restoring default selinux policy configuration
Eric Paris
eparis at redhat.com
Wed Sep 17 12:16:39 UTC 2008
On Wed, 2008-09-17 at 08:10 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Murray McAllister wrote:
> > Hi,
> >
> > If I change a lot of booleans, or install a lot of custom policies, is
> > there any way to restore selinux policy (targeted) to its default
> > configuration?
> >
> > Thanks.
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Well semanage does have a -D option to remove all local customizations
> for the object
>
> man semanage
> ..
>
> -D, --deleteall
> Remove all OBJECTS local customizations
>
>
>
> Example:
>
> semanage ports -D
>
> Would remove all port changes.
>
> There is no way to do this with modules currently.
>
> You could look at the modules in /usr/share/selinux/targeted/*.pp
> and compare them to semodule -l to see any modules that were different
> and use semodule -r MODNAME to remove them.
Gross horrible dangerous hack, be VERY careful, might eat your first
born, kidnap your grandmother, and blow your house down...
rpm -e --nodeps --justdb selinux-policy-targeted
rm -rf /etc/selinux/targeted
yum install selinux-policy-targeted
touch /.autorelabel
reboot
yes? no?
More information about the fedora-selinux-list
mailing list