Skip to main content

about getsebool and setsebool


The setsebool is used to set SELinux boolean value i.e. various configurations can be enabled or disabled using this tool. In other words, the setsebool command switches on and off the protection of SELinux. Type getsebool -a to see all such options which can be enabled or disabled at run time:
e.g.
# getsebool -a

The following should give you a complete listing of all the vsftpd switches:
e.g. 
# getsebool -a | grep ftp 

For example, if httpd_disable_trans set to 1, it will disable SELinux protection for  Apache web server. To disable it, enter:

 # setsebool -P httpd_can_network_connect=1

To enable it, enter: 
 # setsebool -P httpd_can_network_connect=0

Labels:

Comments

  1. Amey AmbajiOctober 9, 2013 at 6:58 PM

    what -P in setsebool command stands for

    ReplyDelete
  2. AnonymousOctober 10, 2013 at 2:34 PM

    i think -P flag in setsebool stands for 'persistant'. correct me if i am wrong,,,

    ReplyDelete
    Replies
    1. AnonymousDecember 25, 2013 at 12:11 AM

      you are right P stands for persistant means changes will reflect even after system restart.

      Delete

Post a Comment

Popular posts from this blog

about gigabyte NIC onboard not detected on enterprise linux distribution

on several gigabyte motherboard, onboard network interface card  will not be detected on enterprise linux distribution (e.g. scientific linux, oracle linux server, etc). alternatively you must supply add-on card. or if you insist to use the onboard card, you must install the unofficial nic driver. this is tutorial how to install driver for onboard network interface card GIGABYTE first of all prepare your system. make sure it has package group "Development Tools" installed. if it has not, install it # yum groupinstall “Development Tools” download the source code : https://www.dropbox.com/s/na91bu4az4p9827/AR81Family-linux-v1.0.1.14.tar.gz extract the source code : # tar zxvf AR81Family-linux1.0.1.14.tar.gz the extraction process will make the new directory "AR81Family*", change to the directory # cd AR81Family* compile the source by type on terminal : # make then, # make install wait until the compiling process finish. next make the new scrip...
2 comments
Read more

All certification

Post a Comment
Read more