Over the last few weeks we have been in the process of moving all of our RHEL5 systems from 5.1 to 5.2. Most of these upgrades have gone very well, however, we have 4 or 5 systems which have spontaneously "re-enabled" SELinux as part of the upgrade. It appears that the upgrade process is silently replacing the /etc/selinux/config file, which we had modified to set SELINUX=disabled, with the default file which has SELINUX=enforcing.
On reboot the systems fail to boot with various SELinux errors and a warning that the file system needs to be relabled and the system is rebooting. Without manual intervention it is stuck in this loop. We can recover by adding "enforcing=0" to the kernel boot line and either changing the file back to SELINUX=disabled or, if we decide to give SElinux another spin, relabeling the filesystem, but I'm curious if anyone else has seen this issue. We have a mix of systems and about half have SELinux enabled, and the other half do not, but this issue has only affected a handful of the systems where SELinux is currently disabled. Several other systems with SELinux disabled upgraded without any issues. The upgrades were performed with a simple "yum update" not a CD/DVD upgrade. Obviously we can recover from this issue without a major problem, but I'm curious if others have seen it because we simply can't explain why it seems to happen "randomly" rather than on every system that has SELinux disabled. We think it may be on systems that were previously upgraded from RHEL4 where we always disabled SELinux. We're really just trying to find a pattern and determine if it's worth opening a case with Redhat. Later, Tom
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
