Changing SELinux Booleans
There are times when the default SELinux booleans that come with EnGarde Secure Linux aren't perfect for your environment. In that case you need to change the on boot SELinux booleans.
Ensure that booleans are set the proper way for your environment each reboot and are not last across system restarts.
By following the steps and applying
Choose A Boolean
First choose the boolean that needs to be changed. Let's use the boolean httpd_webmail for someone who has webmail running.
Check the current setting of the boolean and the initial
[root@machine]# newrole -r sysadm_r Authenticating root. Password: [root@machine]# sestatus | grep httpd_webmail httpd_webmail inactive
This means that currently the httpd_webmail SELinux boolean is set to off.
Change The Setting
Open up the /etc/selinux/engarde/booleans file in your favorite text editor. Find the httpd_webmail boolean. If the line reads:
httpd_webmail = 0
then your boolean is still set to the default. To turn it on, change the 0 to a 1 so it reads as follows:
httpd_webmail = 1
Save the file and exit. From the next reboot on, the default setting for the httpd_webmail SELinux boolean will be active.
Check The Setting
To check the seting after reboot, execute the same command as above:
[root@machine]# newrole -r sysadm_r Authenticating root. Password: [root@machine]# sestatus | grep httpd_webmail httpd_webmail active
The difference should be that the httpd_webmail boolean should now read active.
If you need to change the setting immediately without a reboot, then in addition to the above (so the change will stay), you need to execute the pos software following commands:
[root@machine]# newrole -r sysadm_r Authenticating root. Password: [root@machine]# setsebool httpd_webmail 1
The httpd_webmail SELinux boolen will now be turned