0

I'm running centos 7.3 with LAMP After changing my ssh port in /etc/ssh/sshd_config I have run 

semanage port -a -t ssh_port_t -p tcp <my port>

But its kicking out the following error

SELinux:  Could not downgrade policy file /etc/selinux/targeted/policy/policy.30, searching for an older version.
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.30:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory).
SELinux:  Could not downgrade policy file /etc/selinux/targeted/policy/policy.30, searching for an older version.
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.30:  No such file or directory
/sbin/load_policy:  Can't load policy:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory).
OSError: No such file or directory

Im running a cloud storage on this server and what to get rid of the default port 22 before I start throwing work on it :(

any ideas ?

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
Jim Venner
  • 11
  • 4
  • 1
    What is `SELinux` status ? `$ sestatus` – krisFR Sep 21 '17 at 20:15
  • @krisFR sestatus reports it to be disabled but in the config it's set to enforcing? – Jim Venner Sep 22 '17 at 08:06
  • My guess is you get this error message because SELinux is disabled so `semanage` kicks you out. If SELinux is set to `enforcing` in the config file, then maybe the change was made in the file but not applied by rebooting the server. – krisFR Sep 22 '17 at 08:18
  • Thanks for the reply @krisFR A reboot of the server however still shows it to be disabled with the config saying its set to enforcing. I have checked that the symlink is in place and it is with both /etc/sysconfig/selinux and /etc/selinux/config reporting the same. I look at cat /proc/cmdline shows no reference to selinux so it's not a kernel thing. – Jim Venner Sep 22 '17 at 08:44
  • Not sure what is happening here. Try to enable SELinux for the current session : `setenforce 1` – krisFR Sep 22 '17 at 09:13
  • Yep tried that and I get `setenforce: SELinux is disabled` – Jim Venner Sep 22 '17 at 09:25
  • 1
    hmm you may miss the package `selinux-policy-targeted`, check if it is installed on your system, and if not, try to install it. – krisFR Sep 22 '17 at 09:53
  • Indeed it was not installed, however after a reboot things remain the same unfortunately :( – Jim Venner Sep 22 '17 at 10:12
  • @krisFR Are you saying that SELinux can be an issue even if its disabled? – Akash Agarwal Dec 28 '17 at 06:55

1 Answers1

1

Ok on further investigation it would seem that the reason I am having this issue is because my particular build of centos 7 is maintained by scaleway, my vps company. Frustratingly they don't support SElinux so it's disabled in boot somehow.

There is some mention of the issue on the scaleway github for the centos image. It would seem there is someway of allowing it by changing to a fedora bootscript. I fear beyond my linux abilities !

So if you find your way here and your on a vps the runs custom images - that could be your issue :/

Edit: In fact it was easy to change the boot script on scaleway -> https://www.scaleway.com/docs/bootscript-and-how-to-use-it/ SElinux now up and running :)

Jim Venner
  • 11
  • 4