Provided by: selinux-utils_2.1.0-4.1ubuntu1_amd64 bug


       booleans - Policy booleans enable runtime customization of SELinux policy.


       This manual page describes SELinux policy booleans.

       The SELinux policy can include conditional rules that are enabled or disabled based on the
       current values of  a  set  of  policy  booleans.   These  policy  booleans  allow  runtime
       modification of the security policy without having to load a new policy.

       For example, the boolean httpd_enable_cgi allows the httpd daemon to run cgi scripts if it
       is enabled.  If the administrator does not want to allow execution of cgi scripts, he  can
       simply disable this boolean value.

       The  policy  defines  a  default  value  for each boolean, typically false.  These default
       values can be overridden via local settings created via the setsebool(8) utility, using -P
       to  make  the  setting  persistent  across  reboots.  The system-config-securitylevel tool
       provides a graphical interface for altering the settings.  The load_policy(8) program will
       preserve current boolean settings upon a policy reload by default, or can optionally reset
       booleans to the boot-time defaults via the -b option.

       Boolean values can be listed by using the getsebool(8)  utility  and  passing  it  the  -a

       Boolean  values  can  also  be  changed  at  runtime  via  the setsebool(8) utility or the
       togglesebool utility.  By default, these utilities only change the current  boolean  value
       and do not affect the persistent settings, unless the -P option is used to setsebool.


       This  manual  page  was written by Dan Walsh <>.  The SELinux conditional
       policy support was developed by Tresys Technology.


       getsebool(8), setsebool(8), selinux(8), togglesebool(8)