Red Hat Enterprise Linux 5 Administration Unleashed

Selecting and Customizing the SELinux Policy 467setting the boolean value (0 or 1) for optional features. For example, by default, theSELinux targeted policy does not allow the Apache HTTP Server to serve files from homedirectories. The value of the httpd_enable_homedirs boolean can be set to 1 to explicitlyallow it. Changes to boolean values can be made with the SELinux Management Tool orthe setsebool command.Start the graphical tool with the system-config-selinux command or the Administration,SELinux Management menu item in the System menu of the top panel of the desktop.Select the Boolean view from the list on the left. A tree view of possible boolean modificationscan now be seen. Click the triangle icon next to each category to view a list ofboolean options. Boolean options with a checkmark beside them are enabled. Check anoption to enable it, and uncheck an option to disable it. The changes take place immediately.For example, Figure 23.2 shows the values for the booleans that affect the NFSdaemon.23NOTEThe values of the booleans are stored on the virtual filesystem /selinux/boolean/and can be viewed with the command cat /selinux/boolean/.FIGURE 23.2Modifying the SELinux ModeDescriptions of each available boolean values can be found in the BOOLEANS section of theman page for the specific policy. For example, the nfs_selinux man page describes theuse_nfs_home_dirs boolean, which translates to the Support NFS home directoriesoption under the NFS category in the graphical application.