booleans man page

booleans — The SELinux booleans configuration files


The booleans file, if present contains booleans to support a specific distribution.

The booleans.local file, if present contains locally generated booleans.

Both files contain a list of boolean names and their associated values.

Generally the booleans and/or booleans.local files are not present (they have been deprecated). However if there is an SELinux-aware application that uses the libselinux functions listed below, then these files may be present:

Writes a booleans.local file if flag permanent = 1.

Looks for a booleans and/or booleans.local file at selinux_booleans_path(3) unless a specific path is specified as a parameter.

booleans(8) has details on booleans and setsebool(8) describes how booleans can now be set persistent across reboots.

selinux_booleans_path(3) will return the active policy path to these files. The default boolean files are:


Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).

File Format

Both boolean files have the same format and contain one or more boolean names and their value.

The format is:

boolean_name value


The name of the boolean. value
The default setting for the boolean. This can be one of the following:
true | false | 1 | 0

Note that if SETLOCALDEFS is set in the SELinux config file (see selinux_config(5)), then selinux_mkload_policy(3) will check for a booleans.local file in the selinux_booleans_path(3) and also a local.users file (see local.users(5)) in the selinux_users_path(3).

See Also

selinux(8), booleans(8), setsebool(8), semanage(8), selinux_booleans_path(3), security_set_boolean_list(3), security_load_booleans(3), selinux_mkload_policy(3), selinux_users_path(3), selinux_config(5), local.users(5)

Referenced By


Explore man page connections for booleans(5).

Security Enhanced Linux SELinux configuration 28-Nov-2011