Has the "selinux --disabled" line for kickstart files been depreciated?
My CentOS 6.6 kickstart file contains the line:
selinux --disabled
After the install completes, SELinux is enabled instead of disabled.
/etc/selinux/config contains "SELINUX=enforcing" instead of "SELINUX=disabled".
Thanks,
Charlie
On 05/26/2015 08:32 AM, Charlie Brune wrote:
Has the "selinux --disabled" line for kickstart files been depreciated?
My CentOS 6.6 kickstart file contains the line:
selinux --disabled
After the install completes, SELinux is enabled instead of disabled.
I believe this has been the default since at least 6.1 - the version I installed on my workstation about three years ago. It came up at first reboot with selinux enforcing. Unlike CentOS 5.x where I used selinux in permissive mode only, I have found 6.x seems to work just fine with enforcing mode provided one sets and uses the appropriate selinux booleans that are in place for the packages and work scenario that one needs. As far as I recall, I have only had one or two situations where I've had to follow the the audittoallow instructions.
/etc/selinux/config contains "SELINUX=enforcing" instead of "SELINUX=disabled".
Thanks,
Charlie
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
To set selinux to permissive or disabled mode during a kickstart installation, add the sed -i -e 's/(^SELINUX=).*$/\1permissive/' /etc/selinux/config command to the %post section of the kickstart file. Making sure to replace "permissive" with the required selinux mode.
-- https://bugzilla.redhat.com/show_bug.cgi?id=435300
On 26 May 2015 at 04:40, Rob Kampen rkampen@kampensonline.com wrote:
On 05/26/2015 08:32 AM, Charlie Brune wrote:
Has the "selinux --disabled" line for kickstart files been depreciated?
My CentOS 6.6 kickstart file contains the line:selinux --disabled
After the install completes, SELinux is enabled instead of disabled.
I believe this has been the default since at least 6.1 - the version I
installed on my workstation about three years ago. It came up at first reboot with selinux enforcing. Unlike CentOS 5.x where I used selinux in permissive mode only, I have found 6.x seems to work just fine with enforcing mode provided one sets and uses the appropriate selinux booleans that are in place for the packages and work scenario that one needs. As far as I recall, I have only had one or two situations where I've had to follow the the audittoallow instructions.
/etc/selinux/config contains "SELINUX=enforcing" instead of
"SELINUX=disabled".
Thanks,
Charlie
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
If the decision was made around the 4.8 time period to not fix the problem, why in v6 is it still listed in the manual as being a valid option?
On Mon, May 25, 2015 at 11:49 PM, Andrew Holway andrew.holway@gmail.com wrote:
To set selinux to permissive or disabled mode during a kickstart installation, add the sed -i -e 's/(^SELINUX=).*$/\1permissive/' /etc/selinux/config command to the %post section of the kickstart file. Making sure to replace "permissive" with the required selinux mode.
-- https://bugzilla.redhat.com/show_bug.cgi?id=435300
On 26 May 2015 at 04:40, Rob Kampen rkampen@kampensonline.com wrote:
On 05/26/2015 08:32 AM, Charlie Brune wrote:
Has the "selinux --disabled" line for kickstart files been depreciated?
My CentOS 6.6 kickstart file contains the line:selinux --disabled
After the install completes, SELinux is enabled instead of disabled.
I believe this has been the default since at least 6.1 - the version I
installed on my workstation about three years ago. It came up at first reboot with selinux enforcing. Unlike CentOS 5.x where I used selinux in permissive mode only, I have found 6.x seems to work just fine with enforcing mode provided one sets
and
uses the appropriate selinux booleans that are in place for the packages and work scenario that one needs. As far as I recall, I have only had one or two situations where I've had to follow the the audittoallow instructions.
/etc/selinux/config contains "SELINUX=enforcing" instead of
"SELINUX=disabled".
Thanks,
Charlie
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Which manual?
This could actually be the root of the issue.
https://bugs.centos.org/view.php?id=7910
On 26 May 2015 at 07:56, Jeremy Hoel jthoel@gmail.com wrote:
If the decision was made around the 4.8 time period to not fix the problem, why in v6 is it still listed in the manual as being a valid option?
On Mon, May 25, 2015 at 11:49 PM, Andrew Holway andrew.holway@gmail.com wrote:
To set selinux to permissive or disabled mode during a kickstart installation, add the sed -i -e 's/(^SELINUX=).*$/\1permissive/' /etc/selinux/config command to the %post section of the kickstart file. Making sure to replace "permissive" with the required selinux mode.
-- https://bugzilla.redhat.com/show_bug.cgi?id=435300
On 26 May 2015 at 04:40, Rob Kampen rkampen@kampensonline.com wrote:
On 05/26/2015 08:32 AM, Charlie Brune wrote:
Has the "selinux --disabled" line for kickstart files been
depreciated?
My CentOS 6.6 kickstart file contains the line:selinux --disabled
After the install completes, SELinux is enabled instead of disabled.
I believe this has been the default since at least 6.1 - the version
I
installed on my workstation about three years ago. It came up at first reboot with selinux enforcing. Unlike CentOS 5.x where I used selinux in permissive mode only, I have found 6.x seems to work just fine with enforcing mode provided one sets
and
uses the appropriate selinux booleans that are in place for the
packages
and work scenario that one needs. As far as I recall, I have only had
one
or two situations where I've had to follow the the audittoallow instructions.
/etc/selinux/config contains "SELINUX=enforcing" instead of
"SELINUX=disabled".
Thanks,
Charlie
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Upstream lists it here - https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/htm...
So based on that, it would be assumed it would also work on CentOS.
On Tue, May 26, 2015 at 12:36 AM, Andrew Holway andrew.holway@gmail.com wrote:
Which manual?
This could actually be the root of the issue.
https://bugs.centos.org/view.php?id=7910
On 26 May 2015 at 07:56, Jeremy Hoel jthoel@gmail.com wrote:
If the decision was made around the 4.8 time period to not fix the
problem,
why in v6 is it still listed in the manual as being a valid option?
On Mon, May 25, 2015 at 11:49 PM, Andrew Holway <andrew.holway@gmail.com
wrote:
To set selinux to permissive or disabled mode during a kickstart installation, add the sed -i -e 's/(^SELINUX=).*$/\1permissive/' /etc/selinux/config command to the %post section of the kickstart file. Making sure to replace "permissive" with the required selinux mode.
-- https://bugzilla.redhat.com/show_bug.cgi?id=435300
On 26 May 2015 at 04:40, Rob Kampen rkampen@kampensonline.com wrote:
On 05/26/2015 08:32 AM, Charlie Brune wrote:
Has the "selinux --disabled" line for kickstart files been
depreciated?
My CentOS 6.6 kickstart file contains the line:selinux --disabled
After the install completes, SELinux is enabled instead of disabled.
I believe this has been the default since at least 6.1 - the
version
I
installed on my workstation about three years ago. It came up at first reboot with selinux enforcing. Unlike CentOS 5.x where I used selinux in permissive mode only, I
have
found 6.x seems to work just fine with enforcing mode provided one
sets
and
uses the appropriate selinux booleans that are in place for the
packages
and work scenario that one needs. As far as I recall, I have only had
one
or two situations where I've had to follow the the audittoallow instructions.
/etc/selinux/config contains "SELINUX=enforcing" instead of
"SELINUX=disabled".
Thanks,
Charlie
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 05/26/2015 01:36 AM, Andrew Holway wrote:
Which manual?
This could actually be the root of the issue.
This is indeed the issue, and it is an upstream (Red Hat) bug .. but I am not sure they are going to fix it, or when:
https://bugzilla.redhat.com/show_bug.cgi?id=1161682
If you add these packages to your kickstart file, things should work as planned:
authconfig system-config-firewall-base
Thanks, Johnny Hughes
On 26 May 2015 at 07:56, Jeremy Hoel jthoel@gmail.com wrote:
If the decision was made around the 4.8 time period to not fix the problem, why in v6 is it still listed in the manual as being a valid option?
On Mon, May 25, 2015 at 11:49 PM, Andrew Holway andrew.holway@gmail.com wrote:
To set selinux to permissive or disabled mode during a kickstart installation, add the sed -i -e 's/(^SELINUX=).*$/\1permissive/' /etc/selinux/config command to the %post section of the kickstart file. Making sure to replace "permissive" with the required selinux mode.
-- https://bugzilla.redhat.com/show_bug.cgi?id=435300
On 26 May 2015 at 04:40, Rob Kampen rkampen@kampensonline.com wrote:
On 05/26/2015 08:32 AM, Charlie Brune wrote:
Has the "selinux --disabled" line for kickstart files been
depreciated?
My CentOS 6.6 kickstart file contains the line:selinux --disabled
After the install completes, SELinux is enabled instead of disabled.
I believe this has been the default since at least 6.1 - the version
I
installed on my workstation about three years ago. It came up at first reboot with selinux enforcing. Unlike CentOS 5.x where I used selinux in permissive mode only, I have found 6.x seems to work just fine with enforcing mode provided one sets
and
uses the appropriate selinux booleans that are in place for the
packages
and work scenario that one needs. As far as I recall, I have only had
one
or two situations where I've had to follow the the audittoallow instructions.
/etc/selinux/config contains "SELINUX=enforcing" instead of
"SELINUX=disabled".
Thanks,
Charlie
On 05/26/2015 04:04 AM, Johnny Hughes wrote:
On 05/26/2015 01:36 AM, Andrew Holway wrote:
Which manual?
This could actually be the root of the issue.
This is indeed the issue, and it is an upstream (Red Hat) bug .. but I am not sure they are going to fix it, or when:
https://bugzilla.redhat.com/show_bug.cgi?id=1161682
If you add these packages to your kickstart file, things should work as planned:
authconfig system-config-firewall-base
Thanks, Johnny Hughes
Weird. Was curious and tried to reproduce, but even with a minimal 6.6 CD, I have selinux disabled with a kickstart file containing only "selinux --disabled".
One other thing I usually do (in cases where I don't want/need selinux) is to pass "selinux=0" as a boot argument; that way anaconda won't run with selinux either and doesn't set the selinux contexts on files to begin with... Perhaps that would help with the original poster's issue?
-Greg
-
Andrew Holway -
Charlie Brune -
Greg Bailey -
Jeremy Hoel -
Johnny Hughes -
Rob Kampen