[Bug 1203119] New: Installation the Selinux Enforcing/Permissive is not available to choose
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119 Bug ID: 1203119 Summary: Installation the Selinux Enforcing/Permissive is not available to choose Classification: openSUSE Product: openSUSE Leap Micro Version: 5.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: yast2-maintainers@suse.de Reporter: lubos.kocman@suse.com QA Contact: jalausuch@suse.com Found By: --- Blocker: --- Created attachment 861303 --> http://bugzilla.opensuse.org/attachment.cgi?id=861303&action=edit selinux permissive Seems like user can choose in between App Armor and SELinux, but he seems not to be able to change mode from Permissive (the list box seems disabled/ro). More details in the screenshot. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119#c1
--- Comment #1 from Lubos Kocman
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119#c2
--- Comment #2 from Lubos Kocman
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119#c3
--- Comment #3 from Lubos Kocman
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119#c4
--- Comment #4 from Stefan Hundhammer
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119#c5
Max Lin
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119#c6
--- Comment #6 from David Diaz
AFAICS the combo box is disabled because there is only one policy available in this case:
https://github.com/yast/yast-installation/blob/master/src/lib/installation/ widgets/lsm.rb#L112
def init self.value = settings.selected&.id.to_s disable if items.size <= 1 end
Why there is only one I don't know.
Actually, this is the code for the "Selected Module" selector, no for the "SELinux Mode" one. The "SELinux Mode" is disabled because it is marked as not configurable, see https://github.com/yast/yast-installation/blob/ce0223d21b268ff579025f1f8c500... The configurable setting comes from Y2Security::LSM::Config instance (https://github.com/yast/yast-security/blob/a6a56535e9285f66804814daafe85d310...), which loads it from the Yast::ProductFeatures unless running in WSL. I.e., it comes from the control file. In MicroOS control file (master branch) it is set as configurable, see https://github.com/yast/skelcd-control-MicroOS/blob/55c1370a0ba4b86c8c17f54f.... Where can I check the control file for openSUSE Leap Micro? -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119
http://bugzilla.opensuse.org/show_bug.cgi?id=1203119#c7
David Diaz
Perhaps you need to update skelcd-control-SMO to verison 5.3.0 at least, it seem to be supporting the adjustable lsm clickbox since skelcd-control-SMO 5.3.0 https://build.opensuse.org/package/rdiff/SUSE:SLE-15-SP4:Update:Products: Micro53/skelcd-control-SMO?linkrev=base&rev=2 , Leap Micro 5.3 has skelcd-control-SMO 5.2.3. @YaST team, can that be related?
Thanks Max! Yes, it can. It depends on which version of yast2-security is in use. yast2-security 4.3.x expect configuration as it is in skelcd-control-SMO 5.2.3. Which is not the case for yast2-security 4.4.x, which extended the Major Linux Security Module support (see https://github.com/yast/yast-security/pull/115) and expect the configuration as in skelcd-control-SMO 5.3 (https://github.com/yast/skelcd-control-SMO/blob/aebdcf2429ce67c03c823995addd...) -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com