Provided by: selinux-utils_2.9-2_amd64 bug

NAME

       booleans - Policy booleans enable runtime customization of SELinux policy

DESCRIPTION

       This  manual  page  describes  SELinux  policy  booleans.   The SELinux policy can include
       conditional rules that are enabled or disabled based on the current values  of  a  set  of
       policy  booleans.  These policy booleans allow runtime modification of the security policy
       without having to load a new policy.

       For example, the boolean httpd_enable_cgi allows the httpd daemon to run cgi scripts if it
       is  enabled.  If the administrator does not want to allow execution of cgi scripts, he can
       simply disable this boolean value.

       The policy defines a default value for  each  boolean,  typically  false.   These  default
       values can be overridden via local settings created via the setsebool(8) utility, using -P
       to make the setting  persistent  across  reboots.   The  system-config-securitylevel  tool
       provides a graphical interface for altering the settings.  The load_policy(8) program will
       preserve current boolean settings upon a policy reload by default, or can optionally reset
       booleans to the boot-time defaults via the -b option.

       Boolean  values  can  be  listed  by  using the getsebool(8) utility and passing it the -a
       option.

       Boolean values can also be  changed  at  runtime  via  the  setsebool(8)  utility  or  the
       togglesebool(8)  utility.   By  default,  these  utilities only change the current boolean
       value and do not affect  the  persistent  settings,  unless  the  -P  option  is  used  to
       setsebool.

AUTHOR

       This  manual  page  was written by Dan Walsh <dwalsh@redhat.com>.  The SELinux conditional
       policy support was developed by Tresys Technology.

SEE ALSO

       getsebool(8), setsebool(8), selinux(8), togglesebool(8)