selinux-policy/www/api-docs/global_tunables.html

1208 lines
26 KiB
HTML
Raw Normal View History

2005-08-02 17:21:46 +00:00
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_alsa.html'>
alsa</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_amanda.html'>
amanda</a><br/>
2005-10-19 21:12:22 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_anaconda.html'>
anaconda</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_ddcprobe.html'>
ddcprobe</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
2005-10-19 21:12:22 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmidecode.html'>
dmidecode</a><br/>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
2005-10-19 21:12:22 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_kudzu.html'>
kudzu</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logwatch.html'>
logwatch</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_prelink.html'>
prelink</a><br/>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_readahead.html'>
readahead</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usbmodules.html'>
usbmodules</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_vbetool.html'>
vbetool</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_vpn.html'>
vpn</a><br/>
2005-08-02 17:21:46 +00:00
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_cdrecord.html'>
cdrecord</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_gpg.html'>
gpg</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_irc.html'>
irc</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_java.html'>
java</a><br/>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_loadkeys.html'>
loadkeys</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_lockdev.html'>
lockdev</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_screen.html'>
screen</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_slocate.html'>
slocate</a><br/>
2005-10-19 21:12:22 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_webalizer.html'>
webalizer</a><br/>
2005-08-02 17:21:46 +00:00
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_bootloader.html'>
bootloader</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_corecommands.html'>
corecommands</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_corenetwork.html'>
corenetwork</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_devices.html'>
devices</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_domain.html'>
domain</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_files.html'>
files</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_filesystem.html'>
filesystem</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_kernel.html'>
kernel</a><br/>
2005-10-19 21:12:22 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_mls.html'>
mls</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_selinux.html'>
selinux</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_storage.html'>
storage</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_terminal.html'>
terminal</a><br/>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
2005-10-19 21:12:22 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_apache.html'>
apache</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_apm.html'>
apm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_arpwatch.html'>
arpwatch</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_automount.html'>
automount</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_avahi.html'>
avahi</a><br/>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
2005-10-19 21:12:22 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bluetooth.html'>
bluetooth</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_canna.html'>
canna</a><br/>
2005-09-07 14:45:49 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_comsat.html'>
comsat</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cpucontrol.html'>
cpucontrol</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cups.html'>
cups</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cvs.html'>
cvs</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cyrus.html'>
cyrus</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_dbskk.html'>
dbskk</a><br/>
2005-09-07 14:45:49 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_dbus.html'>
dbus</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_dhcp.html'>
dhcp</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_dictd.html'>
dictd</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_distcc.html'>
distcc</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_djbdns.html'>
djbdns</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_dovecot.html'>
dovecot</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_fetchmail.html'>
fetchmail</a><br/>
2005-10-19 21:12:22 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_finger.html'>
finger</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ftp.html'>
ftp</a><br/>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
2005-09-07 14:45:49 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_hal.html'>
hal</a><br/>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_i18n_input.html'>
i18n_input</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
2005-09-07 14:45:49 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inn.html'>
inn</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_irqbalance.html'>
irqbalance</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ktalk.html'>
ktalk</a><br/>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_lpd.html'>
lpd</a><br/>
2005-10-19 21:12:22 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mailman.html'>
mailman</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_networkmanager.html'>
networkmanager</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
2005-09-07 14:45:49 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ntp.html'>
ntp</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_openct.html'>
openct</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_pegasus.html'>
pegasus</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_portmap.html'>
portmap</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_postfix.html'>
postfix</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_postgresql.html'>
postgresql</a><br/>
2005-10-19 21:12:22 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ppp.html'>
ppp</a><br/>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_procmail.html'>
procmail</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_publicfile.html'>
publicfile</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_radius.html'>
radius</a><br/>
2005-10-19 21:12:22 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_radvd.html'>
radvd</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rdisc.html'>
rdisc</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rlogin.html'>
rlogin</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_roundup.html'>
roundup</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rpc.html'>
rpc</a><br/>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_samba.html'>
samba</a><br/>
2005-10-19 21:12:22 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sasl.html'>
sasl</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_slrnpull.html'>
slrnpull</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_smartmon.html'>
smartmon</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_snmp.html'>
snmp</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_spamassassin.html'>
spamassassin</a><br/>
2005-09-07 14:45:49 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_squid.html'>
squid</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_stunnel.html'>
stunnel</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sysstat.html'>
sysstat</a><br/>
2005-08-26 15:28:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_telnet.html'>
telnet</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tftp.html'>
tftp</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_timidity.html'>
timidity</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ucspitcp.html'>
ucspitcp</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_uucp.html'>
uucp</a><br/>
2005-12-07 15:46:38 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_xdm.html'>
xdm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_xfs.html'>
xfs</a><br/>
2005-09-22 18:40:05 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_zebra.html'>
zebra</a><br/>
2005-08-02 17:21:46 +00:00
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_authlogin.html'>
authlogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_clock.html'>
clock</a><br/>
2006-01-17 20:40:13 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_daemontools.html'>
daemontools</a><br/>
2005-08-02 17:21:46 +00:00
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_fstools.html'>
fstools</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_getty.html'>
getty</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hostname.html'>
hostname</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hotplug.html'>
hotplug</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_libraries.html'>
libraries</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_locallogin.html'>
locallogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_logging.html'>
logging</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_lvm.html'>
lvm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_miscfiles.html'>
miscfiles</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_modutils.html'>
modutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_sysnetwork.html'>
sysnetwork</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
udev</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
unconfined</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
userdomain</a><br/>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<h3>Global tunables:</h3>
2006-01-17 20:40:13 +00:00
<div id="interface">
<div id="codeblock">allow_cvs_read_shadow</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow cvs daemon to read shadow</p></p>
</div></div>
2005-08-02 17:21:46 +00:00
<div id="interface">
<div id="codeblock">allow_execmem</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
<div id="codeblock">allow_execmod</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow making a modified private filemapping executable (text relocation).</p></p>
2005-09-22 18:40:05 +00:00
</div></div>
<div id="interface">
<div id="codeblock">allow_execstack</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow making the stack executable via mprotect.Also requires allow_execmem.</p></p>
</div></div>
<div id="interface">
<div id="codeblock">allow_ftpd_anon_write</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow ftp servers to modify public filesused for public file transfer services.</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
<div id="codeblock">allow_gpg_execstack</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow gpg executable stack</p></p>
</div></div>
2005-12-07 15:46:38 +00:00
<div id="interface">
<div id="codeblock">allow_gssd_read_tmp</div>
<div id="description">
<h5>Default value</h5>
<p>true</p>
<h5>Description</h5>
<p><p>
Allow gssd to read temp directory.</p></p>
</div></div>
2005-10-19 21:12:22 +00:00
<div id="interface">
<div id="codeblock">allow_httpd_anon_write</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow Apache to modify public filesused for public file transfer services.</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
2006-01-17 20:40:13 +00:00
<div id="interface">
<div id="codeblock">allow_java_execstack</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow java executable stack</p></p>
</div></div>
2005-08-02 17:21:46 +00:00
<div id="interface">
<div id="codeblock">allow_kerberos</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow system to run with kerberos</p></p>
</div></div>
<div id="interface">
<div id="codeblock">allow_ptrace</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow sysadm to ptrace all processes</p></p>
</div></div>
2005-12-07 15:46:38 +00:00
<div id="interface">
<div id="codeblock">allow_rsync_anon_write</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow rsync to modify public filesused for public file transfer services.</p></p>
</div></div>
2005-10-19 21:12:22 +00:00
<div id="interface">
<div id="codeblock">allow_saslauthd_read_shadow</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow sasl to read shadow</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
2005-12-07 15:46:38 +00:00
<div id="interface">
<div id="codeblock">allow_smbd_anon_write</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow samba to modify public filesused for public file transfer services.</p></p>
</div></div>
2005-09-22 18:40:05 +00:00
<div id="interface">
<div id="codeblock">allow_ssh_keysign</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
allow host key based authentication</p></p>
2005-09-22 18:40:05 +00:00
</div></div>
2005-08-26 15:28:46 +00:00
<div id="interface">
<div id="codeblock">allow_user_mysql_connect</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow users to connect to mysql</p></p>
2005-08-26 15:28:46 +00:00
</div></div>
2005-08-02 17:21:46 +00:00
<div id="interface">
<div id="codeblock">allow_ypbind</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow system to run with NIS</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
2006-01-17 20:40:13 +00:00
<div id="interface">
<div id="codeblock">cdrecord_read_content</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow cdrecord to read various content.nfs, samba, removable devices, user tempand untrusted content files</p></p>
</div></div>
2005-08-02 17:21:46 +00:00
<div id="interface">
<div id="codeblock">cron_can_relabel</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow system cron jobs to relabel filesystemfor restoring file contexts.</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
<div id="codeblock">fcron_crond</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Enable extra rules in the cron domainto support fcron.</p></p>
</div></div>
<div id="interface">
<div id="codeblock">ftp_home_dir</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow ftp to read and write files in the user home directories</p></p>
</div></div>
<div id="interface">
<div id="codeblock">ftpd_is_daemon</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow ftpd to run directly without inetd</p></p>
</div></div>
<div id="interface">
<div id="codeblock">httpd_builtin_scripting</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow httpd to use built in scripting (usually php)</p></p>
</div></div>
<div id="interface">
<div id="codeblock">httpd_can_network_connect</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow http daemon to tcp connect</p></p>
</div></div>
2006-01-17 20:40:13 +00:00
<div id="interface">
<div id="codeblock">httpd_can_network_connect_db</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
allow httpd to connect to mysql/posgresql</p></p>
</div></div>
<div id="interface">
<div id="codeblock">httpd_can_network_relay</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
allow httpd to act as a relay</p></p>
</div></div>
2005-10-19 21:12:22 +00:00
<div id="interface">
<div id="codeblock">httpd_enable_cgi</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow httpd cgi support</p></p>
</div></div>
2005-12-07 15:46:38 +00:00
<div id="interface">
<div id="codeblock">httpd_enable_ftp_server</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow httpd to act as a FTP server bylistening on the ftp port.</p></p>
</div></div>
2005-10-19 21:12:22 +00:00
<div id="interface">
<div id="codeblock">httpd_enable_homedirs</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow httpd to read home directories</p></p>
</div></div>
<div id="interface">
<div id="codeblock">httpd_ssi_exec</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Run SSI execs in system CGI script domain.</p></p>
</div></div>
<div id="interface">
<div id="codeblock">httpd_tty_comm</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow http daemon to communicate with the TTY</p></p>
</div></div>
<div id="interface">
<div id="codeblock">httpd_unified</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Run CGI in the main httpd domain</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
2005-08-26 15:28:46 +00:00
<div id="interface">
<div id="codeblock">named_write_master_zones</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow BIND to write the master zone files.Generally this is used for dynamic DNS.</p></p>
</div></div>
2005-12-07 15:46:38 +00:00
<div id="interface">
<div id="codeblock">nfs_export_all_ro</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow nfs to be exported read only</p></p>
</div></div>
<div id="interface">
<div id="codeblock">nfs_export_all_rw</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow nfs to be exported read/write.</p></p>
</div></div>
2005-10-19 21:12:22 +00:00
<div id="interface">
<div id="codeblock">pppd_can_insmod</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow pppd to load kernel modules for certain modems</p></p>
</div></div>
<div id="interface">
<div id="codeblock">pppd_for_user</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow pppd to be run for a regular user</p></p>
2005-08-26 15:28:46 +00:00
</div></div>
2005-08-02 17:21:46 +00:00
<div id="interface">
<div id="codeblock">read_default_t</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow reading of default_t files.</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
2005-09-22 18:40:05 +00:00
<div id="interface">
<div id="codeblock">read_untrusted_content</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow applications to read untrusted contentIf this is disallowed, Internet content hasto be manually relabeled for read access to be granted</p></p>
2005-09-22 18:40:05 +00:00
</div></div>
2005-08-02 17:21:46 +00:00
<div id="interface">
<div id="codeblock">run_ssh_inetd</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow ssh to run from inetd instead of as a daemon.</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
2005-12-07 15:46:38 +00:00
<div id="interface">
<div id="codeblock">samba_enable_home_dirs</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow samba to export user home directories.</p></p>
</div></div>
<div id="interface">
<div id="codeblock">spamassasin_can_network</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow spamassassin to do DNS lookups</p></p>
</div></div>
<div id="interface">
<div id="codeblock">spamassassin_can_network</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow user spamassassin clients to use the network.</p></p>
</div></div>
2005-08-02 17:21:46 +00:00
<div id="interface">
2005-09-22 18:40:05 +00:00
<div id="codeblock">squid_connect_any</div>
2005-08-02 17:21:46 +00:00
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow squid to connect to all ports, not justHTTP, FTP, and Gopher ports.</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
2005-09-22 18:40:05 +00:00
<div id="codeblock">ssh_sysadm_login</div>
2005-08-02 17:21:46 +00:00
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow ssh logins as sysadm_r:sysadm_t</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
2005-09-22 18:40:05 +00:00
<div id="codeblock">staff_read_sysadm_file</div>
2005-08-02 17:21:46 +00:00
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
2005-12-07 15:46:38 +00:00
<div id="interface">
<div id="codeblock">stunnel_is_daemon</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Configure stunnel to be a standalone daemon orinetd service.</p></p>
</div></div>
2005-08-02 17:21:46 +00:00
<div id="interface">
<div id="codeblock">use_nfs_home_dirs</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Support NFS home directories</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
<div id="codeblock">use_samba_home_dirs</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Support SAMBA home directories</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
<div id="codeblock">user_direct_mouse</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow regular users direct mouse access</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
<div id="codeblock">user_dmesg</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow users to read system messages.</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
<div id="codeblock">user_net_control</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow users to control network interfaces(also needs USERCTL=true)</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
<div id="codeblock">user_ping</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Control users use of ping and traceroute</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
<div id="codeblock">user_rw_noexattrfile</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-12-07 15:46:38 +00:00
Allow user to r/w files on filesystemsthat do not have extended attributes (FAT, CDROM, FLOPPY)</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
<div id="codeblock">user_rw_usb</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow users to rw usb devices</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
<div id="codeblock">user_tcp_server</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow users to run TCP servers (bind to ports and accept connection fromthe same domain and outside users) disabling this forces FTP passive modeand may change other protocols.</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
<div id="interface">
<div id="codeblock">user_ttyfile_stat</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow w to display everyone</p></p>
2005-08-02 17:21:46 +00:00
</div></div>
2005-09-22 18:40:05 +00:00
<div id="interface">
<div id="codeblock">write_untrusted_content</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
2005-10-19 21:12:22 +00:00
Allow applications to write untrusted contentIf this is disallowed, no Internet contentwill be stored.</p></p>
2005-09-22 18:40:05 +00:00
</div></div>
2005-08-02 17:21:46 +00:00
</div>
</body>
</html>