Started NTP client/server. [FAILED] Failed to start Login Service. See 'systemctl status systemd-logind.service' for details. [FAILED] Failed to start firewalld - dynamic firewall daemon. See 'systemctl status firewalld.service' for details.

Looks like back to rebuild HD from image and go forward again. Try your steps and check Gordons packages are installed....

Bob

On 12/23/2016 12:25 PM, Gordan Bobic wrote:

Pass "selinux=0" option to the kernel at boot time. That will completely disable selinux and let you boot up.

That gets the system running, but does not get me selinux enabled.

Oh, I also changed enforcing=0 in the options.

On Fri, Dec 23, 2016 at 3:54 PM, Robert Moskowitz <rgm@htt-consult.com mailto:rgm@htt-consult.com> wrote:

On 12/23/2016 10:14 AM, Robert Moskowitz wrote:



    On 12/23/2016 09:58 AM, Fabian Arrotin wrote:

        On 23/12/16 02:49, Robert Moskowitz wrote:

            This is on a Cubieboard2 with the OS on a sata HD:

            I followed the instructions on the wiki

            vi /etc/sysconfig/selinux <- change from "permissive"
            to "enforcing"
            vi /boot/extlinux/extlinux.conf <- change the
            "enforce=0" to "enforce=1"
            touch /.autorelabel

            I then rebooted and the following appears on the
            console log:

            [  OK  ] Reached target Switch Root.
                      Starting Switch Root...
            [   10.682159] systemd-journald[129]: Received SIGTERM
            from PID 1
            (systemd).
            [   11.306507] systemd[1]: Failed to load SELinux policy.
            [!!!!!!] Failed to load SELinux policy, freezing.


            Note that /boot is sda1 and / is sda3

            I am awaiting guidance.

            thank you

        Hmm, the way I do it is :
        - ensure enforce=1 in extlinux.conf (but keep
        /etc/sysconfig/selinux to
        permissive)
        - touch /.autorelabel && systemc reboot

        Than wait and when it's finally online, "setenforce 1" and
        then
        /etc/sysconfig/selinux to enforcing


    Then, perhaps you need to adjust the wiki.

    I will change things back and retry.


Looks like just switching back to permissive and enforce=0 does
not set everything back.

[  OK  ] Started Tell Plymouth To Write Out Runtime Data.
[FAILED] Failed to start Import network configuration from initramfs.
See 'systemctl status rhel-import-state.service' for details.


*** Warning -- SELinux permissive policy relabel is required.
*** Relabeling could take a very long time, depending on file
*** system size and speed of hard drives.
Error getting authority: Error initializing authority: Could not
connect: No suc
h file or directory (g-io-error-quark, 1)
[   24.400218] systemd-shutdown[1]: Sending SIGTERM to remaining
processes...

.
.
.
[  OK  ] Started NTP client/server.
[FAILED] Failed to start Login Service.
See 'systemctl status systemd-logind.service' for details.
[FAILED] Failed to start firewalld - dynamic firewall daemon.
See 'systemctl status firewalld.service' for details.


Looks like back to rebuild HD from image and go forward again. 
Try your steps and check Gordons packages are installed....

Bob

_______________________________________________
Arm-dev mailing list
Arm-dev@centos.org <mailto:Arm-dev@centos.org>
https://lists.centos.org/mailman/listinfo/arm-dev
<https://lists.centos.org/mailman/listinfo/arm-dev>

---

Arm-dev mailing list Arm-dev@centos.org https://lists.centos.org/mailman/listinfo/arm-dev

systemc is some systemd fork?

On Fri, Dec 23, 2016 at 03:58:37PM +0100, Fabian Arrotin wrote:

On 23/12/16 02:49, Robert Moskowitz wrote:

...

This is on a Cubieboard2 with the OS on a sata HD:

I followed the instructions on the wiki

vi /etc/sysconfig/selinux <- change from "permissive" to "enforcing" vi /boot/extlinux/extlinux.conf <- change the "enforce=0" to "enforce=1" touch /.autorelabel

I then rebooted and the following appears on the console log:

[ OK ] Reached target Switch Root. Starting Switch Root... [ 10.682159] systemd-journald[129]: Received SIGTERM from PID 1 (systemd). [ 11.306507] systemd[1]: Failed to load SELinux policy. [!!!!!!] Failed to load SELinux policy, freezing.

Note that /boot is sda1 and / is sda3

I am awaiting guidance.

thank you

Hmm, the way I do it is :

• ensure enforce=1 in extlinux.conf (but keep /etc/sysconfig/selinux to

permissive)

• touch /.autorelabel && systemc reboot

Than wait and when it's finally online, "setenforce 1" and then /etc/sysconfig/selinux to enforcing

-- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab

---

Arm-dev mailing list Arm-dev@centos.org https://lists.centos.org/mailman/listinfo/arm-dev

After much trial and error, I found my error. Or I think what the problem was. In:

/etc/sysconfig/selinux

I was careless changing:

SELINUXTYPE=targeted

to

SELINUXTYPE=enforcing

Oops.

Perhaps the wiki can make it clear that what you are to change is:

SELINUX=permissive

to enforcing...

thank you

On to the next step!

On 12/23/2016 09:58 AM, Fabian Arrotin wrote:

On 23/12/16 02:49, Robert Moskowitz wrote:

...

This is on a Cubieboard2 with the OS on a sata HD:

I followed the instructions on the wiki

vi /etc/sysconfig/selinux <- change from "permissive" to "enforcing" vi /boot/extlinux/extlinux.conf <- change the "enforce=0" to "enforce=1" touch /.autorelabel

I then rebooted and the following appears on the console log:

[ OK ] Reached target Switch Root. Starting Switch Root... [ 10.682159] systemd-journald[129]: Received SIGTERM from PID 1 (systemd). [ 11.306507] systemd[1]: Failed to load SELinux policy. [!!!!!!] Failed to load SELinux policy, freezing.

Note that /boot is sda1 and / is sda3

I am awaiting guidance.

thank you

Hmm, the way I do it is :

• ensure enforce=1 in extlinux.conf (but keep /etc/sysconfig/selinux to

permissive)

• touch /.autorelabel && systemc reboot

Than wait and when it's finally online, "setenforce 1" and then /etc/sysconfig/selinux to enforcing

---

Arm-dev mailing list Arm-dev@centos.org https://lists.centos.org/mailman/listinfo/arm-dev