search

sous-chefs / selinux

Development repository for the selinux cookbook
https://supermarket.chef.io/cookbooks/selinux
Apache License 2.0
58 stars 70 forks source link

SELinux policy does not enforce without reboot #39

Closed GreyArea765 closed 7 years ago

GreyArea765 commented 7 years ago

Cookbook version

1.0.3

Chef-client version

12.19.36

Platform Details

CentOS Linux release 7.3.1611 (Core)

Scenario:

Disable SELinux before performing follow-up actions that need it disabled.

Steps to Reproduce:

Create cookbook, add dependency to selinux ~> 1.0.3 Create CentOS Linux release 7.3.1611 (Core) Add following line to default recipe: include_recipe 'selinux::permissive' Converge cookbook.

Expected Result:

SELinux to be permissive.

Actual Result:

The configuration file for SELinux is set to Permissive but the running state is still Enforcing;.

cheeseplus commented 7 years ago

This is documented here: https://github.com/chef-cookbooks/selinux#platform

ronlipke commented 7 years ago

Hello,

We are seeing the exact same issue on Centos 7, chef version 12.11.18. From debugging, it looks like the guard around setenforce in the state resource is always returning true.

FYI, the answer pointing to https://github.com/chef-cookbooks/selinux#platform refers to debian/ubuntu....this is a Centos issue.