Quickly change how SELinux treats services without rewriting policies. 16.11.2025 | reading time: 2 min SELinux booleans let you flip bits in the policy to allow or deny specific behaviors without editing the policy source; learn to check them and act fast. A concrete case: allow Apache outbound connections A web application needs to fetch external data but connections are blocked; check the relevant boolean with `getsebool httpd_can_network_connect` => `httpd_can_network_connect --> off`; enable it for the running system with `setsebool httpd_can_network_connect on` and make the change survive reboots with `setsebool -P httpd_can_network_connect on`; verify with `getsebool httpd_can_network_connect` => `httpd_can_network_connect --> on`. List and inspect booleans To see everything at once use `getsebool -a` for a quick list, or `semanage boolean -l` to view descriptions and whether a boolean is persistent; remember that `setsebool` without `-P` changes only the current runtime, so use `-P` when you want permanence. When a boolean is not enough If toggling a boolean does not help, collect evidence with `ausearch` or check AVC denials in `journalctl` and feed them to `audit2allow` to see what policy change would be required; then prefer `semanage` or policy module edits for controlled, repeatable fixes. Wrap-up and next steps Booleans are the fastest way to adapt SELinux to real needs, but they are not a substitute for proper policy design; practice the commands, read boolean descriptions with `semanage`, and when ready, deepen your knowledge with targeted certification training like CompTIA Linux+ or LPIC-1 at bitsandbytes.academy for exam-focused preparation. Join Bits & Bytes Academy First class LINUX exam preparation. security utilities troubleshooting
