Originally Posted by hashbangbinbash
Quik dumb question I've not been able to confirm via giyf...
selinux booleans are a way to turn off specific selinux rules right? So that instead of turning off the whole selinux thing, you can turn off or on a specific rule, right?
They are test points that permit/deny things that are already identified. Some sites allow users to have public HTML files in their home directories - other sites don't (usually these would be production web servers). This is controlled via a boolean (httpd_enable_homedirs) which permits apache to access the users home directory.
There are a number of such booleans to control various services (samba, sftpd, ssh, VMs, rsyncd,...). But it isn't a "on/off" for SELinux, it is to control services and users with the goal of protecting the system and users from vulnerabilities that may exist in the services.