15.3 PRC: SE Linux Policy loading failed

Bernd Eckenfels ecki at zusammenkunft.net
Sun May 16 18:09:51 UTC 2021 

Hello Thorsten,

The aproperiate answer to somebody giving you his spare time to test your beta product is not „you wrote my version number wrong“ but the correct answer is „thank you“. Anyway, this report is about the latest/only beta candidate of SLES which is currently available, as my original Mail clearly stated.

Gruss
Bernd


--
http://bernd.eckenfels.net
________________________________
Von: sle-beta <sle-beta-bounces+ecki=zusammenkunft.net at lists.suse.com> im Auftrag von Thorsten Kukuk <kukuk at suse.de>
Gesendet: Sonntag, Mai 16, 2021 6:26 PM
An: sle-beta at lists.suse.com
Betreff: Re: 15.3 PRC: SE Linux Policy loading failed

On Sun, May 16, Bernd Eckenfels wrote:

>
> > I assume you mean SLES 15 SP3 and not Leap 15.3?
>
> Yes, this is the SLE mailing list.

But there is no SLE product with the version number 15.3!

> > In short: as documented since a long time, SLES does not come with a SELinux
> policy
>
> The release notes only states that 15.3 does support SELinux, it should
> probably add a warning that it lacks default policies.

15.3 is openSUSE Leap.

# grep VERSION= /etc/os-release
# VERSION="15-SP3"

Is it so difficult to use the correct version number to not confuse
other people?

I filled a bug for SLES 15 SP3 that the release notes are not correct.

> > I don't know why this option is visible in YaST, as only SLE Micro comes with
> full SELinux support.
>
> What is SLE Micro?

https://www.suse.com/c/suse-linux-enterprise-micro-5-0-is-generally-available/

 Thorsten

> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
> Von: sle-beta <sle-beta-bounces+ecki=zusammenkunft.net at lists.suse.com> im
> Auftrag von Thorsten Kukuk <kukuk at suse.de>
> Gesendet: Sunday, May 16, 2021 12:53:33 PM
> An: sle-beta at lists.suse.com <sle-beta at lists.suse.com>
> Betreff: Re: 15.3 PRC: SE Linux Policy loading failed
>
>
> Hi,
>
> On Sat, May 15, Bernd wrote:
>
> > Hello,
> >
> > I just installed 15.3 PRC in a Hyper-V VM (UEFI with secure boot) to do some
> > qualification testing. I used the Full ISO and installed SLES with only the
> > base system module in minimal configuration and no registration. In the
> > installer I enabled SELinux in advisory mode.
>
> I assume you mean SLES 15 SP3 and not Leap 15.3?
> It's really helpful to use correct product and version names, own created
> version numbers only lead to confusion and wrong advice.
>
> In short: as documented since a long time, SLES does not come with a
> SELinux policy, you need to bring your own with you.
> I don't know why this option is visible in YaST, as only SLE Micro comes
> with full SELinux support.
>
>   Thorsten
>
> > This seems to freeze, in the first boot after Yast has installed the system.
> > Eearly in systemd after the kernel is loaded with:
> >
> > [8.5...] systemd[1]: Failed to load SELinux policy.
> > [!!!!!] Failed to load SELinux policy.
> > .. Freezing Execution
> >
> > When using the grub boot config editor and removing "security=selinux selinux
> =1
> > enforcing=1" from the linuxefi kernel command line, it succeeded to boot.
> >
> > BTW: when I only change enforcing=1 to enforcing=0 the boot continues but
> shows
> > quite a few errors about SELin ux label cannot be determined on systemd
> sockets
> > because "Function not implemented".and in operations there are errors like
> > broken name resolution.
> >
> > I have not yet tried with more modules. Do I need the Application Server
> > module?
> >
> > I noticed that selinux-tools (from base module) is not installed in minimal
> > (only "libselinux1" is present). If a user selects SELInux, it should
> probably
> > add that packacge to the list. However I added this package manually, and it
> > did not help with the situation.
> >
> > Want me to file a bugzilla? I havent seen it in "Known Issues" here: SLE Beta
> > (suse.com)
> >
> > BTW: I also turned off DHCPv6, but wicket dhcp6 seems to be started anyway?
> >
> > Gruss
> > Bernd
>
> --
> Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS
> SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
> Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)

--
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-beta/attachments/20210516/23be3d6f/attachment.htm>

More information about the sle-beta mailing list