The attributes of TE policies can be easily changed using the “trustchk -p” command by specifying attribute names followed by an equal sign and the desired value. Multiple attributes can be changed simultaneously in a single command.

# trustchk -p chkkernext=on chkscript=on
# 

Attention: Depending on the current configuration, changes may no longer be possible. See the following example:

# trustchk -p chkexec=off
Policy change not allowed since LOCK_KERN_POLICIES is ON
# 

Changes are only possible after changing LOCK_KERN_POLICIES back to OFF and rebooting:

# trustchk -p lock_kern_policies=off
# shutdown -r now

SHUTDOWN
...