defined selinux_ports cause error when selinux_state=disabled #188
Comments
|
"seport" module has "ignore_selinux_state" option: Using the following change it's possible to set SELinux port mapping on a system with SELinux disabled but with installed "selinux-policy-targeted" |
this is wrong, correct would be I'll prepare a patch which will add same option to other modules. |
bachradsusi
added a commit
to bachradsusi/linux-system-roles-selinux
that referenced
this issue
Sep 20, 2023
It is possible to configure SELinux on nodes with SELinux disabled before they're switch to permissive/enforcing. The only requirement is that targeted SELinux policy (or a policy configured in /etc/selinux/config) needs to be installed. Fixes: linux-system-roles#188 Signed-off-by: Petr Lautrbach <[email protected]>
bachradsusi
added a commit
to bachradsusi/linux-system-roles-selinux
that referenced
this issue
Sep 20, 2023
It is possible to configure SELinux on nodes with SELinux disabled before they're switch to permissive/enforcing. The only requirement is that targeted SELinux policy (or a policy configured in /etc/selinux/config) needs to be installed. Fixes: linux-system-roles#188 Signed-off-by: Petr Lautrbach <[email protected]>
bachradsusi
added a commit
to bachradsusi/linux-system-roles-selinux
that referenced
this issue
Sep 21, 2023
It is possible to configure SELinux on nodes with SELinux disabled before they're switch to permissive/enforcing. The only requirement is that targeted SELinux policy (or a policy configured in /etc/selinux/config) needs to be installed. It's also necessary to use seboolean module with `persistent: true` when SELinux is disabled. Fixes: linux-system-roles#188 Signed-off-by: Petr Lautrbach <[email protected]>
bachradsusi
added a commit
to bachradsusi/linux-system-roles-selinux
that referenced
this issue
Sep 21, 2023
It is possible to configure SELinux on nodes with SELinux disabled before they're switch to permissive/enforcing. The only requirement is that targeted SELinux policy (or a policy configured in /etc/selinux/config) needs to be installed. It's also necessary to use seboolean module with `persistent: true` when SELinux is disabled. Fixes: linux-system-roles#188 Signed-off-by: Petr Lautrbach <[email protected]>
bachradsusi
added a commit
to bachradsusi/linux-system-roles-selinux
that referenced
this issue
Sep 21, 2023
It is possible to configure SELinux on nodes with SELinux disabled before they're switch to permissive/enforcing. The only requirement is that targeted SELinux policy (or a policy configured in /etc/selinux/config) needs to be installed. It's also necessary to use seboolean module with `persistent: true` when SELinux is disabled. Fixes: linux-system-roles#188 Signed-off-by: Petr Lautrbach <[email protected]>
bachradsusi
added a commit
to bachradsusi/linux-system-roles-selinux
that referenced
this issue
Oct 3, 2023
It is possible to configure SELinux on nodes with SELinux disabled before they're switch to permissive/enforcing. The only requirement is that targeted SELinux policy (or a policy configured in /etc/selinux/config) needs to be installed. It's also necessary to use seboolean module with `persistent: true` when SELinux is disabled. Fixes: linux-system-roles#188 Signed-off-by: Petr Lautrbach <[email protected]>
bachradsusi
added a commit
to bachradsusi/linux-system-roles-selinux
that referenced
this issue
Oct 4, 2023
When targeted SELinux policy is installed it should be possible to setup SELinux while disabled and before it's changed to permissive/enforcing. Related to linux-system-roles#188 Signed-off-by: Petr Lautrbach <[email protected]>
bachradsusi
added a commit
to bachradsusi/linux-system-roles-selinux
that referenced
this issue
Oct 5, 2023
It is possible to configure SELinux on nodes with SELinux disabled before they're switch to permissive/enforcing. The only requirement is that targeted SELinux policy (or a policy configured in /etc/selinux/config) needs to be installed. It's also necessary to use seboolean module with `persistent: true` when SELinux is disabled. Fixes: linux-system-roles#188 Signed-off-by: Petr Lautrbach <[email protected]>
bachradsusi
added a commit
to bachradsusi/linux-system-roles-selinux
that referenced
this issue
Oct 10, 2023
When targeted SELinux policy is installed it should be possible to setup SELinux while disabled and before it's changed to permissive/enforcing. Related to linux-system-roles#188 Signed-off-by: Petr Lautrbach <[email protected]>
richm
pushed a commit
that referenced
this issue
Oct 10, 2023
It is possible to configure SELinux on nodes with SELinux disabled before they're switch to permissive/enforcing. The only requirement is that targeted SELinux policy (or a policy configured in /etc/selinux/config) needs to be installed. It's also necessary to use seboolean module with `persistent: true` when SELinux is disabled. Fixes: #188 Signed-off-by: Petr Lautrbach <[email protected]>
bachradsusi
added a commit
to bachradsusi/linux-system-roles-selinux
that referenced
this issue
Oct 10, 2023
When targeted SELinux policy is installed it should be possible to setup SELinux while disabled and before it's changed to permissive/enforcing. Related to linux-system-roles#188 Signed-off-by: Petr Lautrbach <[email protected]>
richm
pushed a commit
that referenced
this issue
Oct 13, 2023
When targeted SELinux policy is installed it should be possible to setup SELinux while disabled and before it's changed to permissive/enforcing. Related to #188 Signed-off-by: Petr Lautrbach <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Setting
selinux_portswill cause the module to fail ifselinux_state=disabled. We require to setselinux_portsglobally.Workaround: Setting
selinux_ports=[]for all hosts thatselinux_state=disabledand hence bloating the inventory.Is there a way to avoid this without PR?
The text was updated successfully, but these errors were encountered: