Product SiteDocumentation Site

Red Hat Enterprise Linux 6

Managing Confined Services

Guide to configuring services under control of SELinux

Edition 1.6

Logo

Red Hat Engineering Content Services

Legal Notice

Copyright © 2010 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
All other trademarks are the property of their respective owners.


1801 Varsity Drive
 RaleighNC 27606-2072 USA
 Phone: +1 919 754 3700
 Phone: 888 733 4281
 Fax: +1 919 754 3701

Abstract
The Managing Confined Services guide is designed to assist advanced users and administrators when using and configuring Security-Enhanced Linux (SELinux). It is focused on Red Hat Enterprise Linux and describes the components of SELinux as they pertain to services an advanced user or administrator might need to configure. Also included are real-world examples of configuring these services and demonstrations of how SELinux complements their operation.

Preface
1. Document Conventions
1.1. Typographic Conventions
1.2. Pull-quote Conventions
1.3. Notes and Warnings
2. We Need Feedback!
1. Introduction
2. Targeted policy
2.1. Type Enforcement
2.2. Confined processes
2.3. Unconfined processes
3. The Apache HTTP Server
3.1. The Apache HTTP Server and SELinux
3.2. Types
3.3. Booleans
3.4. Configuration examples
3.4.1. Running a static site
3.4.2. Sharing NFS and CIFS file systems
3.4.3. Sharing files between services
3.4.4. Changing port numbers
4. Samba
4.1. Samba and SELinux
4.2. Types
4.3. Booleans
4.4. Configuration examples
4.4.1. Sharing directories you create
4.4.2. Sharing a website
5. File Transfer Protocol
5.1. FTP and SELinux
5.2. Types
5.3. Booleans
5.4. Configuration Examples
5.4.1. Uploading to an FTP site
6. Network File System
6.1. NFS and SELinux
6.2. Types
6.3. Booleans
6.4. Configuration Examples
6.4.1. Sharing directories using NFS
7. Berkeley Internet Name Domain
7.1. BIND and SELinux
7.2. Types
7.3. Booleans
7.4. Configuration Examples
7.4.1. Dynamic DNS
8. Concurrent Versioning System
8.1. CVS and SELinux
8.2. Types
8.3. Booleans
8.4. Configuration Examples
8.4.1. Setting up CVS
9. Squid Caching Proxy
9.1. Squid Caching Proxy and SELinux
9.2. Types
9.3. Booleans
9.4. Configuration Examples
9.4.1. Squid Connecting to Non-Standard Ports
10. MySQL
10.1. MySQL and SELinux
10.2. Types
10.3. Booleans
10.4. Configuration Examples
10.4.1. MySQL Changing Database Location
11. PostgreSQL
11.1. PostgreSQL and SELinux
11.2. Types
11.3. Booleans
11.4. Configuration Examples
11.4.1. PostgreSQL Changing Database Location
12. rsync
12.1. rsync and SELinux
12.2. Types
12.3. Booleans
12.4. Configuration Examples
12.4.1. Rsync as a daemon
13. Postfix
13.1. Postfix and SELinux
13.2. Types
13.3. Booleans
13.4. Configuration Examples
13.4.1. SpamAssassin and Postfix
14. DHCP
14.1. DHCP and SELinux
14.2. Types
15. References