Update cheatsheets

tldr/linux/getenforce

@@ -6,6 +6,7 @@ source: https://github.com/tldr-pages/tldr.git
 # getenforce
 
 > Get the current mode of SELinux (i.e. enforcing, permissive, or disabled).
+> See also: `setenforce`, `semanage-permissive`.
 > More information: <https://manned.org/man/getenforce>.
 
 - Display the current mode of SELinux:

tldr/linux/getsebool

@@ -0,0 +1,22 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# getsebool
+
+> Get SELinux boolean value.
+> See also: `semanage-boolean`, `setsebool`.
+> More information: <https://manned.org/man/getsebool>.
+
+- Show the current setting of a boolean:
+
+`getsebool {{httpd_can_connect_ftp}}`
+
+- Show the current setting of [a]ll booleans:
+
+`getsebool -a`
+
+- Show the current setting of all booleans with explanations:
+
+`sudo semanage boolean {{-l|--list}}`

tldr/linux/semanage

@@ -6,6 +6,7 @@ source: https://github.com/tldr-pages/tldr.git
 # semanage
 
 > SELinux persistent policy management tool.
+> Some subcommands such as `boolean`, `fcontext`, `port`, etc. have their own usage documentation.
 > More information: <https://manned.org/semanage>.
 
 - Set or unset a SELinux boolean. Booleans allow the administrator to customize how policy rules affect confined process types (a.k.a domains):

tldr/linux/semanage-boolean

@@ -0,0 +1,22 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# semanage boolean
+
+> Manage persistent SELinux boolean settings.
+> See also: `semanage` for managing SELinux policies, `getsebool` for checking boolean values, and `setsebool` for applying non-persistent boolean settings.
+> More information: <https://manned.org/man/semanage-boolean>.
+
+- List all booleans settings:
+
+`sudo semanage boolean {{-l|--list}}`
+
+- List all user-defined boolean settings without headings:
+
+`sudo semanage boolean {{-l|--list}} {{-C|--locallist}} {{-n|--noheading}}`
+
+- Set or unset a boolean persistently:
+
+`sudo semanage boolean {{-m|--modify}} {{-1|--on|-0|--off}} {{haproxy_connect_any}}`

tldr/linux/semanage-permissive

@@ -0,0 +1,19 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# semanage permissive
+
+> Manage persistent SELinux permissive domains.
+> Note that this effectively makes the process unconfined. For long-term use, it is recommended to configure SELiunx properly.
+> See also: `semanage`, `getenforce`, `setenforce`.
+> More information: <https://manned.org/man/semanage-permissive>.
+
+- List all process types (a.k.a domains) that are in permissive mode:
+
+`sudo semanage permissive {{-l|--list}}`
+
+- Set or unset permissive mode for a domain:
+
+`sudo semanage permissive {{-a|--add|-d|--delete}} {{httpd_t}}`

tldr/linux/semanage-port

@@ -0,0 +1,26 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# semanage port
+
+> Manage persistent SELinux port definitions.
+> See also: `semanage`.
+> More information: <https://manned.org/man/semanage-port>.
+
+- List all port labeling rules:
+
+`sudo semanage port {{-l|--list}}`
+
+- List all user-defined port labeling rules without headings:
+
+`sudo semanage port {{-l|--list}} {{-C|--locallist}} {{-n|--noheading}}`
+
+- Add a user-defined rule that assigns a label to a protocol-port pair:
+
+`sudo semanage port {{-a|--add}} {{-t|--type}} {{ssh_port_t}} {{-p|--proto}} {{tcp}} {{22000}}`
+
+- Delete a user-defined rule using its protocol-port pair:
+
+`sudo semanage port {{-d|--delete}} {{-p|--proto}} {{udp}} {{11940}}`

tldr/linux/setenforce

@@ -0,0 +1,19 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# setenforce
+
+> Toggle SELinux between enforcing and permissive modes.
+> To enable or disable SELinux, edit `/etc/selinux/config` instead.
+> See also: `getenforce`, `semanage-permissive`.
+> More information: <https://manned.org/man/setenforce>.
+
+- Put SELinux in enforcing mode:
+
+`setenforce {{1|Enforcing}}`
+
+- Put SELiunx in permissive mode:
+
+`setenforce {{0|Permissive}}`

tldr/linux/setsebool

@@ -0,0 +1,30 @@
+---
+syntax: markdown
+tags: [tldr, linux]
+source: https://github.com/tldr-pages/tldr.git
+---
+# setsebool
+
+> Set SELinux boolean value.
+> See also: `semanage-boolean`, `getsebool`.
+> More information: <https://manned.org/man/setsebool>.
+
+- Show the current setting of [a]ll booleans:
+
+`getsebool -a`
+
+- Set or unset a boolean temporarily (non-persistent across reboot):
+
+`sudo setsebool {{httpd_can_network_connect}} {{1|true|on|0|false|off}}`
+
+- Set or unset a boolean [p]ersistently:
+
+`sudo setsebool -P {{container_use_devices}} {{1|true|on|0|false|off}}`
+
+- Set or unset multiple booleans [p]ersistently at once:
+
+`sudo setsebool -P {{ftpd_use_fusefs=1 mount_anyfile=0 ...}}`
+
+- Set or unset a boolean persistently (alternative method using `semanage-boolean`):
+
+`sudo semanage boolean {{-m|--modify}} {{-1|--on|-0|--off}} {{haproxy_connect_any}}`