I recently ran into the following issue on a CentOS 5 server.
$ facter Could not retrieve selinux: Invalid argument - /proc/self/attr/current Could not retrieve selinux: Invalid argument - /proc/self/attr/current Could not retrieve selinux: Invalid argument - /proc/self/attr/current Could not retrieve selinux: Invalid argument - /proc/self/attr/current ...
After checking the sestatus, it should have been disabled.
$ sestatus SELinux status: disabled
Yet the /selinux directory on the server contained content that would contradict that.
$ ls -alh /selinux/ total 20K drwxr-xr-x 2 root root 4.0K May 11 2011 . drwxr-xr-x 23 root root 4.0K Jul 31 11:27 .. -rw-r--r-- 1 root root 2 Oct 6 2010 enforce
That file should not be there if the selinux is in fact disabled. If all selinux related configurations have been disabled (as verified by sestatus and the selinux config file at /etc/selinux/config) you can safely remove that file.
$ rm -f /selinux/enforce
The Puppet/Facter code would check if that file exists in the /selinux directory – if that does not fully match your selinux config, you can get funky messages as the ones shown above.
- Update: this can also be bug #18429 known to Puppetlabs.