Description of problem: VM(s) installed with RHS 2.0 RC1 ISO has SElinux policy as 'enforcing'. Version-Release number of selected component (if applicable): RHS 2.0 RC1 (ISO) How reproducible: Always Steps to Reproduce: 1. Install RHS 2.0 from RHS 2.0 RC1 ISO 2. # getenforce Actual results: Enforcing Expected results: Disabled Additional info: [root@hp-ml370g4-01 ~]# cat /etc/issue Red Hat Storage release 2.0 Kernel \r on an \m [root@hp-ml370g4-01 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
(In reply to comment #0) > Description of problem: > > VM(s) installed with RHS 2.0 RC1 ISO has SElinux policy as 'enforcing'. > > Version-Release number of selected component (if applicable): > RHS 2.0 RC1 (ISO) > > How reproducible: > Always How are you installing the iso? Is this coming from beaker or a pxe install rather than an iso image or direct cd boot? > [root@hp-ml370g4-01 ~]# cat /etc/issue > Red Hat Storage release 2.0 > [root@hp-ml370g4-01 ~]# cat /etc/selinux/config > SELINUX=enforcing This looks to me like you're getting and older revision of the iso kickstart than should have been included in rc1. Cheers, aj
> How are you installing the iso? Is this coming from beaker or a pxe install > rather than an iso image or direct cd boot? Yes, its coming from beaker. we have seen same behaviour in case of pxe install(installation through cobbler menu). > > > [root@hp-ml370g4-01 ~]# cat /etc/issue > > Red Hat Storage release 2.0 > > > [root@hp-ml370g4-01 ~]# cat /etc/selinux/config > > SELINUX=enforcing > > This looks to me like you're getting and older revision of the iso kickstart > than should have been included in rc1. > > Cheers, > aj
(In reply to comment #3) > > > How are you installing the iso? Is this coming from beaker or a pxe install > > rather than an iso image or direct cd boot? > Yes, its coming from beaker. we have seen same behaviour in case of pxe > install(installation through cobbler menu). Okay, I'd say that the kickstart hasn't been updated to match the kickstart from the iso in those case. I'll attach the latest version of the kickstart, which actually disables selinux, in a moment. Can you contact the beaker and pxe server admins to ensure this is updated and retest?
Created attachment 591726 [details] kickstart for on-premises RHS 2.0 that disables selinux
Verified and it is disabled [root@ibm-x3620m3-01 ~]# getenforce Disabled [root@ibm-x3620m3-01 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted Hence marking bug as verified