POSTIN
/bin/sh
if [ ! -s /etc/selinux/config ]; then
#
# New install so we will default to targeted policy
#
echo "
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# See also:
# https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/#getting-started-with-selinux-selinux-states-and-modes
#
# NOTE: In earlier Fedora kernel builds, SELINUX=disabled would also
# fully disable SELinux during boot. If you need a system with SELinux
# fully disabled instead of SELinux running with no policy loaded, you
# need to pass selinux=0 to the kernel command line. You can use grubby
# to persistently set the bootloader to boot with selinux=0:
#
# grubby --update-kernel ALL --args selinux=0
#
# To revert back to SELinux enabled:
#
# grubby --update-kernel ALL --remove-args selinux
#
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
" > /etc/selinux/config
ln -sf ../selinux/config /etc/sysconfig/selinux
/usr/sbin/restorecon /etc/selinux/config 2> /dev/null || :
else
. /etc/selinux/config
fi
exit 0
POSTUN
/bin/sh
if [ $1 = 0 ]; then
/usr/sbin/setenforce 0 2> /dev/null
if [ ! -s /etc/selinux/config ]; then
echo "SELINUX=disabled" > /etc/selinux/config
else
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
fi
fi
exit 0
Triggers
pcre
/bin/sh
/usr/sbin/selinuxenabled && /usr/sbin/semodule -nB
exit 0
selinux-policy-targeted <
3.12.1-74
/bin/sh
rm -f /etc/selinux/*/modules/active/modules/sandbox.pp.disabled 2>/dev/null
exit 0