MAN page from OpenSuSE selinux-tools-2.0.80-11.13.i586.rpm
Section: SELinux Command Line documentation (8)
Updated: 11 Aug 2004Index
booleans - Policy booleans enable runtime customization of SELinux policy.
This manual page describes SELinux policy booleans.The SELinux policy can include conditional rules that are enabled ordisabled based on the current values of a set of policy booleans.These policy booleans allow runtime modification of the securitypolicy without having to load a new policy.
For example, the boolean httpd_enable_cgi allows the httpd daemon torun cgi scripts if it is enabled. If the administrator does not wantto allow execution of cgi scripts, he can simply disable this booleanvalue.
The policy defines a default value for each boolean, typically false.These default values can be overridden via local settings created via thesetsebool(8)utility, using -P to make the setting persistent across reboots.The system-config-securityleveltool provides a graphical interface for alteringthe settings. Theload_policy(8)program will preservecurrent boolean settings upon a policy reload by default, or canoptionally reset booleans to the boot-time defaults via the -b option.
Boolean values can be listed by using thegetsebool(8)utility and passing it the -a option.
Boolean values can also be changed at runtime via thesetsebool(8)utility or thetoggleseboolutility. By default, these utilities only change thecurrent boolean value and do not affect the persistent settings,unless the -P option is used to setsebool.
This manual page was written by Dan Walsh <dwalshAATTredhat.com>.
The SELinux conditional policy support was developed by Tresys Technology.
- SEE ALSO
This document was created byman2html,using the manual pages.