I recently discovered selinux is disabled, but config file saying selinux enforcing mode setted. I read about possibilities about why selinux is disabled. I am suspecting on kernel. But I can't find what should I do to solve this problem. I'm afraid to touch anything because of the system is running remotely. My connection between system an me is only secure shell. There are a few continents between server and me. So, I need to solve this problem without make server unreachable 🙂 What steps should I follow?
Information about server:
Centos 6.5
Linux 2.6.32-042stab068.8 #1 SMP Fri Dec 7 17:06:14 MSK 2012 i686 i686 i386 GNU/Linux
Server is running on VPS and so weirdly configured. I don't even detect which boot loader is installed on for check selinux configuration in boot loader.
Partitions (according to mtab):
/dev/simfs / simfs rw,relatime 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
none /dev devtmpfs rw,relatime,mode=755 0 0
none /dev/pts devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0
none /dev/shm tmpfs rw,relatime 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0
EDIT: Unfortunately, I've learned the kernel in server is not supporting Selinux. Because of it is specialized for OpenVZ.
Best Answer
You said that the VM is OpenVZ based. OpenVZ doesn't support SELinux due to how the containers work. It is not in the kernel which is why it won't actually enforce. I would set the configuration to disabled as recommended in the documentation. Your only solution is to use a VM with a different hypervisor such KVM/XEN which are popular in the web hosting industry. These use full hardware virtualization and are not limited like container based virtualization is.