[Arm-dev] SElinux st failed

Fri Dec 23 16:19:02 UTC 2016
Robert Moskowitz <rgm at htt-consult.com>


On 12/23/2016 10:07 AM, Gordan Bobic wrote:
> Do you have selinux-policy and selinux-policy-targeted packages installed?

Yes they are both installed in the base image.  And when I do a yum 
update after installing chrony, I see:

[  505.622712] SELinux:  Class binder not defined in policy.
[  505.628184] SELinux: the above unknown classes and permissions will 
be allowed
[  509.043371] SELinux:  Context 
unconfined_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid 
(unmapped).
[  510.548875] SELinux:  Context 
system_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid (unmapped).

Don't know if these are a problem or not...

Now on to try Fabian's recommendations.


>
> On Fri, Dec 23, 2016 at 2:58 PM, Fabian Arrotin <arrfab at centos.org 
> <mailto:arrfab at centos.org>> wrote:
>
>     On 23/12/16 02:49, Robert Moskowitz wrote:
>     > This is on a Cubieboard2 with the OS on a sata HD:
>     >
>     > I followed the instructions on the wiki
>     >
>     > vi /etc/sysconfig/selinux <- change from "permissive" to "enforcing"
>     > vi /boot/extlinux/extlinux.conf <- change the "enforce=0" to
>     "enforce=1"
>     > touch /.autorelabel
>     >
>     > I then rebooted and the following appears on the console log:
>     >
>     > [  OK  ] Reached target Switch Root.
>     >          Starting Switch Root...
>     > [   10.682159] systemd-journald[129]: Received SIGTERM from PID 1
>     > (systemd).
>     > [   11.306507] systemd[1]: Failed to load SELinux policy.
>     > [!!!!!!] Failed to load SELinux policy, freezing.
>     >
>     >
>     > Note that /boot is sda1 and / is sda3
>     >
>     > I am awaiting guidance.
>     >
>     > thank you
>     >
>
>     Hmm, the way I do it is :
>     - ensure enforce=1 in extlinux.conf (but keep
>     /etc/sysconfig/selinux to
>     permissive)
>     - touch /.autorelabel && systemc reboot
>
>     Than wait and when it's finally online, "setenforce 1" and then
>     /etc/sysconfig/selinux to enforcing
>
>     --
>     Fabian Arrotin
>     The CentOS Project | http://www.centos.org
>     gpg key: 56BEC54E | twitter: @arrfab
>
>
>     _______________________________________________
>     Arm-dev mailing list
>     Arm-dev at centos.org <mailto:Arm-dev at centos.org>
>     https://lists.centos.org/mailman/listinfo/arm-dev
>     <https://lists.centos.org/mailman/listinfo/arm-dev>
>
>
>
>
> _______________________________________________
> Arm-dev mailing list
> Arm-dev at centos.org
> https://lists.centos.org/mailman/listinfo/arm-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20161223/4b197983/attachment-0006.html>