SELinux for RHEL not persistant after reboot

user3571487 asked:

So in the Red Hat exam they want you to use SELinux. If for example you install vsftp, then do setsebool -P ftp_home_dir=1 or setsebool -P ftp_home_dir on to allow the users on the server to access the home directories. Then do a reboot I notice the ftp_home_dir gets set back to off. I’m I doing something wrong? Here are my steps:

  1. getsebool -a | grep ftpftp_home_dir --> off

  2. setsebool -P ftp_home_dir on

  3. getsebool -a | grep ftpftp_home_dir --> on

  4. reboot

  5. getsebool -a | grep ftpftp_home_dir --> off

What’s going on? Isn’t -P suppose to be persistent after reboot?

Tried this on CentOS 6.5 and RHEL 6.5, both of course updated too. Any suggestion appreciated.

update seeing as I can’t answer my on question

semanage boolean -m --on ftp_home_dir

This will survive a reboot

My answer:


I just tried this on CentOS 6.5 and I cannot reproduce the behavior you’re seeing.

# semanage boolean -l | head
SELinux boolean                State  Default Description

ftp_home_dir                   (off  ,  off)  Allow ftp to read and write files in the user home directories

# setsebool -P ftp_home_dir on

# semanage boolean -l | head
SELinux boolean                State  Default Description

ftp_home_dir                   (on   ,   on)  Allow ftp to read and write files in the user home directories

# reboot
The system is going down for reboot NOW!

# semanage boolean -l | head
SELinux boolean                State  Default Description

ftp_home_dir                   (on   ,   on)  Allow ftp to read and write files in the user home directories

According to the official documentation, this certainly is supposed to be the correct way of doing it.

Fortunately (!) with SELinux there’s almost always two or more completely different ways of doing the same thing, as you’ve discovered. semanage can also set booleans, among many other things. Why this is, I think only Dan Walsh knows…

semanage boolean -m --on ftp_home_dir

Since you say that worked for you, I suspect something non-obvious was broken with your installation. At this point you may never find out what it was.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.