How to modify permissions(booleans) of SELinux for deamons(programs)

SELinux offers more enhanced security for linux. It is always recommended not to disable SELinux for servers which are more delicate, instead you can control the permissions for the deamons, programms or users using SELinux.

SELinux maintains the status of permissions for all deamons with attributes called booleans.

Get SELinux booleans

The above command will give you lot of variables with status either on or off. If you want to fetch for particular process or context use grep 

To get all booleans regarding httpd(apache web server)

 

Set SELinux Booleans

To set selinux booleans we use the command setsebool

Here is how you can change

For suppose if you want to allow httpd to allow sending mail

If you want to enable ftp server on httpd,

To enable apache to connect with external database

Like wise you can change the required booleans status. To query the modified status ues getsebool with grep.

 

Leave a Reply

Your email address will not be published. Required fields are marked *