I'm pretty sure I have SELinux enabled on my Chromebook 2 running RSEL7. I don't recall having done anything special, it works by default. I run that on ZoL ZFS root, and it just worked after relabelling the file system (I migrated from zfs-fuse, and fuse confuses SELinux rules because it ends up labelling everything as fuse instead of the appropriate labels for the paths. I cannot imagine CentOS 7 would be any different. You just need to make sure you have policycoreutils, selinux-policy and selinux-policy-targeted installed, and make sure /etc/selinux/config has SELINUXTYPE=targeted set. On Thu, Feb 2, 2017 at 9:55 PM, Robert Moskowitz <rgm at htt-consult.com> wrote: > It seems that the SELinux problem is 'built into' the Cubietruck image. > > All I did was put the image on a HD, expand the partitions, boot up (uboot > on the mSD card) > > in /boot/extlinux/extlinux.conf : change the "enforcing=0" to > "enforcing=1" > > touch /.autorelabel > reboot > > On the console I saw the following messages: > > [ 14.709227] SELinux: Class binder not defined in policy. > [ 14.714741] SELinux: the above unknown classes and permissions will be > allowed > [ 14.778268] audit: type=1403 audit(14.745:2): policy loaded > auid=4294967295 ses=4294967295 > [ 14.813736] systemd[1]: Successfully loaded SELinux policy in 785.600ms. > [ 15.294034] systemd[1]: Relabelled /dev and /run in 295.320ms. > > In the past, I did the relabeling after the 'yum update'. This seems to > show that SELinux is unhappy from the get go. I will continue in > permissive mode with loading up my DNS setup without using chroot and see > how the setup works. This is my internal DNS that has no external access, > so for now I will run a bit open... > > On 02/02/2017 10:50 AM, Robert Moskowitz wrote: > >> I am ready for my next test, to try out named on a Cubieboard2. >> >> I want to run named with SELinux and not chroot named, and with the >> problems I have had so far with SELinux and HTTPD that no one has commented >> on what to do to fix the problem, I was interested to first check out for >> any experience with named. >> >> I could always run named chrooted without enabling SELinux. That is how >> I am running right now with RSEL6 (which does not have SELinux working). >> But I would rather get back to using SELinux and not chroot, as I had for >> years on Intel Centos. >> >> I have not seen any posts on updates to the Centos7-armv7 rpms, so I am >> assuming that there has not been any fixes to my SELinux problems. >> >> So anyone out there running named? >> >> thanks >> >> >> _______________________________________________ >> Arm-dev mailing list >> Arm-dev at centos.org >> https://lists.centos.org/mailman/listinfo/arm-dev >> >> > _______________________________________________ > Arm-dev mailing list > Arm-dev at centos.org > https://lists.centos.org/mailman/listinfo/arm-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20170203/38f51fcb/attachment-0006.html>