Description of problem: Installing F16 Alpha from DVD or net install results in a system with selinux disabled. Version-Release number of selected component (if applicable): FC16 Alpha RC3 How reproducible: every time Steps to Reproduce: 1. install Alpha from net or dvd Actual results: selinux is disabled Expected results: selinux to be enforcing
proposing as alpha blocker so we can discuss whether we should have a criterion for this, and if so, at which stage. selinux is disabled by /etc/selinux/config , which is part of selinux-policy package, and rpm -V selinux-policy doesn't complain, so it seems selinux disabled actually is the package default - is this a package bug, or is it supposed to be that way and anaconda should override it at install time or smth? CCing Dan for clarification.
oh, seems rpm -V doesn't complain whatever you do to the file. i guess it intentionally ignores config files. i'll poke into the package to see what the default really is.
This might have been caused by the move of /selinux to /sys/fs/, and this might thus be a consequence/duplicate of bug 728576.
FWIW: [root@localhost ~]# grep selinux anaconda-ks.cfg selinux --disabled This is on a freshly installed system, set up with the Alpha RC3 DVD.
Please attach /var/log/anaconda/anaconda.log to this bug report. Thanks.
Created attachment 517619 [details] anaconda.log from Alpha RC3 DVD installation with enforcing=0
Are you sure that's the right log? I'd expect if that were the case, I'd see enforcing=0 on the command line there at the top. Did you set it at tty2 or something? Also yes, I'm wondering if comment #3 has it right too. There are a couple places in anaconda where we refer to /selinux. I've got a patch along those lines that I need to test out.
I'm 100% sure it's the correct log. What I'm not sure about right now whether I needed enforcing=0 for the DVD too or only for the live media installs. By the way, this issue can be observed with both, live media and dvd installs. I'm also 100% sure the installed system had selinux disabled when I first booted it. I then rebooted it into permissive mode (without relabeling) and generated attachment #517580 [details] for bug #728863 which might or might not be connected to this bug.
Anaconda should be using selinux python bindings rather the hard coding paths if possible. import selinux if selinux.is_selinux_enabled(): print "You made dan happy"
I didn't need enforcing=0 to install from DVD. for me, installing from DVD with next, next, next, next works, and reproduces this bug. I can provide a log if you're worried about Sandro's.
Right the problem again is hard coding of /selinux. Which Chris is working to fix.
Anyone want to give updates=http://clumens.fedorapeople.org/729563.img a try? It worked for me in a brief test.
I thought is_selinux_enabled could return 3 possible values? shouldn't it be if selinux.is_selinux_enabled() > 0: print "You made dan happy" ?
Discussed in the 2011-08-10 Fedora 16 go/no-go meeting. Since there are no release criteria stating that SELinux must be enabled, rejected as a blocker. However, it was accepted as an NTH bug for Fedora 16 alpha.
(In reply to comment #12) > Anyone want to give updates=http://clumens.fedorapeople.org/729563.img a try? > It worked for me in a brief test. I tried it on a default graphical i686 netinstall and SELinux is enabled by default with no apparent AVC issues.
anaconda-16.14.4-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/anaconda-16.14.4-1.fc16
Package anaconda-16.14.4-1.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing anaconda-16.14.4-1.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/anaconda-16.14.4-1.fc16 then log in and leave karma (feedback).
anaconda-16.14.5-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/anaconda-16.14.5-1.fc16
Just installed F16 Alpha RC4 x86_64 from DVD and this issue seems to be fixed.
anaconda-16.14.6-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/anaconda-16.14.6-1.fc16
Package anaconda-16.14.6-1.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing anaconda-16.14.6-1.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/anaconda-16.14.6-1.fc16 then log in and leave karma (feedback).
biff-baff!
anaconda-16.14.6-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.