fedup and selinux

Chris Murphy lists at colorremedies.com
Tue Dec 24 19:13:33 UTC 2013

On Dec 24, 2013, at 11:52 AM, Rick Stevens <ricks at alldigital.com> wrote:
> As I said, I don't have examples but the OP on this thread ran into the
> same thing I've hit in the past. He went from permissive to disabled and
> it worked. I'm just saying that permissive is not the same thing as
> disabled.

Ok no, that's not what happened to the OP at all as I explained earlier. His system booted in enforcing, and it was while it was enforcing that he got the denial prior to the fedup upgrade process changing to enforcing=0. He solved this problem by selinux=0 rather than enforcing=0.

Prior versions of fedup placed enforcing=0 as a boot parameter so it would have been permissive from the get go and would have avoided this problem, as most likely would a relabel prior to rebooting in the upgrade environment. Rebooting with selinux actually disabled for an upgrade is really not a good idea because as the new rpms are written, none of those installed bits will have the proper labeling.

Chris Murphy

More information about the users mailing list