Upgraded system left in SELinux permissive mode #815
Comments
|
Hi @brianjmurrell this is expected as we cannot tell whether the system boot will not be stopped by selinux rules. Reading the leapp report, you will find it's mentioned there. However we could update remediation instructions to tell explicitly people are expected to check whether there are any selinux reports they need to take care after the upgrade and once everything is ok, then they are expected to set the enforcing mode again manually. |
|
Yes, I saw the mention in the report. The mention is unclear however that the system will be left in permissive mode even after the upgrade is complete and not just put into permissive mode temporarily for the upgrade and returned to enforcing after. I had interpreted the message as the latter. |
|
@brianjmurrell thanks for the feedback and explanation. In such a case we will update the msg so it's clear. |
Actual behavior
An EL7 system that was in SELinux enforcing mode before the upgrade is left in permissive mode after the upgrade is complete.
To Reproduce
Steps to reproduce the behavior
leapp upgradeitsestatusand notice the system is in permissive modeExpected behavior
A system that starts in enforcing mode ought be returned to enforcing mode when the upgrade is done
System information (please complete the following information):
Linux server.interlinx.bc.ca 3.10.0-1160.49.1.el7.x86_64 #1 SMP Tue Nov 30 15:51:32 UTC 2021 x86_64 x86_64 x86_64 GNU/Linuxleapp-upgrade-el7toel8-deps-0.14.0-100.202109271224Z.b7ebfca.master.el7.elevate.noarch
leapp-upgrade-el7toel8-0.14.0-100.202109271224Z.b7ebfca.master.el7.elevate.noarch
leapp-deps-0.12.1-100.20210924142320684911.master.28.g1f03432.el7.noarch
python2-leapp-0.12.1-100.20210924142320684911.master.28.g1f03432.el7.noarch
leapp-data-almalinux-0.1-2.el7.noarch
The text was updated successfully, but these errors were encountered: