-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-8.10
-
rhel-system-roles-1.23.0-2.1.el8
-
None
-
None
-
rhel-sst-system-roles
-
11
-
16
-
None
-
QE ack, Dev ack
-
False
-
-
Yes
-
Red Hat Enterprise Linux
-
None
-
Enhancement
-
-
Done
-
None
It is possible to configure SELinux on nodes with SELinux disabled before they're switch to permissive/enforcing. The only requirement is that targeted SELinux policy (or a policy configured in /etc/selinux/config) needs to be installed.
Fixes: https://github.com/linux-system-roles/selinux/issues/188
Note that boolean settings doesn't work work even with `ignore_selinux_state=true` - it's a bug in seboolean module which uses `selinux.security_get_boolean_names()` instead of `seobject` API from semanage.
Enhancement: SELinux ports, fcontexts, booleans mappings can be configured on nodes with SELinux disabled.
Reason: It should be possible to configure SELinux - ports, fcontexts, booleans - on nodes with SELinux disabled before they're switch to permissive/enforcing.
Result: It is possible to configure SELinux on nodes with SELinux disabled before they're switch to permissive/enforcing.
Issue Tracker Tickets (Jira or BZ if any):
- clones
-
RHEL-15870 fix: Use `ignore_selinux_state` module option
- Closed
- links to
-
RHEA-2023:124810 rhel-system-roles bug fix and enhancement update
- mentioned on