26.2.4.4 Customizing SELinux Policies

You can customize an SELinux policy by enabling or disabling the members of a set of boolean values. Any changes that you make take effect immediately and do not require a reboot.

You can set the boolean values in the Boolean view of the SELinux Administration GUI.

Alternatively, to display all boolean values together with a short description, use the following command: 

# semanage boolean -l
SELinux boolean                State  Default Description

ftp_home_dir                   (off  ,  off)  
Determine whether ftpd can read and write files in user home directories.
smartmon_3ware                 (off  ,  off)  
Determine whether smartmon can support devices on 3ware controllers.
mpd_enable_homedirs            (off  ,  off)  
Determine whether mpd can traverse user home directories.
...

You can use the getsebool and setsebool commands to display and set the value of a specific boolean. 

# getsebool boolean
# setsebool boolean on|off

For example, to display and set the value of the ftp_home_dir boolean: 

# getsebool ftp_home_dir
ftp_home_dir --> off
# setsebool ftp_home_dir on
# getsebool ftp_home_dir
ftp_home_dir --> on

To toggle the value of a boolean, use the togglesebool command as shown in this example: 

# togglesebool ftp_home_dir
ftp_home_dir: inactive

To make the value of a boolean persist across reboots, specify the -P option to setsebool, for example: 

# setsebool -P ftp_home_dir on
# getsebool ftp_home_dir
ftp_home_dir --> on

Copyright © 2014, 2019, Oracle and/or its affiliates. All rights reserved. Legal Notices