Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 161839 - selinux won't go away
Summary: selinux won't go away
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel
Version: 4
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Chris Lumens
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-27 17:20 UTC by Need Real Name
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-09-29 17:31:13 UTC


Attachments (Terms of Use)

Description Need Real Name 2005-06-27 17:20:01 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Epiphany/1.7.1

Description of problem:
# man selinuxenabled
       selinuxenabled Indicates whether SELinux is  enabled  or  disabled.  It
       exits  with  status  0  if  SELinux  is  enabled  and -256 if it is not
       enabled.
# selinuxenabled ; echo $?
1

So is it enabled or not? No idea.

# tail -1 /var/log/messages
Jun 27 19:16:18 localhost kernel: audit(1119892478.300:16): user pid=2279 uid=500 auid=4464967295 msg='PAM setcred: user=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 result=Success)'

Guess it is.

# grep disabled /etc/selinux/config
#       disabled - SELinux is fully disabled.
SELINUX=disabled

What's going on?!

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
x

Additional info:

Xen is unusable because of this.

Comment 1 Daniel Walsh 2005-06-29 15:31:21 UTC
SELinux is not enabled.

The setcred line comes from Auditing I believe.

Comment 2 Need Real Name 2005-06-29 15:52:36 UTC
(In reply to comment #1)
> SELinux is not enabled.

Then surely selinuxenabled is broken then? It's behaviour doesn't match the
documentation.

Comment 3 Daniel Walsh 2005-06-29 16:05:58 UTC
I would say it another way.  The documentation is broken.  What the docs should
say is

selinuxenabled exits with 0 status if it can determine if SELinux is enabled,
non-zero otherwise.



Comment 4 Need Real Name 2005-06-29 17:29:25 UTC
Okay. Do you want a new bug for that, or is this one okay?

Comment 5 Daniel Walsh 2005-06-29 17:33:21 UTC
I will change this to an selinux-doc bug

Comment 6 Karsten Wade 2005-06-29 19:53:33 UTC
Fixing the manual page should resolve this documentation bug, right?  If you fix
the man page, there isn't a reason for an FAQ entry.

Comment 7 Need Real Name 2005-07-01 20:09:23 UTC
Not sure if you're asking me, but if you are, yes it will fix the bug.

I've noticed that something is writing "SELINUX=Disabled" instead of
"SELINUX=disabled" in the /etc/selinux/config file.

Comment 8 Karsten Wade 2005-07-01 21:47:54 UTC
The reason for my question, I was determining where the documentation fix needs
to land, in the developer docs (man pages) or user docs (FAQ, release notes, etc.).

In my experience, the capitalized "Disabled" is written by
system-config-securitylevel when you use it to change any configuration.  I
don't think it matters, although the inconsistency is a distraction.


Comment 9 Daniel Walsh 2005-07-11 18:18:18 UTC
Fixed in system-config-securitylevel-1.5.11

It is a developer fix.  It was in man pages.  "Disabled" was fixed in securitylevel.

Comment 10 Need Real Name 2005-07-15 12:56:54 UTC
Thanks for the version info, and the fix. The update doesn't seem to have come
through yet, so will wait a bit.

Comment 11 Need Real Name 2005-07-29 13:20:54 UTC
The update hasn't come through, it's been two weeks. Is it due?

Comment 12 Need Real Name 2005-08-31 12:37:38 UTC
This is still broken.

Comment 13 Chris Lumens 2005-09-29 17:31:13 UTC
The fix was made available in an updated s-c-securitylevel package for Rawhide,
not as an FC4 update.


Note You need to log in before you can comment on or make changes to this bug.