Skip to content
Related Articles

Related Articles

Improve Article
Save Article
Like Article

How to Enable or Disable SELinux Boolean Values?

  • Last Updated : 12 Mar, 2021

As SELinux has tones of policies to handle and maintain the security level of the system. SELinux has given an easy way to dynamically update the policy. You need special arguments to make these policies persistent over a reboot, this capability is provided by the SELinux management utility.

To see Boolean, you have getsebool terminal command, which shows the policies and their status.

# man getsebool
How to Enable or Disable SELinux Boolean Values

man getsebool

 To see all sebools with status:

# getsebool -a
How to Enable or Disable SELinux Boolean Values

getsebool values

Change an SELinux Boolean Value:

To change the SELinux Boolean values we have command setsebool.

# man setsebool
How to Enable or Disable SELinux Boolean Values

setsebool

It has three options -P, -N and -V. 



  • -P is for persistently change the Boolean values across reboots.
  • -N is for the policy on disk is not reloaded into the kernel.
  • -V is for the verbose messages on terminal.

Let us change the bool value for policy “httpd_can_check_spam” to true or 1 or on. Also, check if it is changed.

# setsebool httpd_can_check_spam on
# getsebool -a | grep httpd_can_check_spam
How to Enable or Disable SELinux Boolean Values

setsebool on

To permanently or persistently update the Boolean value use -P option.

# setsebool -P httpd_can_check_spam on

See the Information of a particular SELinux Boolean Policy:

Understanding these policies by the name would be a tedious job. We have a command to get some more information about the particular policy to make more sense and increase understanding of the topic.

We have semanage command for all these kinds of jobs.

# man semanage
How to Enable or Disable SELinux Boolean Values

man semanage

 Semanage has many options, we are going to use “boolean”,  boolean – manages Boolean to selectively enable functionality.

# semanage boolean -l | grep httpd_can_check_spam
How to Enable or Disable SELinux Boolean Values

boolean info

The output shows that “httpd_can_check_spam” can take two states ON or OFF, and it is used to give httpd server capabilities to check spam on the server. SELinux boolean is made easy to use and understand the security environment.

My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!