enforcing reset to disabled on update
Daniel J Walsh
dwalsh at redhat.com
Mon May 1 21:15:27 UTC 2006
Tom London wrote:
> On 4/27/06, Tom London <selinux at gmail.com> wrote:
>> I can verify this. I separately updated to today's 'selinux-policy*'
>> packages, and check /etc/selinux/config before and afterwards.
>> Before:
>> SELINUX=enforcing
>> Afterwards
>> SELINUX=disabled
>>
>> tom
> Could the offending script be the postuninstall script of selinux-policy:
>
The problem was in the preceding policy package that did not have the if
[ $1 = 0]; then
Call so when it got updated this code executed. IE the spec file
thought it was being updated. The newer policy packages should handle
this correctly.
> postuninstall scriptlet (using /bin/sh):
> if [ $1 = 0 ]; then
> setenforce 0 2> /dev/null
> if [ ! -s /etc/selinux/config ]; then
> echo "SELINUX=disabled" > /etc/selinux/config
> else
> sed -i 's/^SELINUX=.*/SELINUX=disabled/g'
> /etc/selinux/config
> fi
> fi
>
> I also noticed that after the 'yum update', my system was in
> permissive mode....
>
> tom
> --
> Tom London
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list