Recent changes to libselinux return selinux == enabled on systems which never used selinux and do not have any selinux tools or configuration for it. The D-Bus daemon fails to start with: dbus-daemon[428]: Failed to set up security class mapping (selinux_set_mapping():Invalid argument). dbus[428]: [system] SELinux enabled but D-Bus initialization failed; check system log It might be caused by: https://github.com/SELinuxProject/selinux/commit/685f4aeeadc0b60f3770404d4f149610d656e3c8 Please return to the former behavior or fine-tune the check. must not return true, when it is not even possible to enable selinux on the machine, but only libselinux is installed by dependencies. Thanks!
The policy type is set to targeted and the mode is set to permissive when a system is running with SELinux enabled kernel (Fedora default) without /etc/selinux/config file or when there's no SELinux kernel command line option. If you don't use SELinux, use 'selinux=0' on kernel command line or 'SELINUX=disabled' in /etc/selinux/config
libselinux will be adjusted to check of existence of /etc/selinux/config file, see [1]. If there's /etc/selinux/config file, it's expected that at least selinux-policy is installed and SELinux is considered as enabled. Without /etc/selinux/config file, is_selinux_enabled() will return false. [1] https://github.com/SELinuxProject/selinux/commit/c08c4eacab8d55598b9e5caaef8a871a7a476cab It's still recommended to use selinux=0 in kernel command line or SELINUX=disabled in /etc/selinux/config when users don't want to use any SELinux policy. It would stop all of the SELinux hook call overhead in the kernel.
libselinux-2.3-10.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/libselinux-2.3-10.fc22
libselinux-2.3-10.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/libselinux-2.3-10.fc21
Package libselinux-2.3-10.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing libselinux-2.3-10.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-8872/libselinux-2.3-10.fc22 then log in and leave karma (feedback).
libselinux-2.3-10.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This change caused a major problem for 23 / Rawhide: since it landed, fresh Rawhide installs from traditional installer images (i.e. boot.iso) are completely broken. See https://bugzilla.redhat.com/show_bug.cgi?id=1243168 .
libselinux-2.3-10.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.