Mls Newrole

[mlyczko]

Hello

I have MLS on Fedora 12 but I can not run "newrole", for example:

Code:

newrole -r sysadm_r

I get error:

Code:

Sorry, newrole may be used only on a SELinux kernel.

What can be wrong?
PS. Sorry for my english.

[Rubberman]

Apparently do are not running Fedora in Security Enhanced mode (SELinux). This tool only works for an SELinux-enabled kernel.

[mlyczko]

This is my /etc/selinux/config:

Code:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#    enforcing - SELinux security policy is enforced.
#    permissive - SELinux prints warnings instead of enforcing.
#    disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#    targeted - Only targeted network daemons are protected.
#    strict - Full SELinux protection.
SELINUXTYPE=mls

[Rubberman]

Just because you have an SELinux configuration on your system, doesn't mean that it's running. What is the output from uname -a?

[mlyczko]

I get:

Code:

Linux localhost.localdomain 2.6.31.5-127.fc12.i686 #1 SMP Sat Nov 7 21:41:45 EST 2009 i686 i686 i386 GNU/Linux

[Rubberman]

I don't think you have the SELinux sub-system enabled. Go to the Service Management (Services) tool in your Administration menu (or sub-menu thereof) and see if it is enabled. If not, you need to configure and enable it.