Re: SElinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Apr 08, 2006 at 14:40:47 -0500,
  Bruno Wolff III <bruno@xxxxxxxx> wrote:
> On Sat, Apr 08, 2006 at 18:23:57 +0100,
>   Paul Howarth <paul@xxxxxxxxxxxx> wrote:
> > 
> > Don't know much about writing custom policy modules from scratch, but
> > the context management should be easy enough using semanage.
> > 
> > semanage doesn't change the contexts of existing files, it changes the
> > underlying policy. This means that changes made using semanage will be
> > effected if you use "restorecon" or do a full relabel.
> 
> Thanks I had missed that.
> I had a mishap just last night when I rebooted after using setsebool to
> change a setting and had it unexpectedly reset. I see now, that I should
> be using semanage to be making persistant changes.

It looks like it isn't so simple for booleans. The man page for booleans(8)
says that you can use system-sysconfig-securitylevel to set persistant
boolean values, but the text mode version of that command seems to only
let you do firewall stuff. And the alternate method given is to edit the
/etc/selinux/POLICYTYPE/boolean, which appears to be out of date information.
The documentation/help for semanage doesn't indicate it can do this.
Looks like I should probably file a couple of bugzillas.

But at least I know how to do the file context stuff correctly now.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux