Brian Millett wrote:
I've been trying to understand selinux on my laptop.
I'm running rawhide. I have SELINUX=enforcing and SELINUXTYPE=targeted.
I've had a few audit messages when I try to use NetworkManager & a vpn
connection.
To debug it, I ran audit2why and saw that all of the denied where from
a missing or disabled
TE.
I have ran (I'm sure there are other ways)
audit2why < /var/log/audit/audit.log | audit2allow -M local
and then ran semodule -i local.pp
It seem to have loaded the local.pp.
Do I need to put the "semodule -i local.pp" in a rc.local for each
boot? Or is it automagic?
Thanks.
No once you do a semodule -i, it permanently modifies the policy on
disk. the pp file is no longer required, unless you want to install it
on other machines or if you remove the policy later using semodule -r.
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list