Ensure a complete relabeling when switching from disabled to permissive or enforcing #149
Comments
EmRowlands
pushed a commit
to EmRowlands/puppet-selinux
that referenced
this issue
Mar 29, 2023
A complete relabeling is required when switching from disabeld to permissive or enforcing mode, because selinux file attributes are not written in disabled mode this leaving the files regarding selinux in an incosistent state. This resolves voxpupuli#149
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
What are you seeing
selinux configured for enforcing, but no autorelabel trigger file is created
What behaviour did you expect instead
When SELinux is disabled and desired state is permissive or enforcing the module must create the
/.autorelabeltrigger fileAny additional information you'd like to impart
If a system has selinux disabled and wants to switch to permissive or enforcing mode a complete relabeling of the filesystem is necessary as within disabled mode no filesystem attributes regarding contexts are written, thus leaving it in a inconsitent state.
The text was updated successfully, but these errors were encountered: