selinux-policy setup error with SLES15 SP2

Hi ,
I am setting up selinux-policy on SLES 15 SP 2 and setup is failing to reboot after setup.
1) zypper addrepo https://download.opensuse.org/reposi...y:SELinux.repo
2) zypper refresh
3) zypper install selinux-policy
4) selinux-ready
Start checking your system if it is selinux-ready or not:
check_dir: OK. /selinux exists.
check_filesystem: OK. Filesystem 'securityfs' exists.
check_filesystem: ERR. Filesystem 'selinuxfs' is missing. Please enable SELinux while compiling the kernel.
check_boot: Assuming GRUB2 as bootloader.
check_boot: OK. Current kernel 'vmlinuz-4.12.14-195-default' has boot-parameters 'security=selinux selinux=1'
check_boot: OK. Other kernels with correct parameters: vmlinuz-4.12.14-195-default
check_mkinitrd: OK. Your initrd seems to be correct.
check_packages: OK. All essential packages are installed
check_config: OK. Config file seems to be there.
check_config: OK. SELINUX is set to 'permissive'.
check_pam: OK. Your PAM configuration seems to be correct.
check_runlevel: OK. restorecond is enabled on your system
5) Add following parameters to "/etc/default/grub"
security=selinux selinux=1 enforcing=0
6) Reboot hangs

Any help here would be greatly appreciated.

Thanks

Comments

  • malcolmlewismalcolmlewis Knowledge Partner

    @ashish-kumar@hpe.com Hi and welcome to the Forums :)
    Not sure why you are using unsupported openSUSE repositories? Is the system not registered for the SUSE repositories and updates?
    Are you following: https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-selinux.html

  • We are having SUSE supported system. However there is no selinux-policy that is available along with SLES. The link provided indicates to use RefPolicy https://github.com/SELinuxProject/refpolicy/wiki. This means we would need to build the policies. Is that the approach that SUSE would recommend?

  • malcolmlewismalcolmlewis Knowledge Partner

    @ashish-kumar@hpe.com Hi, then why adding the openSUSE repository? All required files/libraries are available from the registered system repositories? I would remove the openSUSE repository and clean out the packages installed from there and install the SUSE ones....

    Yes, that would be my assumption for the policies, I'm just a helper here, not a SUSE employee ;)

  • Have removed all references to openSUSE and repository. Why does SUSE not provide selinux-policy? Registered system does not provide this package.

  • malcolmlewismalcolmlewis Knowledge Partner

    @ashish-kumar@hpe.com Hi, likely a generic policy would not fit the needs of most setups, hence the build your own for your requirements... seems a good idea as only the system administrator(s) know what their requirements are.

  • suse must provide minimal selinux policies and then if respective individual environment need more policies to be built and deployed then that can be taken care by individuals. I would strongly recommend SUSE to consider this for upcoming releases.

Sign In or Register to comment.