Bug 1046450

Summary: Unable to disable selinux
Product: [Fedora] Fedora Reporter: Dr. Tilmann Bubeck <tilmann>
Component: libselinuxAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 20CC: dominick.grift, dwalsh, gbcox, lvrabec, mgrepl, michele, mstevens
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-28 21:24:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dr. Tilmann Bubeck 2013-12-25 10:54:04 UTC 
Description of problem:
I want to disble SElinux (Yes, I know you want selinux to be enabled...) and used two ways, but all of them were unsuccessfull, so selinux is still enabled.

I tried:

 * SELINUX=disabled in /etc/selinux/config
 * system-config-selinux and select "Disabled".

After a reboot, the system still is enabled:

[root@frodo bubeck]# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          disabled
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28


Version-Release number of selected component (if applicable):
selinux-policy-3.12.1-106.fc20.noarch

How reproducible:
Always

Steps to Reproduce:
1. Install FC20
2. set SELINUX=disabled in /etc/selinux/config
3. reboot
4. check with "sestatus"

Actual results:
SELinux status:                 enabled


Expected results:
SELinux status:                 disabled


Additional info:
Comment 1 Morten Stevens 2013-12-25 14:08:12 UTC 
Same problem here. But the cause is probably libselinux and not selinux-policy.

Description of problem:

Fedora 20 host with selinux disabled

After upgrading to libselinux-2.2.1-4.fc20, selinux will be enabled automatically and can not be disabled with /etc/selinux/config.

Version-Release number of selected component (if applicable):

libselinux-2.2.1-4.fc20

How reproducible:

Steps to Reproduce:
1. Fedora 20 installation
2. Disable selinux via /etc/selinux/config
3. Upgrade to libselinux-2.2.1-4.fc20
4. After rebooting, selinux is enabled

Actual results:

[root@fc20 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          disabled
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

Expected results:

SELinux status:                 disabled
Comment 2 Morten Stevens 2013-12-25 14:19:33 UTC 
Workaround:

1) Edit /etc/default/grub
2) Add selinux=0 to GRUB_CMDLINE_LINUX
3) grub2-mkconfig -o /boot/grub2/grub.cfg
4) reboot and selinux is disabled
Comment 3 Gerald Cox 2013-12-28 18:46:06 UTC 
*** Bug 1047045 has been marked as a duplicate of this bug. ***
Comment 4 Morten Stevens 2013-12-28 21:24:58 UTC 
Please check: https://bugzilla.redhat.com/show_bug.cgi?id=1046470

*** This bug has been marked as a duplicate of bug 1046470 ***