8

I tried but it gave an error.

# ls -l opendkim.pp
-rw-r--r--. 1 root root 1569 Jan  8 01:20 opendkim.pp

# ls -l /etc/selinux/targeted/modules/active/modules/opendkim.pp
-rw-r--r--. 1 root root 344 Jan  8 01:33 /etc/selinux/targeted/modules/active/modules/opendkim.pp

# semodule -r opendkim.pp
SELinux:  Could not load policy file /etc/selinux/targeted/policy/policy.24:  Invalid argument
/sbin/load_policy:  Can't load policy:  Invalid argument
libsemanage.semanage_reload_policy: load_policy returned error code 2.
SELinux:  Could not load policy file /etc/selinux/targeted/policy/policy.24:  Invalid argument
/sbin/load_policy:  Can't load policy:  Invalid argument
libsemanage.semanage_reload_policy: load_policy returned error code 2.
semodule:  Failed!

# ls -lZ /etc/selinux/targeted/policy/policy.24
-rw-r--r--. root root unconfined_u:object_r:semanage_store_t:s0 /etc/selinux/targeted/policy/policy.24

And why does it take 5m+ to fail?

CentOS release 6.8 (Final)

Chloe
  • 1,164
  • 4
  • 19
  • 35

1 Answers1

15

semodule -r expects the module name, rather than a filename.

So it would be something like:

semodule -r opendkim

Or whatever name you gave the module when defining it.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • 3
    I found I needed to specify the priority with `semodule -X -r ` and also `-X` parameter needed to precede `-r` parameter for this to work. To obtain the priority of installed modules, try `semodule --list=full` – Richard Green Feb 21 '22 at 23:18
  • Definite upvote for this answer. I read instructions elsewhere to include the **.pp** extension; so that `semodule -X 300 -r my-policy.pp` would return _libsemanage.semanage_direct_remove_key: Unable to remove module my-policy.pp at priority 300. (No such file or directory)._ – Jimbo Jul 08 '23 at 17:00