Ask Your Question

Why did selinux reset on system upgrade?

asked 2015-11-23 07:36:53 -0500

dcrdev gravatar image

updated 2015-11-23 17:53:35 -0500

mether gravatar image

I recently upgraded my F22 server to F23 using the dnf upgrade tool - all went well except for selinux. I had previously set a number of selinux options (boolean values) to allow my server configuration to operate. After upgrading these had to be set again, which was inconvenient to say the least.

My question is, is this supposed to happen and if so why? I'm not looking for answers that tell me to disable selinux, I'm just trying to get to the root of the (potential) problem.

I'm not really clear on how selinux stores it's configuration, but I did a search for .rpmsave files to see whether the configuration had been somehow replaced and found nothing in relation to selinux.


edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2015-11-23 08:03:27 -0500

When you upgrade, selinux policy is upgraded as well. Considering the complexity of selinux policy, my guess is that it is easier and more reliable to start with a clean slate rather than trying to preserve any booleans or other selinux customizations.

Upgrades will also reset confined users for example.

If you want a better answer, consider filing a bug report or asking on IRC , #fedora-selinux

See also -

edit flag offensive delete link more

Question Tools

1 follower


Asked: 2015-11-23 07:36:53 -0500

Seen: 122 times

Last updated: Nov 23 '15