Re: restoring default selinux policy configuration

On Wed, 2008-09-17 at 08:10 -0400, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Murray McAllister wrote: >> Hi, >> >> If I change a lot of booleans, or install a lot of custom policies, is >> there any way to restore selinux policy (targeted) to its default >> configuration? >> >> Thanks. >> >> -- >> fedora-selinux-list mailing list >> fedora-selinux-list(a)redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-selinux-list > Well semanage does have a -D option to remove all local customizations > for the object > > man semanage > .. > > -D, --deleteall > Remove all OBJECTS local customizations > > > > Example: > > semanage ports -D > > Would remove all port changes. > > There is no way to do this with modules currently. > > You could look at the modules in /usr/share/selinux/targeted/*.pp > and compare them to semodule -l to see any modules that were different > and use semodule -r MODNAME to remove them. Gross horrible dangerous hack, be VERY careful, might eat your first born, kidnap your grandmother, and blow your house down... rpm -e --nodeps --justdb selinux-policy-targeted rm -rf /etc/selinux/targeted yum install selinux-policy-targeted touch /.autorelabel reboot yes? no?

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkjRa3kACgkQrlYvE4MpobNB+QCfWVCQQ+BceAXpRLMHl78wlyao 59wAoIXrGXp1u928nxPC1GzCH2HwOVsW =n7BG -----END PGP SIGNATURE-----