All of lore.kernel.org
 help / color / mirror / Atom feed
* Reset SELinux booleans
@ 2015-03-23 10:55 Aleksey Chudov
  2015-04-06 18:55 ` Daniel J Walsh
  0 siblings, 1 reply; 2+ messages in thread
From: Aleksey Chudov @ 2015-03-23 10:55 UTC (permalink / raw)
  To: selinux

[-- Attachment #1: Type: text/plain, Size: 973 bytes --]

Hi,

After some experiments I'm trying to reset booleans to the boot-time
defaults. Just deleting /etc/selinux/targeted/modules/active/booleans.local
and executing semodule -B does not help.

According to man booleans(8) the load_policy program can reset booleans to
the boot-time defaults via the -b option. But executing load_policy -b
produces the following warning on CentOS 7:

# load_policy -b
load_policy:  Warning! The -b option is no longer supported, booleans are
always preserved across reloads.  Continuing...

Currently I'm setting up servers including SELinux policy using
configuration management system. File
/etc/selinux/targeted/modules/active/booleans.local is managed
automatically. But if someone manually executes setsebool to set some
boolean this boolean becomes unmanageable till the next reboot and it could
be a very long time in the case of a production server.

Is there some way to reset booleans to the boot-time defaults?


Regards,
Aleksey

[-- Attachment #2: Type: text/html, Size: 1265 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-04-06 18:55 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-03-23 10:55 Reset SELinux booleans Aleksey Chudov
2015-04-06 18:55 ` Daniel J Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.