getsebool - Unix, Linux Command



getsebool - get SELinux boolean value(s)


getsebool [-a] [boolean]


getsebool reports where a particular SELinux boolean or all SELinux booleans are on or off In certain situations a boolean can be in one state with a pending change to the other state. getsebool will report this as a pending change. The pending value indicates the value that will be applied upon the next boolean commit.

The setting of boolean values occurs in two stages; first the pending value is changed, then the booleans are committed, causing their active values to become their pending values. This allows a group of booleans to be changed in a single transaction, by setting all of their pending values as desired and then committing once.


-a Show all SELinux booleans.


1. Get value for particular boolean

$ getsebool named_disable_trans
named_disable_trans --> off

2. Get value for all booleans

$ getsebool -a
abrt_anon_write --> off
abrt_handle_event --> off
allow_console_login --> on
allow_cvs_read_shadow --> off

Boolean values can be changed using setsebool and togglesebool