Security
getsebool
Get the current state of SELinux booleans.
Additional Notes
getsebool displays the current value of one or more SELinux boolean settings. SELinux booleans are tunable switches in SELinux policy that allow administrators to enable or disable specific policy rules without reloading or rebuilding the policy.
Booleans control features such as whether HTTP daemons can connect to network ports, whether users can execute untrusted scripts, or whether NFS file systems can be shared via Samba. The state of each boolean is shown as either on or off. Persistent changes to booleans are made with setsebool -P.
Syntax
getsebool [boolean-name...]
Parameters
boolean-name: One or more SELinux boolean names to query. If omitted and no flags are given,getseboollists all booleans in tabular format.
Common Options
-a: Show all available SELinux booleans with their current values.
Examples
getsebool -a
List all SELinux booleans and their current states.
getsebool httpd_enable_homedirs
Check the state of a specific boolean.
getsebool httpd_enable_homedirs ftpd_full_access
Query multiple booleans at once.
getsebool -a | grep httpd
Filter all booleans related to the Apache HTTP daemon.
Practical Notes
- Run
getseboolwithout arguments to see all booleans with values aligned in columns. - Use
semanage boolean -lto see a description of each boolean alongside its value. - Booleans are temporarily changed with
setsebool boolean valueand persistently withsetsebool -P boolean value. - Policy booleans are defined in SELinux policy packages and vary by distribution and installed policy modules.
- Changes to booleans take effect immediately; no service restart is required for the policy to apply.