From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <532C400E.8090104@tycho.nsa.gov> Date: Fri, 21 Mar 2014 09:35:10 -0400 From: Stephen Smalley MIME-Version: 1.0 To: kim.lawson-jenkins@nrl.navy.mil, selinux@tycho.nsa.gov Subject: Re: How to restore a policy module References: <01e101cf4509$9942ae60$cbc80b20$@nrl.navy.mil> <532C3F5F.1040602@tycho.nsa.gov> In-Reply-To: <532C3F5F.1040602@tycho.nsa.gov> Content-Type: text/plain; charset=windows-1252 List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: On 03/21/2014 09:32 AM, Stephen Smalley wrote: > On 03/21/2014 09:29 AM, Kim Lawson-Jenkins wrote: >> In an attempt to lockdown a system I removed the remotelogin policy >> module using semodule –r. I’m using the targeted policy on RHEL6. How >> do I add this file back to my current configuration? > > You can always do a yum reinstall selinux-policy-targeted to fully > reinstall the policy, or you could individually install that policy > module. Used to be the case that a copy of each module was available > under /usr/share/selinux/targeted, so you could do a semodule -i > /usr/share/selinux/targeted/remotelogin.pp if that exists (but it seems > to have gone away in recent Fedora, likely to save on storage). Also, if you add: save-previous = true to your /etc/selinux/semanage.conf it will keep a copy of your previous policy under /etc/selinux/targeted/modules/previous on each transaction, making it easier to rollback changes.