Red Hat Bugzilla – Bug 121757
system-config-securitylevel displays incorrect selinux status
Last modified: 2007-11-30 17:10:41 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040422
Description of problem:
The status of selinux as reported by the system-config-securitylevel
GUI is not correct. i.e. it is not the same as that reported by
/etc/sysconfig/selinux. I have the latter set to "selinux=disabled"
but when I open the GUI it automatically has selinux set as active
(this can cause problems if I edit the firewall settings and click
save without looking in the selinux tab, as it will save the setting
I have a similar problem with system-config-display, which I have
reported under bug #121756.
many thanks, and I hope you will be able to help me with this problem.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Set selinux to "disabled" in /etc/sysconfig/selinux
2. Open system-config-securitylevel GUI
3. Compare the settings of selinux.
Actual Results: They are not the same.
Expected Results: They should be the same!
I confirm that this happens to me too.
If you set SELinux to "Disabled" and click "OK",
the next time you run system-config-securitylevel,
SELinux is still displayed as "Active"
Oops, adding me to the CC list
More on this: I've recently setup Selinux as "permissive". However
system-config-securitylevel still displays it as "Active"
Even worst is that if Selinux is set to "disabled" in selinux it has
no effect. On reboot dmesg shows Selinux as "Active". I needed to
add "selinux=0" in grub/menu.lst to stop Selinux.
The Current state of SELinux is stored in /etc/sysconfig/selinux. It
should be used as the current value of system-config-securitylevel.
The SELinux widgets were removed for the FC2 final release because we
just didn't have time to get the SELinux bits into usable state. We
will revisit this for FC3.