1booleans(8) SELinux Command Line documentation booleans(8)
2
3
4
6 booleans - Policy booleans enable runtime customization of SELinux pol‐
7 icy.
8
9
11 This manual page describes SELinux policy booleans.
12
13 The SELinux policy can include conditional rules that are enabled or
14 disabled based on the current values of a set of policy booleans.
15 These policy booleans allow runtime modification of the security policy
16 without having to load a new policy.
17
18 For example, the boolean httpd_enable_cgi allows the httpd daemon to
19 run cgi scripts if it is enabled. If the administrator does not want
20 to allow execution of cgi scripts, he can simply disable this boolean
21 value.
22
23 The policy defines a default value for each boolean, typically false.
24 These default values can be overridden via local settings created via
25 the setsebool(8) utility, using -P to make the setting persistent
26 across reboots. The system-config-securitylevel tool provides a graph‐
27 ical interface for altering the settings. The load_policy(8) program
28 will preserve current boolean settings upon a policy reload by default,
29 or can optionally reset booleans to the boot-time defaults via the -b
30 option.
31
32 Boolean values can be listed by using the getsebool(8) utility and
33 passing it the -a option.
34
35 Boolean values can also be changed at runtime via the setsebool(8)
36 utility or the togglesebool utility. By default, these utilities only
37 change the current boolean value and do not affect the persistent set‐
38 tings, unless the -P option is used to setsebool.
39
40
42 This manual page was written by Dan Walsh <dwalsh@redhat.com>. The
43 SELinux conditional policy support was developed by Tresys Technology.
44
45
47 getsebool(8), setsebool(8), selinux(8), togglesebool(8)
48
49
50
51dwalsh@redhat.com 11 Aug 2004 booleans(8)