Re: "selinux --disabled" in kickstart file does NOT disable SELINUX

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 05/26/2015 01:36 AM, Andrew Holway wrote:
> Which manual?
> 
> This could actually be the root of the issue.
> 
> https://bugs.centos.org/view.php?id=7910
> 
> 
>

This is indeed the issue, and it is an upstream (Red Hat) bug .. but I
am not sure they are going to fix it, or when:

https://bugzilla.redhat.com/show_bug.cgi?id=1161682

If you add these packages to your kickstart file, things should work as
planned:

authconfig
system-config-firewall-base

Thanks,
Johnny Hughes


> On 26 May 2015 at 07:56, Jeremy Hoel <jthoel@xxxxxxxxx> wrote:
> 
>> If the decision was made around the 4.8 time period to not fix the problem,
>> why in v6 is it still listed in the manual as being a valid option?
>>
>> On Mon, May 25, 2015 at 11:49 PM, Andrew Holway <andrew.holway@xxxxxxxxx>
>> wrote:
>>
>>> To set selinux to permissive or disabled mode during a kickstart
>>> installation, add the sed -i -e 's/\(^SELINUX=\).*$/\1permissive/'
>>> /etc/selinux/config command to the %post section of the kickstart file.
>>> Making sure to replace "permissive" with the required selinux mode.
>>>
>>>
>>> -- https://bugzilla.redhat.com/show_bug.cgi?id=435300
>>>
>>> On 26 May 2015 at 04:40, Rob Kampen <rkampen@xxxxxxxxxxxxxxxxx> wrote:
>>>
>>>> On 05/26/2015 08:32 AM, Charlie Brune wrote:
>>>>
>>>>> Has the "selinux --disabled" line for kickstart files been
>> depreciated?
>>>>>
>>>>>     My CentOS 6.6 kickstart file contains the line:
>>>>>
>>>>>
>>>>> selinux --disabled
>>>>>
>>>>> After the install completes, SELinux is enabled instead of disabled.
>>>>>
>>>>>  I believe this has been the default since at least 6.1 - the version
>> I
>>>> installed on my workstation about three years ago.
>>>> It came up at first reboot with selinux enforcing.
>>>> Unlike CentOS 5.x where I used selinux in permissive mode only, I have
>>>> found 6.x seems to work just fine with enforcing mode provided one sets
>>> and
>>>> uses the appropriate selinux booleans that are in place for the
>> packages
>>>> and work scenario that one needs. As far as I recall, I have only had
>> one
>>>> or two situations where I've had to follow the the audittoallow
>>>> instructions.
>>>>
>>>>    /etc/selinux/config contains "SELINUX=enforcing" instead of
>>>>> "SELINUX=disabled".
>>>>>
>>>>>   Thanks,
>>>>>
>>>>> Charlie


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux