Bug 472123 - "selinux=off" boot parametr not recognized by kernel and selinux-policy 3.3.1-107.fc9
"selinux=off" boot parametr not recognized by kernel and seli...
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Eric Paris
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-11-18 15:43 EST by Met Merilius
Modified: 2008-11-18 16:23 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-11-18 16:23:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Met Merilius 2008-11-18 15:43:31 EST
Description of problem:
System does not recognise boot parameter "selinux=off". The SELinux mode is determined instead from config files.

Version-Release number of selected component (if applicable):
selinux-policy.noarch                    3.3.1-107.fc9
selinux-policy-targeted.noarch           3.3.1-107.fc9 

How reproducible:

Steps to Reproduce:
1. install kernel-PAE-
2. append "selinux=off" to grub.conf for this kernel
3. boot the new kernel
Actual results:
SELinux policy is not overridden by a boot parameter. The configured policy in /etc/selinux is used instead. With combination of a F9 analog of bug https://bugzilla.redhat.com/show_bug.cgi?id=468645 when selinux was never enabled before it leads to impossibility of logging in.

Expected results:
SELinux is disabled when "selinux=off" is specified as a boot param.

Additional info:
On kernel version kernel-PAE- and previous ones problem has never occurred. (Same selinux-version used.)
Didn't try put "enforcing" parameter instead.
Comment 1 James Morris 2008-11-18 16:23:26 EST
The selinux parameter takes 0 or 1 as arguments.

See Documentation/kernel-parameters.txt in the kernel source tree.

Note You need to log in before you can comment on or make changes to this bug.