[CentOS] "selinux --disabled" in kickstart file does NOT disable SELINUX

Jeremy Hoel jthoel at gmail.com
Tue May 26 07:31:50 UTC 2015 

Upstream lists it here -
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-kickstart2-options.html

So based on that, it would be assumed it would also work on CentOS.

On Tue, May 26, 2015 at 12:36 AM, Andrew Holway <andrew.holway at gmail.com>
wrote:

> Which manual?
>
> This could actually be the root of the issue.
>
> https://bugs.centos.org/view.php?id=7910
>
>
>
> On 26 May 2015 at 07:56, Jeremy Hoel <jthoel at gmail.com> wrote:
>
> > If the decision was made around the 4.8 time period to not fix the
> problem,
> > why in v6 is it still listed in the manual as being a valid option?
> >
> > On Mon, May 25, 2015 at 11:49 PM, Andrew Holway <andrew.holway at gmail.com
> >
> > wrote:
> >
> > > To set selinux to permissive or disabled mode during a kickstart
> > > installation, add the sed -i -e 's/\(^SELINUX=\).*$/\1permissive/'
> > > /etc/selinux/config command to the %post section of the kickstart file.
> > > Making sure to replace "permissive" with the required selinux mode.
> > >
> > >
> > > -- https://bugzilla.redhat.com/show_bug.cgi?id=435300
> > >
> > > On 26 May 2015 at 04:40, Rob Kampen <rkampen at kampensonline.com> wrote:
> > >
> > > > On 05/26/2015 08:32 AM, Charlie Brune wrote:
> > > >
> > > >> Has the "selinux --disabled" line for kickstart files been
> > depreciated?
> > > >>
> > > >>     My CentOS 6.6 kickstart file contains the line:
> > > >>
> > > >>
> > > >> selinux --disabled
> > > >>
> > > >> After the install completes, SELinux is enabled instead of disabled.
> > > >>
> > > >>  I believe this has been the default since at least 6.1 - the
> version
> > I
> > > > installed on my workstation about three years ago.
> > > > It came up at first reboot with selinux enforcing.
> > > > Unlike CentOS 5.x where I used selinux in permissive mode only, I
> have
> > > > found 6.x seems to work just fine with enforcing mode provided one
> sets
> > > and
> > > > uses the appropriate selinux booleans that are in place for the
> > packages
> > > > and work scenario that one needs. As far as I recall, I have only had
> > one
> > > > or two situations where I've had to follow the the audittoallow
> > > > instructions.
> > > >
> > > >    /etc/selinux/config contains "SELINUX=enforcing" instead of
> > > >> "SELINUX=disabled".
> > > >>
> > > >>   Thanks,
> > > >>
> > > >> Charlie
> > > >>
> > > >> _______________________________________________
> > > >> CentOS mailing list
> > > >> CentOS at centos.org
> > > >> http://lists.centos.org/mailman/listinfo/centos
> > > >>
> > > >
> > > > _______________________________________________
> > > > CentOS mailing list
> > > > CentOS at centos.org
> > > > http://lists.centos.org/mailman/listinfo/centos
> > > >
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS at centos.org
> > > http://lists.centos.org/mailman/listinfo/centos
> > >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

More information about the CentOS mailing list