Configuring SELinux booleans
SELinux booleans allow you to change the SELinux policy at runtime without the need to write additional policies. This allows you to change the policy without the need for recompilation, such as allowing services to access NFS volumes.
How to do it…
This is the way to temporarily or permanently change SELinux booleans.
Listing SELinux booleans
For a list of all booleans and an explanation of what they do, execute the following:
~# semanage boolean -l
Now, let's try to get the value of a particular SELinux boolean. It is possible to get the value of a single SELinux boolean without the use of additional utilities, such as grep and/or awk. Simply execute the following:
~# getsebool <SELinux boolean>
This shows you whether or not the boolean is set. Here's an example:
~# getsebool virt_use_nfs virt_use_nfs --> off ~#
Changing SELinux booleans
To set a boolean value to a particular one, use the following command:
~# setsebool <SELinux boolean> <on|off...
