Chris PeBenito 8b1125
<html>
Chris PeBenito 8b1125
<head>
Chris PeBenito 8b1125
<title>
Chris PeBenito 8b1125
 Security Enhanced Linux Reference Policy
Chris PeBenito 8b1125
 </title>
Chris PeBenito 8b1125
<style type="text/css" media="all">@import "style.css";</style>
Chris PeBenito 8b1125
</head>
Chris PeBenito 8b1125
<body>
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
	
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
		admin
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			acct
Chris PeBenito c2ecf0
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			anaconda
Chris PeBenito 862a1e
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			consoletype
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			dmesg
Chris PeBenito 8b1125
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			dmidecode
Chris PeBenito 862a1e
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			firstboot
Chris PeBenito c2ecf0
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			kudzu
Chris PeBenito 862a1e
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			logrotate
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			netutils
Chris PeBenito 8b1125
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			quota
Chris PeBenito c2ecf0
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			rpm
Chris PeBenito 8b1125
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			su
Chris PeBenito c2ecf0
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			sudo
Chris PeBenito c2ecf0
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			tmpreaper
Chris PeBenito c2ecf0
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			updfstab
Chris PeBenito c2ecf0
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			usermanage
Chris PeBenito 8b1125
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			vpn
Chris PeBenito 44a4c2
		
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
	
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
		apps
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			gpg
Chris PeBenito 8b1125
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			loadkeys
Chris PeBenito c2ecf0
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			webalizer
Chris PeBenito 862a1e
		
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
	
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
		kernel
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			bootloader
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			corenetwork
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			devices
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			filesystem
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			kernel
Chris PeBenito 8b1125
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			mls
Chris PeBenito 862a1e
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			selinux
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			storage
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			terminal
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
	
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
		services
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			apache
Chris PeBenito 862a1e
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			apm
Chris PeBenito 862a1e
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			arpwatch
Chris PeBenito 862a1e
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			bind
Chris PeBenito c2ecf0
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			bluetooth
Chris PeBenito 862a1e
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			comsat
Chris PeBenito e376ad
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			cpucontrol
Chris PeBenito 44a4c2
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			cron
Chris PeBenito 8b1125
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			cvs
Chris PeBenito 44a4c2
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			dbus
Chris PeBenito e376ad
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			dhcp
Chris PeBenito e376ad
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			dictd
Chris PeBenito e376ad
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			finger
Chris PeBenito 862a1e
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			ftp
Chris PeBenito 862a1e
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			gpm
Chris PeBenito c2ecf0
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			hal
Chris PeBenito e376ad
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			howl
Chris PeBenito c2ecf0
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			inetd
Chris PeBenito 8b1125
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			inn
Chris PeBenito e376ad
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			kerberos
Chris PeBenito 8b1125
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			ktalk
Chris PeBenito 44a4c2
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			ldap
Chris PeBenito c2ecf0
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			mailman
Chris PeBenito 862a1e
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			mta
Chris PeBenito 8b1125
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			mysql
Chris PeBenito c2ecf0
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			nis
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			nscd
Chris PeBenito 8b1125
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			ntp
Chris PeBenito e376ad
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			portmap
Chris PeBenito 44a4c2
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			postgresql
Chris PeBenito 44a4c2
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			ppp
Chris PeBenito 862a1e
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			privoxy
Chris PeBenito c2ecf0
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			radvd
Chris PeBenito 862a1e
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			remotelogin
Chris PeBenito 8b1125
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			rlogin
Chris PeBenito 44a4c2
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			rshd
Chris PeBenito c2ecf0
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			rsync
Chris PeBenito c2ecf0
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			samba
Chris PeBenito 44a4c2
		
Chris PeBenito 862a1e
			   - 
Chris PeBenito 862a1e
			sasl
Chris PeBenito 862a1e
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			sendmail
Chris PeBenito 8b1125
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			snmp
Chris PeBenito 44a4c2
		
Chris PeBenito e376ad
			   - 
Chris PeBenito e376ad
			squid
Chris PeBenito e376ad
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			ssh
Chris PeBenito 8b1125
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			stunnel
Chris PeBenito 44a4c2
		
Chris PeBenito c2ecf0
			   - 
Chris PeBenito c2ecf0
			tcpd
Chris PeBenito c2ecf0
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			telnet
Chris PeBenito 44a4c2
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			tftp
Chris PeBenito 44a4c2
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			uucp
Chris PeBenito 44a4c2
		
Chris PeBenito 44a4c2
			   - 
Chris PeBenito 44a4c2
			zebra
Chris PeBenito 44a4c2
		
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
	
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
		system
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			authlogin
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			clock
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			corecommands
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			domain
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			files
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			fstools
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			getty
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			hostname
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			hotplug
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			init
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			ipsec
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			iptables
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			libraries
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			locallogin
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			logging
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			lvm
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			miscfiles
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			modutils
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			mount
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			pcmcia
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			raid
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			selinuxutil
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			sysnetwork
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			udev
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			unconfined
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
			   - 
Chris PeBenito 8b1125
			userdomain
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
		
Chris PeBenito 8b1125
	
Chris PeBenito 8b1125
	

Chris PeBenito 8b1125
	* Global Booleans 
Chris PeBenito 8b1125
	

Chris PeBenito 8b1125
	* Global Tunables 
Chris PeBenito 8b1125
	


Chris PeBenito 8b1125
	* Layer Index
Chris PeBenito 8b1125
	

Chris PeBenito 8b1125
	* Interface Index
Chris PeBenito 8b1125
	

Chris PeBenito 8b1125
	* Template Index
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125

Global tunables:

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
allow_execmem
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
allow_execmod
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow making a modified private filemapping executable (text relocation).

Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
allow_execstack
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Default value
Chris PeBenito 44a4c2

false

Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Description
Chris PeBenito 44a4c2

Chris PeBenito 862a1e
Allow making the stack executable via mprotect.Also requires allow_execmem.

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
allow_ftpd_anon_write
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow ftp servers to modify public filesused for public file transfer services.

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
allow_gpg_execstack
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow gpg executable stack

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
allow_httpd_anon_write
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow Apache to modify public filesused for public file transfer services.

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
allow_kerberos
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow system to run with kerberos

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
allow_ptrace
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow sysadm to ptrace all processes

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
allow_saslauthd_read_shadow
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow sasl to read shadow

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 44a4c2
allow_ssh_keysign
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Default value
Chris PeBenito 44a4c2

false

Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Description
Chris PeBenito 44a4c2

Chris PeBenito 862a1e
allow host key based authentication

Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito c2ecf0
allow_user_mysql_connect
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Default value
Chris PeBenito c2ecf0

false

Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Description
Chris PeBenito c2ecf0

Chris PeBenito 862a1e
Allow users to connect to mysql

Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito 8b1125
allow_ypbind
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow system to run with NIS

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
cron_can_relabel
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow system cron jobs to relabel filesystemfor restoring file contexts.

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
fcron_crond
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Enable extra rules in the cron domainto support fcron.

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
ftp_home_dir
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow ftp to read and write files in the user home directories

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
ftpd_is_daemon
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow ftpd to run directly without inetd

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
httpd_builtin_scripting
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow httpd to use built in scripting (usually php)

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
httpd_can_network_connect
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow http daemon to tcp connect

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
httpd_enable_cgi
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow httpd cgi support

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
httpd_enable_homedirs
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow httpd to read home directories

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
httpd_ssi_exec
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Run SSI execs in system CGI script domain.

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
httpd_tty_comm
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow http daemon to communicate with the TTY

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
httpd_unified
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Run CGI in the main httpd domain

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito c2ecf0
named_write_master_zones
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Default value
Chris PeBenito c2ecf0

false

Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Description
Chris PeBenito c2ecf0

Chris PeBenito 862a1e
Allow BIND to write the master zone files.Generally this is used for dynamic DNS.

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
pppd_can_insmod
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow pppd to load kernel modules for certain modems

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
pppd_for_user
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Default value
Chris PeBenito 862a1e

false

Chris PeBenito 862a1e
Chris PeBenito 862a1e
Description
Chris PeBenito 862a1e

Chris PeBenito 862a1e
Allow pppd to be run for a regular user

Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito 8b1125
read_default_t
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow reading of default_t files.

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 44a4c2
read_untrusted_content
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Default value
Chris PeBenito 44a4c2

false

Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Description
Chris PeBenito 44a4c2

Chris PeBenito 862a1e
Allow applications to read untrusted contentIf this is disallowed, Internet content hasto be manually relabeled for read access to be granted

Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 8b1125
run_ssh_inetd
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow ssh to run from inetd instead of as a daemon.

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 44a4c2
squid_connect_any
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow squid to connect to all ports, not justHTTP, FTP, and Gopher ports.

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 44a4c2
ssh_sysadm_login
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow ssh logins as sysadm_r:sysadm_t

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 44a4c2
staff_read_sysadm_file
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
use_nfs_home_dirs
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Support NFS home directories

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
use_samba_home_dirs
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Support SAMBA home directories

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
user_direct_mouse
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow regular users direct mouse access

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
user_dmesg
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow users to read system messages.

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
user_net_control
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow users to control network interfaces(also needs USERCTL=true)

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
user_ping
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Control users use of ping and traceroute

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
user_rw_noexattrfile
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
user_rw_usb
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow users to rw usb devices

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
user_tcp_server
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow users to run TCP servers (bind to ports and accept connection fromthe same domain and outside users)  disabling this forces FTP passive modeand may change other protocols.

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
user_ttyfile_stat
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Default value
Chris PeBenito 8b1125

false

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Description
Chris PeBenito 8b1125

Chris PeBenito 862a1e
Allow w to display everyone

Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
write_untrusted_content
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Default value
Chris PeBenito 44a4c2

false

Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Description
Chris PeBenito 44a4c2

Chris PeBenito 862a1e
Allow applications to write untrusted contentIf this is disallowed, no Internet contentwill be stored.

Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
</body>
Chris PeBenito 8b1125
</html>