Can't enable SElinux

Hi,

I'm new to unix administration. Please don't blame me asking anything stupid.

I'm trying to enable selinux on CentOS7 server.

I've tried to edit /etc/selinux/config

__SELINUX=permissive

SELINUXTYPE=targeted__

I've tried enforcing too. Nothing works. When I type getenforce I get

Disabled

I've looked into similar topics but I can't move forward. Some topics suggest to check grub file. But I don't have it. Everytime I try to fix something I need another fix which requires another fix, etc.

I'll appreciate any help.

8 Replies

I don't think Linode builds SELINUX into their kernels - with a default install, no matter what distro, you're actually running on top of a Ubuntu kernel.

Not sure if the solution is as simple as using pv-grub to install your own CentOS kernel.

@vonskippy:

I don't think Linode builds SELINUX into their kernels - with a default install, no matter what distro, you're actually running on top of a Ubuntu kernel.

Not sure if the solution is as simple as using pv-grub to install your own CentOS kernel.

Honestly it's not simple for me.

My goal is to install a mail server and I use this instruction:

~~[https://z0z0.me/2014/10/26/install-postfix-dovecot-auth-tls-mysql-postfixadmin-spamassassin-and-clamav-on-centos7/" target="_blank">](https://z0z0.me/2014/10/26/install-post … n-centos7/">https://z0z0.me/2014/10/26/install-postfix-dovecot-auth-tls-mysql-postfixadmin-spamassassin-and-clamav-on-centos7/](

I followed the instruction (didn't use nginx and used apache). I reached the line where I need to do

systemctl restart firewalld

The problem is that when I start firewalld my website becomes unavailable. I thought it can be related with SElinux.

What I'm doing wrong? Maybe I can find some logs?

The firewall-cmd –zone=public --list-all output is:

__interfaces:

sources:

services: dhcpv6-client http ssh

ports: 80/tcp

masquerade: no

forward-ports:

icmp-blocks:

rich rules:__

And I run firewall-cmd –reload but that doesn't help

Firewall and SELinux are two different things.

Very simply put - Firewall controls traffic access, SELinux controls Application access

The link you posted gives me "502 Bad Gateway - nginx"

Thanks for clarification. Now it's clear the Firewall is the issue.

The website just went down. Hopefully it will get back soon.

Anyway I opened port 80 but it keeps blocking my requests. Don't know what else I can try.

The problem is fixed. Not sure how I've fixed it. I was playing around, disabled and re-enabled port 80, couple of restarts. Not sure what solved the issue but it works now. Thanks

@vahan:

The problem is fixed. Not sure how I've fixed it. I was playing around, disabled and re-enabled port 80, couple of restarts. Not sure what solved the issue but it works now. Thanks
Could you explain, what problem was fixed: do you turn on selinux or fix firewall problem?

@vahan:

The firewall-cmd –zone=public --list-all output is:

__interfaces:

sources:

services: dhcpv6-client http ssh

ports: 80/tcp

masquerade: no

forward-ports:

icmp-blocks:

rich rules:__

And I run firewall-cmd –reload but that doesn't help

It seams that you don't have interface assigned to the zone. Therefore it won't apply the rule.

You can add the interface by using:

#firewall-cmd --zone=public --add-interface=eth0 --permanent

the run the reload command.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct