booleans - Linux

Overview

booleans is a command-line utility in Linux systems used to manage and manipulate boolean (true/false) values stored in the Security-Enhanced Linux (SELinux) framework. It allows administrators and users to modify the state of boolean flags, which control various security policies and settings related to file access, system processes, and network communication.

Syntax

booleans <command> [options] [boolean] [value]

Where:

  • <command> is one of the available commands (list, get, set, modify).
  • <options> are optional flags to control the behavior of the command.
  • <boolean> is the name of the boolean flag to be manipulated.
  • <value> is the new value to set the boolean flag to (true/false/on/off).

Options/Flags

  • -a, --all: List all available boolean flags.
  • -d, --description: Show the description of a specific boolean flag.
  • -q, --quiet: Suppress output, only showing errors.
  • -v, --verbose: Print additional information and diagnostics.
  • --test: Test the change of a boolean flag without actually modifying it.
  • --package: Display the package that owns the boolean flag.

Examples

List all boolean flags:

booleans -a

Get the current value of a boolean flag:

booleans get httpd_can_network_connect

Set a boolean flag to true:

booleans set httpd_can_network_connect on

Modify a boolean flag and test the change:

booleans modify httpd_can_network_connect --test

Common Issues

  • Permission denied: Ensure that the user has sufficient privileges (root or sudo) to modify SELinux boolean flags.
  • Unknown boolean: Verify that the specified boolean flag exists by using the -a option to list all available flags.
  • Invalid value: The value must be one of true, false, on, or off.

Integration

booleans can be integrated into scripts or command chains for automated management of SELinux policies. For example:

booleans set httpd_can_network_connect on && systemctl restart httpd

Related Commands

  • semanage boolean: An alternative command for managing SELinux boolean flags.
  • sestatus: Display information about the current SELinux policy and boolean flags.
  • SELinux documentation: https://docs.fedoraproject.org/en-US/Fedora/24/html/Security-Enhanced_Linux/