<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> - <a href='admin_acct.html'> acct</a><br/> - <a href='admin_alsa.html'> alsa</a><br/> - <a href='admin_amanda.html'> amanda</a><br/> - <a href='admin_amtu.html'> amtu</a><br/> - <a href='admin_anaconda.html'> anaconda</a><br/> - <a href='admin_apt.html'> apt</a><br/> - <a href='admin_backup.html'> backup</a><br/> - <a href='admin_bootloader.html'> bootloader</a><br/> - <a href='admin_brctl.html'> brctl</a><br/> - <a href='admin_certwatch.html'> certwatch</a><br/> - <a href='admin_consoletype.html'> consoletype</a><br/> - <a href='admin_ddcprobe.html'> ddcprobe</a><br/> - <a href='admin_dmesg.html'> dmesg</a><br/> - <a href='admin_dmidecode.html'> dmidecode</a><br/> - <a href='admin_dpkg.html'> dpkg</a><br/> - <a href='admin_firstboot.html'> firstboot</a><br/> - <a href='admin_kudzu.html'> kudzu</a><br/> - <a href='admin_logrotate.html'> logrotate</a><br/> - <a href='admin_logwatch.html'> logwatch</a><br/> - <a href='admin_mcelog.html'> mcelog</a><br/> - <a href='admin_mrtg.html'> mrtg</a><br/> - <a href='admin_netutils.html'> netutils</a><br/> - <a href='admin_portage.html'> portage</a><br/> - <a href='admin_prelink.html'> prelink</a><br/> - <a href='admin_quota.html'> quota</a><br/> - <a href='admin_readahead.html'> readahead</a><br/> - <a href='admin_rpm.html'> rpm</a><br/> - <a href='admin_su.html'> su</a><br/> - <a href='admin_sudo.html'> sudo</a><br/> - <a href='admin_sxid.html'> sxid</a><br/> - <a href='admin_tmpreaper.html'> tmpreaper</a><br/> - <a href='admin_tripwire.html'> tripwire</a><br/> - <a href='admin_updfstab.html'> updfstab</a><br/> - <a href='admin_usbmodules.html'> usbmodules</a><br/> - <a href='admin_usermanage.html'> usermanage</a><br/> - <a href='admin_vbetool.html'> vbetool</a><br/> - <a href='admin_vpn.html'> vpn</a><br/> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> - <a href='apps_ada.html'> ada</a><br/> - <a href='apps_authbind.html'> authbind</a><br/> - <a href='apps_calamaris.html'> calamaris</a><br/> - <a href='apps_cdrecord.html'> cdrecord</a><br/> - <a href='apps_ethereal.html'> ethereal</a><br/> - <a href='apps_evolution.html'> evolution</a><br/> - <a href='apps_games.html'> games</a><br/> - <a href='apps_gift.html'> gift</a><br/> - <a href='apps_gnome.html'> gnome</a><br/> - <a href='apps_gpg.html'> gpg</a><br/> - <a href='apps_guest.html'> guest</a><br/> - <a href='apps_irc.html'> irc</a><br/> - <a href='apps_java.html'> java</a><br/> - <a href='apps_loadkeys.html'> loadkeys</a><br/> - <a href='apps_lockdev.html'> lockdev</a><br/> - <a href='apps_mono.html'> mono</a><br/> - <a href='apps_mozilla.html'> mozilla</a><br/> - <a href='apps_mplayer.html'> mplayer</a><br/> - <a href='apps_qemu.html'> qemu</a><br/> - <a href='apps_rssh.html'> rssh</a><br/> - <a href='apps_screen.html'> screen</a><br/> - <a href='apps_slocate.html'> slocate</a><br/> - <a href='apps_thunderbird.html'> thunderbird</a><br/> - <a href='apps_tvtime.html'> tvtime</a><br/> - <a href='apps_uml.html'> uml</a><br/> - <a href='apps_userhelper.html'> userhelper</a><br/> - <a href='apps_usernetctl.html'> usernetctl</a><br/> - <a href='apps_vmware.html'> vmware</a><br/> - <a href='apps_webalizer.html'> webalizer</a><br/> - <a href='apps_wine.html'> wine</a><br/> - <a href='apps_yam.html'> yam</a><br/> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> - <a href='kernel_corecommands.html'> corecommands</a><br/> - <a href='kernel_corenetwork.html'> corenetwork</a><br/> - <a href='kernel_devices.html'> devices</a><br/> - <a href='kernel_domain.html'> domain</a><br/> - <a href='kernel_files.html'> files</a><br/> - <a href='kernel_filesystem.html'> filesystem</a><br/> - <a href='kernel_kernel.html'> kernel</a><br/> - <a href='kernel_mcs.html'> mcs</a><br/> - <a href='kernel_mls.html'> mls</a><br/> - <a href='kernel_selinux.html'> selinux</a><br/> - <a href='kernel_storage.html'> storage</a><br/> - <a href='kernel_terminal.html'> terminal</a><br/> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> - <a href='services_afs.html'> afs</a><br/> - <a href='services_aide.html'> aide</a><br/> - <a href='services_aisexec.html'> aisexec</a><br/> - <a href='services_amavis.html'> amavis</a><br/> - <a href='services_apache.html'> apache</a><br/> - <a href='services_apm.html'> apm</a><br/> - <a href='services_arpwatch.html'> arpwatch</a><br/> - <a href='services_asterisk.html'> asterisk</a><br/> - <a href='services_audioentropy.html'> audioentropy</a><br/> - <a href='services_automount.html'> automount</a><br/> - <a href='services_avahi.html'> avahi</a><br/> - <a href='services_bind.html'> bind</a><br/> - <a href='services_bluetooth.html'> bluetooth</a><br/> - <a href='services_canna.html'> canna</a><br/> - <a href='services_ccs.html'> ccs</a><br/> - <a href='services_cipe.html'> cipe</a><br/> - <a href='services_clamav.html'> clamav</a><br/> - <a href='services_clockspeed.html'> clockspeed</a><br/> - <a href='services_clogd.html'> clogd</a><br/> - <a href='services_comsat.html'> comsat</a><br/> - <a href='services_condor.html'> condor</a><br/> - <a href='services_courier.html'> courier</a><br/> - <a href='services_cpucontrol.html'> cpucontrol</a><br/> - <a href='services_cron.html'> cron</a><br/> - <a href='services_cups.html'> cups</a><br/> - <a href='services_cvs.html'> cvs</a><br/> - <a href='services_cyrus.html'> cyrus</a><br/> - <a href='services_dante.html'> dante</a><br/> - <a href='services_dbskk.html'> dbskk</a><br/> - <a href='services_dbus.html'> dbus</a><br/> - <a href='services_dcc.html'> dcc</a><br/> - <a href='services_ddclient.html'> ddclient</a><br/> - <a href='services_dhcp.html'> dhcp</a><br/> - <a href='services_dictd.html'> dictd</a><br/> - <a href='services_distcc.html'> distcc</a><br/> - <a href='services_djbdns.html'> djbdns</a><br/> - <a href='services_dnsmasq.html'> dnsmasq</a><br/> - <a href='services_dovecot.html'> dovecot</a><br/> - <a href='services_exim.html'> exim</a><br/> - <a href='services_fail2ban.html'> fail2ban</a><br/> - <a href='services_fetchmail.html'> fetchmail</a><br/> - <a href='services_finger.html'> finger</a><br/> - <a href='services_ftp.html'> ftp</a><br/> - <a href='services_gatekeeper.html'> gatekeeper</a><br/> - <a href='services_gpm.html'> gpm</a><br/> - <a href='services_hal.html'> hal</a><br/> - <a href='services_howl.html'> howl</a><br/> - <a href='services_i18n_input.html'> i18n_input</a><br/> - <a href='services_imaze.html'> imaze</a><br/> - <a href='services_inetd.html'> inetd</a><br/> - <a href='services_inn.html'> inn</a><br/> - <a href='services_ircd.html'> ircd</a><br/> - <a href='services_irqbalance.html'> irqbalance</a><br/> - <a href='services_jabber.html'> jabber</a><br/> - <a href='services_kerberos.html'> kerberos</a><br/> - <a href='services_ktalk.html'> ktalk</a><br/> - <a href='services_ldap.html'> ldap</a><br/> - <a href='services_lpd.html'> lpd</a><br/> - <a href='services_mailman.html'> mailman</a><br/> - <a href='services_milter.html'> milter</a><br/> - <a href='services_monop.html'> monop</a><br/> - <a href='services_mta.html'> mta</a><br/> - <a href='services_munin.html'> munin</a><br/> - <a href='services_mysql.html'> mysql</a><br/> - <a href='services_nagios.html'> nagios</a><br/> - <a href='services_nessus.html'> nessus</a><br/> - <a href='services_networkmanager.html'> networkmanager</a><br/> - <a href='services_nis.html'> nis</a><br/> - <a href='services_nscd.html'> nscd</a><br/> - <a href='services_nsd.html'> nsd</a><br/> - <a href='services_ntop.html'> ntop</a><br/> - <a href='services_ntp.html'> ntp</a><br/> - <a href='services_nx.html'> nx</a><br/> - <a href='services_oav.html'> oav</a><br/> - <a href='services_oddjob.html'> oddjob</a><br/> - <a href='services_openca.html'> openca</a><br/> - <a href='services_openct.html'> openct</a><br/> - <a href='services_openvpn.html'> openvpn</a><br/> - <a href='services_pcscd.html'> pcscd</a><br/> - <a href='services_pegasus.html'> pegasus</a><br/> - <a href='services_perdition.html'> perdition</a><br/> - <a href='services_piranha.html'> piranha</a><br/> - <a href='services_pki.html'> pki</a><br/> - <a href='services_portmap.html'> portmap</a><br/> - <a href='services_portslave.html'> portslave</a><br/> - <a href='services_postfix.html'> postfix</a><br/> - <a href='services_postgresql.html'> postgresql</a><br/> - <a href='services_postgrey.html'> postgrey</a><br/> - <a href='services_ppp.html'> ppp</a><br/> - <a href='services_prelude.html'> prelude</a><br/> - <a href='services_privoxy.html'> privoxy</a><br/> - <a href='services_procmail.html'> procmail</a><br/> - <a href='services_publicfile.html'> publicfile</a><br/> - <a href='services_pxe.html'> pxe</a><br/> - <a href='services_pyzor.html'> pyzor</a><br/> - <a href='services_qmail.html'> qmail</a><br/> - <a href='services_radius.html'> radius</a><br/> - <a href='services_radvd.html'> radvd</a><br/> - <a href='services_razor.html'> razor</a><br/> - <a href='services_rdisc.html'> rdisc</a><br/> - <a href='services_remotelogin.html'> remotelogin</a><br/> - <a href='services_resmgr.html'> resmgr</a><br/> - <a href='services_rgmanager.html'> rgmanager</a><br/> - <a href='services_rhcs.html'> rhcs</a><br/> - <a href='services_rhgb.html'> rhgb</a><br/> - <a href='services_rhsmcertd.html'> rhsmcertd</a><br/> - <a href='services_ricci.html'> ricci</a><br/> - <a href='services_rlogin.html'> rlogin</a><br/> - <a href='services_roundup.html'> roundup</a><br/> - <a href='services_rpc.html'> rpc</a><br/> - <a href='services_rshd.html'> rshd</a><br/> - <a href='services_rsync.html'> rsync</a><br/> - <a href='services_samba.html'> samba</a><br/> - <a href='services_sasl.html'> sasl</a><br/> - <a href='services_sendmail.html'> sendmail</a><br/> - <a href='services_setroubleshoot.html'> setroubleshoot</a><br/> - <a href='services_slrnpull.html'> slrnpull</a><br/> - <a href='services_smartmon.html'> smartmon</a><br/> - <a href='services_snmp.html'> snmp</a><br/> - <a href='services_snort.html'> snort</a><br/> - <a href='services_soundserver.html'> soundserver</a><br/> - <a href='services_spamassassin.html'> spamassassin</a><br/> - <a href='services_speedtouch.html'> speedtouch</a><br/> - <a href='services_squid.html'> squid</a><br/> - <a href='services_ssh.html'> ssh</a><br/> - <a href='services_sssd.html'> sssd</a><br/> - <a href='services_stunnel.html'> stunnel</a><br/> - <a href='services_sysstat.html'> sysstat</a><br/> - <a href='services_tcpd.html'> tcpd</a><br/> - <a href='services_telnet.html'> telnet</a><br/> - <a href='services_tftp.html'> tftp</a><br/> - <a href='services_timidity.html'> timidity</a><br/> - <a href='services_tor.html'> tor</a><br/> - <a href='services_transproxy.html'> transproxy</a><br/> - <a href='services_ucspitcp.html'> ucspitcp</a><br/> - <a href='services_uptime.html'> uptime</a><br/> - <a href='services_uucp.html'> uucp</a><br/> - <a href='services_uwimap.html'> uwimap</a><br/> - <a href='services_vhostmd.html'> vhostmd</a><br/> - <a href='services_virt.html'> virt</a><br/> - <a href='services_watchdog.html'> watchdog</a><br/> - <a href='services_xfs.html'> xfs</a><br/> - <a href='services_xprint.html'> xprint</a><br/> - <a href='services_xserver.html'> xserver</a><br/> - <a href='services_zarafa.html'> zarafa</a><br/> - <a href='services_zebra.html'> zebra</a><br/> - <a href='services_zosremote.html'> zosremote</a><br/> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> - <a href='system_application.html'> application</a><br/> - <a href='system_authlogin.html'> authlogin</a><br/> - <a href='system_clock.html'> clock</a><br/> - <a href='system_daemontools.html'> daemontools</a><br/> - <a href='system_fstools.html'> fstools</a><br/> - <a href='system_getty.html'> getty</a><br/> - <a href='system_hostname.html'> hostname</a><br/> - <a href='system_hotplug.html'> hotplug</a><br/> - <a href='system_init.html'> init</a><br/> - <a href='system_ipsec.html'> ipsec</a><br/> - <a href='system_iptables.html'> iptables</a><br/> - <a href='system_iscsi.html'> iscsi</a><br/> - <a href='system_libraries.html'> libraries</a><br/> - <a href='system_locallogin.html'> locallogin</a><br/> - <a href='system_logging.html'> logging</a><br/> - <a href='system_lvm.html'> lvm</a><br/> - <a href='system_miscfiles.html'> miscfiles</a><br/> - <a href='system_modutils.html'> modutils</a><br/> - <a href='system_mount.html'> mount</a><br/> - <a href='system_netlabel.html'> netlabel</a><br/> - <a href='system_pcmcia.html'> pcmcia</a><br/> - <a href='system_raid.html'> raid</a><br/> - <a href='system_selinuxutil.html'> selinuxutil</a><br/> - <a href='system_setrans.html'> setrans</a><br/> - <a href='system_sysnetwork.html'> sysnetwork</a><br/> - <a href='system_tzdata.html'> tzdata</a><br/> - <a href='system_udev.html'> udev</a><br/> - <a href='system_unconfined.html'> unconfined</a><br/> - <a href='system_userdomain.html'> userdomain</a><br/> - <a href='system_virtual.html'> virtual</a><br/> - <a href='system_xen.html'> xen</a><br/> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <h1>Layer: admin</h1><p/> <p><p> Policy modules for administrative functions, such as package management. </p></p><br/> <table border="1" cellspacing="0" cellpadding="3" width="75%"> <tr><td class="title">Module:</td><td class="title">Description:</td></tr> <tr><td> <a href='admin_acct.html'> acct</a></td> <td><p>Berkeley process accounting</p></td> <tr><td> <a href='admin_alsa.html'> alsa</a></td> <td><p>Ainit ALSA configuration tool</p></td> <tr><td> <a href='admin_amanda.html'> amanda</a></td> <td><p>Automated backup program.</p></td> <tr><td> <a href='admin_amtu.html'> amtu</a></td> <td><p> abstract Machine Test Utility </p></td> <tr><td> <a href='admin_anaconda.html'> anaconda</a></td> <td><p>Policy for the Anaconda installer.</p></td> <tr><td> <a href='admin_apt.html'> apt</a></td> <td><p>APT advanced package toll.</p></td> <tr><td> <a href='admin_backup.html'> backup</a></td> <td><p>System backup scripts</p></td> <tr><td> <a href='admin_bootloader.html'> bootloader</a></td> <td><p>Policy for the kernel modules, kernel image, and bootloader.</p></td> <tr><td> <a href='admin_brctl.html'> brctl</a></td> <td><p>Utilities for configuring the linux ethernet bridge</p></td> <tr><td> <a href='admin_certwatch.html'> certwatch</a></td> <td><p>Digital Certificate Tracking</p></td> <tr><td> <a href='admin_consoletype.html'> consoletype</a></td> <td><p> Determine of the console connected to the controlling terminal. </p></td> <tr><td> <a href='admin_ddcprobe.html'> ddcprobe</a></td> <td><p>ddcprobe retrieves monitor and graphics card information</p></td> <tr><td> <a href='admin_dmesg.html'> dmesg</a></td> <td><p>Policy for dmesg.</p></td> <tr><td> <a href='admin_dmidecode.html'> dmidecode</a></td> <td><p>Decode DMI data for x86/ia64 bioses.</p></td> <tr><td> <a href='admin_dpkg.html'> dpkg</a></td> <td><p>Policy for the Debian package manager.</p></td> <tr><td> <a href='admin_firstboot.html'> firstboot</a></td> <td><p> Final system configuration run during the first boot after installation of Red Hat/Fedora systems. </p></td> <tr><td> <a href='admin_kudzu.html'> kudzu</a></td> <td><p>Hardware detection and configuration tools</p></td> <tr><td> <a href='admin_logrotate.html'> logrotate</a></td> <td><p>Rotate and archive system logs</p></td> <tr><td> <a href='admin_logwatch.html'> logwatch</a></td> <td><p>System log analyzer and reporter</p></td> <tr><td> <a href='admin_mcelog.html'> mcelog</a></td> <td><p>policy for mcelog</p></td> <tr><td> <a href='admin_mrtg.html'> mrtg</a></td> <td><p>Network traffic graphing</p></td> <tr><td> <a href='admin_netutils.html'> netutils</a></td> <td><p>Network analysis utilities</p></td> <tr><td> <a href='admin_portage.html'> portage</a></td> <td><p> Portage Package Management System. The primary package management and distribution system for Gentoo. </p></td> <tr><td> <a href='admin_prelink.html'> prelink</a></td> <td><p>Prelink ELF shared library mappings.</p></td> <tr><td> <a href='admin_quota.html'> quota</a></td> <td><p>File system quota management</p></td> <tr><td> <a href='admin_readahead.html'> readahead</a></td> <td><p>Readahead, read files into page cache for improved performance</p></td> <tr><td> <a href='admin_rpm.html'> rpm</a></td> <td><p>Policy for the RPM package manager.</p></td> <tr><td> <a href='admin_su.html'> su</a></td> <td><p>Run shells with substitute user and group</p></td> <tr><td> <a href='admin_sudo.html'> sudo</a></td> <td><p>Execute a command with a substitute user</p></td> <tr><td> <a href='admin_sxid.html'> sxid</a></td> <td><p>SUID/SGID program monitoring</p></td> <tr><td> <a href='admin_tmpreaper.html'> tmpreaper</a></td> <td><p>Manage temporary directory sizes and file ages</p></td> <tr><td> <a href='admin_tripwire.html'> tripwire</a></td> <td><p>Tripwire file integrity checker.</p></td> <tr><td> <a href='admin_updfstab.html'> updfstab</a></td> <td><p>Red Hat utility to change /etc/fstab.</p></td> <tr><td> <a href='admin_usbmodules.html'> usbmodules</a></td> <td><p>List kernel modules of USB devices</p></td> <tr><td> <a href='admin_usermanage.html'> usermanage</a></td> <td><p>Policy for managing user accounts.</p></td> <tr><td> <a href='admin_vbetool.html'> vbetool</a></td> <td><p>run real-mode video BIOS code to alter hardware state</p></td> <tr><td> <a href='admin_vpn.html'> vpn</a></td> <td><p>Virtual Private Networking client</p></td> </td></tr> </td></tr> </td></tr> </td></tr> </td></tr> </table> <p/><br/><br/> <h1>Layer: kernel</h1><p/> <p><p> Policy for kernel threads, proc filesystem, and unlabeled processes and objects. </p></p><br/> <table border="1" cellspacing="0" cellpadding="3" width="75%"> <tr><td class="title">Module:</td><td class="title">Description:</td></tr> </td></tr> </td></tr> <tr><td> <a href='kernel_corecommands.html'> corecommands</a></td> <td><p> Core policy for shells, and generic programs in /bin, /sbin, /usr/bin, and /usr/sbin. </p></td> <tr><td> <a href='kernel_corenetwork.html'> corenetwork</a></td> <td><p>Policy controlling access to network objects</p></td> <tr><td> <a href='kernel_devices.html'> devices</a></td> <td><p> Device nodes and interfaces for many basic system devices. </p></td> <tr><td> <a href='kernel_domain.html'> domain</a></td> <td><p>Core policy for domains.</p></td> <tr><td> <a href='kernel_files.html'> files</a></td> <td><p> Basic filesystem types and interfaces. </p></td> <tr><td> <a href='kernel_filesystem.html'> filesystem</a></td> <td><p>Policy for filesystems.</p></td> <tr><td> <a href='kernel_kernel.html'> kernel</a></td> <td><p> Policy for kernel threads, proc filesystem, and unlabeled processes and objects. </p></td> <tr><td> <a href='kernel_mcs.html'> mcs</a></td> <td><p>Multicategory security policy</p></td> <tr><td> <a href='kernel_mls.html'> mls</a></td> <td><p>Multilevel security policy</p></td> <tr><td> <a href='kernel_selinux.html'> selinux</a></td> <td><p> Policy for kernel security interface, in particular, selinuxfs. </p></td> <tr><td> <a href='kernel_storage.html'> storage</a></td> <td><p>Policy controlling access to storage devices</p></td> <tr><td> <a href='kernel_terminal.html'> terminal</a></td> <td><p>Policy for terminals.</p></td> </td></tr> </td></tr> </td></tr> </table> <p/><br/><br/> <h1>Layer: apps</h1><p/> <p><p>Policy modules for applications</p></p><br/> <table border="1" cellspacing="0" cellpadding="3" width="75%"> <tr><td class="title">Module:</td><td class="title">Description:</td></tr> </td></tr> <tr><td> <a href='apps_ada.html'> ada</a></td> <td><p>GNAT Ada95 compiler</p></td> <tr><td> <a href='apps_authbind.html'> authbind</a></td> <td><p>Tool for non-root processes to bind to reserved ports</p></td> <tr><td> <a href='apps_calamaris.html'> calamaris</a></td> <td><p>Squid log analysis</p></td> <tr><td> <a href='apps_cdrecord.html'> cdrecord</a></td> <td><p>Policy for cdrecord</p></td> <tr><td> <a href='apps_ethereal.html'> ethereal</a></td> <td><p>Ethereal packet capture tool.</p></td> <tr><td> <a href='apps_evolution.html'> evolution</a></td> <td><p>Evolution email client</p></td> <tr><td> <a href='apps_games.html'> games</a></td> <td><p>Games</p></td> <tr><td> <a href='apps_gift.html'> gift</a></td> <td><p>giFT peer to peer file sharing tool</p></td> <tr><td> <a href='apps_gnome.html'> gnome</a></td> <td><p>GNU network object model environment (GNOME)</p></td> <tr><td> <a href='apps_gpg.html'> gpg</a></td> <td><p>Policy for GNU Privacy Guard and related programs.</p></td> <tr><td> <a href='apps_guest.html'> guest</a></td> <td><p>Least privledge terminal user role</p></td> <tr><td> <a href='apps_irc.html'> irc</a></td> <td><p>IRC client policy</p></td> <tr><td> <a href='apps_java.html'> java</a></td> <td><p>Java virtual machine</p></td> <tr><td> <a href='apps_loadkeys.html'> loadkeys</a></td> <td><p>Load keyboard mappings.</p></td> <tr><td> <a href='apps_lockdev.html'> lockdev</a></td> <td><p>device locking policy for lockdev</p></td> <tr><td> <a href='apps_mono.html'> mono</a></td> <td><p>Run .NET server and client applications on Linux.</p></td> <tr><td> <a href='apps_mozilla.html'> mozilla</a></td> <td><p>Policy for Mozilla and related web browsers</p></td> <tr><td> <a href='apps_mplayer.html'> mplayer</a></td> <td><p>Mplayer media player and encoder</p></td> <tr><td> <a href='apps_qemu.html'> qemu</a></td> <td><p>QEMU machine emulator and virtualizer</p></td> <tr><td> <a href='apps_rssh.html'> rssh</a></td> <td><p>Restricted (scp/sftp) only shell</p></td> <tr><td> <a href='apps_screen.html'> screen</a></td> <td><p>GNU terminal multiplexer</p></td> <tr><td> <a href='apps_slocate.html'> slocate</a></td> <td><p>Update database for mlocate</p></td> <tr><td> <a href='apps_thunderbird.html'> thunderbird</a></td> <td><p>Thunderbird email client</p></td> <tr><td> <a href='apps_tvtime.html'> tvtime</a></td> <td><p> tvtime - a high quality television application </p></td> <tr><td> <a href='apps_uml.html'> uml</a></td> <td><p>Policy for UML</p></td> <tr><td> <a href='apps_userhelper.html'> userhelper</a></td> <td><p>SELinux utility to run a shell with a new role</p></td> <tr><td> <a href='apps_usernetctl.html'> usernetctl</a></td> <td><p>User network interface configuration helper</p></td> <tr><td> <a href='apps_vmware.html'> vmware</a></td> <td><p>VMWare Workstation virtual machines</p></td> <tr><td> <a href='apps_webalizer.html'> webalizer</a></td> <td><p>Web server log analysis</p></td> <tr><td> <a href='apps_wine.html'> wine</a></td> <td><p>Wine Is Not an Emulator. Run Windows programs in Linux.</p></td> <tr><td> <a href='apps_yam.html'> yam</a></td> <td><p>Yum/Apt Mirroring</p></td> </td></tr> </td></tr> </td></tr> </td></tr> </table> <p/><br/><br/> <h1>Layer: system</h1><p/> <p><p> Policy modules for system functions from init to multi-user login. </p></p><br/> <table border="1" cellspacing="0" cellpadding="3" width="75%"> <tr><td class="title">Module:</td><td class="title">Description:</td></tr> </td></tr> </td></tr> </td></tr> </td></tr> <tr><td> <a href='system_application.html'> application</a></td> <td><p>Policy for user executable applications.</p></td> <tr><td> <a href='system_authlogin.html'> authlogin</a></td> <td><p>Common policy for authentication and user login.</p></td> <tr><td> <a href='system_clock.html'> clock</a></td> <td><p>Policy for reading and setting the hardware clock.</p></td> <tr><td> <a href='system_daemontools.html'> daemontools</a></td> <td><p>Collection of tools for managing UNIX services</p></td> <tr><td> <a href='system_fstools.html'> fstools</a></td> <td><p>Tools for filesystem management, such as mkfs and fsck.</p></td> <tr><td> <a href='system_getty.html'> getty</a></td> <td><p>Policy for getty.</p></td> <tr><td> <a href='system_hostname.html'> hostname</a></td> <td><p>Policy for changing the system host name.</p></td> <tr><td> <a href='system_hotplug.html'> hotplug</a></td> <td><p> Policy for hotplug system, for supporting the connection and disconnection of devices at runtime. </p></td> <tr><td> <a href='system_init.html'> init</a></td> <td><p>System initialization programs (init and init scripts).</p></td> <tr><td> <a href='system_ipsec.html'> ipsec</a></td> <td><p>TCP/IP encryption</p></td> <tr><td> <a href='system_iptables.html'> iptables</a></td> <td><p>Policy for iptables.</p></td> <tr><td> <a href='system_iscsi.html'> iscsi</a></td> <td><p>Establish connections to iSCSI devices</p></td> <tr><td> <a href='system_libraries.html'> libraries</a></td> <td><p>Policy for system libraries.</p></td> <tr><td> <a href='system_locallogin.html'> locallogin</a></td> <td><p>Policy for local logins.</p></td> <tr><td> <a href='system_logging.html'> logging</a></td> <td><p>Policy for the kernel message logger and system logging daemon.</p></td> <tr><td> <a href='system_lvm.html'> lvm</a></td> <td><p>Policy for logical volume management programs.</p></td> <tr><td> <a href='system_miscfiles.html'> miscfiles</a></td> <td><p>Miscelaneous files.</p></td> <tr><td> <a href='system_modutils.html'> modutils</a></td> <td><p>Policy for kernel module utilities</p></td> <tr><td> <a href='system_mount.html'> mount</a></td> <td><p>Policy for mount.</p></td> <tr><td> <a href='system_netlabel.html'> netlabel</a></td> <td><p>NetLabel/CIPSO labeled networking management</p></td> <tr><td> <a href='system_pcmcia.html'> pcmcia</a></td> <td><p>PCMCIA card management services</p></td> <tr><td> <a href='system_raid.html'> raid</a></td> <td><p>RAID array management tools</p></td> <tr><td> <a href='system_selinuxutil.html'> selinuxutil</a></td> <td><p>Policy for SELinux policy and userland applications.</p></td> <tr><td> <a href='system_setrans.html'> setrans</a></td> <td><p>SELinux MLS/MCS label translation service.</p></td> <tr><td> <a href='system_sysnetwork.html'> sysnetwork</a></td> <td><p>Policy for network configuration: ifconfig and dhcp client.</p></td> <tr><td> <a href='system_tzdata.html'> tzdata</a></td> <td><p>policy for tzdata</p></td> <tr><td> <a href='system_udev.html'> udev</a></td> <td><p>Policy for udev.</p></td> <tr><td> <a href='system_unconfined.html'> unconfined</a></td> <td><p>The unconfined domain.</p></td> <tr><td> <a href='system_userdomain.html'> userdomain</a></td> <td><p>Policy for user domains</p></td> <tr><td> <a href='system_virtual.html'> virtual</a></td> <td><p>Virtual machine emulator and virtualizer</p></td> <tr><td> <a href='system_xen.html'> xen</a></td> <td><p>Xen hypervisor</p></td> </td></tr> </table> <p/><br/><br/> <h1>Layer: services</h1><p/> <p><p> Policy modules for system services, like cron, and network services, like sshd. </p></p><br/> <table border="1" cellspacing="0" cellpadding="3" width="75%"> <tr><td class="title">Module:</td><td class="title">Description:</td></tr> </td></tr> </td></tr> </td></tr> <tr><td> <a href='services_afs.html'> afs</a></td> <td><p>Andrew Filesystem server</p></td> <tr><td> <a href='services_aide.html'> aide</a></td> <td><p>Aide filesystem integrity checker</p></td> <tr><td> <a href='services_aisexec.html'> aisexec</a></td> <td><p>SELinux policy for Aisexec Cluster Engine</p></td> <tr><td> <a href='services_amavis.html'> amavis</a></td> <td><p> Daemon that interfaces mail transfer agents and content checkers, such as virus scanners. </p></td> <tr><td> <a href='services_apache.html'> apache</a></td> <td><p>Apache web server</p></td> <tr><td> <a href='services_apm.html'> apm</a></td> <td><p>Advanced power management daemon</p></td> <tr><td> <a href='services_arpwatch.html'> arpwatch</a></td> <td><p>Ethernet activity monitor.</p></td> <tr><td> <a href='services_asterisk.html'> asterisk</a></td> <td><p>Asterisk IP telephony server</p></td> <tr><td> <a href='services_audioentropy.html'> audioentropy</a></td> <td><p>Generate entropy from audio input</p></td> <tr><td> <a href='services_automount.html'> automount</a></td> <td><p>Filesystem automounter service.</p></td> <tr><td> <a href='services_avahi.html'> avahi</a></td> <td><p>mDNS/DNS-SD daemon implementing Apple ZeroConf architecture</p></td> <tr><td> <a href='services_bind.html'> bind</a></td> <td><p>Berkeley internet name domain DNS server.</p></td> <tr><td> <a href='services_bluetooth.html'> bluetooth</a></td> <td><p>Bluetooth tools and system services.</p></td> <tr><td> <a href='services_canna.html'> canna</a></td> <td><p>Canna - kana-kanji conversion server</p></td> <tr><td> <a href='services_ccs.html'> ccs</a></td> <td><p>Cluster Configuration System</p></td> <tr><td> <a href='services_cipe.html'> cipe</a></td> <td><p>Encrypted tunnel daemon</p></td> <tr><td> <a href='services_clamav.html'> clamav</a></td> <td><p>ClamAV Virus Scanner</p></td> <tr><td> <a href='services_clockspeed.html'> clockspeed</a></td> <td><p>Clockspeed simple network time protocol client</p></td> <tr><td> <a href='services_clogd.html'> clogd</a></td> <td><p>clogd - clustered mirror log server</p></td> <tr><td> <a href='services_comsat.html'> comsat</a></td> <td><p>Comsat, a biff server.</p></td> <tr><td> <a href='services_condor.html'> condor</a></td> <td><p>policy for condor</p></td> <tr><td> <a href='services_courier.html'> courier</a></td> <td><p>Courier IMAP and POP3 email servers</p></td> <tr><td> <a href='services_cpucontrol.html'> cpucontrol</a></td> <td><p>Services for loading CPU microcode and CPU frequency scaling.</p></td> <tr><td> <a href='services_cron.html'> cron</a></td> <td><p>Periodic execution of scheduled commands.</p></td> <tr><td> <a href='services_cups.html'> cups</a></td> <td><p>Common UNIX printing system</p></td> <tr><td> <a href='services_cvs.html'> cvs</a></td> <td><p>Concurrent versions system</p></td> <tr><td> <a href='services_cyrus.html'> cyrus</a></td> <td><p>Cyrus is an IMAP service intended to be run on sealed servers</p></td> <tr><td> <a href='services_dante.html'> dante</a></td> <td><p>Dante msproxy and socks4/5 proxy server</p></td> <tr><td> <a href='services_dbskk.html'> dbskk</a></td> <td><p>Dictionary server for the SKK Japanese input method system.</p></td> <tr><td> <a href='services_dbus.html'> dbus</a></td> <td><p>Desktop messaging bus</p></td> <tr><td> <a href='services_dcc.html'> dcc</a></td> <td><p>Distributed checksum clearinghouse spam filtering</p></td> <tr><td> <a href='services_ddclient.html'> ddclient</a></td> <td><p>Update dynamic IP address at DynDNS.org</p></td> <tr><td> <a href='services_dhcp.html'> dhcp</a></td> <td><p>Dynamic host configuration protocol (DHCP) server</p></td> <tr><td> <a href='services_dictd.html'> dictd</a></td> <td><p>Dictionary daemon</p></td> <tr><td> <a href='services_distcc.html'> distcc</a></td> <td><p>Distributed compiler daemon</p></td> <tr><td> <a href='services_djbdns.html'> djbdns</a></td> <td><p>small and secure DNS daemon</p></td> <tr><td> <a href='services_dnsmasq.html'> dnsmasq</a></td> <td><p>dnsmasq DNS forwarder and DHCP server</p></td> <tr><td> <a href='services_dovecot.html'> dovecot</a></td> <td><p>Dovecot POP and IMAP mail server</p></td> <tr><td> <a href='services_exim.html'> exim</a></td> <td><p>Exim service</p></td> <tr><td> <a href='services_fail2ban.html'> fail2ban</a></td> <td><p>Update firewall filtering to ban IP addresses with too many password failures.</p></td> <tr><td> <a href='services_fetchmail.html'> fetchmail</a></td> <td><p>Remote-mail retrieval and forwarding utility</p></td> <tr><td> <a href='services_finger.html'> finger</a></td> <td><p>Finger user information service.</p></td> <tr><td> <a href='services_ftp.html'> ftp</a></td> <td><p>File transfer protocol service</p></td> <tr><td> <a href='services_gatekeeper.html'> gatekeeper</a></td> <td><p>OpenH.323 Voice-Over-IP Gatekeeper</p></td> <tr><td> <a href='services_gpm.html'> gpm</a></td> <td><p>General Purpose Mouse driver</p></td> <tr><td> <a href='services_hal.html'> hal</a></td> <td><p>Hardware abstraction layer</p></td> <tr><td> <a href='services_howl.html'> howl</a></td> <td><p>Port of Apple Rendezvous multicast DNS</p></td> <tr><td> <a href='services_i18n_input.html'> i18n_input</a></td> <td><p>IIIMF htt server</p></td> <tr><td> <a href='services_imaze.html'> imaze</a></td> <td><p>iMaze game server</p></td> <tr><td> <a href='services_inetd.html'> inetd</a></td> <td><p>Internet services daemon.</p></td> <tr><td> <a href='services_inn.html'> inn</a></td> <td><p>Internet News NNTP server</p></td> <tr><td> <a href='services_ircd.html'> ircd</a></td> <td><p>IRC server</p></td> <tr><td> <a href='services_irqbalance.html'> irqbalance</a></td> <td><p>IRQ balancing daemon</p></td> <tr><td> <a href='services_jabber.html'> jabber</a></td> <td><p>Jabber instant messaging server</p></td> <tr><td> <a href='services_kerberos.html'> kerberos</a></td> <td><p>MIT Kerberos admin and KDC</p></td> <tr><td> <a href='services_ktalk.html'> ktalk</a></td> <td><p>KDE Talk daemon</p></td> <tr><td> <a href='services_ldap.html'> ldap</a></td> <td><p>OpenLDAP directory server</p></td> <tr><td> <a href='services_lpd.html'> lpd</a></td> <td><p>Line printer daemon</p></td> <tr><td> <a href='services_mailman.html'> mailman</a></td> <td><p>Mailman is for managing electronic mail discussion and e-newsletter lists</p></td> <tr><td> <a href='services_milter.html'> milter</a></td> <td><p>Milter mail filters</p></td> <tr><td> <a href='services_monop.html'> monop</a></td> <td><p>Monopoly daemon</p></td> <tr><td> <a href='services_mta.html'> mta</a></td> <td><p>Policy common to all email tranfer agents.</p></td> <tr><td> <a href='services_munin.html'> munin</a></td> <td><p>Munin network-wide load graphing (formerly LRRD)</p></td> <tr><td> <a href='services_mysql.html'> mysql</a></td> <td><p>Policy for MySQL</p></td> <tr><td> <a href='services_nagios.html'> nagios</a></td> <td><p>Net Saint / NAGIOS - network monitoring server</p></td> <tr><td> <a href='services_nessus.html'> nessus</a></td> <td><p>Nessus network scanning daemon</p></td> <tr><td> <a href='services_networkmanager.html'> networkmanager</a></td> <td><p>Manager for dynamically switching between networks.</p></td> <tr><td> <a href='services_nis.html'> nis</a></td> <td><p>Policy for NIS (YP) servers and clients</p></td> <tr><td> <a href='services_nscd.html'> nscd</a></td> <td><p>Name service cache daemon</p></td> <tr><td> <a href='services_nsd.html'> nsd</a></td> <td><p>Authoritative only name server</p></td> <tr><td> <a href='services_ntop.html'> ntop</a></td> <td><p>Network Top</p></td> <tr><td> <a href='services_ntp.html'> ntp</a></td> <td><p>Network time protocol daemon</p></td> <tr><td> <a href='services_nx.html'> nx</a></td> <td><p>NX remote desktop</p></td> <tr><td> <a href='services_oav.html'> oav</a></td> <td><p>Open AntiVirus scannerdaemon and signature update</p></td> <tr><td> <a href='services_oddjob.html'> oddjob</a></td> <td><p> Oddjob provides a mechanism by which unprivileged applications can request that specified privileged operations be performed on their behalf. </p></td> <tr><td> <a href='services_openca.html'> openca</a></td> <td><p>OpenCA - Open Certificate Authority</p></td> <tr><td> <a href='services_openct.html'> openct</a></td> <td><p>Service for handling smart card readers.</p></td> <tr><td> <a href='services_openvpn.html'> openvpn</a></td> <td><p>full-featured SSL VPN solution</p></td> <tr><td> <a href='services_pcscd.html'> pcscd</a></td> <td><p>policy for pcscd</p></td> <tr><td> <a href='services_pegasus.html'> pegasus</a></td> <td><p>The Open Group Pegasus CIM/WBEM Server.</p></td> <tr><td> <a href='services_perdition.html'> perdition</a></td> <td><p>Perdition POP and IMAP proxy</p></td> <tr><td> <a href='services_piranha.html'> piranha</a></td> <td><p>policy for piranha</p></td> <tr><td> <a href='services_pki.html'> pki</a></td> <td><p>policy for pki</p></td> <tr><td> <a href='services_portmap.html'> portmap</a></td> <td><p>RPC port mapping service.</p></td> <tr><td> <a href='services_portslave.html'> portslave</a></td> <td><p>Portslave terminal server software</p></td> <tr><td> <a href='services_postfix.html'> postfix</a></td> <td><p>Postfix email server</p></td> <tr><td> <a href='services_postgresql.html'> postgresql</a></td> <td><p>PostgreSQL relational database</p></td> <tr><td> <a href='services_postgrey.html'> postgrey</a></td> <td><p>Postfix grey-listing server</p></td> <tr><td> <a href='services_ppp.html'> ppp</a></td> <td><p>Point to Point Protocol daemon creates links in ppp networks</p></td> <tr><td> <a href='services_prelude.html'> prelude</a></td> <td><p>Prelude hybrid intrusion detection system</p></td> <tr><td> <a href='services_privoxy.html'> privoxy</a></td> <td><p>Privacy enhancing web proxy.</p></td> <tr><td> <a href='services_procmail.html'> procmail</a></td> <td><p>Procmail mail delivery agent</p></td> <tr><td> <a href='services_publicfile.html'> publicfile</a></td> <td><p>publicfile supplies files to the public through HTTP and FTP</p></td> <tr><td> <a href='services_pxe.html'> pxe</a></td> <td><p>Server for the PXE network boot protocol</p></td> <tr><td> <a href='services_pyzor.html'> pyzor</a></td> <td><p>Pyzor is a distributed, collaborative spam detection and filtering network.</p></td> <tr><td> <a href='services_qmail.html'> qmail</a></td> <td><p>Qmail Mail Server</p></td> <tr><td> <a href='services_radius.html'> radius</a></td> <td><p>RADIUS authentication and accounting server.</p></td> <tr><td> <a href='services_radvd.html'> radvd</a></td> <td><p>IPv6 router advertisement daemon</p></td> <tr><td> <a href='services_razor.html'> razor</a></td> <td><p>A distributed, collaborative, spam detection and filtering network.</p></td> <tr><td> <a href='services_rdisc.html'> rdisc</a></td> <td><p>Network router discovery daemon</p></td> <tr><td> <a href='services_remotelogin.html'> remotelogin</a></td> <td><p>Policy for rshd, rlogind, and telnetd.</p></td> <tr><td> <a href='services_resmgr.html'> resmgr</a></td> <td><p>Resource management daemon</p></td> <tr><td> <a href='services_rgmanager.html'> rgmanager</a></td> <td><p>SELinux policy for rgmanager</p></td> <tr><td> <a href='services_rhcs.html'> rhcs</a></td> <td><p>SELinux policy for RHCS - Red Hat Cluster Suite </p></td> <tr><td> <a href='services_rhgb.html'> rhgb</a></td> <td><p> Red Hat Graphical Boot </p></td> <tr><td> <a href='services_rhsmcertd.html'> rhsmcertd</a></td> <td><p>Subscription Management Certificate Daemon policy</p></td> <tr><td> <a href='services_ricci.html'> ricci</a></td> <td><p>Ricci cluster management agent</p></td> <tr><td> <a href='services_rlogin.html'> rlogin</a></td> <td><p>Remote login daemon</p></td> <tr><td> <a href='services_roundup.html'> roundup</a></td> <td><p>Roundup Issue Tracking System policy</p></td> <tr><td> <a href='services_rpc.html'> rpc</a></td> <td><p>Remote Procedure Call Daemon for managment of network based process communication</p></td> <tr><td> <a href='services_rshd.html'> rshd</a></td> <td><p>Remote shell service.</p></td> <tr><td> <a href='services_rsync.html'> rsync</a></td> <td><p>Fast incremental file transfer for synchronization</p></td> <tr><td> <a href='services_samba.html'> samba</a></td> <td><p> SMB and CIFS client/server programs for UNIX and name Service Switch daemon for resolving names from Windows NT servers. </p></td> <tr><td> <a href='services_sasl.html'> sasl</a></td> <td><p>SASL authentication server</p></td> <tr><td> <a href='services_sendmail.html'> sendmail</a></td> <td><p>Policy for sendmail.</p></td> <tr><td> <a href='services_setroubleshoot.html'> setroubleshoot</a></td> <td><p>SELinux troubleshooting service</p></td> <tr><td> <a href='services_slrnpull.html'> slrnpull</a></td> <td><p>Service for downloading news feeds the slrn newsreader.</p></td> <tr><td> <a href='services_smartmon.html'> smartmon</a></td> <td><p>Smart disk monitoring daemon policy</p></td> <tr><td> <a href='services_snmp.html'> snmp</a></td> <td><p>Simple network management protocol services</p></td> <tr><td> <a href='services_snort.html'> snort</a></td> <td><p>Snort network intrusion detection system</p></td> <tr><td> <a href='services_soundserver.html'> soundserver</a></td> <td><p>sound server for network audio server programs, nasd, yiff, etc</p></td> <tr><td> <a href='services_spamassassin.html'> spamassassin</a></td> <td><p>Filter used for removing unsolicited email.</p></td> <tr><td> <a href='services_speedtouch.html'> speedtouch</a></td> <td><p>Alcatel speedtouch USB ADSL modem</p></td> <tr><td> <a href='services_squid.html'> squid</a></td> <td><p>Squid caching http proxy server</p></td> <tr><td> <a href='services_ssh.html'> ssh</a></td> <td><p>Secure shell client and server policy.</p></td> <tr><td> <a href='services_sssd.html'> sssd</a></td> <td><p>System Security Services Daemon</p></td> <tr><td> <a href='services_stunnel.html'> stunnel</a></td> <td><p>SSL Tunneling Proxy</p></td> <tr><td> <a href='services_sysstat.html'> sysstat</a></td> <td><p>Policy for sysstat. Reports on various system states</p></td> <tr><td> <a href='services_tcpd.html'> tcpd</a></td> <td><p>Policy for TCP daemon.</p></td> <tr><td> <a href='services_telnet.html'> telnet</a></td> <td><p>Telnet daemon</p></td> <tr><td> <a href='services_tftp.html'> tftp</a></td> <td><p>Trivial file transfer protocol daemon</p></td> <tr><td> <a href='services_timidity.html'> timidity</a></td> <td><p>MIDI to WAV converter and player configured as a service</p></td> <tr><td> <a href='services_tor.html'> tor</a></td> <td><p>TOR, the onion router</p></td> <tr><td> <a href='services_transproxy.html'> transproxy</a></td> <td><p>HTTP transperant proxy</p></td> <tr><td> <a href='services_ucspitcp.html'> ucspitcp</a></td> <td><p>ucspitcp policy</p></td> <tr><td> <a href='services_uptime.html'> uptime</a></td> <td><p>Uptime daemon</p></td> <tr><td> <a href='services_uucp.html'> uucp</a></td> <td><p>Unix to Unix Copy</p></td> <tr><td> <a href='services_uwimap.html'> uwimap</a></td> <td><p>University of Washington IMAP toolkit POP3 and IMAP mail server</p></td> <tr><td> <a href='services_vhostmd.html'> vhostmd</a></td> <td><p>policy for vhostmd</p></td> <tr><td> <a href='services_virt.html'> virt</a></td> <td><p>Libvirt virtualization API</p></td> <tr><td> <a href='services_watchdog.html'> watchdog</a></td> <td><p>Software watchdog</p></td> <tr><td> <a href='services_xfs.html'> xfs</a></td> <td><p>X Windows Font Server </p></td> <tr><td> <a href='services_xprint.html'> xprint</a></td> <td><p>X print server</p></td> <tr><td> <a href='services_xserver.html'> xserver</a></td> <td><p>X Windows Server</p></td> <tr><td> <a href='services_zarafa.html'> zarafa</a></td> <td><p>Zarafa collaboration platform.</p></td> <tr><td> <a href='services_zebra.html'> zebra</a></td> <td><p>Zebra border gateway protocol network routing service</p></td> <tr><td> <a href='services_zosremote.html'> zosremote</a></td> <td><p>policy for z/OS Remote-services Audit dispatcher plugin</p></td> </td></tr> </td></tr> </table> <p/><br/><br/> </div> </body> </html>