[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: restoring default selinux policy configuration

From: Daniel J Walsh <dwalsh redhat com>
To: Murray McAllister <mmcallis redhat com>
Cc: fedora-selinux-list redhat com
Subject: Re: restoring default selinux policy configuration
Date: Wed, 17 Sep 2008 08:10:34 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Murray McAllister wrote:
> Hi,
> 
> If I change a lot of booleans, or install a lot of custom policies, is
> there any way to restore selinux policy (targeted) to its default
> configuration?
> 
> Thanks.
> 
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Well semanage does have a -D option to remove all local customizations
for the object

man semanage
...

       -D, --deleteall
              Remove all OBJECTS local customizations



Example:

semanage ports -D

Would remove all port changes.

There is no way to do this with modules currently.

You could look at the modules in /usr/share/selinux/targeted/*.pp
and compare them to semodule -l to see any modules that were different
and use semodule -r MODNAME to remove them.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjQ87gACgkQrlYvE4MpobMHigCfXrph1KpagtXk2EbwYrsGTrjb
c3YAn04JaTzLSTanFK5irxBC1mBKlmAh
=wNCb
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: restoring default selinux policy configuration
  - From: Eric Paris

References:
- restoring default selinux policy configuration
  - From: Murray McAllister

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]