In-depth analysis of setsebool command

Introduction

The setsebool command is used to modify the Boolean values ​​of various rules in the SElinux policy. The setsebool command and getsebool command are a set of tools for SELinux to modify and query Boolean values. SELinux policy and rule management related commands: seinfo command, sesearch command, getsebool command, setsebool command, semanage command. Let us explain in detail how to use the setsebool command.

grammar

setsebool [-P] 布尔值=[0|1]

Options

-P:直接将设置值写入配置文件，该设置数据将来会生效的。

Example Allow vsvtp anonymous user write permission:

setsebool -P allow_ftpd_anon_write=1

If you want your ftp user to be able to access your home directory, you need to enable:

setsebool -P ftp_home_dir 1

If you want to run vsftpd as a daemon, you need to enable:

setsebool -P ftpd_is_daemon 1

HTTP is set to allow cgi settings:

setsebool -P httpd_enable_cgi 1

Allow users to HHTP access their home directories. This setting is limited to the user's home directory homepage:

setsebool -P httpd_enable_homedirs 1 
chcon -R -t httpd_sys_content_t ~user/public_html

Allow httpd to access the terminal:

setsebool -P httpd_tty_comm 1

Turn off Selinux’s protection of the httpd process daemon:

setsebool -P httpd_disable_trans 1 
service httpd restart

About updating selinux settings of named and master:

setsebool -P named_write_master_zones 1

Close named process daemon protection:

setsebool -P named_disable_trans 1 
service named restart

Selinux sets the local NFS share to read-only:

setsebool -P nfs_export_all_ro 1

SElinux sets the local NFS share to be readable and writable:

setsebool -P nfs_export_all_rw 1

If you want to share the remote NFS home directory to the local machine, you need to enable:

setsebool -P use_nfs_home_dirs 1

If the samba server shares directories to multiple domains, you need:

setsebool -P allow_smbd_anon_write=1

When the samba server wants to share the home directory:

setsebool -P samba_enable_home_dirs 1

If you need to use the home directory of the remote samba server on this machine:

setsebool -P use_samba_home_dirs 1

Turn off selinux’s protection of the samba process daemon:

setsebool -P smbd_disable_trans 1 
service smb restart

Allow rsync when other users write:

setsebool -P allow_rsync_anon_write=1

Allow the system to use kerberos:

setsebool -P rsync_disable_trans 1

When the system is working in nis environment:

setsebool -P allow_ypbind 1

The above is the detailed content of In-depth analysis of setsebool command. For more information, please follow other related articles on the PHP Chinese website!