Re: selinux / semodule question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Brian Millett wrote:
I've been trying to understand selinux on my laptop. I'm running rawhide. I have SELINUX=enforcing and SELINUXTYPE=targeted. I've had a few audit messages when I try to use NetworkManager & a vpn connection. To debug it, I ran audit2why and saw that all of the denied where from a missing or disabled
TE.
I have ran (I'm sure there are other ways)

audit2why < /var/log/audit/audit.log | audit2allow -M local

and then ran semodule -i local.pp

It seem to have loaded the local.pp.

Do I need to put the "semodule -i local.pp" in a rc.local for each boot? Or is it automagic?

Thanks.
No once you do a semodule -i, it permanently modifies the policy on disk. the pp file is no longer required, unless you want to install it on other machines or if you remove the policy later using semodule -r.


--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]