On Sat, 2006-04-08 at 15:03 -0500, Bruno Wolff III wrote: > On Sat, Apr 08, 2006 at 14:40:47 -0500, > Bruno Wolff III <bruno@xxxxxxxx> wrote: > > On Sat, Apr 08, 2006 at 18:23:57 +0100, > > Paul Howarth <paul@xxxxxxxxxxxx> wrote: > > > > > > Don't know much about writing custom policy modules from scratch, but > > > the context management should be easy enough using semanage. > > > > > > semanage doesn't change the contexts of existing files, it changes the > > > underlying policy. This means that changes made using semanage will be > > > effected if you use "restorecon" or do a full relabel. > > > > Thanks I had missed that. > > I had a mishap just last night when I rebooted after using setsebool to > > change a setting and had it unexpectedly reset. I see now, that I should > > be using semanage to be making persistant changes. > > It looks like it isn't so simple for booleans. The man page for booleans(8) > says that you can use system-sysconfig-securitylevel to set persistant > boolean values, but the text mode version of that command seems to only > let you do firewall stuff. And the alternate method given is to edit the > /etc/selinux/POLICYTYPE/boolean, which appears to be out of date information. > The documentation/help for semanage doesn't indicate it can do this. > Looks like I should probably file a couple of bugzillas. > > But at least I know how to do the file context stuff correctly now. Use: # setsebool -P name_of_boolean 1 to set a boolean persistently. See the current value of booleans using getsebool. Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>
