@@ -38,10 +38,7 @@ int main(int argc, char **argv)
if (argc < 2)
usage();
- if (is_selinux_enabled() <= 0) {
- fputs("setsebool: SELinux is disabled.\n", stderr);
- return 1;
- }
+ reload = (is_selinux_enabled() > 0);
while (1) {
clflag = getopt(argc, argv, "PNV");
@@ -130,6 +127,7 @@ static int semanage_set_boolean_list(size_t boolcnt,
semanage_bool_key_t *bool_key = NULL;
int managed;
int result;
+ int enabled = is_selinux_enabled();
handle = semanage_handle_create();
if (handle == NULL) {
@@ -191,7 +189,7 @@ static int semanage_set_boolean_list(size_t boolcnt,
boolean) < 0)
goto err;
- if (semanage_bool_set_active(handle, bool_key, boolean) < 0) {
+ if (enabled && semanage_bool_set_active(handle, bool_key, boolean) < 0) {
fprintf(stderr, "Failed to change boolean %s: %m\n",
boollist[j].name);
goto err;
As reported in #123, setsebool immediately exits with an error if SELinux is disabled, preventing its use for setting boolean persistent values. In contrast, semanage boolean -m works on SELinux-disabled hosts. Change setsebool so that it can be used with the -P option (persistent changes) even if SELinux is disabled. In the SELinux-disabled case, disable the policy reload and skip setting of active boolean values, but set the persistent value in the policy store. Fixes: https://github.com/SELinuxProject/selinux/issues/123 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> --- policycoreutils/setsebool/setsebool.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)