Red Hat Bugzilla – Bug 454338
RFE: Plz add feature to disble selinux *without* dialog box
Last modified: 2008-07-07 18:43:21 EDT
Description of problem:
Some users, for whatever reason, do not need or want selinux. The latest
anaconda removes the dialog box to disble selinux and this has upset a not
insignificant number of users.
* Red Hat wants to have selinux enabled by default
* Red Hat wants as few confusing dialog boxes as possible (especially where the
user likely doesnt know what they want)
* Many users do not want selinux and would like to disable it.
So there has been a very long thread on fedora-devel about this and people
arguing to have the dialog box back, others saying users that don't want it are
confused. I noted (somewhat indirectly) that one Fedora user named Linus happens
to disable selinux.... It has resulted in much gnashing of teeth.
Version-Release number of selected component (if applicable):
Latest rawhide, apparently.
Run anaconda, try to disable selinux.
Steps to Reproduce:
1. Run install CD from the future (which doesn't yet exist AFIAK)
2. In anaconda disable selinux
No way to disable selinux.
SELinux completely disabled.
I propose the *perfect* solution which is easy and satisfies everyone above.
Other obscure setups, such as users that want xfs/reiserfs/jfs filesystems can
do so by specifying them at the boot: prompt of the CD. This allows this
non-typical setups to be used, without bothering users with dialogs such as
"which filesystem do you want? reiser/xfs/jfs? etc". Best of both worlds. The
same should be done with selinux.
All that would need to be done is:
1) Add documentation to the install manual which says, "If you want to disable
SELinux, add 'linux selinux=0' to the boot: line of the install CD"
2) Also add this to the CD's syslinux files (e.g. where you hit F3 or whatever
on the install CD and it tells you options).
3) Anaconda would need a small unobtrusive patchlet which sees that selinux=0
has been passed to the install (which I think it does already, so it runs
anaconda --disable-selinux or somesuch) and then pass this to grub.conf. The
passing to grub would then mean the user wouldn't have to do any post-install
*WIN* *WIN* *WIN* everyone. :)
You can already boot with 'selinux=0' and this is even already documented in the
command-line.txt document included with the anaconda package (And linked to on
And this has been the case since the first bits of SELinux support were added
about four years ago.
You can boot with selinux=0, but unless I'm mistaken this does not get passed on
to the installed system (hence the previous need for a dialog box).
If you install with selinux=0, we ensure that disabled gets set in
Ok, I just tested this with a stock fedora 9 installation--I believe it's the
same for rawhide. If you pass selinux=0 to the CD boot: line it does *not* get
passed to grub in the final install.
It gets disabled in /etc/selinux/config, which is like passing noselinux to
anaconda, but it doesn't get passed to grub.conf. They do have different behavior.
user does: boot: selinux=0
grub then has: selinux=0
Then if any user ever mentions it on fedora-devel again, just say "install with
selinux=0 and it will *completely* disable it". Everybody happy. :)