161839 – selinux won't go away

Bug 161839 - selinux won't go away

Summary: selinux won't go away

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	system-config-securitylevel
Sub Component:
Version:	4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Chris Lumens
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-06-27 17:20 UTC by Need Real Name
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-09-29 17:31:13 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Need Real Name 2005-06-27 17:20:01 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Epiphany/1.7.1

Description of problem:
# man selinuxenabled
       selinuxenabled Indicates whether SELinux is  enabled  or  disabled.  It
       exits  with  status  0  if  SELinux  is  enabled  and -256 if it is not
       enabled.
# selinuxenabled ; echo $?
1

So is it enabled or not? No idea.

# tail -1 /var/log/messages
Jun 27 19:16:18 localhost kernel: audit(1119892478.300:16): user pid=2279 uid=500 auid=4464967295 msg='PAM setcred: user=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 result=Success)'

Guess it is.

# grep disabled /etc/selinux/config
#       disabled - SELinux is fully disabled.
SELINUX=disabled

What's going on?!

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
x

Additional info:

Xen is unusable because of this.

Comment 1 Daniel Walsh 2005-06-29 15:31:21 UTC

SELinux is not enabled.

The setcred line comes from Auditing I believe.

Comment 2 Need Real Name 2005-06-29 15:52:36 UTC

(In reply to comment #1)
> SELinux is not enabled.

Then surely selinuxenabled is broken then? It's behaviour doesn't match the
documentation.

Comment 3 Daniel Walsh 2005-06-29 16:05:58 UTC

I would say it another way.  The documentation is broken.  What the docs should
say is

selinuxenabled exits with 0 status if it can determine if SELinux is enabled,
non-zero otherwise.

Comment 4 Need Real Name 2005-06-29 17:29:25 UTC

Okay. Do you want a new bug for that, or is this one okay?

Comment 5 Daniel Walsh 2005-06-29 17:33:21 UTC

I will change this to an selinux-doc bug

Comment 6 Karsten Wade 2005-06-29 19:53:33 UTC

Fixing the manual page should resolve this documentation bug, right?  If you fix
the man page, there isn't a reason for an FAQ entry.

Comment 7 Need Real Name 2005-07-01 20:09:23 UTC

Not sure if you're asking me, but if you are, yes it will fix the bug.

I've noticed that something is writing "SELINUX=Disabled" instead of
"SELINUX=disabled" in the /etc/selinux/config file.

Comment 8 Karsten Wade 2005-07-01 21:47:54 UTC

The reason for my question, I was determining where the documentation fix needs
to land, in the developer docs (man pages) or user docs (FAQ, release notes, etc.).

In my experience, the capitalized "Disabled" is written by
system-config-securitylevel when you use it to change any configuration.  I
don't think it matters, although the inconsistency is a distraction.

Comment 9 Daniel Walsh 2005-07-11 18:18:18 UTC

Fixed in system-config-securitylevel-1.5.11

It is a developer fix.  It was in man pages.  "Disabled" was fixed in securitylevel.

Comment 10 Need Real Name 2005-07-15 12:56:54 UTC

Thanks for the version info, and the fix. The update doesn't seem to have come
through yet, so will wait a bit.

Comment 11 Need Real Name 2005-07-29 13:20:54 UTC

The update hasn't come through, it's been two weeks. Is it due?

Comment 12 Need Real Name 2005-08-31 12:37:38 UTC

This is still broken.

Comment 13 Chris Lumens 2005-09-29 17:31:13 UTC

The fix was made available in an updated s-c-securitylevel package for Rawhide,
not as an FC4 update.

Note You need to log in before you can comment on or make changes to this bug.