Skip to content

Instantly share code, notes, and snippets.

@apinter

apinter/microos_selinux.md

Last active April 20, 2023 11:42
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save apinter/5ce4dc6bc6daedc45a840a8e39e6b51e to your computer and use it in GitHub Desktop.
Save apinter/5ce4dc6bc6daedc45a840a8e39e6b51e to your computer and use it in GitHub Desktop.
Download ZIP
A list of booleans that are nice to have enabled on an SELinux system
Raw
microos_selinux.md 
sudo setsebool -P abrt_upload_watch_anon_write on
sudo setsebool -P auditadm_exec_content on
sudo setsebool -P boinc_execmem on
sudo setsebool -P cron_userdomain_transition on
sudo setsebool -P daemons_dontaudit_scheduling on
sudo setsebool -P dbadm_exec_content on
sudo setsebool -P domain_fd_use on
sudo setsebool -P entropyd_use_audio on
sudo setsebool -P fips_mode on
sudo setsebool -P gluster_export_all_rw on
sudo setsebool -P gssd_read_tmp on
sudo setsebool -P guest_exec_content on
sudo setsebool -P httpd_builtin_scripting on
sudo setsebool -P httpd_enable_cgi on
sudo setsebool -P init_create_dirs on
sudo setsebool -P kerberos_enabled on
sudo setsebool -P logadm_exec_content on
sudo setsebool -P logging_syslogd_use_tty on
sudo setsebool -P login_console_enabled on
sudo setsebool -P mcelog_exec_scripts on
sudo setsebool -P mount_anyfile on
sudo setsebool -P mozilla_plugin_can_network_connect on
sudo setsebool -P named_write_master_zones on
sudo setsebool -P nfs_export_all_ro on
sudo setsebool -P nfs_export_all_rw on
sudo setsebool -P nscd_use_shm on
sudo setsebool -P openfortivpn_can_network_connect on
sudo setsebool -P openvpn_can_network_connect on
sudo setsebool -P openvpn_enable_homedirs on
sudo setsebool -P postfix_local_write_mail_spool on
sudo setsebool -P postgresql_selinux_unconfined_dbadm on
sudo setsebool -P postgresql_selinux_users_ddl on
sudo setsebool -P privoxy_connect_any on
sudo setsebool -P secadm_exec_content on
sudo setsebool -P selinuxuser_direct_dri_enabled on
sudo setsebool -P selinuxuser_execmod on
sudo setsebool -P selinuxuser_execstack on
sudo setsebool -P selinuxuser_ping on
sudo setsebool -P selinuxuser_rw_noexattrfile on
sudo setsebool -P spamd_enable_home_dirs on
sudo setsebool -P squid_connect_any on
sudo setsebool -P staff_exec_content on
sudo setsebool -P sysadm_exec_content on
sudo setsebool -P telepathy_tcp_connect_generic_network_ports on
sudo setsebool -P unconfined_chrome_sandbox_transition on
sudo setsebool -P unconfined_login on
sudo setsebool -P unconfined_mozilla_plugin_transition on
sudo setsebool -P use_virtualbox on
sudo setsebool -P user_exec_content on
sudo setsebool -P virt_sandbox_use_all_caps on
sudo setsebool -P virt_sandbox_use_audit on
sudo setsebool -P virt_use_nfs on
sudo setsebool -P virt_use_usb on
sudo setsebool -P xdm_manage_bootloader on
sudo setsebool -P xend_run_blktap on
sudo setsebool -P xend_run_qemu on
sudo setsebool -P xguest_connect_network on
sudo setsebool -P xguest_exec_content on
sudo setsebool -P xguest_mount_media on
sudo setsebool -P xguest_use_bluetooth on
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment