Mailing List Archive

no selinuxfs on a kernel with compiled-in selinux support
Hi all,

I have a couple of cheap small machines ( AMD Kabinis on AM1 baords -
cheap and old, but still interesting stuff) that I tred to convert from
hardened profile to hardened/selinux.

On two out of three, it works.

On a third one, I always get to boot into selunx disabled state ( as
reported by getenforce or sestate).

I tried loading policy int kernel manually and it failed.
load_policy kept repeating that it needs to try with lesser selinx
policy version which it can't find.

I tried going through it with debugger and have seen that it fails
to mount selinuxfs.

cat /proc/filesystems doesn't list selinuxfs, even though I clearly have
selinux suppoort compiled in.

I thought that I might have screwed something else in .config, but that
deosn't seem to be the case. Kernel compiles and runs fine and same
.config is used on other twoo working machines.

also looking fthrough kernel buffer doesn't show anything unusual.
selinux gets mentioned just twice in it - once when echoing "BOOT_IMAGE"
line and once when echoing kernel parameter line ( both are practically
the same)

And nothing else. Just at the ond of kernel initialisation, just before
systemd get started, there are no audit lines that usually marrk the
point where policy gets loaded.

No error, no info, nothing else.

IS it possible that kernels itself switches selinux off if the
filesystem labels don't smell the right way or something similar ?


In that case, I'd expect to see at least a notice, but this fails
silently...


BTW, failing machhine is a local mini server, has a couple disks in RAID
and is often used, so I can't just simply dissasemble it, swap the disks
with working ones and see what happens.