Bug 161839 - selinux won't go away
selinux won't go away
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel (Show other bugs)
4
All Linux
medium Severity high
: ---
: ---
Assigned To: Chris Lumens
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-27 13:20 EDT by Need Real Name
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-29 13:31:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2005-06-27 13:20:01 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Epiphany/1.7.1

Description of problem:
# man selinuxenabled
       selinuxenabled Indicates whether SELinux is  enabled  or  disabled.  It
       exits  with  status  0  if  SELinux  is  enabled  and -256 if it is not
       enabled.
# selinuxenabled ; echo $?
1

So is it enabled or not? No idea.

# tail -1 /var/log/messages
Jun 27 19:16:18 localhost kernel: audit(1119892478.300:16): user pid=2279 uid=500 auid=4464967295 msg='PAM setcred: user=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 result=Success)'

Guess it is.

# grep disabled /etc/selinux/config
#       disabled - SELinux is fully disabled.
SELINUX=disabled

What's going on?!

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
x

Additional info:

Xen is unusable because of this.
Comment 1 Daniel Walsh 2005-06-29 11:31:21 EDT
SELinux is not enabled.

The setcred line comes from Auditing I believe.
Comment 2 Need Real Name 2005-06-29 11:52:36 EDT
(In reply to comment #1)
> SELinux is not enabled.

Then surely selinuxenabled is broken then? It's behaviour doesn't match the
documentation.
Comment 3 Daniel Walsh 2005-06-29 12:05:58 EDT
I would say it another way.  The documentation is broken.  What the docs should
say is

selinuxenabled exits with 0 status if it can determine if SELinux is enabled,
non-zero otherwise.

Comment 4 Need Real Name 2005-06-29 13:29:25 EDT
Okay. Do you want a new bug for that, or is this one okay?
Comment 5 Daniel Walsh 2005-06-29 13:33:21 EDT
I will change this to an selinux-doc bug
Comment 6 Karsten Wade 2005-06-29 15:53:33 EDT
Fixing the manual page should resolve this documentation bug, right?  If you fix
the man page, there isn't a reason for an FAQ entry.
Comment 7 Need Real Name 2005-07-01 16:09:23 EDT
Not sure if you're asking me, but if you are, yes it will fix the bug.

I've noticed that something is writing "SELINUX=Disabled" instead of
"SELINUX=disabled" in the /etc/selinux/config file.
Comment 8 Karsten Wade 2005-07-01 17:47:54 EDT
The reason for my question, I was determining where the documentation fix needs
to land, in the developer docs (man pages) or user docs (FAQ, release notes, etc.).

In my experience, the capitalized "Disabled" is written by
system-config-securitylevel when you use it to change any configuration.  I
don't think it matters, although the inconsistency is a distraction.
Comment 9 Daniel Walsh 2005-07-11 14:18:18 EDT
Fixed in system-config-securitylevel-1.5.11

It is a developer fix.  It was in man pages.  "Disabled" was fixed in securitylevel.
Comment 10 Need Real Name 2005-07-15 08:56:54 EDT
Thanks for the version info, and the fix. The update doesn't seem to have come
through yet, so will wait a bit.
Comment 11 Need Real Name 2005-07-29 09:20:54 EDT
The update hasn't come through, it's been two weeks. Is it due?
Comment 12 Need Real Name 2005-08-31 08:37:38 EDT
This is still broken.
Comment 13 Chris Lumens 2005-09-29 13:31:13 EDT
The fix was made available in an updated s-c-securitylevel package for Rawhide,
not as an FC4 update.

Note You need to log in before you can comment on or make changes to this bug.