15.3 PRC: SE Linux Policy loading failed
Bernd
ecki at zusammenkunft.net
Sat May 15 02:13:49 UTC 2021
Hello,
I checked with the "text" mode and having Server Application Module
enabled, but it does not change the problem, SELinux is just broken in
those configurations. Strange enough it will also enable AppArmor pattern
in this configuration (which is kind of redundant?).
It miight be maybe a good idea to at least remove the claim that this works
in 15.3 from the release notes.
I also checked the "DHCPv4 only" option again - even when I set it in the
config summary screen right before installation it will not show up in the
summary screen and the resulting system will run both DHCP daemons.
Gruss
Bernd
Am Sa., 15. Mai 2021 um 02:45 Uhr schrieb Bernd <ecki at zusammenkunft.net>:
> Hello,
>
> I just installed 15.3 PRC in a Hyper-V VM (UEFI with secure boot) to do
> some qualification testing. I used the Full ISO and installed SLES with
> only the base system module in minimal configuration and no registration.
> In the installer I enabled SELinux in advisory mode.
>
> This seems to freeze, in the first boot after Yast has installed the
> system. Eearly in systemd after the kernel is loaded with:
>
> [8.5...] systemd[1]: Failed to load SELinux policy.
> [!!!!!] Failed to load SELinux policy.
> .. Freezing Execution
>
> When using the grub boot config editor and removing "security=selinux
> selinux=1 enforcing=1" from the linuxefi kernel command line, it succeeded
> to boot.
>
> BTW: when I only change enforcing=1 to enforcing=0 the boot continues but
> shows quite a few errors about SELin ux label cannot be determined on
> systemd sockets because "Function not implemented".and in operations there
> are errors like broken name resolution.
>
> I have not yet tried with more modules. Do I need the Application Server
> module?
>
> I noticed that selinux-tools (from base module) is not installed in
> minimal (only "libselinux1" is present). If a user selects SELInux, it
> should probably add that packacge to the list. However I added this package
> manually, and it did not help with the situation.
>
> Want me to file a bugzilla? I havent seen it in "Known Issues" here: SLE
> Beta (suse.com) <https://suse.com/betaprogram/sle-beta/#knownissues>
>
> BTW: I also turned off DHCPv6, but wicket dhcp6 seems to be started anyway?
>
> Gruss
> Bernd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-beta/attachments/20210515/ea6b175a/attachment.htm>
More information about the sle-beta
mailing list