RHCSA RHEL 8 - Use boolean settings to modify system SELinux settings

Your support on Ko-Fi is much appreciated:
👉 ko-fi.com/csg_yt

Join our new discord channel:
👉 discord.gg/kBQ6Jry

Buy CSG Merchandise:
👉 tee.pub/lic/csg

This video is based on RHEL 8.

Video to cover the section 'Use boolean settings to modify system SELinux settings' for the RHCSA (Red Hat Certified System Administrator).

More information on the required learning: bit.ly/rhcsa8

Notes from the video:

SELinux defines access controls for the applications, processes, and files on a system. It uses security policies, which are a set of rules that tell SELinux what can or can’t be accessed, to enforce the access allowed by a policy.

When an application or process, known as a subject, makes a request to access an object, like a file, SELinux checks with an access vector cache (AVC), where permissions are cached for subjects and objects.

If SELinux is unable to make a decision about access based on the cached permissions, it sends the request to the security server. The security server checks for the security context of the app or process and the file. Security context is applied from the SELinux policy database. Permission is then granted or denied.

SELinux had a large number of the contexts already defined, for example the type context is defined for already for processes such as ssh.

Booleans within SELINUX allow us to turn on and off common rules within the policy.

To list all the available booleans:

getsebool -a

You can filter using grep or the like.

getsebool -a | grep virtualbox

Also if you have setroubleshoot-server installed you can use:

semanage boolean -l

Not if the application isn’t installed you can install it by:

dnf install setroubleshoot-server

Finally to set a boolean value permenantly:

setsebool -P use_virtualbox on


#rhcsa #rhel #linux #redhat