Hi,
After some experiments I'm trying to reset booleans to the boot-time defaults. Just deleting /etc/selinux/targeted/modules/active/booleans.local and executing semodule -B does not help.
According to man booleans(8) the load_policy program can reset booleans to the boot-time defaults via the -b option. But executing load_policy -b produces the following warning on CentOS 7:
# load_policy -b
load_policy: Warning! The -b option is no longer supported, booleans are always preserved across reloads. Continuing...
Currently I'm setting up servers including SELinux policy using configuration management system. File /etc/selinux/targeted/modules/active/booleans.local is managed automatically. But if someone manually executes setsebool to set some boolean this boolean becomes unmanageable till the next reboot and it could be a very long time in the case of a production server.
Is there some way to reset booleans to the boot-time defaults?
Regards,
Aleksey
After some experiments I'm trying to reset booleans to the boot-time defaults. Just deleting /etc/selinux/targeted/modules/active/booleans.local and executing semodule -B does not help.
According to man booleans(8) the load_policy program can reset booleans to the boot-time defaults via the -b option. But executing load_policy -b produces the following warning on CentOS 7:
# load_policy -b
load_policy: Warning! The -b option is no longer supported, booleans are always preserved across reloads. Continuing...
Currently I'm setting up servers including SELinux policy using configuration management system. File /etc/selinux/targeted/modules/active/booleans.local is managed automatically. But if someone manually executes setsebool to set some boolean this boolean becomes unmanageable till the next reboot and it could be a very long time in the case of a production server.
Is there some way to reset booleans to the boot-time defaults?
Aleksey
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
