SELinux Booleans are switches that contains a set of rules to make a selective adjustment in behavior to an SELinux policy. SELinux Booleans provide an easy interface to change the behavior of an SELinux policy rule.
The following are examples that illustrate the usage of the getsebool and setsebool commands for managing SELinux Booleans:
- The getsebool command can be used with the -a option to display the list of all SELinux Booleans and their current values as shown in the following command line. The output of this command is passed to a grep filter to narrow down the results:
# getsebool -a
-
The output of the getsebool -a command can be filtered down using grep as shown in the following command line:
# getsebool -a | grep ftp
- The setsebool command can be used to modify (switch on or off) the value of a SELinux Boolean at runtime as shown in following command line:
# setsebool ftp_home_dir on
- Modify runtime value as well as the default values of the SELinux Boolean simultaneously by using the setsebool command with the -P option as shown in the following command line:
# setsebool -P ftp_home_dir on