View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions How to enable selinux in Fedora 24?
Log in to Ask a Question

How to enable selinux in Fedora 24?

linux

I've just deployed a fresh Fedora 24 server, and it tells me SELINUX is disabled:

[mike@msg-plan ~]$ sestatus
SELinux status:                 disabled

However, it should be enabled:

[mike@msg-plan ~]$ cat /etc/selinux/config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

What steps do I need to take, in order to enable selinux?

10 Replies

As near as I can tell the Linode kernel and/or boot settings have SELinux disabled/not explicitly enabled: # CONFIGSECURITYSELINUX is not set

cat /proc/config.gz | gunzip > running.config && cat running.config

Hmm I have the same request, but for CentOS 7. Why doesn't Linode provide us with a choice to use a kernel which does provide selinux support? This shouldn't be that big of a job?

Linode doesn't offer a kernel with SELinux enabled, but you're free to set one up that does! This guide should get you there with CentOS 7:

https://www.linode.com/docs/tools-refer … b-centos-7">https://www.linode.com/docs/tools-reference/custom-kernels-distros/custom-compiled-kernel-with-pvgrub-centos-7

Hey sohsoh5,

Thanks for your answer. I already found that guide. Imho it is a lot of work and not worth spending my time to create a custom compiled kernel. SELinux is a critical part of CentOS 7, which should be at least an optional feature when deploying or rebuilding a Linode.

Could you please consider making an official feature request to integrate an SELinux supporting kernel in the Linode Manager?

Grtz

Willem

Instead of a custom kernel, you can install the distribution-supplied kernel and switch to it: https://www.linode.com/docs/tools-refer … l-with-kvm">https://www.linode.com/docs/tools-reference/custom-kernels-distros/run-a-distribution-supplied-kernel-with-kvm

Hey AlexFornuto,

Again thanks for the link. I hadn't seen that one yet. But this is again a very lengthy procedure which is not easily automated, as it requires a lot of changes, including a reboot and changing config in the Linode Manager.

I still don't understand why there is no way to just select the default os provided kernel while deploying or rebuilding. This shouldn't be so much work for a team with so many Linux experience? Again, is it possible to make a feature request for this or are you really telling this can't be done?

Willem

I'll be the one to say it :mrgreen: In the time it took to type the above messages you would have been done. With the exception of planning for a reboot. I truly cannot recall a platform that gives more choices. They may not be default choices but given a few clicks and a dnf issue it's simple enough. Would you prefer a container?

willemdh, I've noted your request and included it as part of a discussion on our use of vanilla kernels.

Thanks Alex!

In case anyone else is looking to install the original kernel on CentOS 7, here are the instructions I use:

  • Install the kernel, run:
yum install kernel.x86_64 grub2
  • Create or edit the file /etc/default/grub:
GRUB_TIMEOUT=10
GRUB_CMDLINE_LINUX="console=ttyS0,19200n8"
GRUB_DISABLE_LINUX_UUID=true
GRUB_SERIAL_COMMAND="serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1"
  • Generate a grub configuration, run:
mkdir /boot/grub
grub2-mkconfig -o /boot/grub/grub.cfg
  • Final step, in your Linode Configuration Profile, set the Kernel option to GRUB 2. Reboot :)

There is one catch, every time you update your kernel via yum/dnf, you have to re-run the last command.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct