NAME¶
booleans - Policy booleans enable runtime customization of SELinux policy.
DESCRIPTION¶
This manual page describes SELinux policy booleans.
The SELinux policy can include conditional rules that are enabled or disabled
based on the current values of a set of policy booleans. These policy booleans
allow runtime modification of the security policy without having to load a new
policy.
For example, the boolean httpd_enable_cgi allows the httpd daemon to run cgi
scripts if it is enabled. If the administrator does not want to allow
execution of cgi scripts, he can simply disable this boolean value.
The policy defines a default value for each boolean, typically false. These
default values can be overridden via local settings created via the
setsebool(8) utility, using -P to make the setting persistent across
reboots. The
system-config-securitylevel tool provides a graphical
interface for altering the settings. The
load_policy(8) program will
preserve current boolean settings upon a policy reload by default, or can
optionally reset booleans to the boot-time defaults via the -b option.
Boolean values can be listed by using the
getsebool(8) utility and
passing it the -a option.
Boolean values can also be changed at runtime via the
setsebool(8)
utility or the
togglesebool utility. By default, these utilities only
change the current boolean value and do not affect the persistent settings,
unless the -P option is used to setsebool.
AUTHOR ¶
This manual page was written by Dan Walsh <dwalsh@redhat.com>. The SELinux
conditional policy support was developed by Tresys Technology.
SEE ALSO¶
getsebool(8),
setsebool(8),
selinux(8),
togglesebool(8)