485665 – SELinux strict turns off X & GUI, installer should be cautioned

Bug 485665 - SELinux strict turns off X & GUI, installer should be cautioned

Summary: SELinux strict turns off X & GUI, installer should be cautioned

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	anaconda
Sub Component:
Version:	4
Hardware:	i686
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Anaconda Maintenance Team
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-02-16 04:16 UTC by Nick Levinson
Modified:	2009-02-16 15:08 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-02-16 15:08:31 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Nick Levinson 2009-02-16 04:16:26 UTC

Description of problem: SELinux if set to strict turns off X window system and thus post-installation GUI.

Version-Release number of selected component (if applicable): Unknown.

How reproducible:

Steps to Reproduce:
1. Install.
2. During installation or after, set SELinux to strict.
3. If done during install, complete installation and prepare to customize or use computer.

Actual results: Post-install failure of X window system. (I did not keep the messages displayed and records of repeated attempts to repair.)

Expected results: Smooth operation of FC including SELinux, allowing for the normal relabeling required by SELinux but with all functions, including X windowing and GUIs, operating normally.

Additional info: Users should be cautioned before setting SELinux to strict.

This is based on Fedora Core 4 and I'm not suggesting a change to that, and if SELinux has relevantly changed since then this may be moot, but if this also applies to current FC versions, a caution should be added to the installation screen. This is more a suggestion to enhance the installer routines to inform users rather than a fix to SELinux itself, since various posts suggest that SELinux is good for many users but problematic for many others. Thus, a caution in the installer is suggested.

When strict SELinux turned off the X windows system and thus the GUI, I spent hours trying to fix it and failed, forcing a clean full reinstallation just days after a clean full reinstallation solely because I had set SELinux to strict and rebooted (rebooting implements the ability to be strict by relabeling software for SELinux requirements). Since that's my Internet computer, I couldn't go online to research alternatives.

My hardware (Dell Latitude C840) generally works well. It's possible the hardware caused SELinux to choke X, but if that's because SELinux is demanding about hardware and not because the hardware is defective then the caution is even more necessary. Likewise, waiting to go online for alternative advice is too late.

<http://forums.fedoraforum.org/showthread.php?t=98219>, as accessed today (15th), suggests that some users have a more positive experience with strict. It seems to be heavily debated.

If feasible, provide a box during the install process to explain in advance what to do if the machine stymies the user, for example, a quick way to redo the install from the beginning instead of trying to fix X and to try targeted or less for SELinux.

(I entered the platform for this report as i686. I hope that's correct; it's a Pentium 4 laptop.)

Thanks.

--
Nick

Comment 1 Chris Lumens 2009-02-16 15:08:31 UTC

The SELinux configuration screen has not existed in either anaconda or firstboot for several releases now, so this is no longer a problem there.  However if you are still experiencing problems between SELinux and X in F10, please open a new bug against the relevant component.

Note You need to log in before you can comment on or make changes to this bug.