SELinux is not enabledIs it a bad idea to run SELinux and AppArmor at the same time?Can't enable selinux on Ubuntu server 18.04How to set selinux?Can SELinux Affect Apacheselinux folder in root directory (/)SELinux enforcing mode problemSELinux implementation in UbuntuShould I be concerned about disable SELinux?Can't boot into graphical desktop after installing SELinuxSetting the host time from a docker container gives permission error even with CAP_SYS_TIMEUseradd/groupadd fails: failure while writing changes to /etc/passwd and /etc/group. Contexts problemCan not enable SELinux in Ubuntu

How can The Temple of Elementary Evil reliably protect itself against kinetic bombardment?

Why does a recursive function stop on random numbers?

What's the "normal" opposite of flautando?

How can I get players to stop ignoring or overlooking the plot hooks I'm giving them?

How do I express some one as a black person?

When stopping and starting a tile job, what to do with the extra thinset from previous row's cleanup?

Can you reject a postdoc offer after the PI has paid a large sum for flights/accommodation for your visit?

Is "conspicuously missing" or "conspicuously" the subject of this sentence?

Reverse string, can I make it faster?

Why the color red for the Republican Party

How can I ensure my trip to the UK will not have to be cancelled because of Brexit?

Should I tell my boss the work he did was worthless

Database Backup for data and log files

Reversed Sudoku

Could you please stop shuffling the deck and play already?

Does the nature of the Apocalypse in The Umbrella Academy change from the first to the last episode?

NASA's RS-25 Engines shut down time

Do items de-spawn in Diablo?

How to detect if C code (which needs 'extern C') is compiled in C++

An alternative proof of an application of Hahn-Banach

Shifting between bemols (flats) and diesis (sharps)in the key signature

Coax or bifilar choke

Bash script should only kill those instances of another script's that it has launched

What wound would be of little consequence to a biped but terrible for a quadruped?



SELinux is not enabled


Is it a bad idea to run SELinux and AppArmor at the same time?Can't enable selinux on Ubuntu server 18.04How to set selinux?Can SELinux Affect Apacheselinux folder in root directory (/)SELinux enforcing mode problemSELinux implementation in UbuntuShould I be concerned about disable SELinux?Can't boot into graphical desktop after installing SELinuxSetting the host time from a docker container gives permission error even with CAP_SYS_TIMEUseradd/groupadd fails: failure while writing changes to /etc/passwd and /etc/group. Contexts problemCan not enable SELinux in Ubuntu













4















I installed SELINUX on ubuntu using the command:



sudo apt-get install selinux


config file in /etc/selinux contain following information



SELINUX=permissive

SELINUXTYPE=default

SETLOCALDEFS=0


But i am not able to set selinux, when I check using sestatus -v command
it gives output 



SELINUX is disabled


How should I enable my SELINUX?



When I use command seinfo. it gives following output



ERROR: policydb version 26 does not match my version range 15-24
ERROR: Unable to open policy /etc/selinux/default/policy/policy.26.
ERROR: Input/output error


check-selinux-installation command gives following output
../proc/1 kernel..



SELinux is not enabled. The init process (PID 1) is running in an incorrect domain. /etc/pam.d/login is not SELinux enabled
FSCKFIX is not enabled - not serious, but could prevent system from booting...
udev will create nodes not labeled correctly



Please help






selinux







share|improve this question
























  • check-selinux-installation command gives following output ../proc/1 kernel.. SELinux is not enabled. The init process (PID 1) is running in an incorrect domain. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

    – user282924
    May 18 '14 at 19:44












  • Have you rebooted the machine after installing SELinux ?

    – cioby23
    May 18 '14 at 19:56











  • May be this problem possible because in Debian Jessie there not exist a selinux-policy-default?

    – kinunt
    Jul 5 '17 at 16:20















4















I installed SELINUX on ubuntu using the command:



sudo apt-get install selinux


config file in /etc/selinux contain following information



SELINUX=permissive

SELINUXTYPE=default

SETLOCALDEFS=0


But i am not able to set selinux, when I check using sestatus -v command
it gives output 



SELINUX is disabled


How should I enable my SELINUX?



When I use command seinfo. it gives following output



ERROR: policydb version 26 does not match my version range 15-24
ERROR: Unable to open policy /etc/selinux/default/policy/policy.26.
ERROR: Input/output error


check-selinux-installation command gives following output
../proc/1 kernel..



SELinux is not enabled. The init process (PID 1) is running in an incorrect domain. /etc/pam.d/login is not SELinux enabled
FSCKFIX is not enabled - not serious, but could prevent system from booting...
udev will create nodes not labeled correctly



Please help






selinux







share|improve this question
























  • check-selinux-installation command gives following output ../proc/1 kernel.. SELinux is not enabled. The init process (PID 1) is running in an incorrect domain. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

    – user282924
    May 18 '14 at 19:44












  • Have you rebooted the machine after installing SELinux ?

    – cioby23
    May 18 '14 at 19:56











  • May be this problem possible because in Debian Jessie there not exist a selinux-policy-default?

    – kinunt
    Jul 5 '17 at 16:20













4












4








4


1






I installed SELINUX on ubuntu using the command:



sudo apt-get install selinux


config file in /etc/selinux contain following information



SELINUX=permissive

SELINUXTYPE=default

SETLOCALDEFS=0


But i am not able to set selinux, when I check using sestatus -v command
it gives output 



SELINUX is disabled


How should I enable my SELINUX?



When I use command seinfo. it gives following output



ERROR: policydb version 26 does not match my version range 15-24
ERROR: Unable to open policy /etc/selinux/default/policy/policy.26.
ERROR: Input/output error


check-selinux-installation command gives following output
../proc/1 kernel..



SELinux is not enabled. The init process (PID 1) is running in an incorrect domain. /etc/pam.d/login is not SELinux enabled
FSCKFIX is not enabled - not serious, but could prevent system from booting...
udev will create nodes not labeled correctly



Please help






selinux







share|improve this question
















I installed SELINUX on ubuntu using the command:



sudo apt-get install selinux


config file in /etc/selinux contain following information



SELINUX=permissive

SELINUXTYPE=default

SETLOCALDEFS=0


But i am not able to set selinux, when I check using sestatus -v command
it gives output 



SELINUX is disabled


How should I enable my SELINUX?



When I use command seinfo. it gives following output



ERROR: policydb version 26 does not match my version range 15-24
ERROR: Unable to open policy /etc/selinux/default/policy/policy.26.
ERROR: Input/output error


check-selinux-installation command gives following output
../proc/1 kernel..



SELinux is not enabled. The init process (PID 1) is running in an incorrect domain. /etc/pam.d/login is not SELinux enabled
FSCKFIX is not enabled - not serious, but could prevent system from booting...
udev will create nodes not labeled correctly



Please help






selinux




selinux






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 18 '14 at 19:45







user282924

















asked May 18 '14 at 19:41









user282924user282924

21114




21114












  • check-selinux-installation command gives following output ../proc/1 kernel.. SELinux is not enabled. The init process (PID 1) is running in an incorrect domain. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

    – user282924
    May 18 '14 at 19:44












  • Have you rebooted the machine after installing SELinux ?

    – cioby23
    May 18 '14 at 19:56











  • May be this problem possible because in Debian Jessie there not exist a selinux-policy-default?

    – kinunt
    Jul 5 '17 at 16:20

















  • check-selinux-installation command gives following output ../proc/1 kernel.. SELinux is not enabled. The init process (PID 1) is running in an incorrect domain. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

    – user282924
    May 18 '14 at 19:44












  • Have you rebooted the machine after installing SELinux ?

    – cioby23
    May 18 '14 at 19:56











  • May be this problem possible because in Debian Jessie there not exist a selinux-policy-default?

    – kinunt
    Jul 5 '17 at 16:20
















check-selinux-installation command gives following output ../proc/1 kernel.. SELinux is not enabled. The init process (PID 1) is running in an incorrect domain. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

– user282924
May 18 '14 at 19:44






check-selinux-installation command gives following output ../proc/1 kernel.. SELinux is not enabled. The init process (PID 1) is running in an incorrect domain. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

– user282924
May 18 '14 at 19:44














Have you rebooted the machine after installing SELinux ?

– cioby23
May 18 '14 at 19:56





Have you rebooted the machine after installing SELinux ?

– cioby23
May 18 '14 at 19:56













May be this problem possible because in Debian Jessie there not exist a selinux-policy-default?

– kinunt
Jul 5 '17 at 16:20





May be this problem possible because in Debian Jessie there not exist a selinux-policy-default?

– kinunt
Jul 5 '17 at 16:20










2 Answers
2






active

oldest

votes


















1














This error might be because you are running AppArmor along with SELinux. AppArmor is installed by default in Ubuntu. You can't use 2 LSM (Linux security modules) at the same time. You need to remove AppArmor if you wish yo use SELinux



See an aswer here: Is it a bad idea to run SELinux and AppArmor at the same time?






share|improve this answer

























  • Thanks after I unstalled apparmor I was able to enable selinux and reboot my system. But now probelm, I downloaded the code from ref policy code from below site. oss.tresys.com/projects/refpolicy/wiki/UseRefpolicy And after I built policy code (as mentioned on site). I changed my config file to as below : SELINUX=enforcing SELINUXTYPE=refpolicy Again I was not able to reboot my system.Please help

    – user282924
    May 26 '14 at 11:01












  • check-selinux-installation gives following error getfilecon: getfilecon(/proc/1) failed SELinux is not enabled. Could not read the domain of PID 1. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

    – user282924
    May 26 '14 at 18:49











  • Check sestatus if it returns enabled then it's working fine. Also enter the command grep FSC /etc/default/rcS If it returns #FSCKFIX=no then use gedit or any other editing tool to edit the rcS file uncomment the line and set it to yes (like this FSCKFIX=yes) then save and exit gedit. After editing the file re-enter the command grep FSC /etc/default/rcS should return FSCKFIX=yes if the command check-selinux-installation returns just /etc/pam.d/login is not SELinux enabled then it's fine and the above return is a false positive.

    – cioby23
    May 27 '14 at 6:34











  • FSCKFIX probelm is fixed. now when I run check-selinux-installation command. It gives following error. .. /proc/1 kernel... The init process (PID 1) is running in an incorrect domain. I am not able to enable SELINUX(I installed 3.9 kernel also). Please help.

    – user282924
    Jun 8 '14 at 10:34












  • There is one more probelm that /selinux folder is empty. How can I get it contents back as without it i can get my system booted once I enable SELINUX. Please help

    – user282924
    Jun 15 '14 at 19:13


















0














An absurdly old question, but it helped me track my problem down partially, so I'm adding another response.



Not only do you need to remove AppArmor like cioby23 says, but there are some extra steps received from the upstream Debian that aren't well documented at all. Here are the commands to convert a standard Ubuntu system (16.04.6 for me) to use SELinux in Permissive mode using the standard provided packages:



# make sure you have the most up-to-date info
apt-get update
apt-get dist-upgrade

#disable and remove apparmor
/etc/init.d/apparmor stop
apt-get remove apparmor

#install SELinux
apt-get install selinux

# install the missing dependency
apt-get install auditd

# install the activate tool required to make it work
apt-get install selinux-basics

#missing manual step to actually make SELinux work (part of selinux-basics)
selinux-activate

# need to restart for it to take effect
shutdown now


Personally I discovered that the selinux-activate has to be run manually from a discussion on the upstream Debian (https://unix.stackexchange.com/questions/136988/whats-missing-with-my-selinux-installation).

It solved the exact problem of the wrong context on PID 1, which also presents as a getfilecon error.



EDIT1: Update language to avoid confusion on policy naming.
EDIT2: Split up the commands with better descriptions for each






share|improve this answer
























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "89"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f468821%2fselinux-is-not-enabled%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    This error might be because you are running AppArmor along with SELinux. AppArmor is installed by default in Ubuntu. You can't use 2 LSM (Linux security modules) at the same time. You need to remove AppArmor if you wish yo use SELinux



    See an aswer here: Is it a bad idea to run SELinux and AppArmor at the same time?






    share|improve this answer

























    • Thanks after I unstalled apparmor I was able to enable selinux and reboot my system. But now probelm, I downloaded the code from ref policy code from below site. oss.tresys.com/projects/refpolicy/wiki/UseRefpolicy And after I built policy code (as mentioned on site). I changed my config file to as below : SELINUX=enforcing SELINUXTYPE=refpolicy Again I was not able to reboot my system.Please help

      – user282924
      May 26 '14 at 11:01












    • check-selinux-installation gives following error getfilecon: getfilecon(/proc/1) failed SELinux is not enabled. Could not read the domain of PID 1. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

      – user282924
      May 26 '14 at 18:49











    • Check sestatus if it returns enabled then it's working fine. Also enter the command grep FSC /etc/default/rcS If it returns #FSCKFIX=no then use gedit or any other editing tool to edit the rcS file uncomment the line and set it to yes (like this FSCKFIX=yes) then save and exit gedit. After editing the file re-enter the command grep FSC /etc/default/rcS should return FSCKFIX=yes if the command check-selinux-installation returns just /etc/pam.d/login is not SELinux enabled then it's fine and the above return is a false positive.

      – cioby23
      May 27 '14 at 6:34











    • FSCKFIX probelm is fixed. now when I run check-selinux-installation command. It gives following error. .. /proc/1 kernel... The init process (PID 1) is running in an incorrect domain. I am not able to enable SELINUX(I installed 3.9 kernel also). Please help.

      – user282924
      Jun 8 '14 at 10:34












    • There is one more probelm that /selinux folder is empty. How can I get it contents back as without it i can get my system booted once I enable SELINUX. Please help

      – user282924
      Jun 15 '14 at 19:13















    1














    This error might be because you are running AppArmor along with SELinux. AppArmor is installed by default in Ubuntu. You can't use 2 LSM (Linux security modules) at the same time. You need to remove AppArmor if you wish yo use SELinux



    See an aswer here: Is it a bad idea to run SELinux and AppArmor at the same time?






    share|improve this answer

























    • Thanks after I unstalled apparmor I was able to enable selinux and reboot my system. But now probelm, I downloaded the code from ref policy code from below site. oss.tresys.com/projects/refpolicy/wiki/UseRefpolicy And after I built policy code (as mentioned on site). I changed my config file to as below : SELINUX=enforcing SELINUXTYPE=refpolicy Again I was not able to reboot my system.Please help

      – user282924
      May 26 '14 at 11:01












    • check-selinux-installation gives following error getfilecon: getfilecon(/proc/1) failed SELinux is not enabled. Could not read the domain of PID 1. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

      – user282924
      May 26 '14 at 18:49











    • Check sestatus if it returns enabled then it's working fine. Also enter the command grep FSC /etc/default/rcS If it returns #FSCKFIX=no then use gedit or any other editing tool to edit the rcS file uncomment the line and set it to yes (like this FSCKFIX=yes) then save and exit gedit. After editing the file re-enter the command grep FSC /etc/default/rcS should return FSCKFIX=yes if the command check-selinux-installation returns just /etc/pam.d/login is not SELinux enabled then it's fine and the above return is a false positive.

      – cioby23
      May 27 '14 at 6:34











    • FSCKFIX probelm is fixed. now when I run check-selinux-installation command. It gives following error. .. /proc/1 kernel... The init process (PID 1) is running in an incorrect domain. I am not able to enable SELINUX(I installed 3.9 kernel also). Please help.

      – user282924
      Jun 8 '14 at 10:34












    • There is one more probelm that /selinux folder is empty. How can I get it contents back as without it i can get my system booted once I enable SELINUX. Please help

      – user282924
      Jun 15 '14 at 19:13













    1












    1








    1







    This error might be because you are running AppArmor along with SELinux. AppArmor is installed by default in Ubuntu. You can't use 2 LSM (Linux security modules) at the same time. You need to remove AppArmor if you wish yo use SELinux



    See an aswer here: Is it a bad idea to run SELinux and AppArmor at the same time?






    share|improve this answer















    This error might be because you are running AppArmor along with SELinux. AppArmor is installed by default in Ubuntu. You can't use 2 LSM (Linux security modules) at the same time. You need to remove AppArmor if you wish yo use SELinux



    See an aswer here: Is it a bad idea to run SELinux and AppArmor at the same time?







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Apr 13 '17 at 12:23









    Community

    1




    1










    answered May 18 '14 at 20:02









    cioby23cioby23

    2,155912




    2,155912












    • Thanks after I unstalled apparmor I was able to enable selinux and reboot my system. But now probelm, I downloaded the code from ref policy code from below site. oss.tresys.com/projects/refpolicy/wiki/UseRefpolicy And after I built policy code (as mentioned on site). I changed my config file to as below : SELINUX=enforcing SELINUXTYPE=refpolicy Again I was not able to reboot my system.Please help

      – user282924
      May 26 '14 at 11:01












    • check-selinux-installation gives following error getfilecon: getfilecon(/proc/1) failed SELinux is not enabled. Could not read the domain of PID 1. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

      – user282924
      May 26 '14 at 18:49











    • Check sestatus if it returns enabled then it's working fine. Also enter the command grep FSC /etc/default/rcS If it returns #FSCKFIX=no then use gedit or any other editing tool to edit the rcS file uncomment the line and set it to yes (like this FSCKFIX=yes) then save and exit gedit. After editing the file re-enter the command grep FSC /etc/default/rcS should return FSCKFIX=yes if the command check-selinux-installation returns just /etc/pam.d/login is not SELinux enabled then it's fine and the above return is a false positive.

      – cioby23
      May 27 '14 at 6:34











    • FSCKFIX probelm is fixed. now when I run check-selinux-installation command. It gives following error. .. /proc/1 kernel... The init process (PID 1) is running in an incorrect domain. I am not able to enable SELINUX(I installed 3.9 kernel also). Please help.

      – user282924
      Jun 8 '14 at 10:34












    • There is one more probelm that /selinux folder is empty. How can I get it contents back as without it i can get my system booted once I enable SELINUX. Please help

      – user282924
      Jun 15 '14 at 19:13

















    • Thanks after I unstalled apparmor I was able to enable selinux and reboot my system. But now probelm, I downloaded the code from ref policy code from below site. oss.tresys.com/projects/refpolicy/wiki/UseRefpolicy And after I built policy code (as mentioned on site). I changed my config file to as below : SELINUX=enforcing SELINUXTYPE=refpolicy Again I was not able to reboot my system.Please help

      – user282924
      May 26 '14 at 11:01












    • check-selinux-installation gives following error getfilecon: getfilecon(/proc/1) failed SELinux is not enabled. Could not read the domain of PID 1. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

      – user282924
      May 26 '14 at 18:49











    • Check sestatus if it returns enabled then it's working fine. Also enter the command grep FSC /etc/default/rcS If it returns #FSCKFIX=no then use gedit or any other editing tool to edit the rcS file uncomment the line and set it to yes (like this FSCKFIX=yes) then save and exit gedit. After editing the file re-enter the command grep FSC /etc/default/rcS should return FSCKFIX=yes if the command check-selinux-installation returns just /etc/pam.d/login is not SELinux enabled then it's fine and the above return is a false positive.

      – cioby23
      May 27 '14 at 6:34











    • FSCKFIX probelm is fixed. now when I run check-selinux-installation command. It gives following error. .. /proc/1 kernel... The init process (PID 1) is running in an incorrect domain. I am not able to enable SELINUX(I installed 3.9 kernel also). Please help.

      – user282924
      Jun 8 '14 at 10:34












    • There is one more probelm that /selinux folder is empty. How can I get it contents back as without it i can get my system booted once I enable SELINUX. Please help

      – user282924
      Jun 15 '14 at 19:13
















    Thanks after I unstalled apparmor I was able to enable selinux and reboot my system. But now probelm, I downloaded the code from ref policy code from below site. oss.tresys.com/projects/refpolicy/wiki/UseRefpolicy And after I built policy code (as mentioned on site). I changed my config file to as below : SELINUX=enforcing SELINUXTYPE=refpolicy Again I was not able to reboot my system.Please help

    – user282924
    May 26 '14 at 11:01






    Thanks after I unstalled apparmor I was able to enable selinux and reboot my system. But now probelm, I downloaded the code from ref policy code from below site. oss.tresys.com/projects/refpolicy/wiki/UseRefpolicy And after I built policy code (as mentioned on site). I changed my config file to as below : SELINUX=enforcing SELINUXTYPE=refpolicy Again I was not able to reboot my system.Please help

    – user282924
    May 26 '14 at 11:01














    check-selinux-installation gives following error getfilecon: getfilecon(/proc/1) failed SELinux is not enabled. Could not read the domain of PID 1. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

    – user282924
    May 26 '14 at 18:49





    check-selinux-installation gives following error getfilecon: getfilecon(/proc/1) failed SELinux is not enabled. Could not read the domain of PID 1. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

    – user282924
    May 26 '14 at 18:49













    Check sestatus if it returns enabled then it's working fine. Also enter the command grep FSC /etc/default/rcS If it returns #FSCKFIX=no then use gedit or any other editing tool to edit the rcS file uncomment the line and set it to yes (like this FSCKFIX=yes) then save and exit gedit. After editing the file re-enter the command grep FSC /etc/default/rcS should return FSCKFIX=yes if the command check-selinux-installation returns just /etc/pam.d/login is not SELinux enabled then it's fine and the above return is a false positive.

    – cioby23
    May 27 '14 at 6:34





    Check sestatus if it returns enabled then it's working fine. Also enter the command grep FSC /etc/default/rcS If it returns #FSCKFIX=no then use gedit or any other editing tool to edit the rcS file uncomment the line and set it to yes (like this FSCKFIX=yes) then save and exit gedit. After editing the file re-enter the command grep FSC /etc/default/rcS should return FSCKFIX=yes if the command check-selinux-installation returns just /etc/pam.d/login is not SELinux enabled then it's fine and the above return is a false positive.

    – cioby23
    May 27 '14 at 6:34













    FSCKFIX probelm is fixed. now when I run check-selinux-installation command. It gives following error. .. /proc/1 kernel... The init process (PID 1) is running in an incorrect domain. I am not able to enable SELINUX(I installed 3.9 kernel also). Please help.

    – user282924
    Jun 8 '14 at 10:34






    FSCKFIX probelm is fixed. now when I run check-selinux-installation command. It gives following error. .. /proc/1 kernel... The init process (PID 1) is running in an incorrect domain. I am not able to enable SELINUX(I installed 3.9 kernel also). Please help.

    – user282924
    Jun 8 '14 at 10:34














    There is one more probelm that /selinux folder is empty. How can I get it contents back as without it i can get my system booted once I enable SELINUX. Please help

    – user282924
    Jun 15 '14 at 19:13





    There is one more probelm that /selinux folder is empty. How can I get it contents back as without it i can get my system booted once I enable SELINUX. Please help

    – user282924
    Jun 15 '14 at 19:13













    0














    An absurdly old question, but it helped me track my problem down partially, so I'm adding another response.



    Not only do you need to remove AppArmor like cioby23 says, but there are some extra steps received from the upstream Debian that aren't well documented at all. Here are the commands to convert a standard Ubuntu system (16.04.6 for me) to use SELinux in Permissive mode using the standard provided packages:



    # make sure you have the most up-to-date info
    apt-get update
    apt-get dist-upgrade

    #disable and remove apparmor
    /etc/init.d/apparmor stop
    apt-get remove apparmor

    #install SELinux
    apt-get install selinux

    # install the missing dependency
    apt-get install auditd

    # install the activate tool required to make it work
    apt-get install selinux-basics

    #missing manual step to actually make SELinux work (part of selinux-basics)
    selinux-activate

    # need to restart for it to take effect
    shutdown now


    Personally I discovered that the selinux-activate has to be run manually from a discussion on the upstream Debian (https://unix.stackexchange.com/questions/136988/whats-missing-with-my-selinux-installation).

    It solved the exact problem of the wrong context on PID 1, which also presents as a getfilecon error.



    EDIT1: Update language to avoid confusion on policy naming.
    EDIT2: Split up the commands with better descriptions for each






    share|improve this answer





























      0














      An absurdly old question, but it helped me track my problem down partially, so I'm adding another response.



      Not only do you need to remove AppArmor like cioby23 says, but there are some extra steps received from the upstream Debian that aren't well documented at all. Here are the commands to convert a standard Ubuntu system (16.04.6 for me) to use SELinux in Permissive mode using the standard provided packages:



      # make sure you have the most up-to-date info
      apt-get update
      apt-get dist-upgrade

      #disable and remove apparmor
      /etc/init.d/apparmor stop
      apt-get remove apparmor

      #install SELinux
      apt-get install selinux

      # install the missing dependency
      apt-get install auditd

      # install the activate tool required to make it work
      apt-get install selinux-basics

      #missing manual step to actually make SELinux work (part of selinux-basics)
      selinux-activate

      # need to restart for it to take effect
      shutdown now


      Personally I discovered that the selinux-activate has to be run manually from a discussion on the upstream Debian (https://unix.stackexchange.com/questions/136988/whats-missing-with-my-selinux-installation).

      It solved the exact problem of the wrong context on PID 1, which also presents as a getfilecon error.



      EDIT1: Update language to avoid confusion on policy naming.
      EDIT2: Split up the commands with better descriptions for each






      share|improve this answer



























        0












        0








        0







        An absurdly old question, but it helped me track my problem down partially, so I'm adding another response.



        Not only do you need to remove AppArmor like cioby23 says, but there are some extra steps received from the upstream Debian that aren't well documented at all. Here are the commands to convert a standard Ubuntu system (16.04.6 for me) to use SELinux in Permissive mode using the standard provided packages:



        # make sure you have the most up-to-date info
        apt-get update
        apt-get dist-upgrade

        #disable and remove apparmor
        /etc/init.d/apparmor stop
        apt-get remove apparmor

        #install SELinux
        apt-get install selinux

        # install the missing dependency
        apt-get install auditd

        # install the activate tool required to make it work
        apt-get install selinux-basics

        #missing manual step to actually make SELinux work (part of selinux-basics)
        selinux-activate

        # need to restart for it to take effect
        shutdown now


        Personally I discovered that the selinux-activate has to be run manually from a discussion on the upstream Debian (https://unix.stackexchange.com/questions/136988/whats-missing-with-my-selinux-installation).

        It solved the exact problem of the wrong context on PID 1, which also presents as a getfilecon error.



        EDIT1: Update language to avoid confusion on policy naming.
        EDIT2: Split up the commands with better descriptions for each






        share|improve this answer















        An absurdly old question, but it helped me track my problem down partially, so I'm adding another response.



        Not only do you need to remove AppArmor like cioby23 says, but there are some extra steps received from the upstream Debian that aren't well documented at all. Here are the commands to convert a standard Ubuntu system (16.04.6 for me) to use SELinux in Permissive mode using the standard provided packages:



        # make sure you have the most up-to-date info
        apt-get update
        apt-get dist-upgrade

        #disable and remove apparmor
        /etc/init.d/apparmor stop
        apt-get remove apparmor

        #install SELinux
        apt-get install selinux

        # install the missing dependency
        apt-get install auditd

        # install the activate tool required to make it work
        apt-get install selinux-basics

        #missing manual step to actually make SELinux work (part of selinux-basics)
        selinux-activate

        # need to restart for it to take effect
        shutdown now


        Personally I discovered that the selinux-activate has to be run manually from a discussion on the upstream Debian (https://unix.stackexchange.com/questions/136988/whats-missing-with-my-selinux-installation).

        It solved the exact problem of the wrong context on PID 1, which also presents as a getfilecon error.



        EDIT1: Update language to avoid confusion on policy naming.
        EDIT2: Split up the commands with better descriptions for each







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 1 hour ago

























        answered 2 hours ago









        mtalexanmtalexan

        1516




        1516



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f468821%2fselinux-is-not-enabled%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Are there any comparative studies done between Ashtavakra Gita and Buddhim?How is it wrong to believe that a self exists, or that it doesn't?Can you criticise or improve Ven. Bodhi's description of MahayanaWas the doctrine of 'Anatta', accepted as doctrine by modern Buddhism, actually taught by the Buddha?Relationship between Buddhism, Hinduism and Yoga?Comparison of Nirvana, Tao and Brahman/AtmaIs there a distinction between “ego identity” and “craving/hating”?Are there many differences between Taoism and Buddhism?Loss of “faith” in buddhismSimilarity between creation in Abrahamic religions and beginning of life in Earth mentioned Agganna Sutta?Are there studies about the difference between meditating in the morning versus in the evening?Can one follow Hinduism and Buddhism at the same time?Are there any prohibitions on participating in other religion's practices?Psychology of 'flow'

            Image
            Why "be dealt cards" rather than "be dealing cards"? Have I saved too much for retirement so far? The plural of 'stomach" How do I rename a LINUX host without needing to reboot for the rename to take effect? What defines a dissertation? Why are on-board computers allowed to change controls without notifying the pilots? Bash method for viewing beginning and end of file Student evaluations of teaching assistants Opposite of a diet Go Pregnant or Go Home Valid Badminton Score? What's the purpose of "true" in bash "if sudo true; then" What is the intuitive meaning of having a linear relationship between the logs of two variables? The baby cries all morning Is there a good way to store credentials outside of a password manager? Can I use my Chinese passport to enter China after I acquired another citizenship? Why Were Madagascar and New Zealand Discovered So Late? What are the ramifications of creating a ...
            Read more

            Where else does the Shulchan Aruch quote an authority by name?Parashat Metzora+HagadolPesach/PassoverShulchan Aruch UTF-8Anonymous glosses in the Shulchan AruchWhy is the Shulchan Aruch definitive?Siman 32, Kitzur Shulchan Aruch: UntranslatedLitvaks/Yeshivish and Shulchan AruchBuying a Shulchan AruchEnglish version of SHULCHAN ARUCHIs there any place where Shulchan Aruch rules with the Rosh against the Rif and Rambam?Are there practices where Sepharadim do not hold by Shulchan Aruch?5th part of the shulchan aruch

            Image
            Landlord wants to switch my lease to a "Land contract" to "get back at the city" Was there ever an axiom rendered a theorem? Finding files for which a command fails Is Social Media Science Fiction? What does "enim et" mean? Are objects structures and/or vice versa? Is every set a filtered colimit of finite sets? Doomsday-clock for my fantasy planet "My colleague's body is amazing" Why do UK politicians seemingly ignore opinion polls on Brexit? Does bootstrapped regression allow for inference? Is it legal to have the "// (c) 2019 John Smith" header in all files when there are hundreds of contributors? Is there a familial term for apples and pears? How did the USSR manage to innovate in an environment characterized by government censorship and high bureaucracy? I see my dog run How to make payment on the internet without leaving a money trail? Could a US political party gain complete control over the go...
            Read more

            fallocate: fallocate failed: Text file busy in Ubuntu 17.04? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)defragmenting and increasing performance of old lubuntu system with swap partitionIssue with increasing the root partition from the swapthis /usr/bin/dpkg returned error || ubuntu-16.04, 64bitDefault 17.04 swap file locationHow to Resize Ubuntu 17.04 Zesty Swap file size?Ubuntu freezes from online formsMy Laptop is not starting after upgrade ubuntu 16.04 (Kernel 4.8.0-38 to 04.10.0-36)hcp: ERROR: FALLOCATE FAILED!Not sure my swap is being usedWine 3.0 asking for more virtual free swap

            Image
            Why does Python start at index 1 when iterating an array backwards? Letter Boxed validator What's the purpose of writing one's academic bio in 3rd person? What is the longest distance a 13th-level monk can jump while attacking on the same turn? What are 'alternative tunings' of a guitar and why would you use them? Doesn't it make it more difficult to play? Can Pao de Queijo, and similar foods, be kosher for Passover? When -s is used with third person singular. What's its use in this context? Right-skewed distribution with mean equals to mode? Should gear shift center itself while in neutral? Are my PIs rude or am I just being too sensitive? When is phishing education going too far? If 'B is more likely given A', then 'A is more likely given B' List *all* the tuples! Is high blood pressure ever a symptom attributable solely to dehydration? Is there a service that would inform me whenever a new direct route is scheduled ...
            Read more