логические значения политики позволяют настраивать политику SELinux во время выполнения (Policy booleans enable runtime customization of SELinux policy)
Имя (Name)
booleans - Policy booleans enable runtime customization of
SELinux policy
Описание (Description)
This manual page describes SELinux policy booleans. The SELinux
policy can include conditional rules that are enabled or disabled
based on the current values of a set of policy booleans. These
policy booleans allow runtime modification of the security policy
without having to load a new policy.
For example, the boolean httpd_enable_cgi allows the httpd daemon
to run cgi scripts if it is enabled. If the administrator does
not want to allow execution of cgi scripts, he can simply disable
this boolean value.
The policy defines a default value for each boolean, typically
false. These default values can be overridden via local settings
created via the setsebool(8) utility, using -P to make the
setting persistent across reboots. The
system-config-securitylevel tool provides a graphical interface
for altering the settings. The load_policy(8) program will
preserve current boolean settings upon a policy reload by
default, or can optionally reset booleans to the boot-time
defaults via the -b option.
Boolean values can be listed by using the getsebool(8) utility
and passing it the -a option.
Boolean values can also be changed at runtime via the
setsebool(8) utility or the togglesebool(8) utility. By default,
these utilities only change the current boolean value and do not
affect the persistent settings, unless the -P option is used to
setsebool.
