From: Daniel J Walsh <dwalsh@redhat.com>
To: Aleksey Chudov <aleksey.chudov@gmail.com>, selinux@tycho.nsa.gov
Subject: Re: Reset SELinux booleans
Date: Mon, 06 Apr 2015 14:55:30 -0400 [thread overview]
Message-ID: <5522D6A2.7090804@redhat.com> (raw)
In-Reply-To: <CA+g23Tsk7Lfh0eQ+FfayCT-pox7Y5FC9n_GNpTVvE83DttRbYw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1357 bytes --]
semanage booleans -D
Should do what you want
On 03/23/2015 06:55 AM, Aleksey Chudov wrote:
> Hi,
>
> After some experiments I'm trying to reset booleans to the boot-time
> defaults. Just deleting
> /etc/selinux/targeted/modules/active/booleans.local and executing
> semodule -B does not help.
>
> According to man booleans(8) the load_policy program can reset
> booleans to the boot-time defaults via the -b option. But executing
> load_policy -b produces the following warning on CentOS 7:
>
> # load_policy -b
> load_policy: Warning! The -b option is no longer supported, booleans
> are always preserved across reloads. Continuing...
>
> Currently I'm setting up servers including SELinux policy using
> configuration management system. File
> /etc/selinux/targeted/modules/active/booleans.local is managed
> automatically. But if someone manually executes setsebool to set some
> boolean this boolean becomes unmanageable till the next reboot and
> itcould be a very long time in the case of a production server.
>
> Is there some way to reset booleans to the boot-time defaults?
>
>
> Regards,
> Aleksey
>
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
[-- Attachment #2: Type: text/html, Size: 2692 bytes --]
prev parent reply other threads:[~2015-04-06 18:55 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-23 10:55 Reset SELinux booleans Aleksey Chudov
2015-04-06 18:55 ` Daniel J Walsh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5522D6A2.7090804@redhat.com \
--to=dwalsh@redhat.com \
--cc=aleksey.chudov@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.