[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Boolean support in latest SELinux policy.



There is a new feature in SELinux that allows you to modify a running policy. Basically you can define booleans in policy that an admin can then decide to turn on or off. To allow users to ping you can execute the following command.

> ping 4.2.2.2
ping: icmp open socket: Permission denied
> show_bools
user_ping --> active: 0 pending: 0

As root
# change_bool user_ping 1

> show_bools
user_ping --> active: 1 pending: 1

>ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
64 bytes from 4.2.2.2: icmp_seq=0 ttl=248 time=10.0 ms
64 bytes from 4.2.2.2: icmp_seq=1 ttl=248 time=10.6 ms

To show the available booleans you can use show_bools.
show_bools
user_ping --> active: 0 pending: 0

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]