Blame SOURCES/semanage.conf

5eb2a8
# Authors: Jason Tang <jtang@tresys.com>
5eb2a8
#
5eb2a8
# Copyright (C) 2004-2005 Tresys Technology, LLC
5eb2a8
#
5eb2a8
#  This library is free software; you can redistribute it and/or
5eb2a8
#  modify it under the terms of the GNU Lesser General Public
5eb2a8
#  License as published by the Free Software Foundation; either
5eb2a8
#  version 2.1 of the License, or (at your option) any later version.
5eb2a8
#
5eb2a8
#  This library is distributed in the hope that it will be useful,
5eb2a8
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
5eb2a8
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
5eb2a8
#  Lesser General Public License for more details.
5eb2a8
#
5eb2a8
#  You should have received a copy of the GNU Lesser General Public
5eb2a8
#  License along with this library; if not, write to the Free Software
5eb2a8
#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
5eb2a8
#
5eb2a8
# Specify how libsemanage will interact with a SELinux policy manager.
5eb2a8
# The four options are:
5eb2a8
#
5eb2a8
#  "source"     - libsemanage manipulates a source SELinux policy
5eb2a8
#  "direct"     - libsemanage will write directly to a module store.
5eb2a8
#  /foo/bar     - Write by way of a policy management server, whose
5eb2a8
#                 named socket is at /foo/bar.  The path must begin
5eb2a8
#                 with a '/'.
5eb2a8
#  foo.com:4242 - Establish a TCP connection to a remote policy
5eb2a8
#                 management server at foo.com.  If there is a colon
5eb2a8
#                 then the remainder is interpreted as a port number;
5eb2a8
#                 otherwise default to port 4242.
5eb2a8
module-store = direct
5eb2a8
5eb2a8
# When generating the final linked and expanded policy, by default
5eb2a8
# semanage will set the policy version to POLICYDB_VERSION_MAX, as
5eb2a8
# given in <sepol/policydb.h>.  Change this setting if a different
5eb2a8
# version is necessary.
5eb2a8
#policy-version = 19
5eb2a8
5eb2a8
# expand-check check neverallow rules when executing all semanage
5eb2a8
# commands. There might be a penalty in execution time if this
5eb2a8
# option is enabled.
5eb2a8
expand-check=0
5eb2a8
5eb2a8
# usepasswd check tells semanage to scan all pass word records for home directories
ea8539
# and setup the labeling correctly. If this is turned off, SELinux will label only /home
ea8539
# and home directories of users with SELinux login mappings defined, see
ea8539
# semanage login -l for the list of such users.
ea8539
# If you want to use a different home directory, you will need to use semanage fcontext command.
5eb2a8
# For example, if you had home dirs in /althome directory you would have to execute
5eb2a8
# semanage fcontext -a -e /home /althome
5eb2a8
usepasswd=False
5eb2a8
bzip-small=true
5eb2a8
bzip-blocksize=5
ea8539
ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var
5eb2a8
5eb2a8
[sefcontext_compile]
5eb2a8
path = /usr/sbin/sefcontext_compile
5eb2a8
args = -r $@
5eb2a8
[end]