Failed to get security context of /etc/selinux/config

16 posts / 0 new
Last post
#1 Tue, 12/04/2018 - 13:26
m_umair69

Failed to get security context of /etc/selinux/config

I am trying to install virtualmin , I am constantly getting below error after installation

sed: warning: failed to get security context of /etc/selinux/config: No data availablesed: failed to get security context of /etc/sysconfig/selinux: No data available▣▣▣ Cleaning up

Also there is Configuring Postfix fail

I am able to access virtualmin afterwards however re-check configuration option is failing , is it something to do with any virtualmin upgrade?

I am installing over CentOS 7

Update: It is working with CentOS6

Tue, 12/04/2018 - 21:22
Joe
Joe's picture

What is the exact version of CentOS? (Look in /etc/redhat-release)

This isn't anything to do with Virtualmin updates, but may be something with the new CentOS updates (I just saw a few hundred new packages show up on all of my CentOS 7 boxes, so I guess there's a new minor version). SELinux should be disabled during installation, so there's no reason SELinux should be complaining once it's turned off (sometimes it'll complain when we try to turn it off, if it's already off, though, but the error looks different than this). It's possible to run Virtualmin with SELinux enabled, with a few tweaks to a half dozen or so booleans, but it's a pain in the ass in ways that confuse users, so we still disable it.

Definitely don't start a new server on CentOS 6! If there's a problem with the new CentOS, I'll fix it, I'll just need to reproduce it. I did an install on CentOS 7 a few days ago that worked, but I haven't done one since all those new packages came out.

--

Check out the forum guidelines!

Tue, 12/04/2018 - 23:58
m_umair69

The exact version is CentOS Linux release 7.5.1804 (Core) , I think issue must be due to some package upgrades on linux because i do have virtualmin up and running previously on same version

I just checked with centos6 not going to use centos6 , I also did install few days before and it was working so i suppose its got to do with some upgrades can you kindly check what is the issue

If you would like i can provide you with root access to server for you to check this out on the system getting error , you can contact me through cocl8091@gmail.com

Umair

Wed, 12/05/2018 - 01:47
Joe
Joe's picture

I've been able to reproduce it. I don't quite understand what's happening...it looks like a bug in one of the new packages (not ours). That file should have a context at the point where we're messing with it...so...it shouldn't give this error. And, I'm not sure it should give this error even if it doesn't have a context.

Yeah, after some testing, this is definitely a bug in one of those new packages. I won't be able to fix it. I'm not even sure I can workaround it, but I'm going to try a couple of things to avoid using sed (but we rely on sed quite a bit, so that'll be a problem...something else might be going wrong, too). Basically sed cannot modify files in /etc, which is wild. Among the new packages are updates to libselinux and libsepol (selinux policy), so I guess it's doing something bad.

So...we may have to hope Red Hat/CentOS rolls a fix for this soon. I will try copying the files we need to modify to a tmp dir and copying them back after modifying, but I have a vague feeling that won't work either (but if the problem is strictly with sed, it might).

--

Check out the forum guidelines!

Wed, 12/05/2018 - 01:56
Joe
Joe's picture

I think I understand why it's happening, but not why that thing is happening. But, I think I can probably fix it or workaround it.

--

Check out the forum guidelines!

Wed, 12/05/2018 - 01:57
m_umair69

Thank you for your fast update , please do let me know about this issue fix / workaround as i really need to setup virtualmin

Umair

Wed, 12/05/2018 - 01:59
m_umair69

Also do check that this is also causing issues with apache configuration and postfix error when we do re-check configuration from within virtualmin

Umair

Wed, 12/05/2018 - 02:17
Joe
Joe's picture

OK, got a workaround.

Install Virtualmin. Do nothing after installation; don't do the install wizard or anything like that.

Reboot.

Run the following command once rebooted:

# virtualmin config-system --include Postfix

This will probably get you going right. I haven't tested beyond this, though, and it's late, so I'm not going to be able to do much more.

The cause of the problem is that the bind package depends on selinux-policy (I don't know why), which seems to turn selinux on, even if it was disabled before installation. This seems very bug-like. This means that selinux is running but no files have security context information, which means operations that check the selinux context fail (no matter what state selinux is in...even if you disable it, it still fails). Rebooting seems to make it act reasonable again, though I don't quite understand why (I guess because SELinux is completely disabled rather than put into permissive mode).

So, this problem won't happen on a system that has selinux enabled when Virtualmin is installed (because files will have context info, and turning to permissive mode or disabled won't matter). But, if selinux is off, and that policy package gets installed, it seems to turn on selinux but without context info. I was also unable to run restorecon, so there's more than one problem with what's happening here. Definitely bug-like on the part of the package. I'll try to figure out a way to workaround this without a reboot, but as long as installed selinux-policy partially enables selinux when installed, I'm not sure it's possible, which sucks. Hopefully, it'll get fixed.

--

Check out the forum guidelines!

Wed, 12/05/2018 - 03:02
Joe
Joe's picture

So...sed is seemingly the only thing broken by this problem, which is really weird, but it's good news, because we only use sed in two places, both of which are the things we're seeing fail here. I will roll new versions of install.sh and Virtualmin-Config tomorrow that replaces both of those uses of sed with a perl replacement.

In the meantime, the above workaround should work fine. I don't think anything else is broken, since I don't think there are any other sed uses.

--

Check out the forum guidelines!

Wed, 12/05/2018 - 03:09
m_umair69

Thank you for the workaround i will give it a try , and post result

Umair

Wed, 12/05/2018 - 03:53
Joe
Joe's picture

I've checked in and released a fix for the install.sh, which you can get by downloading the install.sh again, but Virtualmin-Config (the Postfix error) will still be a problem. So, you'll still need to reboot and run that virtualmin config-system command I mentioned above. I'll fix that tomorrow when I'm not so tired.

--

Check out the forum guidelines!

Wed, 12/05/2018 - 03:54
m_umair69

You were supposed to go to sleep :) , well good work and thank you i still need to checkout fix though

Umair

Wed, 12/05/2018 - 05:33
Joe
Joe's picture

I should have gone to sleep. I checked in a typo, so it would bail before finishing...so, that wasn't good. Now, it's hopefully really fixed.

--

Check out the forum guidelines!

Wed, 12/05/2018 - 08:03
m_umair69

Just installed and configured system using above provided workaround , and it works

Thank you for the solution

Umair

Mon, 12/10/2018 - 10:46
Mychael

How have you managed to install CentOS 7? It throws me error somehow, I do not know if I need something else.

Mon, 12/10/2018 - 10:50
m_umair69

As mentioned by joe , you will get error just complete virtualmin installation and afterwards restart your system

Then run command virtualmin config-system --include Postfix

and done

Umair

Topic locked