sudo semodule -l | grep my-RenderThread returns:
my-RenderThread
However, sudo semodule -r my-RenderThread returns:
libsemanage.semanage_direct_remove_key: Unable to remove module my-RenderThread at priority 400. (No such file or directory). semodule: Failed!
How? Why?
Try
sudo semodule -lfull | grep my-RenderThread
It could be it wasn’t installed at priority 400 in which case you might need the -X option for semodule -r. Run man semodule` for the options.
@vekruse, yeah, it was installed at P300 (sealert’s default):
300 my-RenderThread pp
I’ve tried sudo semodule -r my-RenderThread -X 300, but see:
libsemanage.semanage_direct_remove_key: Unable to remove modulemy-RenderThreadat priority 400. (No such file or directory).
From the man page on F42:
-X,--priority=PRIORITY
set priority for following operations (1-999)
So you may need to try sudo semodule -X 300 -r my-RenderThread instead
@tswsl1989, thank you! That works:
libsemanage.semanage_direct_remove_key: Removing lastmy-RenderThreadmodule (no othermy-RenderThreadmodule exists at another priority).
However, isn’t that merely a reorganisation of what I previously attempted?
It is, but the word on the man page that stood out to me is “following”.
It looks like you can chain multiple actions with different priorities between them in a single call to semodule.
Does anyone know whether I need to retain the generated files in $HOME?
#!/usr/bin/env sh
tree $HOME -L 1 | grep -E '\.pp|\.te'
├── emulator_execheap.pp ├── emulator_execheap.te ├── my-RenderThread.pp ├── my-RenderThread.te ├── my-rpcvirtqemud.pp └── my-rpcvirtqemud.te
I’d like to rm them.