SElinux
Bruno Wolff III
bruno at wolff.to
Sat Apr 8 20:03:29 UTC 2006
On Sat, Apr 08, 2006 at 14:40:47 -0500,
Bruno Wolff III <bruno at wolff.to> wrote:
> On Sat, Apr 08, 2006 at 18:23:57 +0100,
> Paul Howarth <paul at city-fan.org> wrote:
> >
> > Don't know much about writing custom policy modules from scratch, but
> > the context management should be easy enough using semanage.
> >
> > semanage doesn't change the contexts of existing files, it changes the
> > underlying policy. This means that changes made using semanage will be
> > effected if you use "restorecon" or do a full relabel.
>
> Thanks I had missed that.
> I had a mishap just last night when I rebooted after using setsebool to
> change a setting and had it unexpectedly reset. I see now, that I should
> be using semanage to be making persistant changes.
It looks like it isn't so simple for booleans. The man page for booleans(8)
says that you can use system-sysconfig-securitylevel to set persistant
boolean values, but the text mode version of that command seems to only
let you do firewall stuff. And the alternate method given is to edit the
/etc/selinux/POLICYTYPE/boolean, which appears to be out of date information.
The documentation/help for semanage doesn't indicate it can do this.
Looks like I should probably file a couple of bugzillas.
But at least I know how to do the file context stuff correctly now.
More information about the fedora-list
mailing list