This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 831579 - SElinux 'enforcing' in RHS 2.0 RC1 ISO based installation
SElinux 'enforcing' in RHS 2.0 RC1 ISO based installation
Status: CLOSED CURRENTRELEASE
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: build (Show other bugs)
2.0
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Anthony Towns
amainkar
:
Depends On:
Blocks: 817967
  Show dependency treegraph
 
Reported: 2012-06-13 07:08 EDT by Rachana Patel
Modified: 2015-04-20 07:58 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-11-13 01:00:47 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
kickstart for on-premises RHS 2.0 that disables selinux (1.11 KB, application/octet-stream)
2012-06-14 00:07 EDT, Anthony Towns
no flags Details

  None (edit)
Description Rachana Patel 2012-06-13 07:08:55 EDT
Description of problem:

VM(s) installed with RHS 2.0 RC1 ISO has SElinux policy as 'enforcing'.

Version-Release number of selected component (if applicable):
RHS 2.0 RC1 (ISO)

How reproducible:
Always

Steps to Reproduce:
1. Install RHS 2.0 from RHS 2.0 RC1 ISO
2. # getenforce
  
Actual results:
Enforcing

Expected results:
Disabled

Additional info:
[root@hp-ml370g4-01 ~]# cat /etc/issue
Red Hat Storage release 2.0
Kernel \r on an \m

[root@hp-ml370g4-01 ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
Comment 2 Anthony Towns 2012-06-13 11:56:10 EDT
(In reply to comment #0)
> Description of problem:
> 
> VM(s) installed with RHS 2.0 RC1 ISO has SElinux policy as 'enforcing'.
> 
> Version-Release number of selected component (if applicable):
> RHS 2.0 RC1 (ISO)
> 
> How reproducible:
> Always

How are you installing the iso? Is this coming from beaker or a pxe install rather than an iso image or direct cd boot?

> [root@hp-ml370g4-01 ~]# cat /etc/issue
> Red Hat Storage release 2.0

> [root@hp-ml370g4-01 ~]# cat /etc/selinux/config 
> SELINUX=enforcing

This looks to me like you're getting and older revision of the iso kickstart than should have been included in rc1.

Cheers,
aj
Comment 3 Rachana Patel 2012-06-13 23:48:28 EDT
 
> How are you installing the iso? Is this coming from beaker or a pxe install
> rather than an iso image or direct cd boot?

Yes, its coming from beaker.  we have seen same behaviour in case of pxe install(installation through cobbler menu).



> 
> > [root@hp-ml370g4-01 ~]# cat /etc/issue
> > Red Hat Storage release 2.0
> 
> > [root@hp-ml370g4-01 ~]# cat /etc/selinux/config 
> > SELINUX=enforcing
> 
> This looks to me like you're getting and older revision of the iso kickstart
> than should have been included in rc1.
> 
> Cheers,
> aj
Comment 4 Anthony Towns 2012-06-14 00:07:03 EDT
(In reply to comment #3)
>  
> > How are you installing the iso? Is this coming from beaker or a pxe install
> > rather than an iso image or direct cd boot?
> Yes, its coming from beaker.  we have seen same behaviour in case of pxe
> install(installation through cobbler menu).

Okay, I'd say that the kickstart hasn't been updated to match the kickstart from the iso in those case. I'll attach the latest version of the kickstart, which actually disables selinux, in a moment. Can you contact the beaker and pxe server admins to ensure this is updated and retest?
Comment 5 Anthony Towns 2012-06-14 00:07:55 EDT
Created attachment 591726 [details]
kickstart for on-premises RHS 2.0 that disables selinux
Comment 6 Rachana Patel 2012-06-18 00:40:14 EDT
Verified and it is disabled

[root@ibm-x3620m3-01 ~]# getenforce
Disabled
[root@ibm-x3620m3-01 ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 


Hence marking bug as verified

Note You need to log in before you can comment on or make changes to this bug.