-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric Paris wrote: > On Wed, 2008-09-17 at 08:10 -0400, Daniel J Walsh wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Murray McAllister wrote: >>> Hi, >>> >>> If I change a lot of booleans, or install a lot of custom policies, is >>> there any way to restore selinux policy (targeted) to its default >>> configuration? >>> >>> Thanks. >>> >>> -- >>> fedora-selinux-list mailing list >>> fedora-selinux-list@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list >> Well semanage does have a -D option to remove all local customizations >> for the object >> >> man semanage >> .. >> >> -D, --deleteall >> Remove all OBJECTS local customizations >> >> >> >> Example: >> >> semanage ports -D >> >> Would remove all port changes. >> >> There is no way to do this with modules currently. >> >> You could look at the modules in /usr/share/selinux/targeted/*.pp >> and compare them to semodule -l to see any modules that were different >> and use semodule -r MODNAME to remove them. > > Gross horrible dangerous hack, be VERY careful, might eat your first > born, kidnap your grandmother, and blow your house down... > > rpm -e --nodeps --justdb selinux-policy-targeted > rm -rf /etc/selinux/targeted > yum install selinux-policy-targeted > touch /.autorelabel > reboot > > yes? no? > I would put the machine in permissive before doing this. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkjRa3kACgkQrlYvE4MpobNB+QCfWVCQQ+BceAXpRLMHl78wlyao 59wAoIXrGXp1u928nxPC1GzCH2HwOVsW =n7BG -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
