What command shows all SELinux booleans and their state?

The command that shows all SELinux booleans and their current state is 'getsebool -a'. When this command is executed, it retrieves a comprehensive list of all SELinux boolean settings, along with their corresponding states (either on or off). This is crucial for administrators who need to understand and manage the security policies enforced by SELinux, as booleans can enable or disable specific behaviors within SELinux policies without needing to modify the policy files directly.

Other commands listed, such as 'setsebool -P', specifically modify the state of SELinux booleans but do not provide a complete overview of all booleans. The command 'lsmod' is used to show the status of modules in the Linux kernel and has no relation to SELinux booleans. 'semanage boolean -l' can list booleans, but it may not provide the full status of each boolean in the same straightforward way that 'getsebool -a' does. Thus, 'getsebool -a' is the correct choice because it explicitly meets the requirement of displaying all SELinux booleans with their states effectively.