Provided by: selinux-utils_1.28-2ubuntu2_i386 bug


       booleans  -  Policy  booleans  enable  runtime customization of SELinux


       This manual page describes SELinux policy booleans.

       The SELinux policy can include conditional rules that  are  enabled  or
       disabled  based  on  the  current  values  of a set of policy booleans.
       These policy booleans allow runtime modification of the security policy
       without having to load a new policy.

       For  example,  the  boolean httpd_enable_cgi allows the httpd daemon to
       run cgi scripts if it is enabled.  If the administrator does  not  want
       to  allow  execution of cgi scripts, he can simply disable this boolean

       The policy defines a default value for each boolean,  typically  false.
       These  default  values  can  be  overridden  at  boot-time based on the
       settings   in   the   /etc/selinux/SELINUXTYPE/booleans   file,   where
       SELINUXTYPE  is the type of policy currently being run on the system as
       defined  in   the   /etc/selinux/config   file.    The   system-config-
       securitylevel  tool  provides an interface for altering the settings in
       this file.  The load_policy(8) program will  preserve  current  boolean
       settings  upon  a  policy  reload  by  default, or can optionally reset
       booleans to the boot-time defaults via the -b option.

       Boolean values can be listed by  using  the  getsebool(8)  utility  and
       passing it the -a option.

       Boolean  values  can  also  be  changed at runtime via the setsebool(8)
       utility or the togglesebool utility.  These utilities only  change  the
       current boolean value and do not affect the boot-time settings.


       This  manual  page  was  written by Dan Walsh <>.  The
       SELinux conditional policy support was developed by Tresys  Technology.


       getsebool(8), setsebool(8), selinux(8), togglesebool(8)


       /etc/selinux/SELINUXTYPE/booleans, /etc/selinux/config