.TH "booleans" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"

.SH "NAME"

booleans \- Policy booleans enable runtime customization of SELinux policy.

.SH "DESCRIPTION"

This manual page describes SELinux policy booleans.

.BR

The SELinux policy can include conditional rules that are enabled or

disabled based on the current values of a set of policy booleans.

These policy booleans allow runtime modification of the security

policy without having to load a new policy.  

For example, the boolean httpd_enable_cgi allows the httpd daemon to

run cgi scripts if it is enabled.  If the administrator does not want

to allow execution of cgi scripts, he can simply disable this boolean

value.  

The policy defines a default value for each boolean, typically false.

These default values can be overridden at boot-time based on the

settings in the

.I /etc/selinux/SELINUXTYPE/booleans

file, where

SELINUXTYPE is the type of policy currently being run on the system as

defined in the

.I /etc/selinux/config

file.  The

.B system-config-securitylevel

tool provides an interface for altering

the settings in this file.  The

.B load_policy(8)

program will preserve

current boolean settings upon a policy reload by default, or can

optionally reset booleans to the boot-time defaults via the -b option.

Boolean values can be listed by using the

.B getsebool(8)

utility and passing it the -a option.

Boolean values can also be changed at runtime via the

.B setsebool(8)

utility or the

.B togglesebool

utility.  These utilities only change the

current boolean value and do not affect the boot-time settings.

.SH AUTHOR	

This manual page was written by Dan Walsh <dwalsh@redhat.com>.

The SELinux conditional policy support was developed by Tresys Technology.

.SH "SEE ALSO"

getsebool(8), setsebool(8), selinux(8), togglesebool(8)

.SH FILES

/etc/selinux/SELINUXTYPE/booleans, /etc/selinux/config