Andrew Holway
2015-May-26 05:49 UTC
[CentOS] "selinux --disabled" in kickstart file does NOT disable SELINUX
To set selinux to permissive or disabled mode during a kickstart installation, add the sed -i -e 's/\(^SELINUX=\).*$/\1permissive/' /etc/selinux/config command to the %post section of the kickstart file. Making sure to replace "permissive" with the required selinux mode. -- https://bugzilla.redhat.com/show_bug.cgi?id=435300 On 26 May 2015 at 04:40, Rob Kampen <rkampen at kampensonline.com> wrote:> On 05/26/2015 08:32 AM, Charlie Brune wrote: > >> Has the "selinux --disabled" line for kickstart files been depreciated? >> >> My CentOS 6.6 kickstart file contains the line: >> >> >> selinux --disabled >> >> After the install completes, SELinux is enabled instead of disabled. >> >> I believe this has been the default since at least 6.1 - the version I > installed on my workstation about three years ago. > It came up at first reboot with selinux enforcing. > Unlike CentOS 5.x where I used selinux in permissive mode only, I have > found 6.x seems to work just fine with enforcing mode provided one sets and > uses the appropriate selinux booleans that are in place for the packages > and work scenario that one needs. As far as I recall, I have only had one > or two situations where I've had to follow the the audittoallow > instructions. > > /etc/selinux/config contains "SELINUX=enforcing" instead of >> "SELINUX=disabled". >> >> Thanks, >> >> Charlie >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Jeremy Hoel
2015-May-26 05:56 UTC
[CentOS] "selinux --disabled" in kickstart file does NOT disable SELINUX
If the decision was made around the 4.8 time period to not fix the problem, why in v6 is it still listed in the manual as being a valid option? On Mon, May 25, 2015 at 11:49 PM, Andrew Holway <andrew.holway at gmail.com> wrote:> To set selinux to permissive or disabled mode during a kickstart > installation, add the sed -i -e 's/\(^SELINUX=\).*$/\1permissive/' > /etc/selinux/config command to the %post section of the kickstart file. > Making sure to replace "permissive" with the required selinux mode. > > > -- https://bugzilla.redhat.com/show_bug.cgi?id=435300 > > On 26 May 2015 at 04:40, Rob Kampen <rkampen at kampensonline.com> wrote: > > > On 05/26/2015 08:32 AM, Charlie Brune wrote: > > > >> Has the "selinux --disabled" line for kickstart files been depreciated? > >> > >> My CentOS 6.6 kickstart file contains the line: > >> > >> > >> selinux --disabled > >> > >> After the install completes, SELinux is enabled instead of disabled. > >> > >> I believe this has been the default since at least 6.1 - the version I > > installed on my workstation about three years ago. > > It came up at first reboot with selinux enforcing. > > Unlike CentOS 5.x where I used selinux in permissive mode only, I have > > found 6.x seems to work just fine with enforcing mode provided one sets > and > > uses the appropriate selinux booleans that are in place for the packages > > and work scenario that one needs. As far as I recall, I have only had one > > or two situations where I've had to follow the the audittoallow > > instructions. > > > > /etc/selinux/config contains "SELINUX=enforcing" instead of > >> "SELINUX=disabled". > >> > >> Thanks, > >> > >> Charlie > >> > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> http://lists.centos.org/mailman/listinfo/centos > >> > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Andrew Holway
2015-May-26 06:36 UTC
[CentOS] "selinux --disabled" in kickstart file does NOT disable SELINUX
Which manual? This could actually be the root of the issue. https://bugs.centos.org/view.php?id=7910 On 26 May 2015 at 07:56, Jeremy Hoel <jthoel at gmail.com> wrote:> If the decision was made around the 4.8 time period to not fix the problem, > why in v6 is it still listed in the manual as being a valid option? > > On Mon, May 25, 2015 at 11:49 PM, Andrew Holway <andrew.holway at gmail.com> > wrote: > > > To set selinux to permissive or disabled mode during a kickstart > > installation, add the sed -i -e 's/\(^SELINUX=\).*$/\1permissive/' > > /etc/selinux/config command to the %post section of the kickstart file. > > Making sure to replace "permissive" with the required selinux mode. > > > > > > -- https://bugzilla.redhat.com/show_bug.cgi?id=435300 > > > > On 26 May 2015 at 04:40, Rob Kampen <rkampen at kampensonline.com> wrote: > > > > > On 05/26/2015 08:32 AM, Charlie Brune wrote: > > > > > >> Has the "selinux --disabled" line for kickstart files been > depreciated? > > >> > > >> My CentOS 6.6 kickstart file contains the line: > > >> > > >> > > >> selinux --disabled > > >> > > >> After the install completes, SELinux is enabled instead of disabled. > > >> > > >> I believe this has been the default since at least 6.1 - the version > I > > > installed on my workstation about three years ago. > > > It came up at first reboot with selinux enforcing. > > > Unlike CentOS 5.x where I used selinux in permissive mode only, I have > > > found 6.x seems to work just fine with enforcing mode provided one sets > > and > > > uses the appropriate selinux booleans that are in place for the > packages > > > and work scenario that one needs. As far as I recall, I have only had > one > > > or two situations where I've had to follow the the audittoallow > > > instructions. > > > > > > /etc/selinux/config contains "SELINUX=enforcing" instead of > > >> "SELINUX=disabled". > > >> > > >> Thanks, > > >> > > >> Charlie > > >> > > >> _______________________________________________ > > >> CentOS mailing list > > >> CentOS at centos.org > > >> http://lists.centos.org/mailman/listinfo/centos > > >> > > > > > > _______________________________________________ > > > CentOS mailing list > > > CentOS at centos.org > > > http://lists.centos.org/mailman/listinfo/centos > > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Apparently Analagous Threads
- "selinux --disabled" in kickstart file does NOT disable SELINUX
- "selinux --disabled" in kickstart file does NOT disable SELINUX
- "selinux --disabled" in kickstart file does NOT disable SELINUX
- "selinux --disabled" in kickstart file does NOT disable SELINUX
- SELinux permissions for apache