On 11/8/18 9:14 AM, Mahmood Naderan wrote:
Hi,
What is the safest method to reset SELinux to its default configuration
without reinstalling the operating system?
Generally, when you make changes to SELinux, a file with the extension
.local is created under /etc/selinux.
So to see all the changes that have been made, you can do
find /etc/selinux -name "*.local"
Then you can read those files and back out any changes which have been
made.
On my system, for instance, I have a file:
/etc/selinux/targeted/contexts/files/file_contexts.local
I just tested, and the booleans.local no longer seems to be created... I
know there used to be a booleans.local file created when you ran
setsebool -P. Has that gone away?
Thomas