Re: How do you reset Selinux back to default?
On 03/13/2018 07:53 AM, Samuel Sieb wrote: > On 03/12/2018 06:28 PM, ToddAndMargo wrote: >> I mean before I started adding things to SELinux based on >> SEAlerts and such. In other word, set SELinux back to >> the way I found it after I installed Linux > > I thought I had seen something to list changed modules, but now I think > I misunderstood. I think the easiest way would be to find a clean > install somewhere and list the installed modules there. Then you can do > a diff with your system and remove the modules are extra. > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org Hi, To "reset" SELinux on your system please remove all "non-system" modules: # semodule -lfull | grep -v 100 # this gives you list of non system SELinux modules # semodule -r # this will remove it Then there is semanage command: # cat reset_selinux.txt boolean -D login -D interface -D user -D port -D node -D fcontext -D module -D # semanage import -f reset_selinux.txt # # restorecon -Rv / This will remove all local SELinux modules and reset your local modifications. Lukas. -- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. 0x633F6955.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: How do you reset Selinux back to default?
On 03/12/2018 06:28 PM, ToddAndMargo wrote: I mean before I started adding things to SELinux based on SEAlerts and such. In other word, set SELinux back to the way I found it after I installed Linux I thought I had seen something to list changed modules, but now I think I misunderstood. I think the easiest way would be to find a clean install somewhere and list the installed modules there. Then you can do a diff with your system and remove the modules are extra. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: How do you reset Selinux back to default?
On 03/13/18 09:28, ToddAndMargo wrote: > On 03/12/2018 04:20 PM, Ed Greshko wrote: >> On 03/13/18 07:02, ToddAndMargo wrote: >>> Hi All, >>> >>> How do you set SELinux back to default and start over? >> >> You mean for the entire file system? If so, "fixfiles onboot" will setup >> the >> machine to relabel on the next reboot. >> >> See the "fixfiles" man page. >> >> Alternatively, you can "touch /.autorelabel" and reboot. > > Hi Ed, > > Thank you! > > I mean before I started adding things to SELinux based on > SEAlerts and such. In other word, set SELinux back to > the way I found it after I installed Linux It will relabel files back to their "default" selinux context. However, if you added your own policy or made changes to existing policies I believe they will remain. -- Conjecture is just a conclusion based on incomplete information. It isn't a fact. signature.asc Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: How do you reset Selinux back to default?
On 03/12/2018 04:20 PM, Ed Greshko wrote: On 03/13/18 07:02, ToddAndMargo wrote: Hi All, How do you set SELinux back to default and start over? You mean for the entire file system? If so, "fixfiles onboot" will setup the machine to relabel on the next reboot. See the "fixfiles" man page. Alternatively, you can "touch /.autorelabel" and reboot. Hi Ed, Thank you! I mean before I started adding things to SELinux based on SEAlerts and such. In other word, set SELinux back to the way I found it after I installed Linux -T ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: How do you reset Selinux back to default?
On 03/13/18 07:02, ToddAndMargo wrote: > Hi All, > > How do you set SELinux back to default and start over? You mean for the entire file system? If so, "fixfiles onboot" will setup the machine to relabel on the next reboot. See the "fixfiles" man page. Alternatively, you can "touch /.autorelabel" and reboot. -- Conjecture is just a conclusion based on incomplete information. It isn't a fact. signature.asc Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
