154121 – selinux policy is (wrongly) set to enforcing

Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.

Bug 154121 - selinux policy is (wrongly) set to enforcing

Summary: selinux policy is (wrongly) set to enforcing

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	anaconda
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Anaconda Maintenance Team
QA Contact:	Mike McLean
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-04-07 16:54 UTC by Kaj J. Niemi
Modified:	2007-11-30 22:07 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-04-12 17:42:04 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Kaj J. Niemi 2005-04-07 16:54:50 UTC

Description of problem:
If one drops system-config-securitylevel-tui from %%packages and the selinux
parameter is set to --disabled (or anything, really) the install is completes
but selinux is set to enforcing.

It seems like anaconda calls /usr/sbin/lokkit to set the selinux level and
policy to be used. An error (which scrolls by really fast) is printed out on vty 5.

It would be nice if for RHEL4 U1 system-config-securitylevel-tui was pulled as a
dependency every time, I spent a 3-4 hours chasing this down. :>

How reproducible:
Always

Steps to Reproduce:
Create a kickstart file specifying "selinux --disabled"
and mark system-config-securitylevel-tui as a non-installable package in %%packages.


Thanks. :-)

Comment 1 Jeremy Katz 2005-04-12 17:42:04 UTC

The problem is that people also want to not have to install
system-config-securitylevel-tui.  And it's not practical to replicate the setup
(especially as it changes over time).

Not installing system-config-securitylevel-tui is like not installing authconfig
or shadow-utils or a utility like that.

Comment 2 Kaj J. Niemi 2005-04-12 17:53:19 UTC

Yeah, I know. I'm one of those people who do not want
system-config-securitylevel-tui around. But the point was that if you install
w/o it the policy gets set to enforcing no matter what you specify in the
kickstart config.

Note You need to log in before you can comment on or make changes to this bug.