This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 173598 - default booleans not in effect after reboot
default booleans not in effect after reboot
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-18 10:47 EST by Alexandre Oliva
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-11-30 15:19:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Alexandre Oliva 2005-11-18 10:47:07 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8) Gecko/20051103 Fedora/1.5-0.5.0.rc1 Firefox/1.5

Description of problem:
Boolean defaults defined in /etc/selinux/targeted/booleans are not in effect when the system is brought up.  An NFS server, for example, won't let clients access mount points, because nfs_export_all_* are not enabled.  As soon as I run 

setsebool $(grep -v ^# /etc/selinux/targeted/booleans )

everything starts working as expected (modulo other known policy bugs :-)

I don't even have a booleans.local file, so that's not it.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.27.2-19

How reproducible:
Always

Steps to Reproduce:
1.Boot up
2.Check whether the default booleans are set

Actual Results:  They are not

Expected Results:  They should be

Additional info:
Comment 1 Daniel Walsh 2005-11-18 11:50:01 EST
Did you install reference policy and then remove it?  If yes could you 
rm -rf /etc/selinux/targeted/modules?

This might be causing init to be confused and think you are running reference
policy.  Reference policy ignores the booleans file, because it gets compiled
into the policy.

Dan
Comment 2 Alexandre Oliva 2005-11-18 12:52:45 EST
If you mean selinux-targeted-policy-2.0.0 that hit rawhide a few days ago and
was later downgraded, yes, I did.  Unfortunately, even after rm -rf
/etc/selinux/targeted/modules and a reboot, I still get:

getsebool -a | grep nfs
nfs_export_all_ro --> inactive
nfs_export_all_rw --> inactive
nfsd_disable_trans --> inactive
use_nfs_home_dirs --> inactive

whereas 

# grep nfs /etc/selinux/targeted/booleans
nfs_export_all_ro=1
nfs_export_all_rw=1
use_nfs_home_dirs=0

:-(

where is it that these booleans get set up?  I could try to debug it from there,
but I just can't figure out where they're supposed to be loaded.  Thanks,
Comment 3 Daniel Walsh 2005-11-18 13:26:33 EST
In /etc/selinux/config, remove the
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

or set it to 1

See if that fixes it.
Comment 4 Alexandre Oliva 2005-11-18 21:01:21 EST
Thank you very much, that did it.

I was about to close this as NOTABUG, but then I thought you might want to take
such downgrade cases into account in the reference package (if at all possible)
to avoid problems like the one I ran into.

Note You need to log in before you can comment on or make changes to this bug.