Red Hat Bugzilla – Bug 161839
selinux won't go away
Last modified: 2007-11-30 17:11:09 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Epiphany/1.7.1
Description of problem:
# man selinuxenabled
selinuxenabled Indicates whether SELinux is enabled or disabled. It
exits with status 0 if SELinux is enabled and -256 if it is not
# selinuxenabled ; echo $?
So is it enabled or not? No idea.
# tail -1 /var/log/messages
Jun 27 19:16:18 localhost kernel: audit(1119892478.300:16): user pid=2279 uid=500 auid=4464967295 msg='PAM setcred: user=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 result=Success)'
Guess it is.
# grep disabled /etc/selinux/config
# disabled - SELinux is fully disabled.
What's going on?!
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Xen is unusable because of this.
SELinux is not enabled.
The setcred line comes from Auditing I believe.
(In reply to comment #1)
> SELinux is not enabled.
Then surely selinuxenabled is broken then? It's behaviour doesn't match the
I would say it another way. The documentation is broken. What the docs should
selinuxenabled exits with 0 status if it can determine if SELinux is enabled,
Okay. Do you want a new bug for that, or is this one okay?
I will change this to an selinux-doc bug
Fixing the manual page should resolve this documentation bug, right? If you fix
the man page, there isn't a reason for an FAQ entry.
Not sure if you're asking me, but if you are, yes it will fix the bug.
I've noticed that something is writing "SELINUX=Disabled" instead of
"SELINUX=disabled" in the /etc/selinux/config file.
The reason for my question, I was determining where the documentation fix needs
to land, in the developer docs (man pages) or user docs (FAQ, release notes, etc.).
In my experience, the capitalized "Disabled" is written by
system-config-securitylevel when you use it to change any configuration. I
don't think it matters, although the inconsistency is a distraction.
Fixed in system-config-securitylevel-1.5.11
It is a developer fix. It was in man pages. "Disabled" was fixed in securitylevel.
Thanks for the version info, and the fix. The update doesn't seem to have come
through yet, so will wait a bit.
The update hasn't come through, it's been two weeks. Is it due?
This is still broken.
The fix was made available in an updated s-c-securitylevel package for Rawhide,
not as an FC4 update.