selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Cannot go to enforcing

Cannot go to enforcing

From: Guido Trentalancia <guido_at_nospam>
Date: Sun Jan 31 2010 - 17:47:57 GMT
To: AlannY <>

Perhaps you could install (when still in permissive mode) a custom module containing the rules generated by audit2allow.

cat /var/log/audit/audit.log | audit2allow -m local > local.te

eventually edit local.te to suit your needs and then do:

checkmodule -M -m -o local.mod local.te
semodule_package -o local.pp -m local.mod semodule -i local.pp

In your particular case, I see that you cannot do "ls" from su because of some of the user_su_t denials and you cannot get a new login because of the getty_t and sysadm_t denials and perhaps others.

Guido -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.