Boolean resets don't stick
Daniel J Walsh
dwalsh at redhat.com
Mon Mar 8 14:24:36 UTC 2010
On 03/08/2010 09:15 AM, Temlakos wrote:
> On 03/08/2010 09:10 AM, Paul Howarth wrote:
>
>> On 08/03/10 14:03, Temlakos wrote:
>>
>>
>>> Why is it that when I changed some SELinux variables to allow certain
>>> processes, the allowances did not persist with the next shutdown and
>>> reboot cycle?
>>>
>>> I had occasion to set allow_execmod and several Samba-related Booleans.
>>> And then this morning, it was as if I hadn't customized anything.
>>>
>>> I had to revert and reset every one of those custom variables, and
>>> /then/ I did a complete relabel. Once I did that, a certain application
>>> that needed execmod allowed, would run. Samba runs as well, though I
>>> probably discovered another issue--failure to turn on the nmb service as
>>> well as the smb service.
>>>
>>> But when I change a part of the Samba policy, I thought that should hold
>>> for good. Why doesn't it? Or did the relabeling finally make the issue
>>> go away?
>>>
>>> I just don't want that issue to come back, that's all--but I don't want
>>> to disable SELinux in order to do that.
>>>
>>>
>> You did use the "-P" option to setsebool, didn't you?
>>
>> Paul.
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>>
>>
> I was using the GUI manager for SELinux, not Konsole. I did not know
> about option -P. Is this another example of how the GUIs aren't up to par?
>
> Temlakos
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
>
Something strange is going on.
# grep setsebool /usr/share/system-config-selinux/booleansPage.py
setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val)
More information about the selinux
mailing list