From the course: Red Hat Certified System Administrator (EX200) Cert Prep: 2 File Access, Storage, and Security

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Use Booleans to modify SELinux behavior

Use Booleans to modify SELinux behavior

From the course: Red Hat Certified System Administrator (EX200) Cert Prep: 2 File Access, Storage, and Security

Start my 1-month free trial

Use Booleans to modify SELinux behavior

- [Instructor] In many cases, administrators don't have to rewrite SELinux security policies to permit certain actions. SELinux has booleans, which are on-off switches to activate or deactivate certain functions. For instance, by default Mozilla plugins can't use GPS. If they wanted this functionality turned on, it's as simple as flipping a switch. To get a list of SELinux booleans use the getsebool command. Type in getsebool -a and hit Enter. There's about 300 booleans, so be sure to scroll up. We can get the value of just one boolean by specifying it. Type in clear and then type in getsebool mozilla_plugin_use_gps and hit Enter. And you can see that this boolean is set to off. You can also get the boolean list with sestatus -b. Type in sestatus -b and hit Enter. A third tool to get the list of booleans is semanage. Although we need to elevate privileges for this. Type in clear and type in studo semanage boolean -l and hit Enter. The advantage of this command is that it also gives…

Contents