selinux/libselinux/man/man5/booleans.5

81 lines
2.4 KiB
Groff
Raw Normal View History

.TH "booleans" "5" "28-Nov-2011" "Security Enhanced Linux" "SELinux configuration"
.SH "NAME"
booleans \- The SELinux booleans configuration files
.
.SH "DESCRIPTION"
The \fIbooleans\fR file, if present contains booleans to support a specific distribution.
.sp
The \fIbooleans.local\fR file, if present contains locally generated booleans.
.sp
Both files contain a list of boolean names and their associated values.
.sp
Generally the \fIbooleans\fR and/or \fIbooleans.local\fR files are not present (they have been deprecated). However if there is an SELinux-aware application that uses the libselinux functions listed below, then these files may be present:
.sp
.RS
.BR security_set_boolean_list "(3) "
.RS
Writes a \fIbooleans.local\fR file if flag \fIpermanent\fR = \fI1\fR.
.sp
.RE
.RE
.RS
.BR security_load_booleans "(3) "
.RS
Looks for a \fIbooleans\fR and/or \fIbooleans.local\fR file at \fBselinux_booleans_path\fR(3) unless a specific path is specified as a parameter.
.RE
.RE
.sp
\fBbooleans\fR(8) has details on booleans and \fBsetsebool\fR(8) describes how booleans can now be set persistent across reboots.
.sp
\fBselinux_booleans_path\fR(3) will return the active policy path to these files. The default boolean files are:
.RS
.I /etc/selinux/{SELINUXTYPE}/booleans
.br
.I /etc/selinux/{SELINUXTYPE}/booleans.local
.RE
.sp
Where \fI{SELINUXTYPE}\fR is the entry from the selinux configuration file \fIconfig\fR (see \fBselinux_config\fR(5)).
.
.SH "FILE FORMAT"
Both boolean files have the same format and contain one or more boolean names and their value.
.sp
The format is:
.RS
.I boolean_name
.I value
.sp
.RE
Where:
.RS
.I boolean_name
.RS
The name of the boolean.
.RE
.I value
.RS
The default setting for the boolean. This can be one of the following:
.RS
.IR true " | " false " | " 1 " | " 0
.RE
.RE
.RE
.sp
Note that if
.B SETLOCALDEFS
is set in the SELinux
.I config
file (see
.BR selinux_config "(5)), then " selinux_mkload_policy "(3) will check for a "
.I booleans.local
file in the
.BR selinux_booleans_path (3)
and also a
.I local.users
file (see
.BR local.users "(5)) in the " selinux_users_path "(3). "
.
.SH "SEE ALSO"
.ad l
.nh
.BR selinux "(8), " booleans "(8), " setsebool "(8), " semanage "(8), " selinux_booleans_path "(3), " security_set_boolean_list "(3), " security_load_booleans "(3), " selinux_mkload_policy "(3), " selinux_users_path "(3), " selinux_config "(5), " local.users "(5) "