Bug 173598
Summary: | default booleans not in effect after reboot | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Alexandre Oliva <oliva> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-11-30 20:19:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Alexandre Oliva
2005-11-18 15:47:07 UTC
Did you install reference policy and then remove it? If yes could you rm -rf /etc/selinux/targeted/modules? This might be causing init to be confused and think you are running reference policy. Reference policy ignores the booleans file, because it gets compiled into the policy. Dan If you mean selinux-targeted-policy-2.0.0 that hit rawhide a few days ago and was later downgraded, yes, I did. Unfortunately, even after rm -rf /etc/selinux/targeted/modules and a reboot, I still get: getsebool -a | grep nfs nfs_export_all_ro --> inactive nfs_export_all_rw --> inactive nfsd_disable_trans --> inactive use_nfs_home_dirs --> inactive whereas # grep nfs /etc/selinux/targeted/booleans nfs_export_all_ro=1 nfs_export_all_rw=1 use_nfs_home_dirs=0 :-( where is it that these booleans get set up? I could try to debug it from there, but I just can't figure out where they're supposed to be loaded. Thanks, In /etc/selinux/config, remove the # SETLOCALDEFS= Check local definition changes SETLOCALDEFS=0 or set it to 1 See if that fixes it. Thank you very much, that did it. I was about to close this as NOTABUG, but then I thought you might want to take such downgrade cases into account in the reference package (if at all possible) to avoid problems like the one I ran into. |