614 lines
13 KiB
HTML
614 lines
13 KiB
HTML
<html>
|
|
<head>
|
|
<title>
|
|
Security Enhanced Linux Reference Policy
|
|
</title>
|
|
<style type="text/css" media="all">@import "style.css";</style>
|
|
</head>
|
|
<body>
|
|
<div id="Header">Security Enhanced Linux Reference Policy</div>
|
|
<div id='Menu'>
|
|
|
|
<a href="admin.html">+
|
|
admin</a></br/>
|
|
<div id='subitem'>
|
|
|
|
- <a href='admin_consoletype.html'>
|
|
consoletype</a><br/>
|
|
|
|
- <a href='admin_dmesg.html'>
|
|
dmesg</a><br/>
|
|
|
|
- <a href='admin_logrotate.html'>
|
|
logrotate</a><br/>
|
|
|
|
- <a href='admin_netutils.html'>
|
|
netutils</a><br/>
|
|
|
|
- <a href='admin_rpm.html'>
|
|
rpm</a><br/>
|
|
|
|
- <a href='admin_usermanage.html'>
|
|
usermanage</a><br/>
|
|
|
|
</div>
|
|
|
|
<a href="apps.html">+
|
|
apps</a></br/>
|
|
<div id='subitem'>
|
|
|
|
- <a href='apps_gpg.html'>
|
|
gpg</a><br/>
|
|
|
|
</div>
|
|
|
|
<a href="kernel.html">+
|
|
kernel</a></br/>
|
|
<div id='subitem'>
|
|
|
|
- <a href='kernel_bootloader.html'>
|
|
bootloader</a><br/>
|
|
|
|
- <a href='kernel_corenetwork.html'>
|
|
corenetwork</a><br/>
|
|
|
|
- <a href='kernel_devices.html'>
|
|
devices</a><br/>
|
|
|
|
- <a href='kernel_filesystem.html'>
|
|
filesystem</a><br/>
|
|
|
|
- <a href='kernel_kernel.html'>
|
|
kernel</a><br/>
|
|
|
|
- <a href='kernel_selinux.html'>
|
|
selinux</a><br/>
|
|
|
|
- <a href='kernel_storage.html'>
|
|
storage</a><br/>
|
|
|
|
- <a href='kernel_terminal.html'>
|
|
terminal</a><br/>
|
|
|
|
</div>
|
|
|
|
<a href="services.html">+
|
|
services</a></br/>
|
|
<div id='subitem'>
|
|
|
|
- <a href='services_cron.html'>
|
|
cron</a><br/>
|
|
|
|
- <a href='services_inetd.html'>
|
|
inetd</a><br/>
|
|
|
|
- <a href='services_kerberos.html'>
|
|
kerberos</a><br/>
|
|
|
|
- <a href='services_mta.html'>
|
|
mta</a><br/>
|
|
|
|
- <a href='services_nis.html'>
|
|
nis</a><br/>
|
|
|
|
- <a href='services_nscd.html'>
|
|
nscd</a><br/>
|
|
|
|
- <a href='services_remotelogin.html'>
|
|
remotelogin</a><br/>
|
|
|
|
- <a href='services_sendmail.html'>
|
|
sendmail</a><br/>
|
|
|
|
- <a href='services_ssh.html'>
|
|
ssh</a><br/>
|
|
|
|
</div>
|
|
|
|
<a href="system.html">+
|
|
system</a></br/>
|
|
<div id='subitem'>
|
|
|
|
- <a href='system_authlogin.html'>
|
|
authlogin</a><br/>
|
|
|
|
- <a href='system_clock.html'>
|
|
clock</a><br/>
|
|
|
|
- <a href='system_corecommands.html'>
|
|
corecommands</a><br/>
|
|
|
|
- <a href='system_domain.html'>
|
|
domain</a><br/>
|
|
|
|
- <a href='system_files.html'>
|
|
files</a><br/>
|
|
|
|
- <a href='system_fstools.html'>
|
|
fstools</a><br/>
|
|
|
|
- <a href='system_getty.html'>
|
|
getty</a><br/>
|
|
|
|
- <a href='system_hostname.html'>
|
|
hostname</a><br/>
|
|
|
|
- <a href='system_hotplug.html'>
|
|
hotplug</a><br/>
|
|
|
|
- <a href='system_init.html'>
|
|
init</a><br/>
|
|
|
|
- <a href='system_ipsec.html'>
|
|
ipsec</a><br/>
|
|
|
|
- <a href='system_iptables.html'>
|
|
iptables</a><br/>
|
|
|
|
- <a href='system_libraries.html'>
|
|
libraries</a><br/>
|
|
|
|
- <a href='system_locallogin.html'>
|
|
locallogin</a><br/>
|
|
|
|
- <a href='system_logging.html'>
|
|
logging</a><br/>
|
|
|
|
- <a href='system_lvm.html'>
|
|
lvm</a><br/>
|
|
|
|
- <a href='system_miscfiles.html'>
|
|
miscfiles</a><br/>
|
|
|
|
- <a href='system_modutils.html'>
|
|
modutils</a><br/>
|
|
|
|
- <a href='system_mount.html'>
|
|
mount</a><br/>
|
|
|
|
- <a href='system_pcmcia.html'>
|
|
pcmcia</a><br/>
|
|
|
|
- <a href='system_raid.html'>
|
|
raid</a><br/>
|
|
|
|
- <a href='system_selinuxutil.html'>
|
|
selinuxutil</a><br/>
|
|
|
|
- <a href='system_sysnetwork.html'>
|
|
sysnetwork</a><br/>
|
|
|
|
- <a href='system_udev.html'>
|
|
udev</a><br/>
|
|
|
|
- <a href='system_unconfined.html'>
|
|
unconfined</a><br/>
|
|
|
|
- <a href='system_userdomain.html'>
|
|
userdomain</a><br/>
|
|
|
|
</div>
|
|
|
|
<br/><p/>
|
|
<a href="global_booleans.html">* Global Booleans </a>
|
|
<br/><p/>
|
|
<a href="global_tunables.html">* Global Tunables </a>
|
|
<p/><br/><p/>
|
|
<a href="index.html">* Layer Index</a>
|
|
<br/><p/>
|
|
<a href="interfaces.html">* Interface Index</a>
|
|
<br/><p/>
|
|
<a href="templates.html">* Template Index</a>
|
|
</div>
|
|
|
|
<div id="Content">
|
|
|
|
<h1>Layer: admin</h1><p/>
|
|
|
|
<p><p>
|
|
Policy modules for administrative functions, such as package management.
|
|
</p></p><br/>
|
|
|
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="75%">
|
|
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
|
|
|
|
|
|
<tr><td>
|
|
<a href='admin_consoletype.html'>
|
|
consoletype</a></td>
|
|
<td><p>
|
|
Determine of the console connected to the controlling terminal.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_dmesg.html'>
|
|
dmesg</a></td>
|
|
<td><p>Policy for dmesg.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_logrotate.html'>
|
|
logrotate</a></td>
|
|
<td><p>Rotate and archive system logs</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_netutils.html'>
|
|
netutils</a></td>
|
|
<td><p>Network analysis utilities</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_rpm.html'>
|
|
rpm</a></td>
|
|
<td><p>Policy for the RPM package manager.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_usermanage.html'>
|
|
usermanage</a></td>
|
|
<td><p>Policy for managing user accounts.</p></td>
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
</table>
|
|
<p/><br/><br/>
|
|
|
|
<h1>Layer: kernel</h1><p/>
|
|
|
|
<p><p>
|
|
Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
|
|
</p></p><br/>
|
|
|
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="75%">
|
|
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
<tr><td>
|
|
<a href='kernel_bootloader.html'>
|
|
bootloader</a></td>
|
|
<td><p>Policy for the kernel modules, kernel image, and bootloader.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_corenetwork.html'>
|
|
corenetwork</a></td>
|
|
<td><p>Policy controlling access to network objects</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_devices.html'>
|
|
devices</a></td>
|
|
<td><p>
|
|
Device nodes and interfaces for many basic system devices.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_filesystem.html'>
|
|
filesystem</a></td>
|
|
<td><p>Policy for filesystems.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_kernel.html'>
|
|
kernel</a></td>
|
|
<td><p>
|
|
Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_selinux.html'>
|
|
selinux</a></td>
|
|
<td><p>
|
|
Policy for kernel security interface, in particular, selinuxfs.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_storage.html'>
|
|
storage</a></td>
|
|
<td><p>Policy controlling access to storage devices</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_terminal.html'>
|
|
terminal</a></td>
|
|
<td><p>Policy for terminals.</p></td>
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
</table>
|
|
<p/><br/><br/>
|
|
|
|
<h1>Layer: apps</h1><p/>
|
|
|
|
<p><p>Policy modules for applications</p></p><br/>
|
|
|
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="75%">
|
|
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
<tr><td>
|
|
<a href='apps_gpg.html'>
|
|
gpg</a></td>
|
|
<td><p>Policy for GNU Privacy Guard and related programs.</p></td>
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
</table>
|
|
<p/><br/><br/>
|
|
|
|
<h1>Layer: system</h1><p/>
|
|
|
|
<p><p>
|
|
Policy modules for system functions from init to multi-user login.
|
|
</p></p><br/>
|
|
|
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="75%">
|
|
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
<tr><td>
|
|
<a href='system_authlogin.html'>
|
|
authlogin</a></td>
|
|
<td><p>Common policy for authentication and user login.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_clock.html'>
|
|
clock</a></td>
|
|
<td><p>Policy for reading and setting the hardware clock.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_corecommands.html'>
|
|
corecommands</a></td>
|
|
<td><p>
|
|
Core policy for shells, and generic programs
|
|
in /bin, /sbin, /usr/bin, and /usr/sbin.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_domain.html'>
|
|
domain</a></td>
|
|
<td><p>Core policy for domains.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_files.html'>
|
|
files</a></td>
|
|
<td><p>
|
|
Basic filesystem types and interfaces.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_fstools.html'>
|
|
fstools</a></td>
|
|
<td><p>Tools for filesystem management, such as mkfs and fsck.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_getty.html'>
|
|
getty</a></td>
|
|
<td><p>Policy for getty.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_hostname.html'>
|
|
hostname</a></td>
|
|
<td><p>Policy for changing the system host name.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_hotplug.html'>
|
|
hotplug</a></td>
|
|
<td><p>
|
|
Policy for hotplug system, for supporting the
|
|
connection and disconnection of devices at runtime.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_init.html'>
|
|
init</a></td>
|
|
<td><p>System initialization programs (init and init scripts).</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_ipsec.html'>
|
|
ipsec</a></td>
|
|
<td><p>TCP/IP encryption</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_iptables.html'>
|
|
iptables</a></td>
|
|
<td><p>Policy for iptables.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_libraries.html'>
|
|
libraries</a></td>
|
|
<td><p>Policy for system libraries.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_locallogin.html'>
|
|
locallogin</a></td>
|
|
<td><p>Policy for local logins.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_logging.html'>
|
|
logging</a></td>
|
|
<td><p>Policy for the kernel message logger and system logging daemon.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_lvm.html'>
|
|
lvm</a></td>
|
|
<td><p>Policy for logical volume management programs.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_miscfiles.html'>
|
|
miscfiles</a></td>
|
|
<td><p>Miscelaneous files.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_modutils.html'>
|
|
modutils</a></td>
|
|
<td><p>Policy for kernel module utilities</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_mount.html'>
|
|
mount</a></td>
|
|
<td><p>Policy for mount.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_pcmcia.html'>
|
|
pcmcia</a></td>
|
|
<td><p>PCMCIA card management services</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_raid.html'>
|
|
raid</a></td>
|
|
<td><p>RAID array management tools</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_selinuxutil.html'>
|
|
selinuxutil</a></td>
|
|
<td><p>Policy for SELinux policy and userland applications.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_sysnetwork.html'>
|
|
sysnetwork</a></td>
|
|
<td><p>Policy for network configuration: ifconfig and dhcp client.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_udev.html'>
|
|
udev</a></td>
|
|
<td><p>Policy for udev.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_unconfined.html'>
|
|
unconfined</a></td>
|
|
<td><p>The unconfined domain.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_userdomain.html'>
|
|
userdomain</a></td>
|
|
<td><p>Policy for user domains</p></td>
|
|
|
|
</td></tr>
|
|
|
|
</table>
|
|
<p/><br/><br/>
|
|
|
|
<h1>Layer: services</h1><p/>
|
|
|
|
<p><p>
|
|
Policy modules for system services, like cron, and network services,
|
|
like sshd.
|
|
</p></p><br/>
|
|
|
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="75%">
|
|
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
<tr><td>
|
|
<a href='services_cron.html'>
|
|
cron</a></td>
|
|
<td><p>Periodic execution of scheduled commands.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_inetd.html'>
|
|
inetd</a></td>
|
|
<td><p>Internet services daemon.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_kerberos.html'>
|
|
kerberos</a></td>
|
|
<td><p>MIT Kerberos admin and KDC</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_mta.html'>
|
|
mta</a></td>
|
|
<td><p>Policy common to all email tranfer agents.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_nis.html'>
|
|
nis</a></td>
|
|
<td><p>Policy for NIS (YP) servers and clients</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_nscd.html'>
|
|
nscd</a></td>
|
|
<td><p>Name service cache daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_remotelogin.html'>
|
|
remotelogin</a></td>
|
|
<td><p>Policy for rshd, rlogind, and telnetd.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_sendmail.html'>
|
|
sendmail</a></td>
|
|
<td><p>Policy for sendmail.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_ssh.html'>
|
|
ssh</a></td>
|
|
<td><p>Secure shell client and server policy.</p></td>
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
</table>
|
|
<p/><br/><br/>
|
|
|
|
</div>
|
|
</body>
|
|
</html>
|