Monday, 13 June 2011

Use boolean settings to modify system SELinux settings

In order to list the SELinux settings you can use this command:
getsebool -a
Since SELinux settings don't really have catchy names, your best bet is using grep in conjunction with the -a switch, e.g to find all SELinux settings related to ssh: 
getsebool -a | grep ssh
You can now use the setsebool command to change the settings like this:
setsebool -P selinuxsetting boolean
where boolean is 1 to switch on and 0 to switch off.

Alternatively, you could you use tooglesebool, which flips the value.
e.g.
[root@centos1 examples]# getsebool -a | grep virt_use_nfs
virt_use_nfs --> off
[root@centos1 examples]# togglesebool virt_use_nfs
virt_use_nfs: active
[root@centos1 examples]# getsebool -a | grep virt_use_nfs
virt_use_nfs --> on

Posted by at 17:15
Labels: , ,

2 comments:

  1. Anonymous19 April 2012 at 07:38

    You forgot to include togglesebool.

    ReplyDelete
    Replies
    1. manyrootsofallevil19 April 2012 at 08:30

      I must admit that I wasn't aware of this command, thanks for pointing it out.

      Delete

Subscribe to: Post Comments (Atom)