SElinux booleans are on/off switches that can be easily disabled or enabled if required. I’ll try to show you in this article how you can interact with SElinux booleans on a Linux machine. Note that for this demonstration I will be using a CentOS 6 Virtual Machine.
To view a detailed list of available selinux booleans you would type getsebool -a command, which will display something like:
Let’s say you have an Apache web server and you want to check out what SElinux modules are available within the OS. Since there are a lot of available booleans, we can refine this search by typing getsebool -a | grep httpd to list only the available Apache booleans. Each boolean has a distinctive role within the OS and will enable a particular access for the Apache web server. I’m not going to discuss about them now but, you can read further here.
To enable a SElinux boolean simply execute the setsebool boolean_name on/off command, just like in the following example:
setsebool httpd_enable_homedirs on
Using the same command but with the off switch will disable the boolean:
setsebool httpd_enable_homedirs off
Note that these changes are not persistent unless you use the -P parameter and will disappear once you reboot the machine. So this is how you would make a persistent change:
SElinux will normally point you to the right command if there are some issues logged in the audit file. Literally, it will actually show you the exact command that you have to execute to fix your issues. So if you have any booleans that needs enabled, just check out the audit or the messages files to get an idea on what needs to be configured.