Bug 209372

Summary: enforce value on runtime system changed BEFORE updating /etc/sysconfig/selinux
Product: [Fedora] Fedora Reporter: Gene Czarcinski <gczarcinski>
Component: system-config-securitylevelAssignee: Chris Lumens <clumens>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-19 18:02:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gene Czarcinski 2006-10-04 21:39:25 UTC 
Description of problem:

If you have switched to a new policy (e.g., from targeted to mls) and then the
system does not work with that policy, the solution is to reboot with
enforcing=0 and than change the policy back (e.g., from mls to targeted).

Since I normally run with targeted/enforcing (not permissive), I just changed
the policy.  But, the tool appears to change the runtime value of
/selinux/enforce BEFORE it changes /etc/sysconfig/selinux

Solution: change /etc/sysconfig/selinux file first.

Better Solution: make changing the value of SELINUX in the file a separate and
distict action from changing the runtime system
Comment 1 Chris Lumens 2006-10-19 18:02:21 UTC 
Changed to write the config file before setting/unsetting enforcing.  The new
order of things on save is:  write config, change enforcing mode, touch
/.autorelabel if required, save modifiers.  Thanks for the bug report.  Might
make an FC6 update for this.