164 lines
5.5 KiB
Diff
164 lines
5.5 KiB
Diff
|
--- libselinux-1.15.3/man/man8/selinux.8.rhat 2004-08-12 13:50:51.176363962 -0400
|
||
|
+++ libselinux-1.15.3/man/man8/selinux.8 2004-08-12 13:51:30.845891464 -0400
|
||
|
@@ -0,0 +1,86 @@
|
||
|
+.TH "selinux" "1" "11 Aug 2004" "dwalsh@redhat.com" "SELinux
|
||
|
+Command Line documentation"
|
||
|
+
|
||
|
+SELinux is an implementation of Mandatory Access Control on the
|
||
|
+Linux Operating System.
|
||
|
+.br
|
||
|
+
|
||
|
+This manual page describes SELinux.
|
||
|
+.br
|
||
|
+
|
||
|
+Security-enhanced Linux is a patch of the Linux kernel and a num-
|
||
|
+ber of utilities with enhanced security functionality designed to
|
||
|
+add mandatory access controls to Linux. The Security-enhanced
|
||
|
+Linux kernel contains new architectural components originally de-
|
||
|
+veloped to improve the security of the Flask operating system.
|
||
|
+These architectural components provide general support for the
|
||
|
+enforcement of many kinds of mandatory access control policies,
|
||
|
+including those based on the concepts of Type Enforcement®, Role-
|
||
|
+based Access Control, and Multi-level Security.
|
||
|
+.br
|
||
|
+
|
||
|
+SELinux can be disabled by setting the enfironment SELINUX variable to disabled in the the /etc/selinux/config file.
|
||
|
+SELinux can also be run in either enforcing or permissive mode. Permissive means that
|
||
|
+log file will receive an access denied messages but still allow the access to happen. Permissive and Enforcing mode do not necessarily report the same messages to the log file. You can enable SELinux but setting the SELINUX variable in the /etc/selinux/config file to either Enforcing or Permissive.
|
||
|
+.br
|
||
|
+
|
||
|
+SELinux was designed to allow Flexible Mandatory Access Control, so multiple policies could be run on a system (Only one at a time). Two types of SELinux policy are Targeted and Strict. Targeted policy is designed as a policy where everything is allowed and certain applications (daemons) transition to locked down domains. For example the user would run in a totaly unconfined domain while the named daemon will run in very limited domain. Strict policy is designed where everything is denied by default. In order to run strict policy you should have a very controlled environment. It is envisioned in the future other policies will be created (MLS for example). You can define which policy you will run by setting the SELINUXTYPE environment variable within /etc/selinux/config. Policyfiles must be installed in the /etc/selinux/POLICYTYPE/ directories.
|
||
|
+.br
|
||
|
+
|
||
|
+You can also further manipulate the way SELinux enforced policy via booleans and tunables.
|
||
|
+.pr
|
||
|
+
|
||
|
+system-config-securitylevel is a GUI which allows you to manipulate the SELinux runs.
|
||
|
+.SH AUTHOR
|
||
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
||
|
+
|
||
|
+.SH "SEE ALSO"
|
||
|
+.BR setsebool"(8)", selinuxenabled"(8)", booleans"(8)"
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
+
|
||
|
--- libselinux-1.15.3/man/man8/setsebool.8.rhat 2004-08-12 13:50:40.606555643 -0400
|
||
|
+++ libselinux-1.15.3/man/man8/setsebool.8 2004-08-12 13:06:47.466426159 -0400
|
||
|
@@ -0,0 +1,24 @@
|
||
|
+.TH "setsebool" "1" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
||
|
+.SH "NAME"
|
||
|
+setsebool \- set SELinux boolean value
|
||
|
+
|
||
|
+.SH "SYNOPSIS"
|
||
|
+.B setsebool
|
||
|
+.I "boolean value"
|
||
|
+
|
||
|
+.SH "DESCRIPTION"
|
||
|
+This manual page describes the
|
||
|
+.BR setsebool
|
||
|
+command.
|
||
|
+.B setsebool
|
||
|
+sets the state of a particular SELinux boolean.
|
||
|
+.SH OPTIONS
|
||
|
+.TP
|
||
|
+
|
||
|
+.SH AUTHOR
|
||
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
||
|
+The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
|
||
|
+
|
||
|
+
|
||
|
+.SH "SEE ALSO"
|
||
|
+.BR getsebool"(8)", booleans"(8)"
|
||
|
--- libselinux-1.15.3/man/man8/booleans.8.rhat 2004-08-12 13:50:46.735864601 -0400
|
||
|
+++ libselinux-1.15.3/man/man8/booleans.8 2004-08-12 13:27:17.207780310 -0400
|
||
|
@@ -0,0 +1,15 @@
|
||
|
+.TH "booleans" "1" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
||
|
+.SH "NAME"
|
||
|
+booleans \- Booleans are a switches that allow you to configure SELinux policy.
|
||
|
+
|
||
|
+.SH "DESCRIPTION"
|
||
|
+This manual page describes SELinux booleans.
|
||
|
+.BR
|
||
|
+
|
||
|
+Policy is written with a several if/than/else clauses around boolean values. These booleans allow an administrator to manipulate the way policy works. For example the boolean httpd_enable_cgi allows the httpd daemon to run cgi scripts if it is enabled.
|
||
|
+If the admin does not want to allow cgi scripts, he can turn this boolean value off. Booleans values are stored in the /etc/selinux/POLICYTYPE/booleans file, where POLICYTYPE if the type of policy currently being run on the system as defined in the /etc/selinux/config file. system-config-securitylevel is a gui that allows you to manipulates booleans.
|
||
|
+.SH AUTHOR
|
||
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
||
|
+
|
||
|
+.SH "SEE ALSO"
|
||
|
+.BR getsebool"(8)", setsebool"(8)", selinux"(8)"
|
||
|
--- libselinux-1.15.3/man/man8/getsebool.8.rhat 2004-08-12 13:50:37.999849534 -0400
|
||
|
+++ libselinux-1.15.3/man/man8/getsebool.8 2004-08-12 13:04:52.878345268 -0400
|
||
|
@@ -0,0 +1,26 @@
|
||
|
+.TH "getsebool" "1" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
||
|
+.SH "NAME"
|
||
|
+getsebool \- get SELinux boolean value(s)
|
||
|
+
|
||
|
+.SH "SYNOPSIS"
|
||
|
+.B getsebool
|
||
|
+.I "[-a] [boolean]"
|
||
|
+
|
||
|
+.SH "DESCRIPTION"
|
||
|
+This manual page describes the
|
||
|
+.BR getsebool
|
||
|
+command.
|
||
|
+.B getsebool
|
||
|
+reports the current state of either a particular SELinux boolean or all SELinux booleans.
|
||
|
+.SH OPTIONS
|
||
|
+.TP
|
||
|
+.B \-a
|
||
|
+Show all SELinux booleans.
|
||
|
+
|
||
|
+.SH AUTHOR
|
||
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
||
|
+The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
|
||
|
+
|
||
|
+
|
||
|
+.SH "SEE ALSO"
|
||
|
+.BR setsebool"(8)", selinuxenabled"(8)"
|