rhel 4 - new kernel 2.6.27-10 - now SELinux causes kernel panic
After a lot of research and flailing, I have updated/compiled a new kernel (220.127.116.11) on one of my RHEL 4.6 test servers. Bugs in kernel 2.6. 25 and below were reason for kernel upgrade.
After successful rebuild, and everything works after a reboot, I decided to turn on SELinux (enforcing - targeted). I editted the /etc/selinux/config file for that. We had policy.18 in /etc/selinux/targeted/policy. Rebooted.
I got a kernel panic: policy not loaded.
I had specifically not asked for SELinux (during xconfig) as 2.6.27-10 offers policy.19 and I had learned that RHEL 4 only works with policy.18.
So I got an selinux-policy-targeted.1.17.30-2.150.el4.rpm from RHN and installed that after doing a rpm -e selinux-policy-targeted. I installed (rpm -ivh) the new copy of policy.18 and still got the panic. If I put it in permissive mode, it boots ok. Hmm, I need enforcing.
I thought that maybe I needed to compile the policy so I downloaded the src (selinux-policy-targeted.1.17.30-2.150.el4.src.rpm)
rpm -ivh --replacepkgs selinux-policy-targeted.1.17.30-2.150.el4.src.rpm
and got several errors about missing brewbuild user and brewbuilder group ...using root and then got the 100%.
I went to /etc/selinux/targeted/policy expecting to find a src directory. No source. And an rpm -q says that selinux-policy-targeted is not loaded. Huh? /selinux exists but is empty. There is no /etc/selinux/sestatus.conf file as described in man pages. Did a "find / -name src" and found only known sources. Where did it put this so-called source. And maybe I could just load a binary source (vice compile) but it kernel panics for binary policy files, too.
I would appreciate any advice about getting past this "policy not loaded" error.
Last edited by legcard; 01-26-2009 at 12:47 PM.