RHEL6 – Managing SELinux Booleans

BooitemThis is my second post on SELinux. In case you missed the first one you can read it here. Today we are going to specifically discuss SELinux booleans

According to fedoraproject.org ,"SELinux booleans enable runtime customization of the SELinux policy. SELinux policy in Fedora has several booleans that allow you to quickly toggle a particular change in the policy." However i think its easier to explain them as SELinux configurations and settings that can be easily toggled on or toggled off.

The command getsebool -a is used to display available booleans, while setsebool is used to modify them. Using setsebool with the -P options makes that modification persistent across reboots.

To display a detailed list or booleans with descriptions run semanage boolean -l

Some common SELinux booleans are below.

ftp_home_dir   -> off   Allow ftp to read and write files in the user home directories

httpd_enable_cgi     -> on    Allow httpd cgi support

sftpd_anon_write      -> off   Allow anon internal-sftp to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t.

allow_ftpd_anon_write   -> off   Allow ftp servers to upload files,  used for public file transfer services. Directories must be labeled public_content_rw_t.

 

 

 

Advertisements

One thought on “RHEL6 – Managing SELinux Booleans

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.