Bug 209372 - enforce value on runtime system changed BEFORE updating /etc/sysconfig/selinux
Summary: enforce value on runtime system changed BEFORE updating /etc/sysconfig/selinux
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel
Version: 6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Chris Lumens
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-10-04 21:39 UTC by Gene Czarcinski
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-10-19 18:02:21 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Gene Czarcinski 2006-10-04 21:39:25 UTC
Description of problem:

If you have switched to a new policy (e.g., from targeted to mls) and then the
system does not work with that policy, the solution is to reboot with
enforcing=0 and than change the policy back (e.g., from mls to targeted).

Since I normally run with targeted/enforcing (not permissive), I just changed
the policy.  But, the tool appears to change the runtime value of
/selinux/enforce BEFORE it changes /etc/sysconfig/selinux

Solution: change /etc/sysconfig/selinux file first.

Better Solution: make changing the value of SELINUX in the file a separate and
distict action from changing the runtime system

Comment 1 Chris Lumens 2006-10-19 18:02:21 UTC
Changed to write the config file before setting/unsetting enforcing.  The new
order of things on save is:  write config, change enforcing mode, touch
/.autorelabel if required, save modifiers.  Thanks for the bug report.  Might
make an FC6 update for this.


Note You need to log in before you can comment on or make changes to this bug.