Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual page 30
Selinux guide
Hide thumbs
Also See for ENTERPRISE LINUX 4 - SELINUX GUIDE:
- Manual (410 pages) ,
- System administration manual (400 pages) ,
- Administration manual (200 pages)
Table of Contents
Advertisement
16
mta_delivery_agent
This attribute allows for flexibility in choosing a mail transfer agent (MTA) such as
or
. Rules allow it to perform mail handling and take tasks from
postfix
this attribute is not used in the targeted policy since none of the MTAs are targeted daemons for
Red Hat Enterprise Linux 4.
domain
This attribute is for all types that can be assigned to a process. This is the method for identifying
what is a domain in SELinux. In other Type Enforcement systems, domains may be implemented
separately from types. In SELinux, domains are essentially types with the
This attribute allows you to have rules that can be applied to all domains, such as allowing
to send signals to all processes. Another example is the following rule that allows all processes
to perform a search on directory objects that have a type of
directories
/var
allow domain { var_run_t var_t } : dir search ;
Here are the domains covered by this attribute:
unconfined_t: kernel_t, init_t, initrc_t, sysadm_t, rpm_t, \
mount_t
httpd_t
httpd_sys_script_t
httpd_suexec_t
httpd_php_t
httpd_helper_t
dhcpd_t
ldconfig_t
mailman_queue_t
mailman_mail_t
mailman_cgi_t
system_mail_t
mysqld_t
named_t
ndc_t
nscd_t
ntpd_t
portmap_t
postgresql_t
snmpd_t
squid_t
syslogd_t
winbind_t
ypbind_t
reserved_port_type
This attribute identifies all the types that are assigned to any of the reserved network ports, that
is, ports numbered lower than 1024. The attribute is used to control binding. An example binding
rule is followed here by the types that are part of this attribute:
# The allow rule permits the domain portmap_t to bind to a
# port with a type of portmap_port_t, which is one of the
# types identified by the reserved_port_type attribute.
# dontaudit rule tells SELinux to never audit the access of
# portmap_t to a reserved_port_type.
allow portmap_t portmap_port_t:{ udp_socket tcp_socket } \
name_bind;
dontaudit portmap_t reserved_port_type:tcp_socket name_bind;
# Types associated with the reserved_port_type attribute
and
:
/var/run
rpm_script_t, logrotate_t
Chapter 2. SELinux Policy Overview
mailman
domain
or
var_t
var_run_t
The
sendmail
. However,
attribute.
init
, that is, the
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE
Related Products for Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0