SELINUX: Use boolean settings to modify system SELinux settings.
SELinux uses booleans to makes its policy more flexible. The basic policy is pretty strict but suits most requirements. But if you’ve got special needs, you can easily adjust it thanks to the SELinux booleans.
For a list of Booleans, an explanation of what each one is, and whether they are on or off, run the “semanage boolean –l” command as the Linux root user.
Here we can see all boolean values.
To see a particular boolean value we can use grep command.
In this example we try to access FTP account of any user when SELinux enabled.
Here I want to modify any file from “feenix” user home directory using FTP connection but we can’t.
User can’t modify his own file from home directory using FTP because the SELinux context not allow. We can see Boolean value of FTP “ftp_home_dir” which is set “off”.
Now I set “ftp_home_dir” Boolean value off to on.
After that user can modify his own file.
Note1:- You can use on or 1, off or 0 with the setsebool command.
Note2:- The -P option means Permanent. If you don’t use it, the boolean will restore its previous permanent or default configuration after the next reboot.