One of the methods of manipulating SELinux policies is by toggling SELinux booleans. Ever since Chapter 2, Understanding SELinux Decisions and Logging, in which we used the secure_mode_policyload
boolean, these tunable settings have been popping up over the course of this book. With their simple on/off state, they enable or disable parts of the SELinux policy. Policy administrators use SELinux booleans to manage parts of the policy that are not always needed (or wanted) but still have a common use case.
An overview of SELinux booleans can be obtained using the semanage
command with the boolean
option. On a regular system, we can easily find over a hundred SELinux booleans, so it is necessary to filter out the description of the boolean we need:
# semanage boolean -l | grep policyload
secure_mode_policyload (off, off)
Boolean to determine whether the system permits loading policy, setting enforcing mode, and changing boolean values. Set this...