1
00:00:00,000 --> 00:00:10,080
Apart from context, there's another setting that you need to know about, and that's the

2
00:00:10,080 --> 00:00:17,280
boolean. A boolean is an on-off switch that allows you to easily apply specific situations.

3
00:00:17,280 --> 00:00:23,700
There's a limited number of booleans because they address some common security situations.

4
00:00:23,700 --> 00:00:28,180
And booleans are used in addition to context labels. So sometimes your context labels might

5
00:00:28,180 --> 00:00:33,680
be all right, and then still you need to use the boolean to make sure that it works. Use

6
00:00:33,680 --> 00:00:41,480
getSeBool-A to get a list of all booleans, and use setSeBool-P to make persistent changes

7
00:00:41,480 --> 00:00:49,040
to booleans. Let me show you. So getSeBool-A is showing a list of all booleans. And I would

8
00:00:49,040 --> 00:00:55,880
like to show you one of my favorites, FTP. For FTP, we have a boolean, FTPD, anonymous

9
00:00:55,880 --> 00:01:01,439
write is off. And you know what that means? That means that no matter what you are going

10
00:01:01,439 --> 00:01:10,959
to configure, you cannot do anonymous writes on FTP. And the change is rather easy. SetSeBool

11
00:01:10,959 --> 00:01:17,680
minus uppercase P. Don't forget to minus uppercase P. That will make it persistent. FTPD, anonymous

12
00:01:17,680 --> 00:01:25,279
write on. And now you still have to configure your FTP server to allow anonymous writes.

13
00:01:25,279 --> 00:01:29,239
But at least from an HCLinux point of view, it is going to work.