SELinux booleans allow you to change the SELinux policy at runtime without the need to write additional policies. This allows you to change the policy without the need for recompilation, such as allowing services to access NFS volumes.
The setsebool command can be used to modify (switch on or off) the value of a SELinux Boolean at runtime as shown in following command line:
# setsebool ftp_home_dir on
The getsebool command can be used with the -a option to display the list of all SELinux Booleans and their current values as shown in the following command line. The output of this command is passed to a grep filter to narrow down the results:
# getsebool -a
The output of the getsebool -a command can be filtered down using grep as shown in the following command line:
# getsebool -a | grep ftp
setsebool Command Examples
1. To set a boolean value to a particular one, use the following command:
# setsebool [SELinux boolean] [on|off]
Here’s an example command:
# setsebool virt_use_nfs on
This command allows you to change the value of the boolean, but it is not persistent across reboots. To allow persistence, add the -P option to the command line, as follows:
# setsebool -P virt_use_nfs on
2. The setsebool command can be used to modify (switch on or off) the value of a SELinux Boolean at runtime as shown in following command line:
# setsebool ftp_home_dir on
3. Modify runtime value as well as the default values of the SELinux Boolean simultaneously by using the setsebool command with the -P option as shown in the following command line:
# setsebool -P ftp_home_dir on