How to Enable or Disable SELinux Boolean Values

Security-Enhanced Linux (SELinux) is a security mechanism for mandatory access control (MAC) implemented in the Linux kernel. It is a flexible operation designed to boost overall system security: it enables access controls imposed using a policy loaded on the system which may not be changed by normal users or misbehaving programs.

The following article clearly explains about SELinux and how to implement it in your Linux system.

  1. Implementing Mandatory Access Control with SELinux or AppArmor in Linux

In this article, we will show you how to turn on or off SELinux boolean values in CentOS, RHEL and Fedora Linux distributions.

To view all SELinux booleans, use the getsebool command together with less command.

Note: SELinux must be in enabled state to list all booleans.

# getsebool -a | less
Check SELinux Boolean Values
Check SELinux Boolean Values

To view all boolean values for a specific program (or daemon), use the grep utility, the following command shows you all httpd booleans.

# getsebool -a | grep httpd
Check HTTP SELinux Boolean Values
Check HTTP SELinux Boolean Values

To turn on (1) or off (0) SELinux booleans, you can use setsebool program as described below.

Enable or Disable SELinux Boolean Values

If you have a web server installed on your system, you can permit HTTPD scripts to write files in directories labeled public_content_rw_t by enabling the allow_httpd_sys_script_anon_write boolean.

# getsebool allow_httpd_sys_script_anon_write 
# setsebool allow_httpd_sys_script_anon_write on
# setsebool allow_httpd_sys_script_anon_write 1
SELinux Allow Write Access to HTTP Files
SELinux Allow Write Access to HTTP Files

Similarly, to disable or turn off above SELinux boolean value, run the following command.

# setsebool allow_httpd_sys_script_anon_write off
# setsebool allow_mount_anyfile off
# setsebool allow_httpd_sys_script_anon_write  0
# setsebool allow_mount_anyfile  0

You can find the meaning of all the SELinux booleans at

Don’t forget to read these following security related articles.

  1. How to Disable SELinux Temporarily or Permanently in RHEL/CentOS
  2. Mandatory Access Control Essentials with SELinux
  3. The Mega Guide to Hardening and Securing CentOS 7

In this article, we have explained how to enable or disable SELinux boolean values in CentOS, RHEL and Fedora distributions. If you have any questions, do ask via the comment from below.

Tutorial Feedback...
Was this article helpful? If you don't find this article helpful or found some outdated info, issue or a typo, do post your valuable feedback or suggestions in the comments to help improve this article...

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

6 thoughts on “How to Enable or Disable SELinux Boolean Values”

  1. Hi, I cannot connect via ssh to my machine after enabling SELinux to enforce mode.

    I have tried the touch /.autorelabel but no luck.

    In getsebool – all the booleans are on…

    Please help me here.

  2. Hi,

    I set setsebool httpd_can_network_connect on and httpd_can_network_connect_db on. But after reboot, the setting rolls back to off.

    is there an argument to permanently set setsebool.


Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.