Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual page 83

Chapter 5. Controlling and Maintaining SELinux
runcon -t httpd_t ~/bin/contexttest -ARG1 -ARG2
# You can also specify the entire context
runcon user_u:system_r:httpd_t ~/bin/contexttest
5.2.15. Useful Commands for Scripts
You many need access to SELinux information and capabilities for scripts you write in administrating
your system. This is a list of useful commands introduced with SELinux:
getenforce
This command returns the enforcing status of SELinux.
setenforce [ Enforcing | Permissive | 1 | 0 ]
This command controls the enforcing mode of SELinux. The option
SELinux to begin enforcing. The option
although it continues logging access violations.
selinuxenabled
This command exits with a status of
selinuxenabled
echo $?
0
getsebool [-a] [boolean_name]
This command shows the status of all (
setsebool [-P] boolean_name value | bool1=val1 bool2=val2 ...
This command sets one or more Boolean values. The option
changes to the configuration file at
togglesebool boolean ...
This command toggles the setting of one or more Booleans. Whatever the setting was, it is now
switched to the opposite. This effects Boolean settings in memory only, and does not change the
Boolean setting in
5.2.16. Assume a New Role
This program lets you run a new shell with the specified type and/or role. Switching roles does not have
the same meaning in the targeted policy as it does in a strict policy, so that function is largely ignored.
It may be useful to you to assume a new type for testing, validation, and development purposes:
newrole -r role_r -t type_t [-- [ARGS]...]
The following the
ARGS
entry in
/etc/passwd
if SELinux is enabled, and
0
/etc/selinux/targeted/booleans
/etc/selinux/targeted/booleans
are passed directly to the shell. The shell chosen is based on the user's
--
.
or
0 Permissive
) or a specific Boolean can be determined.
-a
.
or
1 Enforcing
tells SELinux to stop enforcing,
if SELinux is disabled.
-256
commits all pending Boolean
-P
.
69
tells