Home : Computers : Linux : Man Pages : booleans

booleans



DESCRIPTION

       This manual page describes SELinux policy booleans.   The SELinux  pol-
       icy can include conditional rules that are enabled or disabled based on
       the current values of a set of policy booleans.  These policy  booleans
       allow  runtime  modification  of  the security policy without having to
       load a new policy.

       For example, the boolean httpd_enable_cgi allows the  httpd  daemon  to
       run  cgi  scripts if it is enabled.  If the administrator does not want
       to allow execution of cgi scripts, he can simply disable  this  boolean
       value.

       The  policy  defines a default value for each boolean, typically false.
       These default values can be overridden via local settings  created  via
       the  setsebool(8)  utility,  using  -P  to  make the setting persistent
       across reboots.  The system-config-securitylevel tool provides a graph-
       ical  interface  for altering the settings.  The load_policy(8) program
       will preserve current boolean settings upon a policy reload by default,
       or  can  optionally reset booleans to the boot-time defaults via the -b
       option.

       Boolean values can be listed by  using  the  getsebool(8)  utility  and
       passing it the -a option.

       Boolean  values  can  also  be  changed at runtime via the setsebool(8)
       utility or the togglesebool(8) utility.  By  default,  these  utilities
       only  change the current boolean value and do not affect the persistent
       settings, unless the -P option is used to setsebool.


AUTHOR

       This manual page was written by  Dan  Walsh  <dwalsh@redhat.com>.   The
       SELinux conditional policy support was developed by Tresys Technology.


SEE ALSO

       getsebool(8), setsebool(8), selinux(8), togglesebool(8)


dwalsh@redhat.com 11 Aug 2004 booleans(8)



Subscribe to us on YouTube