1booleans(8)           SELinux Command Line documentation           booleans(8)
2
3
4

NAME

6       booleans - Policy booleans enable runtime customization of SELinux pol‐
7       icy
8

DESCRIPTION

10       This manual page describes SELinux policy booleans.   The SELinux  pol‐
11       icy can include conditional rules that are enabled or disabled based on
12       the current values of a set of policy booleans.  These policy  booleans
13       allow  runtime  modification  of  the security policy without having to
14       load a new policy.
15
16       For example, the boolean httpd_enable_cgi allows the  httpd  daemon  to
17       run  cgi  scripts if it is enabled.  If the administrator does not want
18       to allow execution of cgi scripts, he can simply disable  this  boolean
19       value.
20
21       The  policy  defines a default value for each boolean, typically false.
22       These default values can be overridden via local settings  created  via
23       the  setsebool(8)  utility,  using  -P  to  make the setting persistent
24       across reboots.  The system-config-securitylevel tool provides a graph‐
25       ical  interface  for altering the settings.  The load_policy(8) program
26       will preserve current boolean settings upon a policy reload by default,
27       or  can  optionally reset booleans to the boot-time defaults via the -b
28       option.
29
30       Boolean values can be listed by  using  the  getsebool(8)  utility  and
31       passing it the -a option.
32
33       Boolean  values  can  also  be  changed at runtime via the setsebool(8)
34       utility or the togglesebool(8) utility.  By  default,  these  utilities
35       only  change the current boolean value and do not affect the persistent
36       settings, unless the -P option is used to setsebool.
37

AUTHOR

39       This manual page was written by  Dan  Walsh  <dwalsh@redhat.com>.   The
40       SELinux conditional policy support was developed by Tresys Technology.
41

SEE ALSO

43       getsebool(8), setsebool(8), selinux(8), togglesebool(8)
44
45
46
47dwalsh@redhat.com                 11 Aug 2004                      booleans(8)
Impressum