Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-93294

fix: Set the kernel command line selinux parameter correctly when changing selinux state

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • rhel-system-roles
    • 0
    • QE ack, Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • None
    • Bug Fix
    • Hide
      .`selinux` role persistently sets kernel SELinux parameters

      Before this update, the `selinux` RHEL system role did not set the kernel SELinux parameter when changing the SELinux state to and from disabled. As a consequence, the SELinux state change was not persistent upon reboot. This update ensures that the kernel SELinux parameter is correctly set when the role changes SELinux state to and from disabled. As a result, the SELinux state change to and from disabled is persistent upon reboot.
      Show
      .`selinux` role persistently sets kernel SELinux parameters Before this update, the `selinux` RHEL system role did not set the kernel SELinux parameter when changing the SELinux state to and from disabled. As a consequence, the SELinux state change was not persistent upon reboot. This update ensures that the kernel SELinux parameter is correctly set when the role changes SELinux state to and from disabled. As a result, the SELinux state change to and from disabled is persistent upon reboot.
    • Done
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      Cause: On EL8 and later, the role was not setting the kernel selinux parameter when
      changing the selinux state to and from disabled.

      Consequence: The selinux state change was not persistent upon reboot.

      Fix: Ensure that the kernel selinux parameter is correctly set when the role
      changes the selinux state to and from disabled.

      Result: The selinux state change to and from disabled is persistent upon reboot
      on EL8 and later systems.

      Signed-off-by: Rich Megginson <rmeggins@redhat.com>

              rmeggins@redhat.com Richard Megginson
              rmeggins@redhat.com Richard Megginson
              Richard Megginson Richard Megginson
              David Jez David Jez
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: