Boolean resets don't stick

Daniel J Walsh dwalsh at redhat.com
Mon Mar 8 15:23:35 UTC 2010 

On 03/08/2010 09:48 AM, Temlakos wrote:
> On 03/08/2010 09:24 AM, Daniel J Walsh wrote:
>    
>> On 03/08/2010 09:15 AM, Temlakos wrote:
>>      
>>> On 03/08/2010 09:10 AM, Paul Howarth wrote:
>>>        
>>>> On 08/03/10 14:03, Temlakos wrote:
>>>>
>>>>          
>>>>> Why is it that when I changed some SELinux variables to allow certain
>>>>> processes, the allowances did not persist with the next shutdown and
>>>>> reboot cycle?
>>>>>
>>>>> I had occasion to set allow_execmod and several Samba-related
>>>>> Booleans.
>>>>> And then this morning, it was as if I hadn't customized anything.
>>>>>
>>>>> I had to revert and reset every one of those custom variables, and
>>>>> /then/ I did a complete relabel. Once I did that, a certain
>>>>> application
>>>>> that needed execmod allowed, would run. Samba runs as well, though I
>>>>> probably discovered another issue--failure to turn on the nmb
>>>>> service as
>>>>> well as the smb service.
>>>>>
>>>>> But when I change a part of the Samba policy, I thought that should
>>>>> hold
>>>>> for good. Why doesn't it? Or did the relabeling finally make the issue
>>>>> go away?
>>>>>
>>>>> I just don't want that issue to come back, that's all--but I don't
>>>>> want
>>>>> to disable SELinux in order to do that.
>>>>>
>>>>>            
>>>> You did use the "-P" option to setsebool, didn't you?
>>>>
>>>> Paul.
>>>> -- 
>>>> selinux mailing list
>>>> selinux at lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>>
>>>>
>>>>          
>>> I was using the GUI manager for SELinux, not Konsole. I did not know
>>> about option -P. Is this another example of how the GUIs aren't up to
>>> par?
>>>
>>> Temlakos
>>>
>>> -- 
>>> selinux mailing list
>>> selinux at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>
>>>
>>>        
>> Something strange is going on.
>>
>> # grep setsebool  /usr/share/system-config-selinux/booleansPage.py
>>          setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val)
>>
>>
>>      
> OK, here's the reboot test. At first my application still didn't run,
> though all the Booleans showed up as set when I ran getsebool in Konsole.
>
> Then it occurred to me to launch KWallet directly. That solved the problem.
>
> I think I know what might have happened: KWallet doesn't start
> automatically every time. So SELinux was probably not at issue.
>
> Temlakos
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>    
Thats ok.  Just rounding up the usual suspects...

More information about the selinux mailing list