Red Hat Bugzilla – Bug 121757
system-config-securitylevel displays incorrect selinux status
Last modified: 2007-11-30 17:10:41 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040422 Description of problem: The status of selinux as reported by the system-config-securitylevel GUI is not correct. i.e. it is not the same as that reported by /etc/sysconfig/selinux. I have the latter set to "selinux=disabled" but when I open the GUI it automatically has selinux set as active (this can cause problems if I edit the firewall settings and click save without looking in the selinux tab, as it will save the setting to "active"). I have a similar problem with system-config-display, which I have reported under bug #121756. many thanks, and I hope you will be able to help me with this problem. Version-Release number of selected component (if applicable): system-config-securitylevel-1.3.11-1 How reproducible: Always Steps to Reproduce: 1. Set selinux to "disabled" in /etc/sysconfig/selinux 2. Open system-config-securitylevel GUI 3. Compare the settings of selinux. Actual Results: They are not the same. Expected Results: They should be the same! Additional info:
I confirm that this happens to me too. If you set SELinux to "Disabled" and click "OK", the next time you run system-config-securitylevel, SELinux is still displayed as "Active"
Oops, adding me to the CC list
More on this: I've recently setup Selinux as "permissive". However system-config-securitylevel still displays it as "Active"
Even worst is that if Selinux is set to "disabled" in selinux it has no effect. On reboot dmesg shows Selinux as "Active". I needed to add "selinux=0" in grub/menu.lst to stop Selinux.
The Current state of SELinux is stored in /etc/sysconfig/selinux. It should be used as the current value of system-config-securitylevel.
The SELinux widgets were removed for the FC2 final release because we just didn't have time to get the SELinux bits into usable state. We will revisit this for FC3.