RH199 - ch05s05

Preface A: Introduction

Section A.1: RHCSA Rapid Track

Section A.2: Orientation to the Classroom Environment

Chapter 1: Accessing Systems and Obtaining Support

Section 1.1: Accessing the Command Line

Section 1.2: Quiz: Accessing the Command Line

Section 1.3: Configuring SSH Key-based Authentication

Section 1.4: Guided Exercise: Configuring SSH Key-based Authentication

Section 1.5: Getting Help From Red Hat Customer Portal

Section 1.6: Guided Exercise: Getting Help from Red Hat Customer Portal

Section 1.7: Detecting and Resolving Issues with Red Hat Insights

Section 1.8: Quiz: Detecting and Resolving Issues with Red Hat Insights

Section 1.9: Summary

Chapter 2: Navigating File Systems

Section 2.1: Describing Linux File System Hierarchy Concepts

Section 2.2: Quiz: Describing Linux File System Hierarchy Concepts

Section 2.3: Managing Files Using Command-line Tools

Section 2.4: Guided Exercise: Managing Files Using Command-line Tools

Section 2.5: Making Links Between Files

Section 2.6: Guided Exercise: Making Links Between Files

Section 2.7: Summary

Chapter 3: Managing Local Users and Groups

Section 3.1: Describing User and Group Concepts

Section 3.2: Quiz: Describing User and Group Concepts

Section 3.3: Gaining Superuser Access

Section 3.4: Guided Exercise: Gaining Superuser Access

Section 3.5: Managing Local User Accounts

Section 3.6: Guided Exercise: Managing Local User Accounts

Section 3.7: Managing Local Group Accounts

Section 3.8: Guided Exercise: Managing Local Group Accounts

Section 3.9: Managing User Passwords

Section 3.10: Guided Exercise: Managing User Passwords

Section 3.11: Lab: Managing Local Users and Groups

Section 3.12: Summary

Chapter 4: Controlling Access to Files

Section 4.1: Managing File System Permissions from the Command Line

Section 4.2: Guided Exercise: Managing File System Permissions from the Command Line

Section 4.3: Managing Default Permissions and File Access

Section 4.4: Guided Exercise: Managing Default Permissions and File Access

Section 4.5: Lab: Controlling Access to Files

Section 4.6: Summary

Chapter 5: Managing SELinux Security

Section 5.1: Changing the SELinux Enforcement Mode

Section 5.2: Guided Exercise: Changing the SELinux Enforcement Mode

Section 5.3: Controlling SELinux File Contexts

Section 5.4: Guided Exercise: Controlling SELinux File Contexts

SectionSection 5.5: Adjusting SELinux Policy with Booleans

Section 5.6: Guided Exercise: Adjusting SELinux Policy with Booleans

Section 5.7: Investigating and Resolving SELinux Issues

Section 5.8: Guided Exercise: Investigating and Resolving SELinux Issues

Section 5.9: Lab: Managing SELinux Security

Section 5.10: Summary

Chapter 6: Tuning System Performance

Section 6.1: Killing Processes

Section 6.2: Guided Exercise: Killing Processes

Section 6.3: Monitoring Process Activity

Section 6.4: Guided Exercise: Monitoring Process Activity

Section 6.5: Adjusting Tuning Profiles

Section 6.6: Guided Exercise: Adjusting Tuning Profiles

Section 6.7: Influencing Process Scheduling

Section 6.8: Guided Exercise: Influencing Process Scheduling

Section 6.9: Lab: Tuning System Performance

Section 6.10: Summary

Chapter 7: Installing and Updating Software Packages

Section 7.1: Registering Systems for Red Hat Support

Section 7.2: Quiz: Registering Systems for Red Hat Support

Section 7.3: Installing and Updating Software Packages with Yum

Section 7.4: Guided Exercise: Installing and Updating Software Packages with Yum

Section 7.5: Enabling Yum Software Repositories

Section 7.6: Guided Exercise: Enabling Yum Software Repositories

Section 7.7: Managing Package Module Streams

Section 7.8: Guided Exercise: Managing Package Module Streams

Section 7.9: Lab: Installing and Updating Software Packages

Section 7.10: Summary

Chapter 8: Managing Basic Storage

Section 8.1: Mounting and Unmounting File Systems

Section 8.2: Guided Exercise: Mounting and Unmounting File Systems

Section 8.3: Adding Partitions, File Systems, and Persistent Mounts

Section 8.4: Guided Exercise: Adding Partitions, File Systems, and Persistent Mounts

Section 8.5: Managing Swap Space

Section 8.6: Guided Exercise: Managing Swap Space

Section 8.7: Lab: Managing Basic Storage

Section 8.8: Summary

Chapter 9: Controlling Services and the Boot Process

Section 9.1: Identifying Automatically Started System Processes

Section 9.2: Guided Exercise: Identifying Automatically Started System Processes

Section 9.3: Controlling System Services

Section 9.4: Guided Exercise: Controlling System Services

Section 9.5: Selecting the Boot Target

Section 9.6: Guided Exercise: Selecting the Boot Target

Section 9.7: Resetting the Root Password

Section 9.8: Guided Exercise: Resetting the Root Password

Section 9.9: Repairing File System Issues at Boot

Section 9.10: Guided Exercise: Repairing File System Issues at Boot

Section 9.11: Lab: Controlling Services and Daemons

Section 9.12: Summary

Chapter 10: Managing Networking

Section 10.1: Validating Network Configuration

Section 10.2: Guided Exercise: Validating Network Configuration

Section 10.3: Configuring Networking from the Command Line

Section 10.4: Guided Exercise: Configuring Networking from the Command Line

Section 10.5: Editing Network Configuration Files

Section 10.6: Guided Exercise: Editing Network Configuration Files

Section 10.7: Configuring Host Names and Name Resolution

Section 10.8: Guided Exercise: Configuring Host Names and Name Resolution

Section 10.9: Lab: Managing Networking

Section 10.10: Summary

Chapter 11: Analyzing and Storing Logs

Section 11.1: Describing System Log Architecture

Section 11.2: Quiz: Describing System Log Architecture

Section 11.3: Reviewing Syslog Files

Section 11.4: Guided Exercise: Reviewing Syslog Files

Section 11.5: Reviewing System Journal Entries

Section 11.6: Guided Exercise: Reviewing System Journal Entries

Section 11.7: Preserving the System Journal

Section 11.8: Guided Exercise: Preserving the System Journal

Section 11.9: Maintaining Accurate Time

Section 11.10: Guided Exercise: Maintaining Accurate Time

Section 11.11: Lab: Analyzing and Storing Logs

Section 11.12: Summary

Chapter 12: Implementing Advanced Storage Features

Section 12.1: Creating Logical Volumes

Section 12.2: Guided Exercise: Creating Logical Volumes

Section 12.3: Extending Logical Volumes

Section 12.4: Guided Exercise: Extending Logical Volumes

Section 12.5: Managing Layered Storage with Stratis

Section 12.6: Guided Exercise: Managing Layered Storage with Stratis

Section 12.7: Compressing and Deduplicating Storage with VDO

Section 12.8: Guided Exercise: Compressing and Deduplicating Storage with VDO

Section 12.9: Lab: Implementing Advanced Storage Features

Section 12.10: Summary

Chapter 13: Scheduling Future Tasks

Section 13.1: Scheduling Recurring System Jobs

Section 13.2: Guided Exercise: Scheduling Recurring System Jobs

Section 13.3: Managing Temporary Files

Section 13.4: Guided Exercise: Managing Temporary Files

Section 13.5: Quiz: Scheduling Future Tasks

Section 13.6: Summary

Chapter 14: Accessing Network-Attached Storage

Section 14.1: Mounting Network-Attached Storage with NFS

Section 14.2: Guided Exercise: Managing Network-Attached Storage with NFS

Section 14.3: Automounting Network-Attached Storage

Section 14.4: Guided Exercise: Automounting Network-Attached Storage

Section 14.5: Lab: Accessing Network-Attached Storage

Section 14.6: Summary

Chapter 15: Managing Network Security

Section 15.1: Managing Server Firewalls

Section 15.2: Guided Exercise: Managing Server Firewalls

Section 15.3: Lab: Managing Network Security

Section 15.4: Summary

Chapter 16: Running Containers

Section 16.1: Introducing Containers

Section 16.2: Quiz: Introducing Containers

Section 16.3: Running a Basic Container

Section 16.4: Guided Exercise: Running a Basic Container

Section 16.5: Finding and Managing Container Images

Section 16.6: Guided Exercise: Finding and Managing Container Images

Section 16.7: Performing Advanced Container Management

Section 16.8: Guided Exercise: Performing Advanced Container Management

Section 16.9: Attaching Persistent Storage to a Container

Section 16.10: Guided Exercise: Attaching Persistent Storage to a Container

Section 16.11: Managing Containers as Services

Section 16.12: Guided Exercise: Managing Containers as Services

Section 16.13: Lab: Running Containers

Section 16.14: Summary

Chapter 17: Comprehensive Review

Section 17.1: Comprehensive Review

Section 17.2: Lab: Fixing Boot Issues and Maintaining Servers

Section 17.3: Lab: Configuring and Managing File Systems and Storage

Section 17.4: Lab: Configuring and Managing Server Security

Section 17.5: Lab: Running Containers

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Adjusting SELinux Policy with Booleans

Objectives

After completing this section, you should be able to:

Activate and deactivate SELinux policy rules using setsebool.
Manage the persistent value of SELinux booleans using the semanage boolean -l command.
Consult man pages that end with _selinux to find useful information about SELinux booleans.

SELinux booleans

SELinux booleans are switches that change the behavior of the SELinux policy. SELinux booleans are rules that can be enabled or disabled. They can be used by security administrators to tune the policy to make selective adjustments.

The SELinux man pages, provided with the selinux-policy-doc package, describe the purpose of the available booleans. The man -k '_selinux' command lists these man pages.

Commands useful for managing SELinux booleans include getsebool, which lists booleans and their state, and setsebool which modifies booleans. setsebool -P modifies the SELinux policy to make the modification persistent. And semanage boolean -l reports on whether or not a boolean is persistent, along with a short description of the boolean.

Non-privileged users can run the getsebool command, but you must be a superuser to run semanage boolean -l and setsebool -P.

[user@host ~]$ getsebool -a
abrt_anon_write --> off
abrt_handle_event --> off
abrt_upload_watch_anon_write --> on
antivirus_can_scan_system --> off
antivirus_use_jit --> off
...output omitted...
[user@host ~]$ getsebool httpd_enable_homedirs
httpd_enable_homedirs --> off

[user@host ~]$ setsebool httpd_enable_homedirs on
Could not change active booleans. Please try as root: Permission denied
[user@host ~]$ sudo setsebool httpd_enable_homedirs on
[user@host ~]$ sudo semanage boolean -l | grep httpd_enable_homedirs
httpd_enable_homedirs          (on   ,  off)  Allow httpd to enable homedirs
[user@host ~]$ getsebool httpd_enable_homedirs
httpd_enable_homedirs --> on

The -P option writes all pending values to the policy, making them persistent across reboots. In the example that follows, note the values in parentheses: both are now set to on.

[user@host ~]$ setsebool -P httpd_enable_homedirs on
[user@host ~]$ sudo semanage boolean -l | grep httpd_enable_homedirs
httpd_enable_homedirs          (on   ,   on)  Allow httpd to enable homedirs

To list booleans in which the current state differs from the default state, run semanage boolean -l -C.

[user@host ~]$ sudo semanage boolean -l -C
SELinux boolean                State  Default Description

cron_can_relabel               (off   ,   on)  Allow cron to can relabel

References

booleans(8), getsebool(8), setsebool(8), semanage(8), semanage-boolean(8) man pages

Revision: rh199-8.2-3beeb12