Bug 1047045

Summary: F20 - Kernel update turns on SELINUX - Cannot deactivate
Product: [Fedora] Fedora Reporter: Gerald Cox <gbcox>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 20CC: gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-28 18:46:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gerald Cox 2013-12-28 17:26:47 UTC 
Description of problem:

Installed kernel in updates-testing repository.  After installation, filesystem was relabeled with SELINUX enabled even though selinux config specifies disabled.  As you can see from the sestatus command, SELinux shows enabled while mode from config file is disabled.  I tried rebooting to previous kernel, but can't turn it off now.    

/usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          disabled
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
 


Version-Release number of selected component (if applicable):
kernel-3.12.6-300.fc20


How reproducible:
Install kernel-3.12.6-300.fc20


Steps to Reproduce:
1.  dnf upgrade --enablerepo=updates-testing kernel*


Actual results:
SELinux enabled, even though configuration indicates disabled


Expected results:
SELinux configuration file determines whether or not SELinux is enabled

Additional info:
Comment 1 Gerald Cox 2013-12-28 18:46:06 UTC 

*** This bug has been marked as a duplicate of bug 1046450 ***