Red Hat Bugzilla – Bug 208772
libselinux keeps "passwd -d username" not working in kickstart %post script
Last modified: 2007-11-30 17:11:44 EST
Description of problem:
A kickstart "%post" script executes "passwd -d username" and fails
if selinux is disabled. Strace shows that selinux is not only reading
/etc/sysconfig/selinux, but also /proc/mounts and other files instead
of continuing normally with selinux disabled.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Are you sure this is an SELinux problem. is_selinux_enabled() is attempting to
check the /proc/mounts to see if it is enabled. is_selinux_enabled() will
return 0 if it not enabled, or -1 if it can't tell. The passwd code looks to
correctly handle the code if is_selinux_enabled() does not return > 0. So I
don't think this is an SELinux error. Changing to passwd.
passwd-0.73 should now correctly proceed when is_selinux_enabled() returns 0 or
-1; I don't understand how could this be a passwd problem.
Could you please attach the strace here?
This should give the strace output (no machine available right now to show
strace -o /tmp/selinux-passwd passwd -d root
Should not be in new, probably fixed already.
Florian La Roche