setsebool

Modify the Boolean values of various rules in the SElinux policy

Supplementary instructions

setsebool command is used to modify the Boolean values of various rules in the SElinux policy. The setsebool command and getsebool command are a set of tools for SELinux to modify and query Boolean values. SELinux policy and rule management related commands: seinfo command, sesearch command, getsebool command, setsebool command, semanage command.

grammar

setsebool [-P] boolean=[0|1]

Options

-P: Directly write the setting value to the configuration file, and the setting data will take effect in the future.

Example

Allow vsftp anonymous user write access:

setsebool -P allow_ftpd_anon_write=1

If you want your ftp user to be able to access your home directory, you need to enable:

setsebool -P ftp_home_dir 1

If you want to run vsftpd as a daemon, you need to enable:

setsebool -P ftpd_is_daemon 1

You can tell SElinux to stop protecting the vsftpd daemon:

setsebool -P ftpd_disable_trans 1

HTTP is set to allow cgi settings:

setsebool -P httpd_enable_cgi 1

Allow users HHTP access to their home directory. This setting is limited to the user's home directory homepage:

setsebool -P httpd_enable_homedirs 1
chcon -R -t httpd_sys_content_t ~user/public_html

Allow httpd to access the terminal:

setsebool -P httpd_tty_comm 1

Turn off Selinux’s protection of the httpd process daemon:

setsebool -P httpd_disable_trans 1
service httpd restart

About updating selinux settings of named and master:

setsebool -P named_write_master_zones 1

Turn off named's process daemon protection:

setsebool -P named_disable_trans 1
service named restart

Selinux sets the local NFS share to read-only:

setsebool -P nfs_export_all_ro 1

SElinux sets the local NFS share to be readable and writable:

setsebool -P nfs_export_all_rw 1

If you want to share the remote NFS home directory to the local machine, you need to enable:

setsebool -P use_nfs_home_dirs 1

If the Samba server shares directories to multiple domains, you need:

setsebool -P allow_smbd_anon_write=1

When the samba server wants to share the home directory:

setsebool -P samba_enable_home_dirs 1

If you need to use the home directory of the remote samba server on your local machine:

setsebool -P use_samba_home_dirs 1

Turn off selinux's protection of the samba process daemon:

setsebool -P smbd_disable_trans 1
service smb restart

When allowing rsync other users to write:

setsebool -P allow_rsync_anon_write=1

Stop process protection of rsync

setsebool -P rsync_disable_trans 1

Allow the system to use kerberos:

setsebool -P allow_kerberos 1

When the system is working in nis environment:

setsebool -P allow_ypbind 1