This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 209372 - enforce value on runtime system changed BEFORE updating /etc/sysconfig/selinux
enforce value on runtime system changed BEFORE updating /etc/sysconfig/selinux
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chris Lumens
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-04 17:39 EDT by Gene Czarcinski
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-19 14:02:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Gene Czarcinski 2006-10-04 17:39:25 EDT
Description of problem:

If you have switched to a new policy (e.g., from targeted to mls) and then the
system does not work with that policy, the solution is to reboot with
enforcing=0 and than change the policy back (e.g., from mls to targeted).

Since I normally run with targeted/enforcing (not permissive), I just changed
the policy.  But, the tool appears to change the runtime value of
/selinux/enforce BEFORE it changes /etc/sysconfig/selinux

Solution: change /etc/sysconfig/selinux file first.

Better Solution: make changing the value of SELINUX in the file a separate and
distict action from changing the runtime system
Comment 1 Chris Lumens 2006-10-19 14:02:21 EDT
Changed to write the config file before setting/unsetting enforcing.  The new
order of things on save is:  write config, change enforcing mode, touch
/.autorelabel if required, save modifiers.  Thanks for the bug report.  Might
make an FC6 update for this.

Note You need to log in before you can comment on or make changes to this bug.