SELinux Game Learn SELinux By Doing

Booleans

SELinux uses booleans to makes its policy more flexible. Typically a basic policy is pretty strict, but it can be made more permissive with booleans. For example, the SELinux policy that ships with ftpd prevents reading from nfs. That behavior can be changed with the allow_ftpd_use_nfs boolean.

List all of the booleans on your system with getsebool as follows:

getsebool -a

Set a boolean value with setsebool:

setsebool -P allow_ftpd_use_nfs=1

If the -P flag is used, the boolean change will be permanent.

Tools

getsebool shows SELinux boolean values.

setsebool sets the current state of a particular SELinux boolean or a list of booleans to a given value.

Try it!

Explore these commands using the tutorial vagrant box. Start the environment using 
vagrant up tutorial
vagrant ssh tutorial
If you don't have the command, visit the getting started guide

More Tutorials

After this one, the following tutorials are recommended:

Portions of this page's content are copied from this page for non-commercial, education purposes.