Bug 181893 - SELinux not re-enabled after relabel
SELinux not re-enabled after relabel
Product: Fedora
Classification: Fedora
Component: initscripts (Show other bugs)
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Brock Organ
: 182409 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2006-02-17 11:42 EST by Ville Skyttä
Modified: 2014-03-16 22:58 EDT (History)
2 users (show)

See Also:
Fixed In Version: 8.30-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-02-17 17:04:24 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ville Skyttä 2006-02-17 11:42:04 EST
initscripts-8.29-1 installed, did this:

    #SELINUX=enforcing in /etc/selinux/config
    touch /.autorelabel

After relabeling during boot, got an error message involving "echo" and line 74
in /etc/rc.sysinit, saying IIRC "invalid argument".  After that when the bootup
finished, I noticed that SELinux was not in enforcing mode (implicitly, because
X started fine, see bug 179656).  Line 74 is:

    echo $SELINUX > $selinuxfs/enforce

Many things in /etc/rc.sysinit do [ -n "$SELINUX" ] tests before doing stuff,
maybe that should be done in relabel_selinux() too?
Comment 1 Bill Nottingham 2006-02-17 14:29:12 EST

if [ -n "$SELINUX" ]; then
    if [ -f /.autorelabel ] || strstr "$cmdline" autorelabel ; then
So it should be set.
Comment 2 Ville Skyttä 2006-02-17 16:17:00 EST
Hm, indeed, so it's not unset.  But hey, look what happens in relabel_selinux():

    . /etc/selinux/config # note: results in SELINUX=enforcing
    echo "0" > $selinuxfs/enforce
    echo $SELINUX > $selinuxfs/enforce

...and testing that from the console:

    # echo enforcing > /selinux/enforce
    bash: echo: write error: Invalid argument
Comment 3 Bill Nottingham 2006-02-17 16:23:07 EST

See a few lines above:

    . /etc/selinux/config

Read that file. I suppose we need to pick a different variable in rc.sysinit.
Comment 4 Ville Skyttä 2006-02-17 17:01:32 EST
Yes, that's what I implied in comment 2 ;)
Comment 5 Bill Nottingham 2006-02-17 17:04:24 EST
OK, I'm blind today. Sorry.

Fixed in CVS, will show up eventually.
Comment 6 Bill Nottingham 2006-02-22 12:57:30 EST
*** Bug 182409 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.