Red Hat Bugzilla – Bug 209372
enforce value on runtime system changed BEFORE updating /etc/sysconfig/selinux
Last modified: 2007-11-30 17:11:45 EST
Description of problem:
If you have switched to a new policy (e.g., from targeted to mls) and then the
system does not work with that policy, the solution is to reboot with
enforcing=0 and than change the policy back (e.g., from mls to targeted).
Since I normally run with targeted/enforcing (not permissive), I just changed
the policy. But, the tool appears to change the runtime value of
/selinux/enforce BEFORE it changes /etc/sysconfig/selinux
Solution: change /etc/sysconfig/selinux file first.
Better Solution: make changing the value of SELINUX in the file a separate and
distict action from changing the runtime system
Changed to write the config file before setting/unsetting enforcing. The new
order of things on save is: write config, change enforcing mode, touch
/.autorelabel if required, save modifiers. Thanks for the bug report. Might
make an FC6 update for this.