Re: How to restore a policy module

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Smalley <sds@tycho.nsa.gov>
To: kim.lawson-jenkins@nrl.navy.mil, selinux@tycho.nsa.gov
Subject: Re: How to restore a policy module
Date: Fri, 21 Mar 2014 09:35:10 -0400	[thread overview]
Message-ID: <532C400E.8090104@tycho.nsa.gov> (raw)
In-Reply-To: <532C3F5F.1040602@tycho.nsa.gov>

On 03/21/2014 09:32 AM, Stephen Smalley wrote:
> On 03/21/2014 09:29 AM, Kim Lawson-Jenkins wrote:
>> In an attempt to lockdown a system I removed the remotelogin policy
>> module using semodule –r.  I’m using the targeted policy on RHEL6.  How
>> do I add this file back to my current configuration?
> 
> You can always do a yum reinstall selinux-policy-targeted to fully
> reinstall the policy, or you could individually install that policy
> module.  Used to be the case that a copy of each module was available
> under /usr/share/selinux/targeted, so you could do a semodule -i
> /usr/share/selinux/targeted/remotelogin.pp if that exists (but it seems
> to have gone away in recent Fedora, likely to save on storage).

Also, if you add:
save-previous = true
to your /etc/selinux/semanage.conf
it will keep a copy of your previous policy under
/etc/selinux/targeted/modules/previous on each transaction, making it
easier to rollback changes.

next prev parent reply	other threads:[~2014-03-21 13:35 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-03-21 13:29 How to restore a policy module Kim Lawson-Jenkins
2014-03-21 13:32 ` Stephen Smalley
2014-03-21 13:35   ` Stephen Smalley [this message]
2014-03-21 13:49     ` Kim Lawson-Jenkins
2014-03-21 13:37 ` Ilya Frolov
2014-03-21 13:41 ` James Carter
2014-03-21 18:34 ` Daniel J Walsh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=532C400E.8090104@tycho.nsa.gov \
    --to=sds@tycho.nsa.gov \
    --cc=kim.lawson-jenkins@nrl.navy.mil \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.