[Users] persisting selinux nightmare

Fabian Deutsch fabiand at redhat.com
Mon Feb 17 07:09:06 UTC 2014


Hey David,

Am Freitag, den 14.02.2014, 12:19 -0800 schrieb David Smith:
> I'm using the ovirt iso image and can't seem to get selinux to persist
> off no matter what i do.
>
> With selinux enforcing, SSHD isnt working, can't install or use the
> hosts.
> With it disabled, all seems to work, but after reboot, boom its
> enforcing again.
> 
> I even edited /etc/selinux/config and changed it to permissive, then
> used "persist config" to persist the file. I reboot, I see the file is
> still changed, but selinux is back into enforcing mode (getenforce)

(There is a new ISO to try - see below)

Yes - that file is one of the files which "don't work as expected" when
you persist them. This is because that file would be needed very early
in the boot process, but isn't available by then.

You can set SELinux into permissive mode by appending
  enforcing=0
to the kernel cmdline when you boot the host.
And you can totally disable it using
  selinux=0

See also:
http://www.ovirt.org/Node_Troubleshooting#SELinux

> what gives?
> 
> I'm using this iso image, is this the latest one? It seems really hard
> to navigate the various old links in docs and such to find the most up
> to date isos.
> ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso

That image is quite old, but we are in progress of finally publishing a
new ISOs on ressources.ovirt.org.

Candidates which you can also try - and are much more up to date, and
also include SELinux fixes - can be found here:

http://fedorapeople.org/~fabiand/node/3.0.4/

- fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140217/6ecf97ae/attachment-0001.sig>


More information about the Users mailing list