I guess you'd have to set the boolean in policy before the policy is compiled and installed to the image because the boolean in your case is actually a built-time tunable.
In OpenWrt the SELinux policy is also "immutable at runtime" due to device constraints. There you would basically do the same and fork the policy, edit the default conditional value, compile and install [1]. There is even an example in the Makefile for this:
https://github.com/DefenSec/selinux-...X/Makefile#L37
However, that SELinux policy is not "refpolicy" based and so even though the main concept applies, the implementation would be different for you.
Alternatively you can, even if you choose not to install `setsebool` change the boolean value in memory only by using the SELinux apifs directly:
```
root@myguest1:~# cat /sys/fs/selinux/booleans/systemdnspawn_bind_user
0 0root@myguest1:~#
root@myguest1:~# echo 1 > /sys/fs/selinux/booleans/systemdnspawn_bind_user
root@myguest1:~#
root@myguest1:~# cat /sys/fs/selinux/booleans/systemdnspawn_bind_user
0 1root@myguest1:~#
root@myguest1:~# echo 1 > /sys/fs/selinux/commit_pending_bools
root@myguest1:~# cat /sys/fs/selinux/booleans/systemdnspawn_bind_user
1 1root@myguest1:~#
```
Note the 0 0, 0 1 and 1 1 values where the first value is the actual value and the second value is the pending value.
[1]
https://github.com/doverride/openwrt...ster/README.md