How do you reset Selinux back to default?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

How do you reset Selinux back to default?

ToddAndMargo
Hi All,

How do you set SELinux back to default and start over?

Many thanks,
-T
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: How do you reset Selinux back to default?

Ed Greshko
On 03/13/18 07:02, ToddAndMargo wrote:
> Hi All,
>
> How do you set SELinux back to default and start over?

You mean for the entire file system?  If so, "fixfiles onboot"  will setup the
machine to relabel on the next reboot.

See the "fixfiles" man page.

Alternatively, you can "touch /.autorelabel" and reboot.



--
Conjecture is just a conclusion based on incomplete information. It isn't a fact.


_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]

signature.asc (235 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How do you reset Selinux back to default?

ToddAndMargo
On 03/12/2018 04:20 PM, Ed Greshko wrote:

> On 03/13/18 07:02, ToddAndMargo wrote:
>> Hi All,
>>
>> How do you set SELinux back to default and start over?
>
> You mean for the entire file system?  If so, "fixfiles onboot"  will setup the
> machine to relabel on the next reboot.
>
> See the "fixfiles" man page.
>
> Alternatively, you can "touch /.autorelabel" and reboot.

Hi Ed,

Thank you!

I mean before I started adding things to SELinux based on
SEAlerts and such.  In other word, set SELinux back to
the way I found it after I installed Linux

-T

_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: How do you reset Selinux back to default?

Ed Greshko-2
On 03/13/18 09:28, ToddAndMargo wrote:

> On 03/12/2018 04:20 PM, Ed Greshko wrote:
>> On 03/13/18 07:02, ToddAndMargo wrote:
>>> Hi All,
>>>
>>> How do you set SELinux back to default and start over?
>>
>> You mean for the entire file system?  If so, "fixfiles onboot"  will setup the
>> machine to relabel on the next reboot.
>>
>> See the "fixfiles" man page.
>>
>> Alternatively, you can "touch /.autorelabel" and reboot.
>
> Hi Ed,
>
> Thank you!
>
> I mean before I started adding things to SELinux based on
> SEAlerts and such.  In other word, set SELinux back to
> the way I found it after I installed Linux
It will relabel files back to their "default" selinux context.  However, if you added
your own policy or made changes to existing policies I believe they will remain.

--
Conjecture is just a conclusion based on incomplete information. It isn't a fact.


_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How do you reset Selinux back to default?

Samuel Sieb
In reply to this post by ToddAndMargo
On 03/12/2018 06:28 PM, ToddAndMargo wrote:
> I mean before I started adding things to SELinux based on
> SEAlerts and such.  In other word, set SELinux back to
> the way I found it after I installed Linux

I thought I had seen something to list changed modules, but now I think
I misunderstood.  I think the easiest way would be to find a clean
install somewhere and list the installed modules there.  Then you can do
a diff with your system and remove the modules are extra.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: How do you reset Selinux back to default?

Lukas Vrabec
On 03/13/2018 07:53 AM, Samuel Sieb wrote:

> On 03/12/2018 06:28 PM, ToddAndMargo wrote:
>> I mean before I started adding things to SELinux based on
>> SEAlerts and such.  In other word, set SELinux back to
>> the way I found it after I installed Linux
>
> I thought I had seen something to list changed modules, but now I think
> I misunderstood.  I think the easiest way would be to find a clean
> install somewhere and list the installed modules there.  Then you can do
> a diff with your system and remove the modules are extra.
> _______________________________________________
> users mailing list -- [hidden email]
> To unsubscribe send an email to [hidden email]
Hi,

To "reset" SELinux on your system please remove all "non-system" modules:

# semodule -lfull | grep -v 100  # this gives you list of non system
SELinux modules
# semodule -r <modulename> # this will remove it

Then there is semanage command:

# cat reset_selinux.txt
boolean -D
login -D
interface -D
user -D
port -D
node -D
fcontext -D
module -D

# semanage import -f reset_selinux.txt
#

# restorecon -Rv /

This will remove all local SELinux modules and reset your local
modifications.

Lukas.

--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.

_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]

0x633F6955.asc (5K) Download Attachment
signature.asc (499 bytes) Download Attachment