Man Linux: Main Page and Category List


       booleans  -  Policy  booleans  enable  runtime customization of SELinux


       This manual page describes SELinux policy booleans.

       The SELinux policy can include conditional rules that  are  enabled  or
       disabled  based  on  the  current  values  of a set of policy booleans.
       These policy booleans allow runtime modification of the security policy
       without having to load a new policy.

       For  example,  the  boolean httpd_enable_cgi allows the httpd daemon to
       run cgi scripts if it is enabled.  If the administrator does  not  want
       to  allow  execution of cgi scripts, he can simply disable this boolean

       The policy defines a default value for each boolean,  typically  false.
       These  default  values can be overridden via local settings created via
       the setsebool(8) utility, using  -P  to  make  the  setting  persistent
       across   reboots.   The  system-config-securitylevel  tool  provides  a
       graphical interface for  altering  the  settings.   The  load_policy(8)
       program  will preserve current boolean settings upon a policy reload by
       default, or can optionally reset booleans to the boot-time defaults via
       the -b option.

       Boolean  values  can  be  listed  by using the getsebool(8) utility and
       passing it the -a option.

       Boolean values can also be changed  at  runtime  via  the  setsebool(8)
       utility  or the togglesebool utility.  By default, these utilities only
       change the current boolean value  and  do  not  affect  the  persistent
       settings, unless the -P option is used to setsebool.


       This  manual  page  was  written by Dan Walsh <>.  The
       SELinux conditional policy support was developed by Tresys  Technology.


       getsebool(8), setsebool(8), selinux(8), togglesebool(8)