"resetting" selinux back to defaults
Paul Howarth
paul at city-fan.org
Wed Apr 5 07:34:14 UTC 2006
On Tue, 2006-04-04 at 20:10 +0100, Chris Jones wrote:
> Hi
>
> Previously, I have run
>
> setsebool -P allow_execheap=true allow_execmod=true
>
> to get an application running under FC5. I now want to undo this change - Is
> it enough to issue
>
> setsebool -P allow_execheap=false allow_execmod=false
>
> to undo this ? Put another way, whats the best way to remove any selinux
> customisation and return to a "default" setup ?
That should fix the booleans you've changed (assuming you remember all
of them). You can check the settings of all booleans as follows:
# getsebool -a
If you've used semanage to change default file contexts, the local
changes should be visible
in /etc/selinux/targeted/modules/active/file_contexts.local
You can list any local policy modules running using "semodule -l"
If you've manually changed file contexts using chcon, you would need to
use restorecon to fix them (if you remember the files you've changed) or
relabel the whole system (if you can't remember what you've changed).
Paul.
More information about the users
mailing list