[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: selinux / semodule question



Brian Millett wrote:
I've been trying to understand selinux on my laptop. I'm running rawhide. I have SELINUX=enforcing and SELINUXTYPE=targeted. I've had a few audit messages when I try to use NetworkManager & a vpn connection. To debug it, I ran audit2why and saw that all of the denied where from a missing or disabled
TE.
I have ran (I'm sure there are other ways)

audit2why < /var/log/audit/audit.log | audit2allow -M local

and then ran semodule -i local.pp

It seem to have loaded the local.pp.

Do I need to put the "semodule -i local.pp" in a rc.local for each boot? Or is it automagic?

Thanks.
No once you do a semodule -i, it permanently modifies the policy on disk. the pp file is no longer required, unless you want to install it on other machines or if you remove the policy later using semodule -r.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]