[ovirt-users] selinux on oVirt Node
I set SELINUX=disabled in /etc/selinux/config and ran a persist /etc/selinux/config. After the node reboots, the file has the correct SELINUX=disabled line but I see that selinux is still enabled: # grep ^SELINUX= /etc/selinux/config SELINUX=disabled # getenforce Enforcing # cat /selinux/enforce 1 It's like the bind mounts for the files in config happen after selinux is setup. Is there something else I should be doing to make a change to selinux survive a node reboot? Many thanks, Simon ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] selinux on oVirt Node
afaik you need to disable selinux by passing the relevant parameter direct via kernel boot options. search the ML or the net if you need the exact command line. HTH Am 23.05.2014 10:36, schrieb Simon Barrett: I set SELINUX=disabled in /etc/selinux/config and ran a persist /etc/selinux/config. After the node reboots, the file has the correct SELINUX=disabled line but I see that selinux is still enabled: # grep ^SELINUX= /etc/selinux/config SELINUX=disabled # getenforce Enforcing # cat /selinux/enforce 1 It's like the bind mounts for the files in config happen after selinux is setup. Is there something else I should be doing to make a change to selinux survive a node reboot? Many thanks, Simon -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] selinux on oVirt Node
I added enforcing=0 to my pxe menu and re-installed the node. All looks better now. # sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: permissive Mode from config file: disabled Policy version: 24 Policy from config file:targeted # cat /selinux/enforce 0 Thanks for the information. Simon -Original Message- From: users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] On Behalf Of Sven Kieske Sent: 23 May 2014 09:45 To: users@ovirt.org Subject: Re: [ovirt-users] selinux on oVirt Node afaik you need to disable selinux by passing the relevant parameter direct via kernel boot options. search the ML or the net if you need the exact command line. HTH Am 23.05.2014 10:36, schrieb Simon Barrett: I set SELINUX=disabled in /etc/selinux/config and ran a persist /etc/selinux/config. After the node reboots, the file has the correct SELINUX=disabled line but I see that selinux is still enabled: # grep ^SELINUX= /etc/selinux/config SELINUX=disabled # getenforce Enforcing # cat /selinux/enforce 1 It's like the bind mounts for the files in config happen after selinux is setup. Is there something else I should be doing to make a change to selinux survive a node reboot? Many thanks, Simon -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
