SELinux should be permissive. It's the same as disabled but can also

Matt Willsher · annawake · commit 149a60911a38 · 2015-06-09T06:42:19.000-07:00
generate dry runs of policy violations.
diff --git a/AUTHORS b/AUTHORS
@@ -9,6 +9,7 @@ Joshua Timberman <joshua@chef.io>
 Jeremy Rosengren <jeremy@rosengren.org>
 Lorenzo Villani <lorenzo@villani.me>
 Masahiro Ono <masahiro.o@gmail.com>
+Matt Willsher <matt@willsher.systems>
 Mischa Taylor <mischa@misheska.com>
 Rickard von Essen <rickard.von.essen@gmail.com>
 Ross Smith II <ross@smithii.com>
diff --git a/http/ks5.cfg b/http/ks5.cfg
@@ -26,7 +26,7 @@ cdrom
 user --name=vagrant --password vagrant
 network --bootproto=dhcp
 firewall --disabled
-selinux --disabled
+selinux --permissive
 bootloader --location=mbr
 text
 skipx
@@ -81,9 +81,6 @@ nfs-utils
 -zd1211-firmware
 
 %post
-# Force disable SELinux
-cp /etc/selinux/config /etc/selinux/config.orig
-sed -i -e 's/\(^SELINUX=\).*$/\1disabled/' /etc/selinux/config
 # configure vagrant user in sudoers
 echo "vagrant        ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers
 sed -i "s/^\(.*requiretty\)$/#\1/" /etc/sudoers
diff --git a/http/ks6-desktop.cfg b/http/ks6-desktop.cfg
@@ -27,7 +27,7 @@ user --name=vagrant --plaintext --password vagrant
 unsupported_hardware
 network --bootproto=dhcp
 firewall --disabled
-selinux --disabled
+selinux --permissive
 bootloader --location=mbr
 text
 xconfig --startxonboot --resolution=1024x76 --depth=24
@@ -71,8 +71,6 @@ curl
 wget
 
 %post
-# Force disable SELinux
-sed -i -e 's/\(^SELINUX=\).*$/\1disabled/' /etc/selinux/config
 # configure vagrant user in sudoers
 echo "%vagrant ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/vagrant
 chmod 0440 /etc/sudoers.d/vagrant
diff --git a/http/ks6.cfg b/http/ks6.cfg
@@ -27,7 +27,7 @@ user --name=vagrant --plaintext --password vagrant
 unsupported_hardware
 network --bootproto=dhcp
 firewall --disabled
-selinux --disabled
+selinux --permissive
 bootloader --location=mbr
 text
 skipx
@@ -74,8 +74,6 @@ nfs-utils
 %end
 
 %post
-# Force disable SELinux
-sed -i -e 's/\(^SELINUX=\).*$/\1disabled/' /etc/selinux/config
 # configure vagrant user in sudoers
 echo "%vagrant ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/vagrant
 chmod 0440 /etc/sudoers.d/vagrant
diff --git a/http/ks7-desktop.cfg b/http/ks7-desktop.cfg
@@ -27,7 +27,7 @@ user --name=vagrant --plaintext --password vagrant
 unsupported_hardware
 network --bootproto=dhcp
 firewall --disabled
-selinux --disabled
+selinux --permissive
 bootloader --location=mbr
 text
 xconfig  --startxonboot --defaultdesktop=gnome
diff --git a/http/ks7.cfg b/http/ks7.cfg
@@ -27,7 +27,7 @@ user --name=vagrant --plaintext --password vagrant
 unsupported_hardware
 network --bootproto=dhcp
 firewall --disabled
-selinux --disabled
+selinux --permissive
 bootloader --location=mbr
 text
 skipx
diff --git a/test/centos_spec.rb b/test/centos_spec.rb
@@ -14,7 +14,7 @@
   end
 
   it 'should disable SELinux' do
-    expect(selinux).to be_disabled
+    expect(selinux).to be_permissive
   end
 
   # https://www.chef.io/blog/2015/02/26/bento-box-update-for-centos-and-fedora/

-Original file line number
+Diff line change
 Jeremy Rosengren <[email protected]>
 Lorenzo Villani <[email protected]>
 Masahiro Ono <[email protected]>
 +Matt Willsher <[email protected]>
 Mischa Taylor <[email protected]>
 Rickard von Essen <[email protected]>
 Ross Smith II <[email protected]>