booleans

booleans(8)           SELinux Command Line documentation           booleans(8)



NAME
       booleans - Policy booleans enable runtime customization of SELinux
       policy

DESCRIPTION
       This manual page describes SELinux policy booleans.   The SELinux
       policy can include conditional rules that are enabled or disabled based
       on the current values of a set of policy booleans.  These policy
       booleans allow runtime modification of the security policy without
       having to load a new policy.

       For example, the boolean httpd_enable_cgi allows the httpd daemon to
       run cgi scripts if it is enabled.  If the administrator does not want
       to allow execution of cgi scripts, he can simply disable this boolean
       value.

       The policy defines a default value for each boolean, typically false.
       These default values can be overridden via local settings created via
       the setsebool(8) utility, using -P to make the setting persistent
       across reboots.  The system-config-securitylevel tool provides a
       graphical interface for altering the settings.  The load_policy(8)
       program will preserve current boolean settings upon a policy reload by
       default, or can optionally reset booleans to the boot-time defaults via
       the -b option.

       Boolean values can be listed by using the getsebool(8) utility and
       passing it the -a option.

       Boolean values can also be changed at runtime via the setsebool(8)
       utility or the togglesebool(8) utility.  By default, these utilities
       only change the current boolean value and do not affect the persistent
       settings, unless the -P option is used to setsebool.

AUTHOR
       This manual page was written by Dan Walsh <dwalsh@redhat.com>.  The
       SELinux conditional policy support was developed by Tresys Technology.

SEE ALSO
       getsebool(8), setsebool(8), selinux(8), togglesebool(8)



dwalsh@redhat.com                 11 Aug 2004                      booleans(8)