Unable to re-enable SELinux
Up until now we have disabled SELinux as our Standard Operating Procedure -- before you tell me off, I know. That's why we're enabling it now we've got time to.
Our normal procedure was to:
- Set
SELINUX=disabled
in/etc/selinux/config
- Add
selinux=0
to thekernel
line of grub
I'm trying to undo all this now, but on some servers it just won't reenable for some reason.
~ # grep ^SELINUX= /etc/selinux/config
SELINUX=permissive
~ # grep -i selinux /boot/grub/menu.lst
~ # getenforce
Disabled
~ # sestatus
SELinux status: disabled
~ # setenforce 1
setenforce: SELinux is disabled
~ # sestatus
SELinux status: disabled
I've rebooted (multiple times) to no avail, including an initial reboot with a /.autorelabel
file.
Can anyone tell me what I'm missing?
CentOS 6 2.6.32-431.20.3.el6.x86_64
Solution 1:
Running dmesg | grep -i selinux
turned up this little error:
dracut: SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.24: No such file or directory
What file provides that?
~ # yum whatprovides /etc/selinux/targeted/policy/policy.24
selinux-policy-targeted-3.7.19-231.el6.noarch : SELinux targeted base policy
Repo : base
Matched from:
Filename : /etc/selinux/targeted/policy/policy.24
Reinstalling seems to make it good:
yum reinstall selinux-policy-targeted
Apologies for the noise; hopefully this might help someone else in the future though at least.