Bug 181893

Summary: SELinux not re-enabled after relabel
Product: [Fedora] Fedora Reporter: Ville Skyttä <scop>
Component: initscriptsAssignee: Bill Nottingham <notting>
Status: CLOSED RAWHIDE QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: akpm, rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 8.30-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-17 22:04:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ville Skyttä 2006-02-17 16:42:04 UTC 
initscripts-8.29-1 installed, did this:

    #SELINUX=enforcing in /etc/selinux/config
    touch /.autorelabel
    reboot

After relabeling during boot, got an error message involving "echo" and line 74
in /etc/rc.sysinit, saying IIRC "invalid argument".  After that when the bootup
finished, I noticed that SELinux was not in enforcing mode (implicitly, because
X started fine, see bug 179656).  Line 74 is:

    echo $SELINUX > $selinuxfs/enforce

Many things in /etc/rc.sysinit do [ -n "$SELINUX" ] tests before doing stuff,
maybe that should be done in relabel_selinux() too?
Comment 1 Bill Nottingham 2006-02-17 19:29:12 UTC 
...

if [ -n "$SELINUX" ]; then
    if [ -f /.autorelabel ] || strstr "$cmdline" autorelabel ; then
        relabel_selinux
    fi
...
So it should be set.
Comment 2 Ville Skyttä 2006-02-17 21:17:00 UTC 
Hm, indeed, so it's not unset.  But hey, look what happens in relabel_selinux():

    . /etc/selinux/config # note: results in SELINUX=enforcing
    [...]
    echo "0" > $selinuxfs/enforce
    [...]
    echo $SELINUX > $selinuxfs/enforce

...and testing that from the console:

    # echo enforcing > /selinux/enforce
    bash: echo: write error: Invalid argument
Comment 3 Bill Nottingham 2006-02-17 21:23:07 UTC 
Haha.

See a few lines above:

    . /etc/selinux/config

Read that file. I suppose we need to pick a different variable in rc.sysinit.
Comment 4 Ville Skyttä 2006-02-17 22:01:32 UTC 
Yes, that's what I implied in comment 2 ;)
Comment 5 Bill Nottingham 2006-02-17 22:04:24 UTC 
OK, I'm blind today. Sorry.

Fixed in CVS, will show up eventually.
Comment 6 Bill Nottingham 2006-02-22 17:57:30 UTC 
*** Bug 182409 has been marked as a duplicate of this bug. ***