selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Cannot go to enforcing

Cannot go to enforcing

From: Guido Trentalancia <guido_at_nospam>
Date: Sun Jan 31 2010 - 17:47:57 GMT
To: AlannY <m@alanny.ru>


Perhaps you could install (when still in permissive mode) a custom module containing the rules generated by audit2allow.

cat /var/log/audit/audit.log | audit2allow -m local > local.te

eventually edit local.te to suit your needs and then do:

checkmodule -M -m -o local.mod local.te
semodule_package -o local.pp -m local.mod semodule -i local.pp

In your particular case, I see that you cannot do "ls" from su because of some of the user_su_t denials and you cannot get a new login because of the getty_t and sysadm_t denials and perhaps others.

Guido -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.