I know that SElinux booleans can be set via setsebool like this:
setsebool -P virt_qemu_ga_read_nonsecurity_files 1
But I want to set this boolean virt_qemu_ga_read_nonsecurity_files using custom SELinux policy.
Is it even possible? How can I do this?
A SELinux boolean is a switch to dynamically enable/disable a set of policies at runtime. If you want to enable the policies that this boolean enables without setting the boolean, you can implement the policies behind the boolean as a custom SELinux module and add it to your local policies.
Example:
test.te:policy_module(test, 1.0)
gen_require(`
type virt_qemu_ga_t ;
')
files_read_non_security_files(virt_qemu_ga_t)
yum -y install policycoreutils-develmake -f /usr/share/selinux/devel/Makefile test.ppsemodule -i test.pp