[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: enforcing reset to disabled on update



Tom London wrote:
On 4/27/06, Tom London <selinux gmail com> wrote:
I can verify this. I separately updated to today's 'selinux-policy*'
packages, and check /etc/selinux/config before and afterwards.
Before:
SELINUX=enforcing
Afterwards
SELINUX=disabled

tom
Could the offending script be the postuninstall script of selinux-policy:

The problem was in the preceding policy package that did not have the if [ $1 = 0]; then Call so when it got updated this code executed. IE the spec file thought it was being updated. The newer policy packages should handle this correctly.
postuninstall scriptlet (using /bin/sh):
if [ $1 = 0 ]; then
       setenforce 0 2> /dev/null
       if [ ! -s /etc/selinux/config ]; then
               echo "SELINUX=disabled" > /etc/selinux/config
       else
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
       fi
fi

I also noticed that after the 'yum update', my system was in permissive mode....

tom
--
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]