restoring default selinux policy configuration
Daniel J Walsh
dwalsh at redhat.com
Wed Sep 17 20:41:29 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eric Paris wrote:
> On Wed, 2008-09-17 at 08:10 -0400, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Murray McAllister wrote:
>>> Hi,
>>>
>>> If I change a lot of booleans, or install a lot of custom policies, is
>>> there any way to restore selinux policy (targeted) to its default
>>> configuration?
>>>
>>> Thanks.
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>> Well semanage does have a -D option to remove all local customizations
>> for the object
>>
>> man semanage
>> ..
>>
>> -D, --deleteall
>> Remove all OBJECTS local customizations
>>
>>
>>
>> Example:
>>
>> semanage ports -D
>>
>> Would remove all port changes.
>>
>> There is no way to do this with modules currently.
>>
>> You could look at the modules in /usr/share/selinux/targeted/*.pp
>> and compare them to semodule -l to see any modules that were different
>> and use semodule -r MODNAME to remove them.
>
> Gross horrible dangerous hack, be VERY careful, might eat your first
> born, kidnap your grandmother, and blow your house down...
>
> rpm -e --nodeps --justdb selinux-policy-targeted
> rm -rf /etc/selinux/targeted
> yum install selinux-policy-targeted
> touch /.autorelabel
> reboot
>
> yes? no?
>
I would put the machine in permissive before doing this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjRa3kACgkQrlYvE4MpobNB+QCfWVCQQ+BceAXpRLMHl78wlyao
59wAoIXrGXp1u928nxPC1GzCH2HwOVsW
=n7BG
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list