56 lines
1.9 KiB
Groff
56 lines
1.9 KiB
Groff
|
.TH "booleans" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
||
|
.SH "NAME"
|
||
|
booleans \- Policy booleans enable runtime customization of SELinux policy.
|
||
|
|
||
|
.SH "DESCRIPTION"
|
||
|
This manual page describes SELinux policy booleans.
|
||
|
.BR
|
||
|
|
||
|
The SELinux policy can include conditional rules that are enabled or
|
||
|
disabled based on the current values of a set of policy booleans.
|
||
|
These policy booleans allow runtime modification of the security
|
||
|
policy without having to load a new policy.
|
||
|
|
||
|
For example, the boolean httpd_enable_cgi allows the httpd daemon to
|
||
|
run cgi scripts if it is enabled. If the administrator does not want
|
||
|
to allow execution of cgi scripts, he can simply disable this boolean
|
||
|
value.
|
||
|
|
||
|
The policy defines a default value for each boolean, typically false.
|
||
|
These default values can be overridden at boot-time based on the
|
||
|
settings in the
|
||
|
.I /etc/selinux/SELINUXTYPE/booleans
|
||
|
file, where
|
||
|
SELINUXTYPE is the type of policy currently being run on the system as
|
||
|
defined in the
|
||
|
.I /etc/selinux/config
|
||
|
file. The
|
||
|
.B system-config-securitylevel
|
||
|
tool provides an interface for altering
|
||
|
the settings in this file. The
|
||
|
.B load_policy(8)
|
||
|
program will preserve
|
||
|
current boolean settings upon a policy reload by default, or can
|
||
|
optionally reset booleans to the boot-time defaults via the -b option.
|
||
|
|
||
|
Boolean values can be listed by using the
|
||
|
.B getsebool(8)
|
||
|
utility and passing it the -a option.
|
||
|
|
||
|
Boolean values can also be changed at runtime via the
|
||
|
.B setsebool(8)
|
||
|
utility or the
|
||
|
.B togglesebool
|
||
|
utility. These utilities only change the
|
||
|
current boolean value and do not affect the boot-time settings.
|
||
|
|
||
|
.SH AUTHOR
|
||
|
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
||
|
The SELinux conditional policy support was developed by Tresys Technology.
|
||
|
|
||
|
.SH "SEE ALSO"
|
||
|
getsebool(8), setsebool(8), selinux(8), togglesebool(8)
|
||
|
|
||
|
.SH FILES
|
||
|
/etc/selinux/SELINUXTYPE/booleans, /etc/selinux/config
|