8.3.3. Manual Pages for Services

Manual pages for services contain valuable information, such as what file type to use for a given situation, and Booleans to change the access a service has (such as httpd accessing NFS file systems). This information may be in the standard manual page, or a manual page with selinux prepended or appended.

For example, the httpd_selinux(8) manual page has information about what file type to use for a given situation, as well as Booleans to allow scripts, sharing files, accessing directories inside user home directories, and so on. Other manual pages with SELinux information for services include:

Samba: the samba_selinux(8) manual page describes that files and directories to be exported via Samba must be labeled with the samba_share_t type, as well as Booleans to allow files labeled with types other than samba_share_t to be exported via Samba.
NFS: the nfs_selinux(8) manual page describes that, by default, file systems can not be exported via NFS, and that to allow file systems to be exported, Booleans such as nfs_export_all_ro or nfs_export_all_rw must be turned on.
Berkeley Internet Name Domain (BIND): the named(8) manual page describes what file type to use for a given situation (see the Red Hat SELinux BIND Security Profile section). The named_selinux(8) manual page describes that, by default, named can not write to master zone files, and to allow such access, the named_write_master_zones Boolean must be turned on.

The information in manual pages helps you configure the correct file types and Booleans, helping to prevent SELinux from denying access.