Re: enforcing reset to disabled on update

[Daniel J Walsh <dwalsh redhat com>]

Tom London wrote:
> On 4/27/06, Tom London <selinux gmail com> wrote:
> > I can verify this. I separately updated to today's 'selinux-policy*'
> > packages, and check /etc/selinux/config before and afterwards.
> > Before:
> > SELINUX=enforcing
> > Afterwards
> > SELINUX=disabled
> >
> > tom
> Could the offending script be the postuninstall script of selinux-policy:
The problem was in the preceding policy package that did not have the if 
[ $1 = 0]; then
Call so when it got updated this code executed.  IE the spec file 
thought it was being updated.  The newer policy packages should handle 
this correctly.
> postuninstall scriptlet (using /bin/sh):
> if [ $1 = 0 ]; then
>        setenforce 0 2> /dev/null
>        if [ ! -s /etc/selinux/config ]; then
>                echo "SELINUX=disabled" > /etc/selinux/config
>        else
>                sed -i 's/^SELINUX=.*/SELINUX=disabled/g' 
> /etc/selinux/config
>        fi
> fi
>
> I also noticed that after the 'yum update', my system was in 
> permissive mode....
>
> tom
> --
> Tom London
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list