Search For :

in:

All Sections 1. General Commands 2. System Calls 3. Subroutines 4. Special Files 5. File Formats 6. Games and Demos 7. Macros and Conventions 8. Maintenence Commands

 

NAME

booleans - Policy booleans enable runtime customization of SELinux policy.

 

DESCRIPTION

This manual page describes SELinux policy booleans. The SELinux policy can include conditional rules that are enabled or disabled based on the current values of a set of policy boooleans. These policy booleans allow runtime modification of the security policy without having to load a new policy.

For example, the boolean httpd_enable_cgi allows the httpd daemon to run cgi scripts if it is enabled. If the administrator does not want to allow execution of cgi scripts, he can simply disable this boolean value.

The policy defines a default value for each boolean, typically false. These default values can be overridden at boot-time based on the settings in the /etc/selinux/SELINUXTYPE/booleans file, where SELINUXTYPE is the type of policy currently being run on the system as defined in the /etc/selinux/config file. The system-config-securitylevel tool provides an interface for altering the settings in this file. The load_policy(8) program will preserve current boolean settings upon a policy reload by default, or can optionally reset booleans to the boot-time defaults via the -b option.

Boolean values can also be changed at runtime via the setsebool(8) utility or the togglesebool utility. These utilities only change the current boolean value and do not affect the boot-time settings.

 

AUTHOR  

This manual page was written by Dan Walsh <dwalsh@redhat.com>.
The SELinux conditional policy support was developed by Tresys Technology.

 

SEE ALSO

getsebool(8),setsebool(8),selinux(8)

---

 

Index

NAME

DESCRIPTION

AUTHOR  

SEE ALSO