Bug 472123 - "selinux=off" boot parametr not recognized by kernel 2.6.27.5-37.fc9 and selinux-policy 3.3.1-107.fc9
Summary: "selinux=off" boot parametr not recognized by kernel 2.6.27.5-37.fc9 and seli...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 9
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Eric Paris
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-11-18 20:43 UTC by Met Merilius
Modified: 2008-11-18 21:23 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-11-18 21:23:26 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Met Merilius 2008-11-18 20:43:31 UTC 
Description of problem:
System does not recognise boot parameter "selinux=off". The SELinux mode is determined instead from config files.


Version-Release number of selected component (if applicable):
kernel-PAE.i686                          2.6.27.5-37.fc9 
selinux-policy.noarch                    3.3.1-107.fc9
selinux-policy-targeted.noarch           3.3.1-107.fc9 


How reproducible:
Always


Steps to Reproduce:
1. install kernel-PAE-2.6.27.5-37.fc9.i686
2. append "selinux=off" to grub.conf for this kernel
3. boot the new kernel
  
Actual results:
SELinux policy is not overridden by a boot parameter. The configured policy in /etc/selinux is used instead. With combination of a F9 analog of bug https://bugzilla.redhat.com/show_bug.cgi?id=468645 when selinux was never enabled before it leads to impossibility of logging in.


Expected results:
SELinux is disabled when "selinux=off" is specified as a boot param.


Additional info:
On kernel version kernel-PAE-2.6.26.6-79.fc9.i686 and previous ones problem has never occurred. (Same selinux-version used.)
Didn't try put "enforcing" parameter instead.
Comment 1 James Morris 2008-11-18 21:23:26 UTC 
The selinux parameter takes 0 or 1 as arguments.

See Documentation/kernel-parameters.txt in the kernel source tree.
Note You need to log in before you can comment on or make changes to this bug.