restoring default selinux policy configuration

Eric Paris eparis at redhat.com
Wed Sep 17 12:16:39 UTC 2008


On Wed, 2008-09-17 at 08:10 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Murray McAllister wrote:
> > Hi,
> > 
> > If I change a lot of booleans, or install a lot of custom policies, is
> > there any way to restore selinux policy (targeted) to its default
> > configuration?
> > 
> > Thanks.
> > 
> > -- 
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Well semanage does have a -D option to remove all local customizations
> for the object
> 
> man semanage
> ..
> 
>        -D, --deleteall
>               Remove all OBJECTS local customizations
> 
> 
> 
> Example:
> 
> semanage ports -D
> 
> Would remove all port changes.
> 
> There is no way to do this with modules currently.
> 
> You could look at the modules in /usr/share/selinux/targeted/*.pp
> and compare them to semodule -l to see any modules that were different
> and use semodule -r MODNAME to remove them.

Gross horrible dangerous hack, be VERY careful, might eat your first
born, kidnap your grandmother, and blow your house down...

rpm -e --nodeps --justdb selinux-policy-targeted
rm -rf /etc/selinux/targeted
yum install selinux-policy-targeted
touch /.autorelabel
reboot

yes? no?




More information about the fedora-selinux-list mailing list