Re: SElinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2006-04-08 at 15:03 -0500, Bruno Wolff III wrote:
> On Sat, Apr 08, 2006 at 14:40:47 -0500,
>   Bruno Wolff III <bruno@xxxxxxxx> wrote:
> > On Sat, Apr 08, 2006 at 18:23:57 +0100,
> >   Paul Howarth <paul@xxxxxxxxxxxx> wrote:
> > > 
> > > Don't know much about writing custom policy modules from scratch, but
> > > the context management should be easy enough using semanage.
> > > 
> > > semanage doesn't change the contexts of existing files, it changes the
> > > underlying policy. This means that changes made using semanage will be
> > > effected if you use "restorecon" or do a full relabel.
> > 
> > Thanks I had missed that.
> > I had a mishap just last night when I rebooted after using setsebool to
> > change a setting and had it unexpectedly reset. I see now, that I should
> > be using semanage to be making persistant changes.
> 
> It looks like it isn't so simple for booleans. The man page for booleans(8)
> says that you can use system-sysconfig-securitylevel to set persistant
> boolean values, but the text mode version of that command seems to only
> let you do firewall stuff. And the alternate method given is to edit the
> /etc/selinux/POLICYTYPE/boolean, which appears to be out of date information.
> The documentation/help for semanage doesn't indicate it can do this.
> Looks like I should probably file a couple of bugzillas.
> 
> But at least I know how to do the file context stuff correctly now.

Use:

# setsebool -P name_of_boolean 1

to set a boolean persistently.

See the current value of booleans using getsebool.

Paul.
-- 
Paul Howarth <paul@xxxxxxxxxxxx>


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux