Blob Blame History Raw
<html>
<head>
<title>
 Security Enhanced Linux Reference Policy
 </title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
	
		<a href="admin.html">+&nbsp;
		admin</a></br/>
		<div id='subitem'>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
			acct</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
			consoletype</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
			dmesg</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
			firstboot</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
			logrotate</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
			netutils</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
			quota</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
			rpm</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
			su</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
			sudo</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
			tmpreaper</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
			updfstab</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
			usermanage</a><br/>
		
		</div>
	
		<a href="apps.html">+&nbsp;
		apps</a></br/>
		<div id='subitem'>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_gpg.html'>
			gpg</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_loadkeys.html'>
			loadkeys</a><br/>
		
		</div>
	
		<a href="kernel.html">+&nbsp;
		kernel</a></br/>
		<div id='subitem'>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_bootloader.html'>
			bootloader</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_corenetwork.html'>
			corenetwork</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_devices.html'>
			devices</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_filesystem.html'>
			filesystem</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_kernel.html'>
			kernel</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_selinux.html'>
			selinux</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_storage.html'>
			storage</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_terminal.html'>
			terminal</a><br/>
		
		</div>
	
		<a href="services.html">+&nbsp;
		services</a></br/>
		<div id='subitem'>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
			bind</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_comsat.html'>
			comsat</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
			cron</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_dbus.html'>
			dbus</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_dhcp.html'>
			dhcp</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_dictd.html'>
			dictd</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
			gpm</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_hal.html'>
			hal</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
			howl</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
			inetd</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inn.html'>
			inn</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
			kerberos</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
			ldap</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
			mta</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
			mysql</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
			nis</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
			nscd</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ntp.html'>
			ntp</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
			privoxy</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
			remotelogin</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
			rshd</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
			rsync</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
			sendmail</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_squid.html'>
			squid</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
			ssh</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
			tcpd</a><br/>
		
		</div>
	
		<a href="system.html">+&nbsp;
		system</a></br/>
		<div id='subitem'>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_authlogin.html'>
			authlogin</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_clock.html'>
			clock</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_corecommands.html'>
			corecommands</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_domain.html'>
			domain</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_files.html'>
			files</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_fstools.html'>
			fstools</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_getty.html'>
			getty</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hostname.html'>
			hostname</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hotplug.html'>
			hotplug</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
			init</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
			ipsec</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
			iptables</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_libraries.html'>
			libraries</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_locallogin.html'>
			locallogin</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_logging.html'>
			logging</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_lvm.html'>
			lvm</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_miscfiles.html'>
			miscfiles</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_modutils.html'>
			modutils</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
			mount</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
			pcmcia</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
			raid</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
			selinuxutil</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_sysnetwork.html'>
			sysnetwork</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
			udev</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
			unconfined</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
			userdomain</a><br/>
		
		</div>
	
	<br/><p/>
	<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
	<br/><p/>
	<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
	<p/><br/><p/>
	<a href="index.html">*&nbsp;Layer Index</a>
	<br/><p/>
	<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
	<br/><p/>
	<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>

<div id="Content">

<h1>Layer: admin</h1><p/>

<p><p>
	Policy modules for administrative functions, such as package management.
</p></p><br/>


<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
	
		
			<tr><td>
			<a href='admin_acct.html'>
			acct</a></td>
			<td><p>Berkeley process accounting</p></td>
		
			<tr><td>
			<a href='admin_consoletype.html'>
			consoletype</a></td>
			<td><p>
Determine of the console connected to the controlling terminal.
</p></td>
		
			<tr><td>
			<a href='admin_dmesg.html'>
			dmesg</a></td>
			<td><p>Policy for dmesg.</p></td>
		
			<tr><td>
			<a href='admin_firstboot.html'>
			firstboot</a></td>
			<td><p>
Final system configuration run during the first boot
after installation of Red Hat/Fedora systems.
</p></td>
		
			<tr><td>
			<a href='admin_logrotate.html'>
			logrotate</a></td>
			<td><p>Rotate and archive system logs</p></td>
		
			<tr><td>
			<a href='admin_netutils.html'>
			netutils</a></td>
			<td><p>Network analysis utilities</p></td>
		
			<tr><td>
			<a href='admin_quota.html'>
			quota</a></td>
			<td><p>File system quota management</p></td>
		
			<tr><td>
			<a href='admin_rpm.html'>
			rpm</a></td>
			<td><p>Policy for the RPM package manager.</p></td>
		
			<tr><td>
			<a href='admin_su.html'>
			su</a></td>
			<td><p>Run shells with substitute user and group</p></td>
		
			<tr><td>
			<a href='admin_sudo.html'>
			sudo</a></td>
			<td><p>Execute a command with a substitute user</p></td>
		
			<tr><td>
			<a href='admin_tmpreaper.html'>
			tmpreaper</a></td>
			<td><p>Manage temporary directory sizes and file ages</p></td>
		
			<tr><td>
			<a href='admin_updfstab.html'>
			updfstab</a></td>
			<td><p>Red Hat utility to change /etc/fstab.</p></td>
		
			<tr><td>
			<a href='admin_usermanage.html'>
			usermanage</a></td>
			<td><p>Policy for managing user accounts.</p></td>
		
		</td></tr>
	
		
		</td></tr>
	
		
		</td></tr>
	
		
		</td></tr>
	
		
		</td></tr>
	
</table>
<p/><br/><br/>

<h1>Layer: kernel</h1><p/>

<p><p>
Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
</p></p><br/>


<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
	
		
		</td></tr>
	
		
		</td></tr>
	
		
			<tr><td>
			<a href='kernel_bootloader.html'>
			bootloader</a></td>
			<td><p>Policy for the kernel modules, kernel image, and bootloader.</p></td>
		
			<tr><td>
			<a href='kernel_corenetwork.html'>
			corenetwork</a></td>
			<td><p>Policy controlling access to network objects</p></td>
		
			<tr><td>
			<a href='kernel_devices.html'>
			devices</a></td>
			<td><p>
Device nodes and interfaces for many basic system devices.
</p></td>
		
			<tr><td>
			<a href='kernel_filesystem.html'>
			filesystem</a></td>
			<td><p>Policy for filesystems.</p></td>
		
			<tr><td>
			<a href='kernel_kernel.html'>
			kernel</a></td>
			<td><p>
Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
</p></td>
		
			<tr><td>
			<a href='kernel_selinux.html'>
			selinux</a></td>
			<td><p>
Policy for kernel security interface, in particular, selinuxfs.
</p></td>
		
			<tr><td>
			<a href='kernel_storage.html'>
			storage</a></td>
			<td><p>Policy controlling access to storage devices</p></td>
		
			<tr><td>
			<a href='kernel_terminal.html'>
			terminal</a></td>
			<td><p>Policy for terminals.</p></td>
		
		</td></tr>
	
		
		</td></tr>
	
		
		</td></tr>
	
</table>
<p/><br/><br/>

<h1>Layer: apps</h1><p/>

<p><p>Policy modules for applications</p></p><br/>


<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
	
		
		</td></tr>
	
		
			<tr><td>
			<a href='apps_gpg.html'>
			gpg</a></td>
			<td><p>Policy for GNU Privacy Guard and related programs.</p></td>
		
			<tr><td>
			<a href='apps_loadkeys.html'>
			loadkeys</a></td>
			<td><p>Load keyboard mappings.</p></td>
		
		</td></tr>
	
		
		</td></tr>
	
		
		</td></tr>
	
		
		</td></tr>
	
</table>
<p/><br/><br/>

<h1>Layer: system</h1><p/>

<p><p>
	Policy modules for system functions from init to multi-user login.
</p></p><br/>


<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
	
		
		</td></tr>
	
		
		</td></tr>
	
		
		</td></tr>
	
		
		</td></tr>
	
		
			<tr><td>
			<a href='system_authlogin.html'>
			authlogin</a></td>
			<td><p>Common policy for authentication and user login.</p></td>
		
			<tr><td>
			<a href='system_clock.html'>
			clock</a></td>
			<td><p>Policy for reading and setting the hardware clock.</p></td>
		
			<tr><td>
			<a href='system_corecommands.html'>
			corecommands</a></td>
			<td><p>
Core policy for shells, and generic programs
in /bin, /sbin, /usr/bin, and /usr/sbin.
</p></td>
		
			<tr><td>
			<a href='system_domain.html'>
			domain</a></td>
			<td><p>Core policy for domains.</p></td>
		
			<tr><td>
			<a href='system_files.html'>
			files</a></td>
			<td><p>
Basic filesystem types and interfaces.
</p></td>
		
			<tr><td>
			<a href='system_fstools.html'>
			fstools</a></td>
			<td><p>Tools for filesystem management, such as mkfs and fsck.</p></td>
		
			<tr><td>
			<a href='system_getty.html'>
			getty</a></td>
			<td><p>Policy for getty.</p></td>
		
			<tr><td>
			<a href='system_hostname.html'>
			hostname</a></td>
			<td><p>Policy for changing the system host name.</p></td>
		
			<tr><td>
			<a href='system_hotplug.html'>
			hotplug</a></td>
			<td><p>
Policy for hotplug system, for supporting the
connection and disconnection of devices at runtime.
</p></td>
		
			<tr><td>
			<a href='system_init.html'>
			init</a></td>
			<td><p>System initialization programs (init and init scripts).</p></td>
		
			<tr><td>
			<a href='system_ipsec.html'>
			ipsec</a></td>
			<td><p>TCP/IP encryption</p></td>
		
			<tr><td>
			<a href='system_iptables.html'>
			iptables</a></td>
			<td><p>Policy for iptables.</p></td>
		
			<tr><td>
			<a href='system_libraries.html'>
			libraries</a></td>
			<td><p>Policy for system libraries.</p></td>
		
			<tr><td>
			<a href='system_locallogin.html'>
			locallogin</a></td>
			<td><p>Policy for local logins.</p></td>
		
			<tr><td>
			<a href='system_logging.html'>
			logging</a></td>
			<td><p>Policy for the kernel message logger and system logging daemon.</p></td>
		
			<tr><td>
			<a href='system_lvm.html'>
			lvm</a></td>
			<td><p>Policy for logical volume management programs.</p></td>
		
			<tr><td>
			<a href='system_miscfiles.html'>
			miscfiles</a></td>
			<td><p>Miscelaneous files.</p></td>
		
			<tr><td>
			<a href='system_modutils.html'>
			modutils</a></td>
			<td><p>Policy for kernel module utilities</p></td>
		
			<tr><td>
			<a href='system_mount.html'>
			mount</a></td>
			<td><p>Policy for mount.</p></td>
		
			<tr><td>
			<a href='system_pcmcia.html'>
			pcmcia</a></td>
			<td><p>PCMCIA card management services</p></td>
		
			<tr><td>
			<a href='system_raid.html'>
			raid</a></td>
			<td><p>RAID array management tools</p></td>
		
			<tr><td>
			<a href='system_selinuxutil.html'>
			selinuxutil</a></td>
			<td><p>Policy for SELinux policy and userland applications.</p></td>
		
			<tr><td>
			<a href='system_sysnetwork.html'>
			sysnetwork</a></td>
			<td><p>Policy for network configuration: ifconfig and dhcp client.</p></td>
		
			<tr><td>
			<a href='system_udev.html'>
			udev</a></td>
			<td><p>Policy for udev.</p></td>
		
			<tr><td>
			<a href='system_unconfined.html'>
			unconfined</a></td>
			<td><p>The unconfined domain.</p></td>
		
			<tr><td>
			<a href='system_userdomain.html'>
			userdomain</a></td>
			<td><p>Policy for user domains</p></td>
		
		</td></tr>
	
</table>
<p/><br/><br/>

<h1>Layer: services</h1><p/>

<p><p>
	Policy modules for system services, like cron, and network services,
	like sshd.
</p></p><br/>


<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
	
		
		</td></tr>
	
		
		</td></tr>
	
		
		</td></tr>
	
		
			<tr><td>
			<a href='services_bind.html'>
			bind</a></td>
			<td><p>Berkeley internet name domain DNS server.</p></td>
		
			<tr><td>
			<a href='services_comsat.html'>
			comsat</a></td>
			<td><p>Comsat, a biff server.</p></td>
		
			<tr><td>
			<a href='services_cron.html'>
			cron</a></td>
			<td><p>Periodic execution of scheduled commands.</p></td>
		
			<tr><td>
			<a href='services_dbus.html'>
			dbus</a></td>
			<td><p>Desktop messaging bus</p></td>
		
			<tr><td>
			<a href='services_dhcp.html'>
			dhcp</a></td>
			<td><p>Dynamic host configuration protocol (DHCP) server</p></td>
		
			<tr><td>
			<a href='services_dictd.html'>
			dictd</a></td>
			<td><p>Dictionary daemon</p></td>
		
			<tr><td>
			<a href='services_gpm.html'>
			gpm</a></td>
			<td><p>General Purpose Mouse driver</p></td>
		
			<tr><td>
			<a href='services_hal.html'>
			hal</a></td>
			<td><p>Hardware abstraction layer</p></td>
		
			<tr><td>
			<a href='services_howl.html'>
			howl</a></td>
			<td><p>Port of Apple Rendezvous multicast DNS</p></td>
		
			<tr><td>
			<a href='services_inetd.html'>
			inetd</a></td>
			<td><p>Internet services daemon.</p></td>
		
			<tr><td>
			<a href='services_inn.html'>
			inn</a></td>
			<td><p>Internet News NNTP server</p></td>
		
			<tr><td>
			<a href='services_kerberos.html'>
			kerberos</a></td>
			<td><p>MIT Kerberos admin and KDC</p></td>
		
			<tr><td>
			<a href='services_ldap.html'>
			ldap</a></td>
			<td><p>OpenLDAP directory server</p></td>
		
			<tr><td>
			<a href='services_mta.html'>
			mta</a></td>
			<td><p>Policy common to all email tranfer agents.</p></td>
		
			<tr><td>
			<a href='services_mysql.html'>
			mysql</a></td>
			<td><p>Policy for MySQL</p></td>
		
			<tr><td>
			<a href='services_nis.html'>
			nis</a></td>
			<td><p>Policy for NIS (YP) servers and clients</p></td>
		
			<tr><td>
			<a href='services_nscd.html'>
			nscd</a></td>
			<td><p>Name service cache daemon</p></td>
		
			<tr><td>
			<a href='services_ntp.html'>
			ntp</a></td>
			<td><p>Network time protocol daemon</p></td>
		
			<tr><td>
			<a href='services_privoxy.html'>
			privoxy</a></td>
			<td><p>Privacy enhancing web proxy.</p></td>
		
			<tr><td>
			<a href='services_remotelogin.html'>
			remotelogin</a></td>
			<td><p>Policy for rshd, rlogind, and telnetd.</p></td>
		
			<tr><td>
			<a href='services_rshd.html'>
			rshd</a></td>
			<td><p>Remote shell service.</p></td>
		
			<tr><td>
			<a href='services_rsync.html'>
			rsync</a></td>
			<td><p>Fast incremental file transfer for synchronization</p></td>
		
			<tr><td>
			<a href='services_sendmail.html'>
			sendmail</a></td>
			<td><p>Policy for sendmail.</p></td>
		
			<tr><td>
			<a href='services_squid.html'>
			squid</a></td>
			<td><p>Squid caching http proxy server</p></td>
		
			<tr><td>
			<a href='services_ssh.html'>
			ssh</a></td>
			<td><p>Secure shell client and server policy.</p></td>
		
			<tr><td>
			<a href='services_tcpd.html'>
			tcpd</a></td>
			<td><p>Policy for TCP daemon.</p></td>
		
		</td></tr>
	
		
		</td></tr>
	
</table>
<p/><br/><br/>

</div>
</body>
</html>