Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

booleans(5) [debian man page]

booleans(5)						       SELinux configuration						       booleans(5)

NAME

       booleans - The SELinux booleans configuration files.

DESCRIPTION

       The booleans file, if present contains booleans to support a specific distribution.

       The booleans.local file, if present contains locally generated booleans.

       Both files contain a list of boolean names and their associated values.

       Generally the booleans and/or booleans.local files are not present (they have been deprecated). However if there is an SELinux-aware appli-
       cation that uses the libselinux functions listed below, then these files may be present:

	      security_set_boolean_list(3)
		     Writes a booleans.local file if flag permanent = 1.

	      security_load_booleans(3)
		     Looks for a booleans and/or booleans.local file at selinux_booleans_path(3) unless a specific path is specified as a  parame-
		     ter.

       booleans(8) has details on booleans and setsebool(8) describes how booleans can now be set persistent across reboots.

       selinux_booleans_path(3) will return the active policy path to these files. The default boolean files are:
	      /etc/selinux/{SELINUXTYPE}/booleans
	      /etc/selinux/{SELINUXTYPE}/booleans.local

       Where {SELINUXTYPE} is the entry from the selinux configuration file config (see selinux_config(5)).

FILE FORMAT

       Both boolean files have the same format and contain one or more boolean names and their value.

       The format is:
	      boolean_name value

       Where:
	      boolean_name
		     The name of the boolean.
	      value
		     The default setting for the boolean. This can be one of the following:
			    true | false | 1 | 0

       Note  that  if SETLOCALDEFS is set in the SELinux config file (see selinux_config(5)), then selinux_mkload_policy(3) will check for a bool-
       eans.local file in the selinux_booleans_path and also a local.users file (see local.users(5)) in the selinux_users_path(3).

SEE ALSO

       selinux(8), booleans(8),  setsebool(8),	semanage(8),  selinux_booleans_path(3),  security_set_boolean_list(3),	security_load_booleans(3),
       selinux_mkload_policy(3), selinux_users_path(3), selinux_config(5), local.users(5)

Security Enhanced Linux 					    28-Nov-2011 						       booleans(5)

Check Out this Related Man Page

security_get_boolean_names(3)				     SELinux API Documentation				     security_get_boolean_names(3)

NAME

       security_load_booleans,	security_set_boolean,  security_commit_booleans,  security_get_boolean_names,  security_get_boolean_active,  secu-
       rity_get_boolean_pending - routines for manipulating SELinux boolean values

SYNOPSIS

       #include <selinux/selinux.h>

       int security_load_booleans(char *path);

       int security_get_boolean_names(char ***names, int *len);

       int security_get_boolean_pending(const char *name);

       int security_get_boolean_active(const char *name);

       int security_set_boolean(const char *name, int value);

       int security_set_boolean_list(size_t boolcnt, SELboolean *boollist, int permanent);

       int security_commit_booleans(void);

DESCRIPTION

       The SELinux policy can include conditional rules that are enabled or disabled based on the current values of  a	set  of  policy  booleans.
       These policy booleans allow runtime modification of the security policy without having to load a new policy.

       The SELinux API allows for a transaction based update. So you can set several boolean values and then commit them all at once.

       security_load_booleans()  loads	policy	boolean  settings.  Path may be NULL, in which case the booleans are loaded from the active policy
       boolean configuration file.

       security_get_boolean_names() provides a list of boolean names, currently supported by the loaded policy.

       security_get_boolean_pending() returns the pending value for boolean or -1 on failure.

       security_get_boolean_active() returns the active value for boolean or -1 on failure.

       security_set_boolean() sets the pending value for boolean

       security_set_boolean_list() saves a list of booleans in a single transaction.

       security_commit_booleans() commits all pending values for the booleans.

RETURN VALUE

       Where not otherwise stated, functions described in this manual page return zero on success or -1 on error.

AUTHOR

       This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

       selinux(8), getsebool(8), booleans(8), togglesebool(8)

dwalsh@redhat.com						 15 November 2004				     security_get_boolean_names(3)
Man Page