[CentOS] "selinux --disabled" in kickstart file does NOT disable SELINUX
Andrew Holway
andrew.holway at gmail.com
Tue May 26 05:49:38 UTC 2015
To set selinux to permissive or disabled mode during a kickstart
installation, add the sed -i -e 's/\(^SELINUX=\).*$/\1permissive/'
/etc/selinux/config command to the %post section of the kickstart file.
Making sure to replace "permissive" with the required selinux mode.
-- https://bugzilla.redhat.com/show_bug.cgi?id=435300
On 26 May 2015 at 04:40, Rob Kampen <rkampen at kampensonline.com> wrote:
> On 05/26/2015 08:32 AM, Charlie Brune wrote:
>
>> Has the "selinux --disabled" line for kickstart files been depreciated?
>>
>> My CentOS 6.6 kickstart file contains the line:
>>
>>
>> selinux --disabled
>>
>> After the install completes, SELinux is enabled instead of disabled.
>>
>> I believe this has been the default since at least 6.1 - the version I
> installed on my workstation about three years ago.
> It came up at first reboot with selinux enforcing.
> Unlike CentOS 5.x where I used selinux in permissive mode only, I have
> found 6.x seems to work just fine with enforcing mode provided one sets and
> uses the appropriate selinux booleans that are in place for the packages
> and work scenario that one needs. As far as I recall, I have only had one
> or two situations where I've had to follow the the audittoallow
> instructions.
>
> /etc/selinux/config contains "SELINUX=enforcing" instead of
>> "SELINUX=disabled".
>>
>> Thanks,
>>
>> Charlie
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list