semanage-boolean - Man Page

SELinux Policy Management boolean tool

Examples (TL;DR)

Synopsis

semanage boolean [-h] [-n] [-N] [-S STORE] [ --extract | --deleteall | --list [-C] | --modify ( --on | --off ) boolean ]

Description

semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage boolean command controls the settings of booleans in SELinux policy. Booleans are if-then-else rules written in SELinux Policy. They can be used to customize the way that SELinux Policy rules effect a confined domain.

Options

-h,  --help

Show this help message and exit

-n,  --noheading

Do not print heading when listing the specified object type

-N,  --noreload

Do not reload policy after commit

-S STORE, --store STORE

Select an alternate SELinux Policy Store to manage

-C,  --locallist

List local customizations

-m,  --modify

Modify a record of the specified object type

-l,  --list

List records of the specified object type

-E,  --extract

Extract customizable commands, for use within a transaction

-D,  --deleteall

Remove all local customizations

-1,  --on

Enable the boolean

-0,  --off

Disable the boolean

Example

Turn on the "apache can send mail" boolean (persistent version of #setsebool httpd_can_sendmail on)
# semanage boolean -m --on httpd_can_sendmail

List customized booleans
# semanage boolean -l -C

See Also

selinux(8), semanage(8), setsebool(8), getsebool(8)

Author

This man page was written by Daniel Walsh <dwalsh@redhat.com>

Referenced By

semanage(8).

20130617