Red Hat Bugzilla – Bug 154121
selinux policy is (wrongly) set to enforcing
Last modified: 2007-11-30 17:07:17 EST
Description of problem: If one drops system-config-securitylevel-tui from %%packages and the selinux parameter is set to --disabled (or anything, really) the install is completes but selinux is set to enforcing. It seems like anaconda calls /usr/sbin/lokkit to set the selinux level and policy to be used. An error (which scrolls by really fast) is printed out on vty 5. It would be nice if for RHEL4 U1 system-config-securitylevel-tui was pulled as a dependency every time, I spent a 3-4 hours chasing this down. :> How reproducible: Always Steps to Reproduce: Create a kickstart file specifying "selinux --disabled" and mark system-config-securitylevel-tui as a non-installable package in %%packages. Thanks. :-)
The problem is that people also want to not have to install system-config-securitylevel-tui. And it's not practical to replicate the setup (especially as it changes over time). Not installing system-config-securitylevel-tui is like not installing authconfig or shadow-utils or a utility like that.
Yeah, I know. I'm one of those people who do not want system-config-securitylevel-tui around. But the point was that if you install w/o it the policy gets set to enforcing no matter what you specify in the kickstart config.