Listing conditional policy support
The first configurable aspect of the SELinux web server domain policy is its wide use of SELinux Booleans. Through these Booleans, additional policy rules can be selectively enabled or disabled. In this recipe, we'll look at the Booleans and see how these can be toggled.
How to do it…
In order to list the conditional policy support, execute the following steps:
- Request the list of all SELinux Booleans and selectively show those starting with
httpd_:~# getsebool –a | grep httpd_ - To get a short description together with the Booleans, we can use
semanage:~# semanage boolean –l | grep httpd_ - If the description of a Boolean isn't sufficient, we can ask the SELinux utilities to display the SELinux rules that will be enabled (or disabled) if the Boolean is set:
~# sesearch –b httpd_enable_ftp_server –AC Found 3 semantic av rules: DT allow httpd_t httpd_t : capability net_bind_service ; [ httpd_enable_ftp_server ] DT allow...
