CODEWITHSUNDEEP
linuxselinux
Leeeeeeelo
Leeeeeeelo

Reputation: 4383

SEBool Persistent Values

I am learning how to use setsebool and getsebool

I am aware that I can set a bool on and off via the command setsebool, for example:

setsebool httpd_can_network_connect_db on

I can also check the current value using :

getsebool httpd_can_network_connect_db

I can also make the change persistent using :

setsebool -P httpd_can_network_connect_db on

What I coulnd't find online is: How can I check the current persistent value (not currently applied) that will actually be loaded once the server reboots ?

Upvotes: 6

Views: 4718

Answers (1)

f9c69e9781fa194211448473495534
f9c69e9781fa194211448473495534

Reputation: 4620

Use semanage to inspect the boolean:

# semanage boolean -l
SELinux boolean               State   Default  Description
...
httpd_can_network_connect_db  (off  , off)     Allow httpd to can network connect db

The State column gives you the current live state. The Default column gives you the value loaded at boot time from the policy:

# setsebool httpd_can_network_connect_db on
# getsebool httpd_can_network_connect_db
httpd_can_network_connect_db on --> on
# semanage boolean -l | grep httpd_can_network_connect_db
httpd_can_network_connect_db  (on   ,  off) Allow httpd to can network connect db

When using setsebool with the -P to make the boolean change persistent, this updates the policy:

# setsebool -P httpd_can_network_connect_db on
# semanage boolean -l | grep httpd_can_network_connect_db
httpd_can_network_connect_db  (on   ,   on) Allow httpd to can network connect db

From the source code of setsebool, you can see that persistence is implemented by using the API of semanage: Reference.

Upvotes: 6

Related Questions