This manual page describes SELinux policy booleans. The SELinux
policy can include conditional rules that are enabled or disabled
based on the current values of a set of policy booleans. These
policy booleans allow runtime modification of the security policy
without having to load a new policy.
For example, the boolean httpd_enable_cgi allows the httpd daemon to
run cgi scripts if it is enabled. If the administrator does not want
to allow execution of cgi scripts, he can simply disable this boolean
The policy defines a default value for each boolean, typically false.
These default values can be overridden via local settings created via
the setsebool(8) utility, using -P to make the setting persistent
across reboots. The system-config-securitylevel tool provides a
graphical interface for altering the settings. The load_policy(8)
program will preserve current boolean settings upon a policy reload
by default, or can optionally reset booleans to the boot-time
defaults via the -b option.
Boolean values can be listed by using the getsebool(8) utility and
passing it the -a option.
Boolean values can also be changed at runtime via the setsebool(8)
utility or the togglesebool(8) utility. By default, these utilities
only change the current boolean value and do not affect the
persistent settings, unless the -P option is used to setsebool.
This page is part of the selinux (Security-Enhanced Linux user-space
libraries and tools) project. Information about the project can be
found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you
have a bug report for this manual page, see
page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2017-03-13. If you
discover any rendering problems in this HTML version of the page, or
you believe there is a better or more up-to-date source for the page,
or you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
email@example.com 11 Aug 2004 booleans(8)