|
|
5eb2a8 |
# Authors: Jason Tang <jtang@tresys.com>
|
|
|
5eb2a8 |
#
|
|
|
5eb2a8 |
# Copyright (C) 2004-2005 Tresys Technology, LLC
|
|
|
5eb2a8 |
#
|
|
|
5eb2a8 |
# This library is free software; you can redistribute it and/or
|
|
|
5eb2a8 |
# modify it under the terms of the GNU Lesser General Public
|
|
|
5eb2a8 |
# License as published by the Free Software Foundation; either
|
|
|
5eb2a8 |
# version 2.1 of the License, or (at your option) any later version.
|
|
|
5eb2a8 |
#
|
|
|
5eb2a8 |
# This library is distributed in the hope that it will be useful,
|
|
|
5eb2a8 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
5eb2a8 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
5eb2a8 |
# Lesser General Public License for more details.
|
|
|
5eb2a8 |
#
|
|
|
5eb2a8 |
# You should have received a copy of the GNU Lesser General Public
|
|
|
5eb2a8 |
# License along with this library; if not, write to the Free Software
|
|
|
5eb2a8 |
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
5eb2a8 |
#
|
|
|
5eb2a8 |
# Specify how libsemanage will interact with a SELinux policy manager.
|
|
|
5eb2a8 |
# The four options are:
|
|
|
5eb2a8 |
#
|
|
|
5eb2a8 |
# "source" - libsemanage manipulates a source SELinux policy
|
|
|
5eb2a8 |
# "direct" - libsemanage will write directly to a module store.
|
|
|
5eb2a8 |
# /foo/bar - Write by way of a policy management server, whose
|
|
|
5eb2a8 |
# named socket is at /foo/bar. The path must begin
|
|
|
5eb2a8 |
# with a '/'.
|
|
|
5eb2a8 |
# foo.com:4242 - Establish a TCP connection to a remote policy
|
|
|
5eb2a8 |
# management server at foo.com. If there is a colon
|
|
|
5eb2a8 |
# then the remainder is interpreted as a port number;
|
|
|
5eb2a8 |
# otherwise default to port 4242.
|
|
|
5eb2a8 |
module-store = direct
|
|
|
5eb2a8 |
|
|
|
5eb2a8 |
# When generating the final linked and expanded policy, by default
|
|
|
5eb2a8 |
# semanage will set the policy version to POLICYDB_VERSION_MAX, as
|
|
|
5eb2a8 |
# given in <sepol/policydb.h>. Change this setting if a different
|
|
|
5eb2a8 |
# version is necessary.
|
|
|
5eb2a8 |
#policy-version = 19
|
|
|
5eb2a8 |
|
|
|
5eb2a8 |
# expand-check check neverallow rules when executing all semanage
|
|
|
5eb2a8 |
# commands. There might be a penalty in execution time if this
|
|
|
5eb2a8 |
# option is enabled.
|
|
|
5eb2a8 |
expand-check=0
|
|
|
5eb2a8 |
|
|
|
5eb2a8 |
# usepasswd check tells semanage to scan all pass word records for home directories
|
|
|
ea8539 |
# and setup the labeling correctly. If this is turned off, SELinux will label only /home
|
|
|
ea8539 |
# and home directories of users with SELinux login mappings defined, see
|
|
|
ea8539 |
# semanage login -l for the list of such users.
|
|
|
ea8539 |
# If you want to use a different home directory, you will need to use semanage fcontext command.
|
|
|
5eb2a8 |
# For example, if you had home dirs in /althome directory you would have to execute
|
|
|
5eb2a8 |
# semanage fcontext -a -e /home /althome
|
|
|
5eb2a8 |
usepasswd=False
|
|
|
5eb2a8 |
bzip-small=true
|
|
|
5eb2a8 |
bzip-blocksize=5
|
|
|
ea8539 |
ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var
|
|
|
5eb2a8 |
|
|
|
5eb2a8 |
[sefcontext_compile]
|
|
|
5eb2a8 |
path = /usr/sbin/sefcontext_compile
|
|
|
5eb2a8 |
args = -r $@
|
|
|
5eb2a8 |
[end]
|