- This topic has 12 replies, 7 voices, and was last updated Apr 12-5:58 pm by silvioto.
-
Posts
-
newmant1
Hi Antix-Team,
1) On every bootup, it displays : SElinux: could not open policy file <= /etc/selinux/targeted/policy/policy:33 No such file or directory
Using makefile-style concurrent boot in runlevel S.
2) is the runleve S. the correct one? Any bootup option for choosing ?I search the history and someone had experienced this common boot-up errors by editing the Grub menu add-on < GRUB_CMDLINE_LINUX_DEFAULT=”quiet Selinux=0 ” > but still surfaces the same error on bootup.
Any better suggestion to resolve this ?
Welcome to shades some lights, appreciates all inputs.
Using Antix-21 ( 5.10.57-antix.1-amd64-smp )
NewUser Newmant1- This topic was modified 1 year, 4 months ago by anticapitalista. Reason: solved
ModdIt
If you look in /etc/selinux/ you will find the file targeted/policy/policy:33 does not exist
That is the easy bit.
https://wiki.centos.org/HowTos/SELinux gives a lot of background including that SEL is difficult to
configure even for an admin.
HOWTO Sorry, beyond my knowlwedge level.
christophe
This was discussed heavily during alpha testing:
See if this post & related ones can help you resolve this.
(Personally, I just ignore that notification.)
confirmed antiX frugaler, since 2019
newmant1
Hi Moddit,
1) thank you for the lead https://wiki.centos.org/HowTos/SELinux so I have a chance to read and explore this. If I am not wrong from my readings, it says that SElinux was compiled within the kernel and it is turn on every boot, thus this program is pointing to a file named policy:33 which supposed to be out there somewhere but happen not ,thus showing up the missing file warnings. This warning could be ignored as mention by Moderator Christophe if one could live with it.
2)From my reading(pls quote me if I am interpreting it wrongly), It produces report errors because the SElinux is setup within the kernel, so it is working and pointing to a direction policy:33. So why is that policy missing when it was supposed intended to configure that way. From here, I pressumes that some parts of the program could be missing , back-tracing to get some clues, I need to fiddle with the synaptic package manager to install ‘policycoreutils-gui’ package with a reboot as indicated from the that read ‘/HowTos/SElinux’.On reboot, its locked up the booting to ‘X-Gui session’ leaving only with a tty1 login. So, to login as root , played with the command ‘sestatus’ and it showed that it was configured as ‘Permissive’ and some files had been denied;resulting only booting to a tty1. Then, I nano /etc/selinux/config file;changed the ‘Permissive’ to ‘disabled’;saved/exit/reboot;then it was able to boot into login for an icewm to be selected again. This time during the bootup, it showed ‘Selinux: Runtime disable is deprecated / disabled, use selinux cmdline’.
But according to that reads, it indicated that SElinux should not be disabled to have the security turn on. Hm? Its turn on but some policy is missing? So does the security still working without the policy rules?
That articles indicated SElinux was developed for CentOs, what it has to do with Antix’s ? I’m sorry that I might sound naive, but I felt its good to know.Last but not least, my add SElinux=0 in the GRUB.CFG file did not work for me to turn off the warning but some guest out there was able to, anyone knows why? It would be leverage further improvement if someone could figure what is going wrong there or suggest a substitute file to feed that hunger pointer. 🙂
Thank you both Moddit & Christophe for ringing the bells !
Newmant1
- This reply was modified 1 year, 5 months ago by newmant1.
olsztyn
It becomes very interesting…
Selinux concept is something new to me so I have done some reading before this post but if you do not mind I would appreciate some clarity:
– Is Selinix typically included with modern kernels and expected to be enabled?
– Are most distros have Selinux enabled configured to take advantage of additional security?\
– In antiX – Selinux is also included to take advantage of it but not fully operational because of missing the policy file?I would appreciate some insight into this, as something new to me…
Thanks and Regards…- This reply was modified 1 year, 5 months ago by olsztyn.
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_Parameters
Brian Masinick
Security-Enhanced Linux is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls. SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy, and streamlines the amount of software involved with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency.
Wikipedia
https://selinuxproject.org/page/Main_Page- This reply was modified 1 year, 5 months ago by Brian Masinick.
--
Brian MasinickThank you Brian for this info.
So as I understand from this, only some distros have this implemented. If SElinux is included in antiX and only some policy files are missing to fully implement, is this a significant effort to fully enable SElinux?
In any case thanks and regards…- This reply was modified 1 year, 5 months ago by olsztyn.
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_Parametersnewmant1
Hi all,
Nice to hear every comments welcoming to spice this topics and I apologized that I am still very green with linux, hope experts out there including Brian add-ons frequent their participation of getting muddy water to clear. Appreciates all inputs.1) I would like to share my exploration that I compared Mx-21 and it does not show this error and on the checklist using synaptic package manager it showed Selinux packages not installed.
2) So I tried to uninstalled those Selinux packages in Antix-21 and faced rejection to uninstall certain packages until I came to uninstalled this libsemanage-common. Being a newbie, this broke many default Antix packages, resulting reboot only to a debian core with tty login. 🙁 I tried this because I thought it would no longer post that error if Selinux get uninstalled in Antix, but it can’t as it involved all those important Anti-goodies.3) I am learning the hard way on the price of breaking my cool Antix installed OS out of my curiosity. Any commands to verify / to check Selinux was built within a kernel? If MX-21 does have, then why it did’nt post any error and selinux packages not shown in the synaptic default installed which Antix-21 has shown its there which are: libselinux1,libsemanage-common, libsepol1,python3-selinux,python3-semanage & policycoreutils etc. (For policycoreutils could be installed when I last installed policycoreutils-gui – which is appeared on the menu, but when clicks exhibit nothing.)
4) My apology that my curiosity sprung the need for answers, if you are very busy, please do not attempt to answer my question until you’re free. Appreciates all experts here for showing ropes for newbie like me. Since my System is broke, i prefer to wait for the new release of Antix-21 (a full stable version) be available.
GoodDay all nice people here.
Newmant1
P.S Wait, i re-installed and my Antix-21 is back in use now.
Same policy:33 missing reported from a new default installed.- This reply was modified 1 year, 4 months ago by newmant1.
I am learning the hard way on the price of breaking my cool Antix installed OS out of my curiosity.
Experiment on a live stick rather than an installed system, less headeache.
SEL is by the way an NSA tool. No person at NSA should ever agin get an overview of the shitty surveillance net they have cast over the world. No more bitterness of persons with a concience and morals opening up pandoras chest.
Very bitter right now as mini trump and friends sending Assange back to Torture and life imprisonment in a country which loudly criticises others for doing what it does best….
Xecure
selinux=0
No uppercases here.
and then
sudo update-grub
to make it take effect.antiX Live system enthusiast.
General Live Boot Parameters for antiX.newmant1
Hi Antix-Team
1) Thanks you Xsecure,
I think I might have missed this part : sudo update-grub
Tested the problems disappears.
2) Thanks Moddit for suggesting using a USB stick-live , but i had went to that extend; even a live-usb might break!
Please update this questionnaire as ‘resolved’Newmant1
Added for later readers, newmant 1 wrote
Using a USB stick-live , but i had went to that extend; even a live-usb might break!Of course but depending on circumstances
Without persistence just Reboot from your live stick and you are back to before you made changes
If you made breaking changes and remastered, needed for example when a reboot must be made for the system to read in a modification.Just write the stick again from the snapshot you made of your installed system.
You can do that from your installed system or just as easy from another live USB stick running antiX.
I do not recommend to use a persistent live USB setup for experiments.
The tools are there, just need to use them.
silvioto
Just installed antix 21 64 on my desktop, updated and at reboot it stuck in this green screen.
Please write me an easy way to solve. Reading the posts above I have difficulty to understand the solution.
Thanks.- This reply was modified 1 year ago by silvioto.
Attachments:
- You must be logged in to reply to this topic.
