Hi All,
How do you set SELinux back to default and start over?
Many thanks, -T
On 03/13/18 07:02, ToddAndMargo wrote:
Hi All,
How do you set SELinux back to default and start over?
You mean for the entire file system? If so, "fixfiles onboot" will setup the machine to relabel on the next reboot.
See the "fixfiles" man page.
Alternatively, you can "touch /.autorelabel" and reboot.
On 03/12/2018 04:20 PM, Ed Greshko wrote:
On 03/13/18 07:02, ToddAndMargo wrote:
Hi All,
How do you set SELinux back to default and start over?
You mean for the entire file system? If so, "fixfiles onboot" will setup the machine to relabel on the next reboot.
See the "fixfiles" man page.
Alternatively, you can "touch /.autorelabel" and reboot.
Hi Ed,
Thank you!
I mean before I started adding things to SELinux based on SEAlerts and such. In other word, set SELinux back to the way I found it after I installed Linux
-T
On 03/13/18 09:28, ToddAndMargo wrote:
On 03/12/2018 04:20 PM, Ed Greshko wrote:
On 03/13/18 07:02, ToddAndMargo wrote:
Hi All,
How do you set SELinux back to default and start over?
You mean for the entire file system? If so, "fixfiles onboot" will setup the machine to relabel on the next reboot.
See the "fixfiles" man page.
Alternatively, you can "touch /.autorelabel" and reboot.
Hi Ed,
Thank you!
I mean before I started adding things to SELinux based on SEAlerts and such. In other word, set SELinux back to the way I found it after I installed Linux
It will relabel files back to their "default" selinux context. However, if you added your own policy or made changes to existing policies I believe they will remain.
On 03/12/2018 06:28 PM, ToddAndMargo wrote:
I mean before I started adding things to SELinux based on SEAlerts and such. In other word, set SELinux back to the way I found it after I installed Linux
I thought I had seen something to list changed modules, but now I think I misunderstood. I think the easiest way would be to find a clean install somewhere and list the installed modules there. Then you can do a diff with your system and remove the modules are extra.
On 03/13/2018 07:53 AM, Samuel Sieb wrote:
On 03/12/2018 06:28 PM, ToddAndMargo wrote:
I mean before I started adding things to SELinux based on SEAlerts and such. In other word, set SELinux back to the way I found it after I installed Linux
I thought I had seen something to list changed modules, but now I think I misunderstood. I think the easiest way would be to find a clean install somewhere and list the installed modules there. Then you can do a diff with your system and remove the modules are extra. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
Hi,
To "reset" SELinux on your system please remove all "non-system" modules:
# semodule -lfull | grep -v 100 # this gives you list of non system SELinux modules # semodule -r <modulename> # this will remove it
Then there is semanage command:
# cat reset_selinux.txt boolean -D login -D interface -D user -D port -D node -D fcontext -D module -D
# semanage import -f reset_selinux.txt #
# restorecon -Rv /
This will remove all local SELinux modules and reset your local modifications.
Lukas.
-
Ed Greshko -
Ed Greshko -
Lukas Vrabec -
Samuel Sieb -
ToddAndMargo