From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Epiphany/1.7.1 Description of problem: # man selinuxenabled selinuxenabled Indicates whether SELinux is enabled or disabled. It exits with status 0 if SELinux is enabled and -256 if it is not enabled. # selinuxenabled ; echo $? 1 So is it enabled or not? No idea. # tail -1 /var/log/messages Jun 27 19:16:18 localhost kernel: audit(1119892478.300:16): user pid=2279 uid=500 auid=4464967295 msg='PAM setcred: user=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 result=Success)' Guess it is. # grep disabled /etc/selinux/config # disabled - SELinux is fully disabled. SELINUX=disabled What's going on?! Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: x Additional info: Xen is unusable because of this.
SELinux is not enabled. The setcred line comes from Auditing I believe.
(In reply to comment #1) > SELinux is not enabled. Then surely selinuxenabled is broken then? It's behaviour doesn't match the documentation.
I would say it another way. The documentation is broken. What the docs should say is selinuxenabled exits with 0 status if it can determine if SELinux is enabled, non-zero otherwise.
Okay. Do you want a new bug for that, or is this one okay?
I will change this to an selinux-doc bug
Fixing the manual page should resolve this documentation bug, right? If you fix the man page, there isn't a reason for an FAQ entry.
Not sure if you're asking me, but if you are, yes it will fix the bug. I've noticed that something is writing "SELINUX=Disabled" instead of "SELINUX=disabled" in the /etc/selinux/config file.
The reason for my question, I was determining where the documentation fix needs to land, in the developer docs (man pages) or user docs (FAQ, release notes, etc.). In my experience, the capitalized "Disabled" is written by system-config-securitylevel when you use it to change any configuration. I don't think it matters, although the inconsistency is a distraction.
Fixed in system-config-securitylevel-1.5.11 It is a developer fix. It was in man pages. "Disabled" was fixed in securitylevel.
Thanks for the version info, and the fix. The update doesn't seem to have come through yet, so will wait a bit.
The update hasn't come through, it's been two weeks. Is it due?
This is still broken.
The fix was made available in an updated s-c-securitylevel package for Rawhide, not as an FC4 update.