booleans man page

booleans — The SELinux booleans configuration files

Description

The booleans file, if present contains booleans to support a specific distribution.

The booleans.local file, if present contains locally generated booleans.

Both files contain a list of boolean names and their associated values.

Generally the booleans and/or booleans.local files are not present (they have been deprecated). However if there is an SELinux-aware application that uses the libselinux functions listed below, then these files may be present:

security_set_boolean_list(3)
Writes a booleans.local file if flag permanent = 1.

security_load_booleans(3)
Looks for a booleans and/or booleans.local file at selinux_booleans_path(3) unless a specific path is specified as a parameter.

booleans(8) has details on booleans and setsebool(8) describes how booleans can now be set persistent across reboots.

selinux_booleans_path(3) will return the active policy path to these files. The default boolean files are:

/etc/selinux/{SELINUXTYPE}/booleans
/etc/selinux/{SELINUXTYPE}/booleans.local

Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).

File Format

Both boolean files have the same format and contain one or more boolean names and their value.

The format is:

boolean_name value

Where:

boolean_name
The name of the boolean. value
The default setting for the boolean. This can be one of the following:
true | false | 1 | 0

Note that if SETLOCALDEFS is set in the SELinux config file (see selinux_config(5)), then selinux_mkload_policy(3) will check for a booleans.local file in the selinux_booleans_path(3) and also a local.users file (see local.users(5)) in the selinux_users_path(3).

See Also

selinux(8), booleans(8), setsebool(8), semanage(8), selinux_booleans_path(3), security_set_boolean_list(3), security_load_booleans(3), selinux_mkload_policy(3), selinux_users_path(3), selinux_config(5), local.users(5)

Referenced By

selinux_config(5).

28-Nov-2011 Security Enhanced Linux SELinux configuration