2.6.5-1.349 ignores selinux=0

Zach Wilkinson zachw at termdex.com
Tue May 4 15:30:47 UTC 2004


I didn't have /etc/sysconfig/selinux so I created it and put in the one line
SELINUX=disable.
I also changed grub.conf to selinux=disable from selinux=0.
Neither of these changes made any difference. SELinux still reports
"completing initialization" on boot and I still get tons of audit: avc:
denied messages.
up2date says I'm current.

Glad I kept 332 around.

----- Original Message ----- 
From: "Stephen Smalley" <sds at epoch.ncsc.mil>
To: "For testers of Fedora Core development releases"
<fedora-test-list at redhat.com>
Cc: "James Morris" <jmorris at redhat.com>
Sent: Tuesday, May 04, 2004 11:07 AM
Subject: Re: 2.6.5-1.349 ignores selinux=0


> On Tue, 2004-05-04 at 10:52, Zach Wilkinson wrote:
> > I just yum updated to kernel-2.6.5-1.349 and when I boot now I get
> > SELinux initializing messages and lots of denied messages.
> > However, my grub.conf still shows selinux=0 that I've had in there for
> > a while now.
> > Is that no longer an acceptable option?
>
> Interesting - the CONFIG_SECURITY_SELINUX_BOOTPARAM option is not set in
> the kernel configuration in the corresponding kernel SRPM, so the
> selinux=0 support is disabled.
>
> Try setting SELINUX=disabled in /etc/sysconfig/selinux.  With the latest
> SysVinit and kernel, that will use the new SELinux runtime disable
> support to truly disable SELinux, as opposed to the older behavior where
> it left SELinux in permissive/no-policy mode.
>
> However, I would think that they would retain the selinux=0 option as
> well, if only to avoid breaking people who were using it previously.
>
> -- 
> Stephen Smalley <sds at epoch.ncsc.mil>
> National Security Agency
>
>
> -- 
> fedora-test-list mailing list
> fedora-test-list at redhat.com
> To unsubscribe:
> http://www.redhat.com/mailman/listinfo/fedora-test-list
>





More information about the fedora-test-list mailing list