Fedora 14 does not respect /etc/sysconfig/selinux?
Eric Warnke
ewarnke at albany.edu
Wed May 11 14:31:52 UTC 2011
I have a number of testing systems installed with Fedora 14. They were
installed with the minimal profile, have no 3rd party repositories or
rpm's installed, are fully up-to-date, and were exhibiting some strange
behavior with the corosync/pacemaker packages.
The problems with corosync are a direct result of the system not
respecting the /etc/sysconfog/selinux directives. I have attached some
sessions below to show the errant behavior.
Boot 1:
[root at tiny ~]# uptime
08:30:43 up 0 min, 1 user, load average: 0.15, 0.06, 0.02
[root at tiny ~]# getenforce
Enforcing
[root at tiny ~]# more /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Boot 2:
[root at tiny ~]# uptime
08:33:01 up 0 min, 1 user, load average: 0.30, 0.06, 0.02
[root at tiny ~]# getenforce
Enforcing
[root at tiny ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
After a call to setenforce 0
[root at tiny ~]# getenforce
Permissive
As you can clearly see the SELINUX directive is being ignored during boot.
I have had to move startup of the affected packages to /etc/rc.local
after a call to setenforce 0.
Cheers,
Eric Warnke
Research IT Group
SUNY at Albany
More information about the selinux
mailing list