Bug 1258569 – anaconda interprets 'selinux=0' parameter incorrectly

Bug 1258569 - anaconda interprets 'selinux=0' parameter incorrectly

Summary:	anaconda interprets 'selinux=0' parameter incorrectly

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	anaconda (Show other bugs)
Sub Component:
Version:	23
Hardware:	x86_64 Linux

Priority	unspecified Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	David Shea
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:	RejectedBlocker
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2015-08-31 12:21 EDT by A.J. Werkman
Modified:	2015-11-02 10:37 EST (History)
CC List:	7 users (show)

See Also:
Fixed In Version:	anaconda-24.5-1
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-11-02 10:37:37 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description A.J. Werkman 2015-08-31 12:21:07 EDT

Description of problem:
selinux directive on the commandline and in kickstart file is not honoured.

Version-Release number of selected component (if applicable):
23_Beta_TC1 Server Product

How reproducible:
Everytime

Steps to Reproduce:
1. Prepare a kickstart file with a line 'selinux --disabled'.
2. Boot using kickstart file and selinux=0 on the commandline and install the system
3. On the installed system inspect /etc/selinux/config file and see that the policy is enforcing.

Actual results:
SElinux policy is enforcing

Expected results:
SElinux policy is disabled

Additional info:

Comment 1 A.J. Werkman 2015-09-10 14:24:16 EDT

This is a blocker by the Alpha criterion:

SELinux configuration

Unless explicitly specified otherwise, after system installation SELinux must be enabled and in enforcing mode.


As selinux is not changed if explicitly specified otherwise.

Comment 2 David Shea 2015-09-10 14:28:02 EDT

The problem is that selinux=0 is being interpreted as the same as a bare "selinux", i.e., enable selinux. It's also worth noting that this is not new behavior.

Comment 3 A.J. Werkman 2015-09-10 15:21:31 EDT

How would you disable selinux from the command line then?

But anyhowe also the selinux --disable line in a kickstart file does not disable selinux.

Comment 4 David Shea 2015-09-10 15:22:13 EDT

Command line overrides kickstart. On the command line you can use noselinux.

Comment 5 Adam Williamson 2015-09-14 11:38:18 EDT

A.J.: can you confirm that just using the kickstart and not the CLI parameter works? And that using the correct CLI parameter also works? Thanks.

Comment 6 Adam Williamson 2015-09-14 12:59:29 EDT

Discussed at 2015-09-14 blocker review meeting: https://meetbot-raw.fedoraproject.org/fedora-blocker-review/2015-09-14/f23-blocker-review.2015-09-14-16.00.log.txt . Rejected as a blocker: it seems clear that the only thing here that's really a 'bug' is that anaconda doesn't interpret 'selinux=0' as expected, which is unfortunate but we agreed does not violate the criterion.

FWIW the criterion was actually only intended to require that in a 'normal' install, SELinux must be enabled. It wasn't intended to require that it be possible to disable SELinux via the installer, though I admit the wording turned out somewhat ambiguous. In any case, it seems clear that it *is* certainly possible to disable via the installer, A.J. just ran into an unfortunate corner case.

Comment 7 A.J. Werkman 2015-09-14 16:39:38 EDT

Kickstart works without the CLI parameter.

Using noselinux parameter on the commandline also works.

Comment 8 Adam Williamson 2015-09-14 17:31:23 EDT

OK, so updating the description. Thanks!

Comment 9 David Shea 2015-10-16 17:02:09 EDT

https://github.com/rhinstaller/anaconda/pull/413

Note You need to log in before you can comment on or make changes to this bug.