Hi,

After some experiments I'm trying to reset booleans to the boot-time defaults. Just deleting /etc/selinux/targeted/modules/active/booleans.local and executing semodule -B does not help.

According to man booleans(8) the load_policy program can reset booleans to the boot-time defaults via the -b option. But executing load_policy -b produces the following warning on CentOS 7:

# load_policy -b
load_policy:  Warning! The -b option is no longer supported, booleans are always preserved across reloads.  Continuing...

Currently I'm setting up servers including SELinux policy using configuration management system. File /etc/selinux/targeted/modules/active/booleans.local is managed automatically. But if someone manually executes setsebool to set some boolean this boolean becomes unmanageable till the next reboot and it could be a very long time in the case of a production server.

Is there some way to reset booleans to the boot-time defaults?

Regards,
Aleksey

_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.