Policy broken since kernel 5
Dear Maintainer,
I have tried to run SELinux on server/desktop from version 18 to 19 and it seems like everything from kernel 5 and above and it looks like the Policy is broken. we can see that PID 1 is unlabeled (when running in permissive and checking in journalctl)
the first two denies are:
avc: denied { compute_create } for pid=1 comm="systemd" scontext=
avc: denied { setcurrent } for pid=1 comm="systemd" scontext=
avc: denied { use } for pid=1 comm="systemd" path="/
avc: denied { getcap } for pid=1 comm="systemd" scontext=
avc: denied { module_load } for pid=1 comm="systemd" path="/
The installation was:
1. purge apparmor
2. install selinux-basics (also tried with the package selinux)
3. relabel the system
4. reboot
5. setenforce 1
and the system hangs.
It must be that i am doing something wrong since nobody else is complaining about this.
i would greatly appreciate any input.
Thanks,
Michael
Question information
- Language:
- English Edit question
- Status:
- Solved
- Assignee:
- No assignee Edit question
- Solved by:
- Manfred Hampl
- Solved:
- Last query:
- Last reply: