On 03/08/2010 09:24 AM, Daniel J Walsh wrote: > On 03/08/2010 09:15 AM, Temlakos wrote: >> On 03/08/2010 09:10 AM, Paul Howarth wrote: >>> On 08/03/10 14:03, Temlakos wrote: >>> >>>> Why is it that when I changed some SELinux variables to allow certain >>>> processes, the allowances did not persist with the next shutdown and >>>> reboot cycle? >>>> >>>> I had occasion to set allow_execmod and several Samba-related >>>> Booleans. >>>> And then this morning, it was as if I hadn't customized anything. >>>> >>>> I had to revert and reset every one of those custom variables, and >>>> /then/ I did a complete relabel. Once I did that, a certain >>>> application >>>> that needed execmod allowed, would run. Samba runs as well, though I >>>> probably discovered another issue--failure to turn on the nmb >>>> service as >>>> well as the smb service. >>>> >>>> But when I change a part of the Samba policy, I thought that should >>>> hold >>>> for good. Why doesn't it? Or did the relabeling finally make the issue >>>> go away? >>>> >>>> I just don't want that issue to come back, that's all--but I don't >>>> want >>>> to disable SELinux in order to do that. >>>> >>> You did use the "-P" option to setsebool, didn't you? >>> >>> Paul. >>> -- >>> selinux mailing list >>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>> >>> >> I was using the GUI manager for SELinux, not Konsole. I did not know >> about option -P. Is this another example of how the GUIs aren't up to >> par? >> >> Temlakos >> >> -- >> selinux mailing list >> selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux >> >> > Something strange is going on. > > # grep setsebool /usr/share/system-config-selinux/booleansPage.py > setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val) > > Yes, I show the same from that grep command. In other words, system-config-selinux is supposed to use the -P option. I just went directly to Konsole and issued a setsebool command with the -P option. Now I'll reboot and see what happens. Recall the other thing that I did to get things to work again: I relabeled my whole file system. It took five minutes. Temlakos -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
