15.3 PRC: SE Linux Policy loading failed
Vincent Moutoussamy
vmoutoussamy at suse.com
Mon May 17 08:54:40 UTC 2021
Hi,
On 16 May 2021, at 15:39, Bernd Eckenfels <ecki at zusammenkunft.net<mailto:ecki at zusammenkunft.net>> wrote:
> I assume you mean SLES 15 SP3 and not Leap 15.3?
Yes, this is the SLE mailing list.
This is true, but since SLE and openSUSE are now developed together<https://www.suse.com/c/how-suse-builds-its-enterprise-linux-distribution-part-5/>, there is absolutely no issue to discuss openSUSE Leap 15.3 in this mailing list : ).
To say it differently we would like to have such SLE/openSUSE reports or discussions during the beta program since it will help our ambition to improve SLE and openSUSE.
> In short: as documented since a long time, SLES does not come with a SELinux policy
The release notes only states that 15.3 does support SELinux, it should probably add a warning that it lacks default policies.
Yes, we are going to rewrote the Release Notes statement about SELinux thanks to your report and suggestion.
Thank you and have a nice day,
Regards,
--
Vincent Moutoussamy
SUSE Beta Program Manager
JeOS Technical Project Manager
Paris, France
Gruss
Bernd
--
http://bernd.eckenfels.net
Von: sle-beta <sle-beta-bounces+ecki=zusammenkunft.net at lists.suse.com> im Auftrag von Thorsten Kukuk <kukuk at suse.de>
Gesendet: Sunday, May 16, 2021 12:53:33 PM
An: sle-beta at lists.suse.com <sle-beta at lists.suse.com>
Betreff: Re: 15.3 PRC: SE Linux Policy loading failed
Hi,
On Sat, May 15, Bernd wrote:
> Hello,
>
> I just installed 15.3 PRC in a Hyper-V VM (UEFI with secure boot) to do some
> qualification testing. I used the Full ISO and installed SLES with only the
> base system module in minimal configuration and no registration. In the
> installer I enabled SELinux in advisory mode.
I assume you mean SLES 15 SP3 and not Leap 15.3?
It's really helpful to use correct product and version names, own created
version numbers only lead to confusion and wrong advice.
In short: as documented since a long time, SLES does not come with a
SELinux policy, you need to bring your own with you.
I don't know why this option is visible in YaST, as only SLE Micro comes
with full SELinux support.
Thorsten
> This seems to freeze, in the first boot after Yast has installed the system.
> Eearly in systemd after the kernel is loaded with:
>
> [8.5...] systemd[1]: Failed to load SELinux policy.
> [!!!!!] Failed to load SELinux policy.
> .. Freezing Execution
>
> When using the grub boot config editor and removing "security=selinux selinux=1
> enforcing=1" from the linuxefi kernel command line, it succeeded to boot.
>
> BTW: when I only change enforcing=1 to enforcing=0 the boot continues but shows
> quite a few errors about SELin ux label cannot be determined on systemd sockets
> because "Function not implemented".and in operations there are errors like
> broken name resolution.
>
> I have not yet tried with more modules. Do I need the Application Server
> module?
>
> I noticed that selinux-tools (from base module) is not installed in minimal
> (only "libselinux1" is present). If a user selects SELInux, it should probably
> add that packacge to the list. However I added this package manually, and it
> did not help with the situation.
>
> Want me to file a bugzilla? I havent seen it in "Known Issues" here: SLE Beta
> (suse.com)
>
> BTW: I also turned off DHCPv6, but wicket dhcp6 seems to be started anyway?
>
> Gruss
> Bernd
--
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-beta/attachments/20210517/b316fe74/attachment.htm>
More information about the sle-beta
mailing list