booleans manpage

Search topic Section

booleans(8)	      SELinux Command Line documentation	   booleans(8)

       booleans - Policy booleans enable runtime customization of SELinux pol-

       This manual page describes SELinux policy booleans.

       The SELinux policy can include conditional rules that  are  enabled  or
       disabled	 based	on  the	 current  values  of a set of policy booleans.
       These policy booleans allow runtime modification of the security policy
       without having to load a new policy.

       For  example,  the  boolean httpd_enable_cgi allows the httpd daemon to
       run cgi scripts if it is enabled.  If the administrator does  not  want
       to  allow  execution of cgi scripts, he can simply disable this boolean

       The policy defines a default value for each boolean,  typically	false.
       These  default  values can be overridden via local settings created via
       the setsebool(8) utility, using	-P  to	make  the  setting  persistent
       across reboots.	The system-config-securitylevel tool provides a graph-
       ical interface for altering the settings.  The  load_policy(8)  program
       will preserve current boolean settings upon a policy reload by default,
       or can optionally reset booleans to the boot-time defaults via  the  -b

       Boolean	values	can  be	 listed	 by using the getsebool(8) utility and
       passing it the -a option.

       Boolean values can also be changed  at  runtime	via  the  setsebool(8)
       utility	or the togglesebool utility.  By default, these utilities only
       change the current boolean value and do not affect the persistent  set-
       tings, unless the -P option is used to setsebool.

       This  manual  page  was	written by Dan Walsh <dwalsh@redhat.com>.  The
       SELinux conditional policy support was developed by Tresys Technology.

       getsebool(8), setsebool(8), selinux(8), togglesebool(8)

dwalsh@redhat.com		  11 Aug 2004			   booleans(8)