enforcing reset to disabled on update
Tom London
selinux at gmail.com
Thu Apr 27 13:57:14 UTC 2006
On 4/27/06, Tom London <selinux at gmail.com> wrote:
> I can verify this. I separately updated to today's 'selinux-policy*'
> packages, and check /etc/selinux/config before and afterwards.
> Before:
> SELINUX=enforcing
> Afterwards
> SELINUX=disabled
>
> tom
Could the offending script be the postuninstall script of selinux-policy:
postuninstall scriptlet (using /bin/sh):
if [ $1 = 0 ]; then
setenforce 0 2> /dev/null
if [ ! -s /etc/selinux/config ]; then
echo "SELINUX=disabled" > /etc/selinux/config
else
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
fi
fi
I also noticed that after the 'yum update', my system was in permissive mode....
tom
--
Tom London
More information about the fedora-selinux-list
mailing list