semanage booleans -D
Should do what you want
On 03/23/2015 06:55 AM, Aleksey Chudov
wrote:
Hi,
After some experiments I'm trying to reset booleans to the
boot-time defaults. Just deleting
/etc/selinux/targeted/modules/active/booleans.local and
executing semodule -B does not help.
According to man booleans(8) the load_policy program can reset
booleans to the boot-time defaults via the -b option. But
executing load_policy -b produces the following warning on
CentOS 7:
# load_policy -b
load_policy: Warning! The -b option is no longer supported,
booleans are always preserved across reloads. Continuing...
Currently I'm setting up servers including
SELinux policy using configuration management system. File
/etc/selinux/targeted/modules/active/booleans.local is managed
automatically. But if someone manually executes setsebool to set
some boolean this boolean becomes unmanageable till the next
reboot and it could be a
very long time in the case of a
production server.
Is there some way
to reset booleans to the boot-time
defaults?
Regards,
Aleksey
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
|
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
