SELinux: Verfügbare boolesche Variablen auflisten
Mit dem folgenden Befehl können Sie sich unter CentOS 6 alle verfügbaren booleschen Variablen von SELinux mit einer kurzen Beschreibung auflisten lassen.
[root@centos6 ~]# semanage boolean -l
SELinux Boolesche Variablen Beschreibung
ftp_home_dir -> aus Allow ftp to read and write files in the user home directories
smartmon_3ware -> aus Enable additional permissions needed to support devices on 3ware controllers.
xdm_sysadm_login -> aus Allow xdm logins as sysadm
xen_use_nfs -> aus Allow xen to manage nfs files
mozilla_read_content -> aus Control mozilla content access
xguest_connect_network -> ein Allow xguest to configure Network Manager and connect to apache ports
tftp_anon_write -> aus Allow tftp to modify public files used for public file transfer services.
allow_console_login -> ein Allow direct login to the console device. Required for System 390
spamassassin_can_network -> aus Allow user spamassassin clients to use the network.
httpd_can_network_relay -> aus Allow httpd to act as a relay
openvpn_enable_homedirs -> ein Allow openvpn to read home directories
allow_execheap -> aus Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
telepathy_tcp_connect_generic_network_ports -> aus Allow the Telepathy connection managers to connect to any generic TCP port.
httpd_can_network_connect_db -> aus Allow HTTPD scripts and modules to connect to databases over the network.
allow_user_mysql_connect -> aus Allow users to connect to mysql
user_setrlimit -> ein Allow user processes to change their priority
allow_ftpd_full_access -> aus Allow ftp servers to login to local users and read/write all files on the system, governed by DAC.
httpd_use_gpg -> aus Allow httpd to run gpg in gpg-web domain
samba_domain_controller -> aus Allow samba to act as the domain controller, add users, groups and change passwords.
exim_manage_user_files -> aus Allow exim to create, read, write, and delete unprivileged user files.
httpd_enable_cgi -> ein Allow httpd cgi support
virt_use_nfs -> aus Allow virt to manage nfs files
allow_daemons_use_tty -> ein Allow all daemons the ability to read/write terminals
virt_use_comm -> aus Allow virt to use serial/parallell communication ports
rsync_client -> aus Allow rsync to run as a client
rgmanager_can_network_connect -> aus Allow rgmanager domain to connect to the network using TCP.
sepgsql_unconfined_dbadm -> ein Allow database admins to execute DML statement
use_nfs_home_dirs -> ein Support NFS home directories
puppet_manage_all_files -> aus Allow Puppet client to manage all file types.
sftpd_write_ssh_home -> aus Allow interlnal-sftp to read and write files in the user ssh home directories.
ssh_sysadm_login -> aus SSH-Logins als 'sysadm_r:sysadm_t' erlauben
named_write_master_zones -> aus Allow BIND to write the master zone files. Generally this is used for dynamic DNS or zone transfers.
sepgsql_enable_users_ddl -> ein Allow unprived users to execute DDL statement
squid_use_tproxy -> aus Allow squid to run as a transparent proxy (TPROXY)
tor_bind_all_unreserved_ports -> aus Allow tor daemon to bind tcp sockets to all unreserved ports.
allow_ssh_keysign -> aus allow host key based authentication
httpd_use_cifs -> aus Allow httpd to access cifs file systems
piranha_lvs_can_network_connect -> aus Allow piranha-lvs domain to connect to the network using TCP.
nagios_plugin_dontaudit_bind_port -> aus Allow fenced domain to connect to the network using TCP.
secure_mode -> aus Enabling secure mode disallows programs, such as newrole, from transitioning to administrative user domains.
allow_httpd_mod_auth_pam -> aus Allow Apache to use mod_auth_pam
samba_enable_home_dirs -> aus Allow samba to share users home directories.
samba_export_all_ro -> aus Allow samba to share any file/directory read only.
samba_export_all_rw -> aus Allow samba to share any file/directory read/write.
git_system_enable_homedirs -> aus Allow Git daemon system to search home directories.
use_samba_home_dirs -> aus Support SAMBA home directories
allow_execmem -> ein Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
samba_create_home_dirs -> aus Allow samba to create new home directories (e.g. via PAM)
user_ping -> ein Control users use of ping and traceroute
allow_httpd_anon_write -> aus Allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_rw_content_t.
irssi_use_full_network -> aus Allow the Irssi IRC Client to connect to any port, and to bind to any unreserved port.
allow_ftpd_use_nfs -> aus Allow ftp servers to use nfs used for public file transfer services.
httpd_enable_homedirs -> aus Allow httpd to read home directories
gpg_web_anon_write -> aus Allow gpg web domain to modify public files used for public file transfer services.
rsync_export_all_ro -> aus Allow rsync to export any files/directories read only.
allow_execmod -> ein Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
allow_httpd_sys_script_anon_write -> aus Allow apache scripts to write to public content. Directories/Files must be labeled public_rw_content_t.
mysql_connect_any -> aus Allow mysqld to connect to all ports
allow_sysadm_exec_content -> ein allow_sysadm_exec_content
httpd_dbus_avahi -> ein Allow Apache to communicate with avahi service via dbus
dhcpc_exec_iptables -> aus Allow dhcpc client applications to execute iptables commands
allow_ftpd_anon_write -> aus Allow ftp servers to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t.
pppd_for_user -> aus 'pppd' erlauben, für einen regulären Benutzer ausgeführt zu werden
global_ssp -> aus Enable reading of urandom for all domains.
user_direct_dri -> ein Allow regular users direct dri device access
cobbler_can_network_connect -> aus Allow Cobbler to connect to the network using TCP.
allow_xserver_execmem -> aus Allows XServer to execute writable memory
secure_mode_policyload -> aus boolean to determine whether the system permits loading policy, setting enforcing mode, and changing boolean values. Set this to true and you have to reboot to set it back
gpg_agent_env_file -> aus Allow usage of the gpg-agent --write-env-file option. This also allows gpg-agent to manage user files.
virt_use_xserver -> aus Allow virtual machine to interact with the xserver
allow_unconfined_qemu_transition -> aus Transition to confined qemu domains from unconfined user
git_system_use_nfs -> aus Allow Git daemon system to access nfs file systems.
httpd_unified -> ein Unify HTTPD handling of all content files.
nsplugin_can_network -> ein Allow nsplugin code to connect to unreserved ports
allow_rsync_anon_write -> aus Allow rsync to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t.
qemu_use_nfs -> ein Allow qemu to use nfs file systems
spamd_enable_home_dirs -> ein Allow spamd to read/write user home directories.
qemu_use_usb -> ein Allow qemu to use usb devices
exim_can_connect_db -> aus Allow exim to connect to databases (postgres, mysql)
allow_xguest_exec_content -> aus allow_xguest_exec_content
varnishd_connect_any -> aus Allow varnishd to connect to all ports, not just HTTP.
allow_mplayer_execstack -> aus Ausführbaren 'mplayer'-Stapel erlauben
virt_use_usb -> ein Allow virt to use usb devices
allow_daemons_dump_core -> ein Allen Daemons erlauben, corefiles nach / zu schreiben
cdrecord_read_content -> aus 'cdrecord' erlauben, verschiedenen Inhalt zu lesen. NFS, SAMBA, entfernbare Geräte, temporäre Benutzerdateien und nicht vertrauenswürdige Inhaltsdateien
virt_use_sysfs -> aus Allow virt to manage device configuration, (pci)
httpd_can_network_connect -> aus Allow HTTPD scripts and modules to connect to the network using TCP.
icecast_connect_any -> aus Allow icecast to connect to all ports, not just sound ports.
allow_ypbind -> aus Allow system to run with NIS
qemu_full_network -> ein Allow qemu to connect fully to the network
allow_nfsd_anon_write -> aus Allow nfs servers to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t.
allow_execstack -> ein Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
httpd_tty_comm -> ein Unify HTTPD to communicate with the terminal. Needed for entering the passphrase for certificates at the terminal.
sftpd_enable_homedirs -> aus Allow sftp-internal to read and write files in the user home directories
allow_user_exec_content -> ein allow_user_exec_content
nscd_use_shm -> ein Allow confined applications to use nscd shared memory.
user_ttyfile_stat -> aus Allow w to display everyone
allow_ftpd_use_cifs -> aus Allow ftp servers to use cifs used for public file transfer services.
allow_smbd_anon_write -> aus Allow samba to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t.
racoon_read_shadow -> aus Allow racoon to read shadow
allow_mount_anyfile -> ein Allow the mount command to mount any directory or file.
unconfined_login -> ein Allow a user to login as an unconfined domain
secure_mode_insmod -> aus Disable transitions to insmod.
allow_saslauthd_read_shadow -> aus Allow sasl to read shadow
allow_nsplugin_execmem -> ein Allow nsplugin code to execmem/execstack
allow_write_xshm -> aus Allows clients to write to the X server shared memory segments.
webadm_read_user_files -> aus Allow webadm to read files in users home directories
allow_polyinstantiation -> aus Enable polyinstantiated directory support.
use_fusefs_home_dirs -> aus Support fusefs home directories
vbetool_mmap_zero_ignore -> aus Ignore vbetool mmap_zero errors.
httpd_read_user_content -> aus Allow httpd to read user content
httpd_use_nfs -> aus Allow httpd to access nfs file systems
allow_postfix_local_write_mail_spool -> ein Allow postfix_local domain full write access to mail_spool directories
xguest_use_bluetooth -> ein Allow xguest to use blue tooth devices
use_lpd_server -> aus Use lpd server instead of cups
httpd_tmp_exec -> aus Allow Apache to execute tmp content.
user_rw_noexattrfile -> ein Allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)
user_tcp_server -> aus Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols.
qemu_use_cifs -> ein Allow qemu to use cifs/Samba file systems
user_direct_mouse -> aus Allow regular users direct mouse access
domain_kernel_load_modules -> aus Allow all domains to have the kernel load modules
httpd_execmem -> aus Allow httpd scripts and modules execmem/execstack
privoxy_connect_any -> ein Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports.
abrt_anon_write -> aus Allow ABRT to modify public files used for public file transfer services.
allow_java_execstack -> aus Ausführbaren Java-Stapel erlauben
ncftool_read_user_content -> aus Allow ncftool to read user content.
qemu_use_comm -> aus Allow qemu to user serial/parallel communication ports
httpd_can_sendmail -> aus Allow http daemon to send mail
samba_share_fusefs -> aus Allow samba to export ntfs/fusefs volumes.
init_upstart -> ein Enable support for upstart as the init program.
allow_zebra_write_config -> ein Allow zebra daemon to write it configuration files
httpd_builtin_scripting -> ein Allow httpd to use built in scripting (usually php)
xserver_object_manager -> aus Support X userspace object manager
cobbler_anon_write -> aus Allow Cobbler to modify public files used for public file transfer services.
samba_share_nfs -> aus Allow samba to export NFS volumes.
mmap_low_allowed -> aus Allow certain domains to map low memory in the kernel
wine_mmap_zero_ignore -> aus Ignore wine mmap_zero errors
allow_ptrace -> aus Allow sysadm to debug or ptrace all processes.
fenced_can_network_connect -> aus Allow fenced domain to connect to the network using TCP.
allow_user_postgresql_connect -> aus Allow users to connect to PostgreSQL
allow_cvs_read_shadow -> aus Allow cvs daemon to read shadow
httpd_can_check_spam -> aus Allow http daemon to check spam
sftpd_full_access -> aus Allow sftp-internal to login to local users and read/write all files on the system, governed by DAC.
xguest_mount_media -> ein Allow xguest users to mount removable media
allow_httpd_mod_auth_ntlm_winbind -> aus Allow Apache to use mod_auth_pam
pppd_can_insmod -> aus Allow pppd to load kernel modules for certain modems
samba_run_unconfined -> aus Allow samba to run unconfined scripts
ftpd_connect_db -> aus Allow ftp servers to use connect to mysql database
unconfined_mmap_zero_ignore -> aus Ignore wine mmap_zero errors
allow_kerberos -> ein Allow confined applications to run with kerberos.
httpd_can_network_memcache -> aus Allow httpd to connect to memcache server
exim_read_user_files -> aus Allow exim to read unprivileged user files.
httpd_can_network_connect_cobbler -> aus Allow HTTPD scripts and modules to connect to cobbler over the network.
allow_staff_exec_content -> ein allow_staff_exec_content
allow_guest_exec_content -> aus allow_guest_exec_content
allow_gssd_read_tmp -> ein Allow gssd to read temp directory. For access to kerberos tgt.
webadm_manage_user_files -> aus Allow webadm to manage files in users home directories
clamd_use_jit -> aus Allow clamd to use JIT compiler
git_session_bind_all_unreserved_ports -> aus Allow Git daemon session to bind tcp sockets to all unreserved ports.
httpd_ssi_exec -> aus Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
httpd_enable_ftp_server -> aus Allow httpd to act as a FTP server by listening on the ftp port.
fcron_crond -> aus Enable extra rules in the cron domain to support fcron.
virt_use_fusefs -> aus Allow virt to read fuse files
nfs_export_all_rw -> ein Allow any files/directories to be exported read/write via NFS.
allow_domain_fd_use -> ein Allow all domains to use other domains file descriptors
httpd_setrlimit -> aus Allow httpd daemon to change system limits
squid_connect_any -> ein Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports.
virt_use_samba -> aus Allow virt to manage cifs files
allow_unconfined_nsplugin_transition -> aus Transition to confined nsplugin domains from unconfined user
nfs_export_all_ro -> ein Allow any files/directories to be exported read/only via NFS.
cron_can_relabel -> aus Allow system cron jobs to relabel filesystem for restoring file contexts.
sftpd_anon_write -> aus Allow anon internal-sftp to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t.
git_system_use_cifs -> aus Allow Git daemon system to access cifs file systems.
SELinux Boolesche Variablen Beschreibung
ftp_home_dir -> aus Allow ftp to read and write files in the user home directories
smartmon_3ware -> aus Enable additional permissions needed to support devices on 3ware controllers.
xdm_sysadm_login -> aus Allow xdm logins as sysadm
xen_use_nfs -> aus Allow xen to manage nfs files
mozilla_read_content -> aus Control mozilla content access
xguest_connect_network -> ein Allow xguest to configure Network Manager and connect to apache ports
tftp_anon_write -> aus Allow tftp to modify public files used for public file transfer services.
allow_console_login -> ein Allow direct login to the console device. Required for System 390
spamassassin_can_network -> aus Allow user spamassassin clients to use the network.
httpd_can_network_relay -> aus Allow httpd to act as a relay
openvpn_enable_homedirs -> ein Allow openvpn to read home directories
allow_execheap -> aus Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
telepathy_tcp_connect_generic_network_ports -> aus Allow the Telepathy connection managers to connect to any generic TCP port.
httpd_can_network_connect_db -> aus Allow HTTPD scripts and modules to connect to databases over the network.
allow_user_mysql_connect -> aus Allow users to connect to mysql
user_setrlimit -> ein Allow user processes to change their priority
allow_ftpd_full_access -> aus Allow ftp servers to login to local users and read/write all files on the system, governed by DAC.
httpd_use_gpg -> aus Allow httpd to run gpg in gpg-web domain
samba_domain_controller -> aus Allow samba to act as the domain controller, add users, groups and change passwords.
exim_manage_user_files -> aus Allow exim to create, read, write, and delete unprivileged user files.
httpd_enable_cgi -> ein Allow httpd cgi support
virt_use_nfs -> aus Allow virt to manage nfs files
allow_daemons_use_tty -> ein Allow all daemons the ability to read/write terminals
virt_use_comm -> aus Allow virt to use serial/parallell communication ports
rsync_client -> aus Allow rsync to run as a client
rgmanager_can_network_connect -> aus Allow rgmanager domain to connect to the network using TCP.
sepgsql_unconfined_dbadm -> ein Allow database admins to execute DML statement
use_nfs_home_dirs -> ein Support NFS home directories
puppet_manage_all_files -> aus Allow Puppet client to manage all file types.
sftpd_write_ssh_home -> aus Allow interlnal-sftp to read and write files in the user ssh home directories.
ssh_sysadm_login -> aus SSH-Logins als 'sysadm_r:sysadm_t' erlauben
named_write_master_zones -> aus Allow BIND to write the master zone files. Generally this is used for dynamic DNS or zone transfers.
sepgsql_enable_users_ddl -> ein Allow unprived users to execute DDL statement
squid_use_tproxy -> aus Allow squid to run as a transparent proxy (TPROXY)
tor_bind_all_unreserved_ports -> aus Allow tor daemon to bind tcp sockets to all unreserved ports.
allow_ssh_keysign -> aus allow host key based authentication
httpd_use_cifs -> aus Allow httpd to access cifs file systems
piranha_lvs_can_network_connect -> aus Allow piranha-lvs domain to connect to the network using TCP.
nagios_plugin_dontaudit_bind_port -> aus Allow fenced domain to connect to the network using TCP.
secure_mode -> aus Enabling secure mode disallows programs, such as newrole, from transitioning to administrative user domains.
allow_httpd_mod_auth_pam -> aus Allow Apache to use mod_auth_pam
samba_enable_home_dirs -> aus Allow samba to share users home directories.
samba_export_all_ro -> aus Allow samba to share any file/directory read only.
samba_export_all_rw -> aus Allow samba to share any file/directory read/write.
git_system_enable_homedirs -> aus Allow Git daemon system to search home directories.
use_samba_home_dirs -> aus Support SAMBA home directories
allow_execmem -> ein Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
samba_create_home_dirs -> aus Allow samba to create new home directories (e.g. via PAM)
user_ping -> ein Control users use of ping and traceroute
allow_httpd_anon_write -> aus Allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_rw_content_t.
irssi_use_full_network -> aus Allow the Irssi IRC Client to connect to any port, and to bind to any unreserved port.
allow_ftpd_use_nfs -> aus Allow ftp servers to use nfs used for public file transfer services.
httpd_enable_homedirs -> aus Allow httpd to read home directories
gpg_web_anon_write -> aus Allow gpg web domain to modify public files used for public file transfer services.
rsync_export_all_ro -> aus Allow rsync to export any files/directories read only.
allow_execmod -> ein Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
allow_httpd_sys_script_anon_write -> aus Allow apache scripts to write to public content. Directories/Files must be labeled public_rw_content_t.
mysql_connect_any -> aus Allow mysqld to connect to all ports
allow_sysadm_exec_content -> ein allow_sysadm_exec_content
httpd_dbus_avahi -> ein Allow Apache to communicate with avahi service via dbus
dhcpc_exec_iptables -> aus Allow dhcpc client applications to execute iptables commands
allow_ftpd_anon_write -> aus Allow ftp servers to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t.
pppd_for_user -> aus 'pppd' erlauben, für einen regulären Benutzer ausgeführt zu werden
global_ssp -> aus Enable reading of urandom for all domains.
user_direct_dri -> ein Allow regular users direct dri device access
cobbler_can_network_connect -> aus Allow Cobbler to connect to the network using TCP.
allow_xserver_execmem -> aus Allows XServer to execute writable memory
secure_mode_policyload -> aus boolean to determine whether the system permits loading policy, setting enforcing mode, and changing boolean values. Set this to true and you have to reboot to set it back
gpg_agent_env_file -> aus Allow usage of the gpg-agent --write-env-file option. This also allows gpg-agent to manage user files.
virt_use_xserver -> aus Allow virtual machine to interact with the xserver
allow_unconfined_qemu_transition -> aus Transition to confined qemu domains from unconfined user
git_system_use_nfs -> aus Allow Git daemon system to access nfs file systems.
httpd_unified -> ein Unify HTTPD handling of all content files.
nsplugin_can_network -> ein Allow nsplugin code to connect to unreserved ports
allow_rsync_anon_write -> aus Allow rsync to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t.
qemu_use_nfs -> ein Allow qemu to use nfs file systems
spamd_enable_home_dirs -> ein Allow spamd to read/write user home directories.
qemu_use_usb -> ein Allow qemu to use usb devices
exim_can_connect_db -> aus Allow exim to connect to databases (postgres, mysql)
allow_xguest_exec_content -> aus allow_xguest_exec_content
varnishd_connect_any -> aus Allow varnishd to connect to all ports, not just HTTP.
allow_mplayer_execstack -> aus Ausführbaren 'mplayer'-Stapel erlauben
virt_use_usb -> ein Allow virt to use usb devices
allow_daemons_dump_core -> ein Allen Daemons erlauben, corefiles nach / zu schreiben
cdrecord_read_content -> aus 'cdrecord' erlauben, verschiedenen Inhalt zu lesen. NFS, SAMBA, entfernbare Geräte, temporäre Benutzerdateien und nicht vertrauenswürdige Inhaltsdateien
virt_use_sysfs -> aus Allow virt to manage device configuration, (pci)
httpd_can_network_connect -> aus Allow HTTPD scripts and modules to connect to the network using TCP.
icecast_connect_any -> aus Allow icecast to connect to all ports, not just sound ports.
allow_ypbind -> aus Allow system to run with NIS
qemu_full_network -> ein Allow qemu to connect fully to the network
allow_nfsd_anon_write -> aus Allow nfs servers to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t.
allow_execstack -> ein Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
httpd_tty_comm -> ein Unify HTTPD to communicate with the terminal. Needed for entering the passphrase for certificates at the terminal.
sftpd_enable_homedirs -> aus Allow sftp-internal to read and write files in the user home directories
allow_user_exec_content -> ein allow_user_exec_content
nscd_use_shm -> ein Allow confined applications to use nscd shared memory.
user_ttyfile_stat -> aus Allow w to display everyone
allow_ftpd_use_cifs -> aus Allow ftp servers to use cifs used for public file transfer services.
allow_smbd_anon_write -> aus Allow samba to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t.
racoon_read_shadow -> aus Allow racoon to read shadow
allow_mount_anyfile -> ein Allow the mount command to mount any directory or file.
unconfined_login -> ein Allow a user to login as an unconfined domain
secure_mode_insmod -> aus Disable transitions to insmod.
allow_saslauthd_read_shadow -> aus Allow sasl to read shadow
allow_nsplugin_execmem -> ein Allow nsplugin code to execmem/execstack
allow_write_xshm -> aus Allows clients to write to the X server shared memory segments.
webadm_read_user_files -> aus Allow webadm to read files in users home directories
allow_polyinstantiation -> aus Enable polyinstantiated directory support.
use_fusefs_home_dirs -> aus Support fusefs home directories
vbetool_mmap_zero_ignore -> aus Ignore vbetool mmap_zero errors.
httpd_read_user_content -> aus Allow httpd to read user content
httpd_use_nfs -> aus Allow httpd to access nfs file systems
allow_postfix_local_write_mail_spool -> ein Allow postfix_local domain full write access to mail_spool directories
xguest_use_bluetooth -> ein Allow xguest to use blue tooth devices
use_lpd_server -> aus Use lpd server instead of cups
httpd_tmp_exec -> aus Allow Apache to execute tmp content.
user_rw_noexattrfile -> ein Allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)
user_tcp_server -> aus Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols.
qemu_use_cifs -> ein Allow qemu to use cifs/Samba file systems
user_direct_mouse -> aus Allow regular users direct mouse access
domain_kernel_load_modules -> aus Allow all domains to have the kernel load modules
httpd_execmem -> aus Allow httpd scripts and modules execmem/execstack
privoxy_connect_any -> ein Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports.
abrt_anon_write -> aus Allow ABRT to modify public files used for public file transfer services.
allow_java_execstack -> aus Ausführbaren Java-Stapel erlauben
ncftool_read_user_content -> aus Allow ncftool to read user content.
qemu_use_comm -> aus Allow qemu to user serial/parallel communication ports
httpd_can_sendmail -> aus Allow http daemon to send mail
samba_share_fusefs -> aus Allow samba to export ntfs/fusefs volumes.
init_upstart -> ein Enable support for upstart as the init program.
allow_zebra_write_config -> ein Allow zebra daemon to write it configuration files
httpd_builtin_scripting -> ein Allow httpd to use built in scripting (usually php)
xserver_object_manager -> aus Support X userspace object manager
cobbler_anon_write -> aus Allow Cobbler to modify public files used for public file transfer services.
samba_share_nfs -> aus Allow samba to export NFS volumes.
mmap_low_allowed -> aus Allow certain domains to map low memory in the kernel
wine_mmap_zero_ignore -> aus Ignore wine mmap_zero errors
allow_ptrace -> aus Allow sysadm to debug or ptrace all processes.
fenced_can_network_connect -> aus Allow fenced domain to connect to the network using TCP.
allow_user_postgresql_connect -> aus Allow users to connect to PostgreSQL
allow_cvs_read_shadow -> aus Allow cvs daemon to read shadow
httpd_can_check_spam -> aus Allow http daemon to check spam
sftpd_full_access -> aus Allow sftp-internal to login to local users and read/write all files on the system, governed by DAC.
xguest_mount_media -> ein Allow xguest users to mount removable media
allow_httpd_mod_auth_ntlm_winbind -> aus Allow Apache to use mod_auth_pam
pppd_can_insmod -> aus Allow pppd to load kernel modules for certain modems
samba_run_unconfined -> aus Allow samba to run unconfined scripts
ftpd_connect_db -> aus Allow ftp servers to use connect to mysql database
unconfined_mmap_zero_ignore -> aus Ignore wine mmap_zero errors
allow_kerberos -> ein Allow confined applications to run with kerberos.
httpd_can_network_memcache -> aus Allow httpd to connect to memcache server
exim_read_user_files -> aus Allow exim to read unprivileged user files.
httpd_can_network_connect_cobbler -> aus Allow HTTPD scripts and modules to connect to cobbler over the network.
allow_staff_exec_content -> ein allow_staff_exec_content
allow_guest_exec_content -> aus allow_guest_exec_content
allow_gssd_read_tmp -> ein Allow gssd to read temp directory. For access to kerberos tgt.
webadm_manage_user_files -> aus Allow webadm to manage files in users home directories
clamd_use_jit -> aus Allow clamd to use JIT compiler
git_session_bind_all_unreserved_ports -> aus Allow Git daemon session to bind tcp sockets to all unreserved ports.
httpd_ssi_exec -> aus Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
httpd_enable_ftp_server -> aus Allow httpd to act as a FTP server by listening on the ftp port.
fcron_crond -> aus Enable extra rules in the cron domain to support fcron.
virt_use_fusefs -> aus Allow virt to read fuse files
nfs_export_all_rw -> ein Allow any files/directories to be exported read/write via NFS.
allow_domain_fd_use -> ein Allow all domains to use other domains file descriptors
httpd_setrlimit -> aus Allow httpd daemon to change system limits
squid_connect_any -> ein Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports.
virt_use_samba -> aus Allow virt to manage cifs files
allow_unconfined_nsplugin_transition -> aus Transition to confined nsplugin domains from unconfined user
nfs_export_all_ro -> ein Allow any files/directories to be exported read/only via NFS.
cron_can_relabel -> aus Allow system cron jobs to relabel filesystem for restoring file contexts.
sftpd_anon_write -> aus Allow anon internal-sftp to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t.
git_system_use_cifs -> aus Allow Git daemon system to access cifs file systems.
Sollte das Programm semanage auf Ihrem System nicht verfügbar sein, müssen Sie nur das Paket policycoreutils-python installieren.
[root@centos6 ~]# yum install policycoreutils-python
Dieser Eintrag wurde am 16.09.2011 erstellt und zuletzt am 08.01.2014 bearbeitet.
Direkter Link zu dieser Seite: http://www.gtkdb.de/index_33_1372.html
[ Zur Startseite ] [ Zur Kategorie ]
© 2004-2020 by Georg Kainzbauer