15.3 PRC: SE Linux Policy loading failed

Thorsten Kukuk kukuk at suse.de
Sun May 16 10:53:33 UTC 2021 

Hi,

On Sat, May 15, Bernd wrote:

> Hello,
> 
> I just installed 15.3 PRC in a Hyper-V VM (UEFI with secure boot) to do some
> qualification testing. I used the Full ISO and installed SLES with only the
> base system module in minimal configuration and no registration. In the
> installer I enabled SELinux in advisory mode.

I assume you mean SLES 15 SP3 and not Leap 15.3?
It's really helpful to use correct product and version names, own created
version numbers only lead to confusion and wrong advice.

In short: as documented since a long time, SLES does not come with a
SELinux policy, you need to bring your own with you.
I don't know why this option is visible in YaST, as only SLE Micro comes
with full SELinux support.

  Thorsten

> This seems to freeze, in the first boot after Yast has installed the system.
> Eearly in systemd after the kernel is loaded with:
> 
> [8.5...] systemd[1]: Failed to load SELinux policy.
> [!!!!!] Failed to load SELinux policy.
> .. Freezing Execution
> 
> When using the grub boot config editor and removing "security=selinux selinux=1
> enforcing=1" from the linuxefi kernel command line, it succeeded to boot.
> 
> BTW: when I only change enforcing=1 to enforcing=0 the boot continues but shows
> quite a few errors about SELin ux label cannot be determined on systemd sockets
> because "Function not implemented".and in operations there are errors like
> broken name resolution.
> 
> I have not yet tried with more modules. Do I need the Application Server
> module?
> 
> I noticed that selinux-tools (from base module) is not installed in minimal
> (only "libselinux1" is present). If a user selects SELInux, it should probably
> add that packacge to the list. However I added this package manually, and it
> did not help with the situation.
> 
> Want me to file a bugzilla? I havent seen it in "Known Issues" here: SLE Beta
> (suse.com)
> 
> BTW: I also turned off DHCPv6, but wicket dhcp6 seems to be started anyway?
> 
> Gruss
> Bernd

-- 
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)

More information about the sle-beta mailing list