selinux / semodule question
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 14 21:16:35 UTC 2006
Brian Millett wrote:
> I've been trying to understand selinux on my laptop.
> I'm running rawhide. I have SELINUX=enforcing and SELINUXTYPE=targeted.
> I've had a few audit messages when I try to use NetworkManager & a vpn
> To debug it, I ran audit2why and saw that all of the denied where from
> a missing or disabled
> I have ran (I'm sure there are other ways)
> audit2why < /var/log/audit/audit.log | audit2allow -M local
> and then ran semodule -i local.pp
> It seem to have loaded the local.pp.
> Do I need to put the "semodule -i local.pp" in a rc.local for each
> boot? Or is it automagic?
No once you do a semodule -i, it permanently modifies the policy on
disk. the pp file is no longer required, unless you want to install it
on other machines or if you remove the policy later using semodule -r.
More information about the fedora-test-list