Documentation on domain specific booleans and security contexts

SELinux policy is based on a least privilege model. This means that by default, a user domain and a application domain have as little privileges possible over objects. Additional security contexts and tunable policies provide support for extra privileges that a user domain and application domain may require over objects.

Domain specific booleans and security contexts are documented and can be referenced on a system. For example the HTTPD policy has additional security contexts for objects that the HTTPD application domain may require extra privileges over. SELinux HTTPD policy also has additional tunable policies to provide additional functionality to the HTTPD application domain.

We can query these application domain specific tunable policies and security contexts with man httpd_selinux