That;s a Fedora bug report and fix.
I'd recommend that you use the selinux mailing list to ask the experts. We could play around and try different things but I suspect the guys on that list have sufficient knowledge so they'll know exactly where to look.
'setsebool -P' works but throws errors; changes not permanent
Re: 'setsebool -P' works but throws errors; changes not permanent
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 16
- Joined: 2016/10/27 18:09:29
Re: 'setsebool -P' works but throws errors; changes not permanent
Thanks for the guidance TrevorH. I received good suggestions there. The solution was dirt simple:
After this I was able to set the Boolean without errors and show that it has set the default value correctly:
Other tips provided from the mailing list include:
Code: Select all
yum reinstall selinux-policy-targeted
Code: Select all
[Cent-7:root@my_server ~]# getsebool authlogin_yubikey
authlogin_yubikey --> off
[Cent-7:root@ my_server ~]# setsebool -P authlogin_yubikey on
[Cent-7:root@ my_server ~]# semanage boolean -l | grep "authlogin_yubikey"
authlogin_yubikey (on , on) Allow authlogin to yubikey
- Verify it has gpio_device_t defined:
Code: Select all
$ seinfo -t | grep gpio_device_t gpio_device_t
- Verify this type is used in file_contexts:
If reinstalling selinux-policy-targeted didn't work, the suggestion was to 'move the old policy out and rebuild', which would be accomplished by:Code: Select all
# semanage fcontext -l | grep gpio_device_t /de[/list]v/gpiochip[0-9]+ character device system_u:object_r:gpio_device_t:s0
Code: Select all
# semanage export -f exports # mv /etc/selinux/targeted/active /etc/selinux/targeted/active.old # yum reinstall selinux-policy-targeted
- Examine the resulting exports file and then re-import:
Code: Select all
# cat exports # semanage import -f exports
- If problems persisted, move the entire policy tree instead of just the active branch:
Code: Select all
# mv /etc/selinux/targeted /etc/selinux/targeted.old # yum reinstall selinux-policy-targeted
- Then re-import as desired. A word of caution regarding the above is that local policy modules will be removed as well. Be sure to have them on-hand for re-activation.