1booleans(8)           SELinux Command Line documentation           booleans(8)
2
3
4

NAME

6       booleans - Policy booleans enable runtime customization of SELinux pol‐
7       icy.
8
9

DESCRIPTION

11       This manual page describes SELinux policy booleans.
12
13       The SELinux policy can include conditional rules that  are  enabled  or
14       disabled  based  on  the  current  values  of a set of policy booleans.
15       These policy booleans allow runtime modification of the security policy
16       without having to load a new policy.
17
18       For  example,  the  boolean httpd_enable_cgi allows the httpd daemon to
19       run cgi scripts if it is enabled.  If the administrator does  not  want
20       to  allow  execution of cgi scripts, he can simply disable this boolean
21       value.
22
23       The policy defines a default value for each boolean,  typically  false.
24       These  default  values can be overridden via local settings created via
25       the setsebool(8) utility, using  -P  to  make  the  setting  persistent
26       across reboots.  The system-config-securitylevel tool provides a graph‐
27       ical interface for altering the settings.  The  load_policy(8)  program
28       will preserve current boolean settings upon a policy reload by default,
29       or can optionally reset booleans to the boot-time defaults via  the  -b
30       option.
31
32       Boolean  values  can  be  listed  by using the getsebool(8) utility and
33       passing it the -a option.
34
35       Boolean values can also be changed  at  runtime  via  the  setsebool(8)
36       utility  or the togglesebool utility.  By default, these utilities only
37       change the current boolean value and do not affect the persistent  set‐
38       tings, unless the -P option is used to setsebool.
39
40

AUTHOR

42       This  manual  page  was  written by Dan Walsh <dwalsh@redhat.com>.  The
43       SELinux conditional policy support was developed by Tresys Technology.
44
45

SEE ALSO

47       getsebool(8), setsebool(8), selinux(8), togglesebool(8)
48
49
50
51dwalsh@redhat.com                 11 Aug 2004                      booleans(8)
Impressum