Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual page 788

Chapter 45. Working With SELinux
Note
This sets the runtime value only. Use the -P option to make the change persistent across
reboots.
Any *_disable_trans booleans that are set to "on" invoke the conditional that prevents the
process from transitioning to the domain on execution.
Use the following command to find which of these booleans are set:
getsebool -a | grep disable.*on
httpd_disable_trans=1
mysqld_disable_trans=1
ntpd_disable_trans=1
You can set any number of boolean values using the setsebool command:
setsebool -P httpd_disable_trans=1 mysqld_disable_trans=1 ntpd_disable_trans=1
You can also use togglesebool <boolean_name> to change the value of a specific boolean:
[root@host2a ~]# getsebool httpd_disable_trans
httpd_disable_trans --> off
[root@host2a ~]# togglesebool httpd_disable_trans
httpd_disable_trans: active
You can configure all of these settings using system-config-selinux. The same configuration files are
used, so changes appear bidirectionally.
Changing a Runtime Boolean
Use the following procedure to change a runtime boolean using the GUI.
Note
Administrator privileges are required to perform this procedure.
On the System menu, point to Administration and then click Security Level and Firewall to
1.
display the Security Level Configuration dialog box.
Click the SELinux tab, and then click Modify SELinux Policy.
2.
In the selection list, click the arrow next to the Name Service entry, and select the Disable
3.
SELinux protection for named daemon check box.
Click OK to apply the change. Note that it may take a short time for the policy to be reloaded.
4.
762