2.6.5-1.349 ignores selinux=0
Stephen Smalley
sds at epoch.ncsc.mil
Tue May 4 15:07:23 UTC 2004
On Tue, 2004-05-04 at 10:52, Zach Wilkinson wrote:
> I just yum updated to kernel-2.6.5-1.349 and when I boot now I get
> SELinux initializing messages and lots of denied messages.
> However, my grub.conf still shows selinux=0 that I've had in there for
> a while now.
> Is that no longer an acceptable option?
Interesting - the CONFIG_SECURITY_SELINUX_BOOTPARAM option is not set in
the kernel configuration in the corresponding kernel SRPM, so the
selinux=0 support is disabled.
Try setting SELINUX=disabled in /etc/sysconfig/selinux. With the latest
SysVinit and kernel, that will use the new SELinux runtime disable
support to truly disable SELinux, as opposed to the older behavior where
it left SELinux in permissive/no-policy mode.
However, I would think that they would retain the selinux=0 option as
well, if only to avoid breaking people who were using it previously.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the test
mailing list