2005-08-02 17:21:46 +00:00
< html >
< head >
< title >
Security Enhanced Linux Reference Policy
< / title >
< style type = "text/css" media = "all" > @ import "style.css" ; < / style >
< / head >
< body >
< div id = "Header" > Security Enhanced Linux Reference Policy< / div >
< div id = 'Menu' >
< a href = "admin.html" > +
admin< / a > < /br/>
< div id = 'subitem' >
2005-08-26 15:28:46 +00:00
- < a href = 'admin_acct.html' >
acct< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'admin_alsa.html' >
alsa< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'admin_amanda.html' >
amanda< / a > < br / >
2005-10-19 21:12:22 +00:00
- < a href = 'admin_anaconda.html' >
anaconda< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'admin_consoletype.html' >
consoletype< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'admin_ddcprobe.html' >
ddcprobe< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'admin_dmesg.html' >
dmesg< / a > < br / >
2005-10-19 21:12:22 +00:00
- < a href = 'admin_dmidecode.html' >
dmidecode< / a > < br / >
2005-08-26 15:28:46 +00:00
- < a href = 'admin_firstboot.html' >
firstboot< / a > < br / >
2005-10-19 21:12:22 +00:00
- < a href = 'admin_kudzu.html' >
kudzu< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'admin_logrotate.html' >
logrotate< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'admin_logwatch.html' >
logwatch< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'admin_netutils.html' >
netutils< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'admin_prelink.html' >
prelink< / a > < br / >
2005-08-26 15:28:46 +00:00
- < a href = 'admin_quota.html' >
quota< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'admin_readahead.html' >
readahead< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'admin_rpm.html' >
rpm< / a > < br / >
2005-08-26 15:28:46 +00:00
- < a href = 'admin_su.html' >
su< / a > < br / >
- < a href = 'admin_sudo.html' >
sudo< / a > < br / >
- < a href = 'admin_tmpreaper.html' >
tmpreaper< / a > < br / >
- < a href = 'admin_updfstab.html' >
updfstab< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'admin_usbmodules.html' >
usbmodules< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'admin_usermanage.html' >
usermanage< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'admin_vbetool.html' >
vbetool< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'admin_vpn.html' >
vpn< / a > < br / >
2005-08-02 17:21:46 +00:00
< / div >
< a href = "apps.html" > +
apps< / a > < /br/>
< div id = 'subitem' >
2006-01-17 20:40:13 +00:00
- < a href = 'apps_cdrecord.html' >
cdrecord< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'apps_gpg.html' >
gpg< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'apps_irc.html' >
irc< / a > < br / >
- < a href = 'apps_java.html' >
java< / a > < br / >
2005-08-26 15:28:46 +00:00
- < a href = 'apps_loadkeys.html' >
loadkeys< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'apps_lockdev.html' >
lockdev< / a > < br / >
- < a href = 'apps_screen.html' >
screen< / a > < br / >
- < a href = 'apps_slocate.html' >
slocate< / a > < br / >
2005-10-19 21:12:22 +00:00
- < a href = 'apps_webalizer.html' >
webalizer< / a > < br / >
2005-08-02 17:21:46 +00:00
< / div >
< a href = "kernel.html" > +
kernel< / a > < /br/>
< div id = 'subitem' >
- < a href = 'kernel_bootloader.html' >
bootloader< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'kernel_corecommands.html' >
corecommands< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'kernel_corenetwork.html' >
corenetwork< / a > < br / >
- < a href = 'kernel_devices.html' >
devices< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'kernel_domain.html' >
domain< / a > < br / >
- < a href = 'kernel_files.html' >
files< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'kernel_filesystem.html' >
filesystem< / a > < br / >
- < a href = 'kernel_kernel.html' >
kernel< / a > < br / >
2005-10-19 21:12:22 +00:00
- < a href = 'kernel_mls.html' >
mls< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'kernel_selinux.html' >
selinux< / a > < br / >
- < a href = 'kernel_storage.html' >
storage< / a > < br / >
- < a href = 'kernel_terminal.html' >
terminal< / a > < br / >
< / div >
< a href = "services.html" > +
services< / a > < /br/>
< div id = 'subitem' >
2005-10-19 21:12:22 +00:00
- < a href = 'services_apache.html' >
apache< / a > < br / >
- < a href = 'services_apm.html' >
apm< / a > < br / >
- < a href = 'services_arpwatch.html' >
arpwatch< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'services_automount.html' >
automount< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_avahi.html' >
avahi< / a > < br / >
2005-08-26 15:28:46 +00:00
- < a href = 'services_bind.html' >
bind< / a > < br / >
2005-10-19 21:12:22 +00:00
- < a href = 'services_bluetooth.html' >
bluetooth< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_canna.html' >
canna< / a > < br / >
2005-09-07 14:45:49 +00:00
- < a href = 'services_comsat.html' >
comsat< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'services_cpucontrol.html' >
cpucontrol< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'services_cron.html' >
cron< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_cups.html' >
cups< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'services_cvs.html' >
cvs< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_cyrus.html' >
cyrus< / a > < br / >
- < a href = 'services_dbskk.html' >
dbskk< / a > < br / >
2005-09-07 14:45:49 +00:00
- < a href = 'services_dbus.html' >
dbus< / a > < br / >
- < a href = 'services_dhcp.html' >
dhcp< / a > < br / >
- < a href = 'services_dictd.html' >
dictd< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_distcc.html' >
distcc< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'services_djbdns.html' >
djbdns< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_dovecot.html' >
dovecot< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'services_fetchmail.html' >
fetchmail< / a > < br / >
2005-10-19 21:12:22 +00:00
- < a href = 'services_finger.html' >
finger< / a > < br / >
- < a href = 'services_ftp.html' >
ftp< / a > < br / >
2005-08-26 15:28:46 +00:00
- < a href = 'services_gpm.html' >
gpm< / a > < br / >
2005-09-07 14:45:49 +00:00
- < a href = 'services_hal.html' >
hal< / a > < br / >
2005-08-26 15:28:46 +00:00
- < a href = 'services_howl.html' >
howl< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_i18n_input.html' >
i18n_input< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'services_inetd.html' >
inetd< / a > < br / >
2005-09-07 14:45:49 +00:00
- < a href = 'services_inn.html' >
inn< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_irqbalance.html' >
irqbalance< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'services_kerberos.html' >
kerberos< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'services_ktalk.html' >
ktalk< / a > < br / >
2005-08-26 15:28:46 +00:00
- < a href = 'services_ldap.html' >
ldap< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_lpd.html' >
lpd< / a > < br / >
2005-10-19 21:12:22 +00:00
- < a href = 'services_mailman.html' >
mailman< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'services_mta.html' >
mta< / a > < br / >
2005-08-26 15:28:46 +00:00
- < a href = 'services_mysql.html' >
mysql< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_networkmanager.html' >
networkmanager< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'services_nis.html' >
nis< / a > < br / >
- < a href = 'services_nscd.html' >
nscd< / a > < br / >
2005-09-07 14:45:49 +00:00
- < a href = 'services_ntp.html' >
ntp< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'services_openct.html' >
openct< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_pegasus.html' >
pegasus< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'services_portmap.html' >
portmap< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_postfix.html' >
postfix< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'services_postgresql.html' >
postgresql< / a > < br / >
2005-10-19 21:12:22 +00:00
- < a href = 'services_ppp.html' >
ppp< / a > < br / >
2005-08-26 15:28:46 +00:00
- < a href = 'services_privoxy.html' >
privoxy< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_procmail.html' >
procmail< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'services_publicfile.html' >
publicfile< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_radius.html' >
radius< / a > < br / >
2005-10-19 21:12:22 +00:00
- < a href = 'services_radvd.html' >
radvd< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_rdisc.html' >
rdisc< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'services_remotelogin.html' >
remotelogin< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'services_rlogin.html' >
rlogin< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'services_roundup.html' >
roundup< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_rpc.html' >
rpc< / a > < br / >
2005-08-26 15:28:46 +00:00
- < a href = 'services_rshd.html' >
rshd< / a > < br / >
- < a href = 'services_rsync.html' >
rsync< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'services_samba.html' >
samba< / a > < br / >
2005-10-19 21:12:22 +00:00
- < a href = 'services_sasl.html' >
sasl< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'services_sendmail.html' >
sendmail< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'services_slrnpull.html' >
slrnpull< / a > < br / >
- < a href = 'services_smartmon.html' >
smartmon< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'services_snmp.html' >
snmp< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_spamassassin.html' >
spamassassin< / a > < br / >
2005-09-07 14:45:49 +00:00
- < a href = 'services_squid.html' >
squid< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'services_ssh.html' >
ssh< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'services_stunnel.html' >
stunnel< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'services_sysstat.html' >
sysstat< / a > < br / >
2005-08-26 15:28:46 +00:00
- < a href = 'services_tcpd.html' >
tcpd< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'services_telnet.html' >
telnet< / a > < br / >
- < a href = 'services_tftp.html' >
tftp< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_timidity.html' >
timidity< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'services_ucspitcp.html' >
ucspitcp< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'services_uucp.html' >
uucp< / a > < br / >
2005-12-07 15:46:38 +00:00
- < a href = 'services_xdm.html' >
xdm< / a > < br / >
- < a href = 'services_xfs.html' >
xfs< / a > < br / >
2005-09-22 18:40:05 +00:00
- < a href = 'services_zebra.html' >
zebra< / a > < br / >
2005-08-02 17:21:46 +00:00
< / div >
< a href = "system.html" > +
system< / a > < /br/>
< div id = 'subitem' >
- < a href = 'system_authlogin.html' >
authlogin< / a > < br / >
- < a href = 'system_clock.html' >
clock< / a > < br / >
2006-01-17 20:40:13 +00:00
- < a href = 'system_daemontools.html' >
daemontools< / a > < br / >
2005-08-02 17:21:46 +00:00
- < a href = 'system_fstools.html' >
fstools< / a > < br / >
- < a href = 'system_getty.html' >
getty< / a > < br / >
- < a href = 'system_hostname.html' >
hostname< / a > < br / >
- < a href = 'system_hotplug.html' >
hotplug< / a > < br / >
- < a href = 'system_init.html' >
init< / a > < br / >
- < a href = 'system_ipsec.html' >
ipsec< / a > < br / >
- < a href = 'system_iptables.html' >
iptables< / a > < br / >
- < a href = 'system_libraries.html' >
libraries< / a > < br / >
- < a href = 'system_locallogin.html' >
locallogin< / a > < br / >
- < a href = 'system_logging.html' >
logging< / a > < br / >
- < a href = 'system_lvm.html' >
lvm< / a > < br / >
- < a href = 'system_miscfiles.html' >
miscfiles< / a > < br / >
- < a href = 'system_modutils.html' >
modutils< / a > < br / >
- < a href = 'system_mount.html' >
mount< / a > < br / >
- < a href = 'system_pcmcia.html' >
pcmcia< / a > < br / >
- < a href = 'system_raid.html' >
raid< / a > < br / >
- < a href = 'system_selinuxutil.html' >
selinuxutil< / a > < br / >
- < a href = 'system_sysnetwork.html' >
sysnetwork< / a > < br / >
- < a href = 'system_udev.html' >
udev< / a > < br / >
- < a href = 'system_unconfined.html' >
unconfined< / a > < br / >
- < a href = 'system_userdomain.html' >
userdomain< / a > < br / >
< / div >
< br / > < p / >
< a href = "global_booleans.html" > * Global Booleans < / a >
< br / > < p / >
< a href = "global_tunables.html" > * Global Tunables < / a >
< p / > < br / > < p / >
< a href = "index.html" > * Layer Index< / a >
< br / > < p / >
< a href = "interfaces.html" > * Interface Index< / a >
< br / > < p / >
< a href = "templates.html" > * Template Index< / a >
< / div >
< div id = "Content" >
< h3 > Global tunables:< / h3 >
2006-01-17 20:40:13 +00:00
< div id = "interface" >
< div id = "codeblock" > allow_cvs_read_shadow< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow cvs daemon to read shadow< / p > < / p >
< / div > < / div >
2005-08-02 17:21:46 +00:00
< div id = "interface" >
< div id = "codeblock" > allow_execmem< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > allow_execmod< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow making a modified private filemapping executable (text relocation).< / p > < / p >
2005-09-22 18:40:05 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > allow_execstack< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow making the stack executable via mprotect.Also requires allow_execmem.< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > allow_ftpd_anon_write< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow ftp servers to modify public filesused for public file transfer services.< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > allow_gpg_execstack< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow gpg executable stack< / p > < / p >
< / div > < / div >
2005-12-07 15:46:38 +00:00
< div id = "interface" >
< div id = "codeblock" > allow_gssd_read_tmp< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > true< / p >
< h5 > Description< / h5 >
< p > < p >
Allow gssd to read temp directory.< / p > < / p >
< / div > < / div >
2005-10-19 21:12:22 +00:00
< div id = "interface" >
< div id = "codeblock" > allow_httpd_anon_write< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow Apache to modify public filesused for public file transfer services.< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
2006-01-17 20:40:13 +00:00
< div id = "interface" >
< div id = "codeblock" > allow_java_execstack< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow java executable stack< / p > < / p >
< / div > < / div >
2005-08-02 17:21:46 +00:00
< div id = "interface" >
< div id = "codeblock" > allow_kerberos< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow system to run with kerberos< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > allow_ptrace< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow sysadm to ptrace all processes< / p > < / p >
< / div > < / div >
2005-12-07 15:46:38 +00:00
< div id = "interface" >
< div id = "codeblock" > allow_rsync_anon_write< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow rsync to modify public filesused for public file transfer services.< / p > < / p >
< / div > < / div >
2005-10-19 21:12:22 +00:00
< div id = "interface" >
< div id = "codeblock" > allow_saslauthd_read_shadow< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow sasl to read shadow< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
2005-12-07 15:46:38 +00:00
< div id = "interface" >
< div id = "codeblock" > allow_smbd_anon_write< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow samba to modify public filesused for public file transfer services.< / p > < / p >
< / div > < / div >
2005-09-22 18:40:05 +00:00
< div id = "interface" >
< div id = "codeblock" > allow_ssh_keysign< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
allow host key based authentication< / p > < / p >
2005-09-22 18:40:05 +00:00
< / div > < / div >
2005-08-26 15:28:46 +00:00
< div id = "interface" >
< div id = "codeblock" > allow_user_mysql_connect< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow users to connect to mysql< / p > < / p >
2005-08-26 15:28:46 +00:00
< / div > < / div >
2005-08-02 17:21:46 +00:00
< div id = "interface" >
< div id = "codeblock" > allow_ypbind< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow system to run with NIS< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
2006-01-17 20:40:13 +00:00
< div id = "interface" >
< div id = "codeblock" > cdrecord_read_content< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow cdrecord to read various content.nfs, samba, removable devices, user tempand untrusted content files< / p > < / p >
< / div > < / div >
2005-08-02 17:21:46 +00:00
< div id = "interface" >
< div id = "codeblock" > cron_can_relabel< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow system cron jobs to relabel filesystemfor restoring file contexts.< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > fcron_crond< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Enable extra rules in the cron domainto support fcron.< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > ftp_home_dir< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow ftp to read and write files in the user home directories< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > ftpd_is_daemon< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow ftpd to run directly without inetd< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > httpd_builtin_scripting< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow httpd to use built in scripting (usually php)< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > httpd_can_network_connect< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow http daemon to tcp connect< / p > < / p >
< / div > < / div >
2006-01-17 20:40:13 +00:00
< div id = "interface" >
< div id = "codeblock" > httpd_can_network_connect_db< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
allow httpd to connect to mysql/posgresql< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > httpd_can_network_relay< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
allow httpd to act as a relay< / p > < / p >
< / div > < / div >
2005-10-19 21:12:22 +00:00
< div id = "interface" >
< div id = "codeblock" > httpd_enable_cgi< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow httpd cgi support< / p > < / p >
< / div > < / div >
2005-12-07 15:46:38 +00:00
< div id = "interface" >
< div id = "codeblock" > httpd_enable_ftp_server< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow httpd to act as a FTP server bylistening on the ftp port.< / p > < / p >
< / div > < / div >
2005-10-19 21:12:22 +00:00
< div id = "interface" >
< div id = "codeblock" > httpd_enable_homedirs< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow httpd to read home directories< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > httpd_ssi_exec< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Run SSI execs in system CGI script domain.< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > httpd_tty_comm< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow http daemon to communicate with the TTY< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > httpd_unified< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Run CGI in the main httpd domain< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
2005-08-26 15:28:46 +00:00
< div id = "interface" >
< div id = "codeblock" > named_write_master_zones< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow BIND to write the master zone files.Generally this is used for dynamic DNS.< / p > < / p >
< / div > < / div >
2005-12-07 15:46:38 +00:00
< div id = "interface" >
< div id = "codeblock" > nfs_export_all_ro< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow nfs to be exported read only< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > nfs_export_all_rw< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow nfs to be exported read/write.< / p > < / p >
< / div > < / div >
2005-10-19 21:12:22 +00:00
< div id = "interface" >
< div id = "codeblock" > pppd_can_insmod< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow pppd to load kernel modules for certain modems< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > pppd_for_user< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow pppd to be run for a regular user< / p > < / p >
2005-08-26 15:28:46 +00:00
< / div > < / div >
2005-08-02 17:21:46 +00:00
< div id = "interface" >
< div id = "codeblock" > read_default_t< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow reading of default_t files.< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
2005-09-22 18:40:05 +00:00
< div id = "interface" >
< div id = "codeblock" > read_untrusted_content< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow applications to read untrusted contentIf this is disallowed, Internet content hasto be manually relabeled for read access to be granted< / p > < / p >
2005-09-22 18:40:05 +00:00
< / div > < / div >
2005-08-02 17:21:46 +00:00
< div id = "interface" >
< div id = "codeblock" > run_ssh_inetd< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow ssh to run from inetd instead of as a daemon.< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
2005-12-07 15:46:38 +00:00
< div id = "interface" >
< div id = "codeblock" > samba_enable_home_dirs< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow samba to export user home directories.< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > spamassasin_can_network< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow spamassassin to do DNS lookups< / p > < / p >
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > spamassassin_can_network< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Allow user spamassassin clients to use the network.< / p > < / p >
< / div > < / div >
2005-08-02 17:21:46 +00:00
< div id = "interface" >
2005-09-22 18:40:05 +00:00
< div id = "codeblock" > squid_connect_any< / div >
2005-08-02 17:21:46 +00:00
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow squid to connect to all ports, not justHTTP, FTP, and Gopher ports.< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
2005-09-22 18:40:05 +00:00
< div id = "codeblock" > ssh_sysadm_login< / div >
2005-08-02 17:21:46 +00:00
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow ssh logins as sysadm_r:sysadm_t< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
2005-09-22 18:40:05 +00:00
< div id = "codeblock" > staff_read_sysadm_file< / div >
2005-08-02 17:21:46 +00:00
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
2005-12-07 15:46:38 +00:00
< div id = "interface" >
< div id = "codeblock" > stunnel_is_daemon< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
Configure stunnel to be a standalone daemon orinetd service.< / p > < / p >
< / div > < / div >
2005-08-02 17:21:46 +00:00
< div id = "interface" >
< div id = "codeblock" > use_nfs_home_dirs< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Support NFS home directories< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > use_samba_home_dirs< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Support SAMBA home directories< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > user_direct_mouse< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow regular users direct mouse access< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > user_dmesg< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow users to read system messages.< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > user_net_control< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow users to control network interfaces(also needs USERCTL=true)< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > user_ping< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Control users use of ping and traceroute< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > user_rw_noexattrfile< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-12-07 15:46:38 +00:00
Allow user to r/w files on filesystemsthat do not have extended attributes (FAT, CDROM, FLOPPY)< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > user_rw_usb< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow users to rw usb devices< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > user_tcp_server< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow users to run TCP servers (bind to ports and accept connection fromthe same domain and outside users) disabling this forces FTP passive modeand may change other protocols.< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
< div id = "interface" >
< div id = "codeblock" > user_ttyfile_stat< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow w to display everyone< / p > < / p >
2005-08-02 17:21:46 +00:00
< / div > < / div >
2005-09-22 18:40:05 +00:00
< div id = "interface" >
< div id = "codeblock" > write_untrusted_content< / div >
< div id = "description" >
< h5 > Default value< / h5 >
< p > false< / p >
< h5 > Description< / h5 >
< p > < p >
2005-10-19 21:12:22 +00:00
Allow applications to write untrusted contentIf this is disallowed, no Internet contentwill be stored.< / p > < / p >
2005-09-22 18:40:05 +00:00
< / div > < / div >
2005-08-02 17:21:46 +00:00
< / div >
< / body >
< / html >