81 lines
2.4 KiB
Groff
81 lines
2.4 KiB
Groff
.TH "booleans" "5" "28-Nov-2011" "Security Enhanced Linux" "SELinux configuration"
|
|
.SH "NAME"
|
|
booleans \- The SELinux booleans configuration files
|
|
.
|
|
.SH "DESCRIPTION"
|
|
The \fIbooleans\fR file, if present contains booleans to support a specific distribution.
|
|
.sp
|
|
The \fIbooleans.local\fR file, if present contains locally generated booleans.
|
|
.sp
|
|
Both files contain a list of boolean names and their associated values.
|
|
.sp
|
|
Generally the \fIbooleans\fR and/or \fIbooleans.local\fR files are not present (they have been deprecated). However if there is an SELinux-aware application that uses the libselinux functions listed below, then these files may be present:
|
|
.sp
|
|
.RS
|
|
.BR security_set_boolean_list "(3) "
|
|
.RS
|
|
Writes a \fIbooleans.local\fR file if flag \fIpermanent\fR = \fI1\fR.
|
|
.sp
|
|
.RE
|
|
.RE
|
|
.RS
|
|
.BR security_load_booleans "(3) "
|
|
.RS
|
|
Looks for a \fIbooleans\fR and/or \fIbooleans.local\fR file at \fBselinux_booleans_path\fR(3) unless a specific path is specified as a parameter.
|
|
.RE
|
|
.RE
|
|
.sp
|
|
\fBbooleans\fR(8) has details on booleans and \fBsetsebool\fR(8) describes how booleans can now be set persistent across reboots.
|
|
.sp
|
|
\fBselinux_booleans_path\fR(3) will return the active policy path to these files. The default boolean files are:
|
|
.RS
|
|
.I /etc/selinux/{SELINUXTYPE}/booleans
|
|
.br
|
|
.I /etc/selinux/{SELINUXTYPE}/booleans.local
|
|
.RE
|
|
.sp
|
|
Where \fI{SELINUXTYPE}\fR is the entry from the selinux configuration file \fIconfig\fR (see \fBselinux_config\fR(5)).
|
|
.
|
|
.SH "FILE FORMAT"
|
|
Both boolean files have the same format and contain one or more boolean names and their value.
|
|
.sp
|
|
The format is:
|
|
.RS
|
|
.I boolean_name
|
|
.I value
|
|
.sp
|
|
.RE
|
|
Where:
|
|
.RS
|
|
.I boolean_name
|
|
.RS
|
|
The name of the boolean.
|
|
.RE
|
|
.I value
|
|
.RS
|
|
The default setting for the boolean. This can be one of the following:
|
|
.RS
|
|
.IR true " | " false " | " 1 " | " 0
|
|
.RE
|
|
.RE
|
|
.RE
|
|
.sp
|
|
Note that if
|
|
.B SETLOCALDEFS
|
|
is set in the SELinux
|
|
.I config
|
|
file (see
|
|
.BR selinux_config "(5)), then " selinux_mkload_policy "(3) will check for a "
|
|
.I booleans.local
|
|
file in the
|
|
.BR selinux_booleans_path (3)
|
|
and also a
|
|
.I local.users
|
|
file (see
|
|
.BR local.users "(5)) in the " selinux_users_path "(3). "
|
|
.
|
|
.SH "SEE ALSO"
|
|
.ad l
|
|
.nh
|
|
.BR selinux "(8), " booleans "(8), " setsebool "(8), " semanage "(8), " selinux_booleans_path "(3), " security_set_boolean_list "(3), " security_load_booleans "(3), " selinux_mkload_policy "(3), " selinux_users_path "(3), " selinux_config "(5), " local.users "(5) "
|