Bug 477059
Summary: | ipa-server-install generates /etc/selinux/config, kernel panics on reboot when no selinux was previously installed | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Seva <seva> |
Component: | anaconda | Assignee: | Anaconda Maintenance Team <anaconda-maint-list> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | anaconda-maint-list, dpal, dwalsh, eparis, jgranado, sgallagh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-01-20 18:36:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Seva
2008-12-18 21:21:38 UTC
What kernel are you running? User reports its 2.6.27.7-134.fc10.x86_64. Additionally, this host is running as Xen DomU. The real questions are a) why did you delete /etc/selinux/config? you're supposed to set SELINUX=disabled if you want to disable selinux, not delete the config file b) what is actually creating the new config file. I've no problem with it being created, but if it didn't already exist it certainly shouldn't be creating the new file with SELINUX=enforcing, which is what must have happened to get a panic... Can you help explain how you went about "removing" selinux so I can try to figure out how it got out of whack? In any case your best fix it to put the config file back with the info telling the system to disable selinux. (The reporter is apparently unable to comment in BZ) a. I didn't delete it, it was never created, the kickstart contains: selinux --disabled And under %packages I have -selinux-policy -selinux-policy-targeted b. ipa-server-install script. c. Actually the problem might be that selinux stuff was pulled in by yum as a dependency of ipa-server and /etc/selinux/config was created at that point, I also have "selinux=0" in grub.conf ************* So I guess we really want to stop pulling selinux-policy in on people? Maybe? Dan? I guess this is really an anaconda problem. selinux-policy package sets up the /etc/selinux/config file when it gets installed, it is pulled in by the ipa packages, in order for them to install their policy. anaconda should really execute a # lokkit --selinux=disabled When the user specifies that selinux is disabled, this would create the /etc/selinux/config file with the appropriate flags, and selinux-policy would not override. Surprised this has never happened before. Please retest this with F12 Alpha and if you're still seeing the problem, attach /tmp/program.log to this bug report so we can see how lokkit was run. anaconda certainly does know how to run lokkit to disable selinux. This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle. Changing version to '12'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping |