“selinux –disabled” In Kickstart File Does NOT Disable SELINUX
Has the “selinux –disabled” line for kickstart files been depreciated?
My CentOS 6.6 kickstart file contains the line:
selinux –disabled After the install completes, SELinux is enabled instead of disabled.
/etc/selinux/config contains “SELINUX=enforcing” instead of “SELINUX=disabled”.
Thanks,
Charlie
7 thoughts on - “selinux –disabled” In Kickstart File Does NOT Disable SELINUX
I believe this has been the default since at least 6.1 – the version I
installed on my workstation about three years ago. It came up at first reboot with selinux enforcing. Unlike CentOS 5.x where I used selinux in permissive mode only, I have found 6.x seems to work just fine with enforcing mode provided one sets and uses the appropriate selinux booleans that are in place for the packages and work scenario that one needs. As far as I recall, I have only had one or two situations where I’ve had to follow the the audittoallow instructions.
To set selinux to permissive or disabled mode during a kickstart installation, add the sed -i -e ‘s/\(^SELINUX=\).*$/\1permissive/’
/etc/selinux/config command to the %post section of the kickstart file. Making sure to replace “permissive” with the required selinux mode.
— https://bugzilla.redhat.com/show_bug.cgi?idC5300
If the decision was made around the 4.8 time period to not fix the problem, why in v6 is it still listed in the manual as being a valid option?
Which manual?
This could actually be the root of the issue.
https://bugs.CentOS.org/view.php?idy10
Upstream lists it here –
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-kickstart2-options.html
So based on that, it would be assumed it would also work on CentOS.
This is indeed the issue, and it is an upstream (Red Hat) bug .. but I
am not sure they are going to fix it, or when:
https://bugzilla.redhat.com/show_bug.cgi?id=1161682
If you add these packages to your kickstart file, things should work as planned:
authconfig system-config-firewall-base
Thanks, Johnny Hughes
Weird. Was curious and tried to reproduce, but even with a minimal 6.6
CD, I have selinux disabled with a kickstart file containing only
“selinux –disabled”.
One other thing I usually do (in cases where I don’t want/need selinux)
is to pass “selinux=0” as a boot argument; that way anaconda won’t run with selinux either and doesn’t set the selinux contexts on files to begin with… Perhaps that would help with the original poster’s issue?
-Greg