1

On RHEL and CentOS servers, when the selinux-policy-* RPM packages receive an update, is it always necessary to manually reload any custom modules I have built? When I see an update to selinux-policy-*, I have always reloaded any modules manually.

semodule -i /root/selinux/*.pp

If they must always be reloaded manually, is there a preferred method to make this happen?

Michael
  • 1,155
  • 1
  • 10
  • 16

1 Answers1

3

Answer is very simple: no. Modules are replaced by name and the version number. Unless you name your module same as a module provided by the official SELinux policy (which would be really silly indeed), you should be safe. No need to reload.

mcepl
  • 146
  • 2