How to check if the default SELinux policy was modified with installation of any package?

akvpappan · May 16, 2020, 10:02pm

By default Fedora comes with SELinux enabled in Enforcing mode.

How do I check if the default policy(that comes pre-installed) was modified with any of the package installation? I might have allowed applications to modify SELinux policies. I want to make sure the default policies are not tampered.

Any help?

jpbn · May 17, 2020, 5:35am

@akvpappan
In the end you could do new install of the selinux-policy. Look into dnf help for the right way to refresh the package. https://dnf.readthedocs.io/en/latest/command_ref.html

akvpappan · May 17, 2020, 9:47am

Thank you, @jpbn. I did a reinstall of selinux-policy, selinux-policy-minimum and selinux-policy-targeted.

$ sudo dnf reinstall selinux-policy selinux-policy-minimum selinux-policy-targeted
$ rpm -qa | grep -i selinux-policy
selinux-policy-targeted-3.14.5-38.fc32.noarch
selinux-policy-3.14.5-38.fc32.noarch
selinux-policy-minimum-3.14.5-38.fc32.noarch

system · June 14, 2020, 9:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.