<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> - <a href='admin_accountsd.html'> accountsd</a><br/> - <a href='admin_acct.html'> acct</a><br/> - <a href='admin_alsa.html'> alsa</a><br/> - <a href='admin_amanda.html'> amanda</a><br/> - <a href='admin_amtu.html'> amtu</a><br/> - <a href='admin_anaconda.html'> anaconda</a><br/> - <a href='admin_apt.html'> apt</a><br/> - <a href='admin_backup.html'> backup</a><br/> - <a href='admin_bootloader.html'> bootloader</a><br/> - <a href='admin_brctl.html'> brctl</a><br/> - <a href='admin_certwatch.html'> certwatch</a><br/> - <a href='admin_consoletype.html'> consoletype</a><br/> - <a href='admin_ddcprobe.html'> ddcprobe</a><br/> - <a href='admin_dmesg.html'> dmesg</a><br/> - <a href='admin_dmidecode.html'> dmidecode</a><br/> - <a href='admin_dpkg.html'> dpkg</a><br/> - <a href='admin_firstboot.html'> firstboot</a><br/> - <a href='admin_kismet.html'> kismet</a><br/> - <a href='admin_kudzu.html'> kudzu</a><br/> - <a href='admin_logrotate.html'> logrotate</a><br/> - <a href='admin_logwatch.html'> logwatch</a><br/> - <a href='admin_mcelog.html'> mcelog</a><br/> - <a href='admin_mrtg.html'> mrtg</a><br/> - <a href='admin_ncftool.html'> ncftool</a><br/> - <a href='admin_netutils.html'> netutils</a><br/> - <a href='admin_portage.html'> portage</a><br/> - <a href='admin_prelink.html'> prelink</a><br/> - <a href='admin_quota.html'> quota</a><br/> - <a href='admin_readahead.html'> readahead</a><br/> - <a href='admin_rpm.html'> rpm</a><br/> - <a href='admin_sectoolm.html'> sectoolm</a><br/> - <a href='admin_shorewall.html'> shorewall</a><br/> - <a href='admin_shutdown.html'> shutdown</a><br/> - <a href='admin_smoltclient.html'> smoltclient</a><br/> - <a href='admin_su.html'> su</a><br/> - <a href='admin_sudo.html'> sudo</a><br/> - <a href='admin_sxid.html'> sxid</a><br/> - <a href='admin_tmpreaper.html'> tmpreaper</a><br/> - <a href='admin_tripwire.html'> tripwire</a><br/> - <a href='admin_tzdata.html'> tzdata</a><br/> - <a href='admin_updfstab.html'> updfstab</a><br/> - <a href='admin_usbmodules.html'> usbmodules</a><br/> - <a href='admin_usermanage.html'> usermanage</a><br/> - <a href='admin_vbetool.html'> vbetool</a><br/> - <a href='admin_vpn.html'> vpn</a><br/> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> - <a href='apps_ada.html'> ada</a><br/> - <a href='apps_authbind.html'> authbind</a><br/> - <a href='apps_awstats.html'> awstats</a><br/> - <a href='apps_calamaris.html'> calamaris</a><br/> - <a href='apps_cdrecord.html'> cdrecord</a><br/> - <a href='apps_chrome.html'> chrome</a><br/> - <a href='apps_cpufreqselector.html'> cpufreqselector</a><br/> - <a href='apps_ethereal.html'> ethereal</a><br/> - <a href='apps_evolution.html'> evolution</a><br/> - <a href='apps_execmem.html'> execmem</a><br/> - <a href='apps_firewallgui.html'> firewallgui</a><br/> - <a href='apps_games.html'> games</a><br/> - <a href='apps_gift.html'> gift</a><br/> - <a href='apps_gitosis.html'> gitosis</a><br/> - <a href='apps_gnome.html'> gnome</a><br/> - <a href='apps_gpg.html'> gpg</a><br/> - <a href='apps_irc.html'> irc</a><br/> - <a href='apps_java.html'> java</a><br/> - <a href='apps_kdumpgui.html'> kdumpgui</a><br/> - <a href='apps_livecd.html'> livecd</a><br/> - <a href='apps_loadkeys.html'> loadkeys</a><br/> - <a href='apps_lockdev.html'> lockdev</a><br/> - <a href='apps_mediawiki.html'> mediawiki</a><br/> - <a href='apps_mono.html'> mono</a><br/> - <a href='apps_mozilla.html'> mozilla</a><br/> - <a href='apps_mplayer.html'> mplayer</a><br/> - <a href='apps_namespace.html'> namespace</a><br/> - <a href='apps_nsplugin.html'> nsplugin</a><br/> - <a href='apps_openoffice.html'> openoffice</a><br/> - <a href='apps_podsleuth.html'> podsleuth</a><br/> - <a href='apps_ptchown.html'> ptchown</a><br/> - <a href='apps_pulseaudio.html'> pulseaudio</a><br/> - <a href='apps_qemu.html'> qemu</a><br/> - <a href='apps_rssh.html'> rssh</a><br/> - <a href='apps_sambagui.html'> sambagui</a><br/> - <a href='apps_sandbox.html'> sandbox</a><br/> - <a href='apps_screen.html'> screen</a><br/> - <a href='apps_seunshare.html'> seunshare</a><br/> - <a href='apps_slocate.html'> slocate</a><br/> - <a href='apps_telepathy.html'> telepathy</a><br/> - <a href='apps_thunderbird.html'> thunderbird</a><br/> - <a href='apps_tvtime.html'> tvtime</a><br/> - <a href='apps_uml.html'> uml</a><br/> - <a href='apps_userhelper.html'> userhelper</a><br/> - <a href='apps_usernetctl.html'> usernetctl</a><br/> - <a href='apps_vmware.html'> vmware</a><br/> - <a href='apps_webalizer.html'> webalizer</a><br/> - <a href='apps_wine.html'> wine</a><br/> - <a href='apps_wireshark.html'> wireshark</a><br/> - <a href='apps_wm.html'> wm</a><br/> - <a href='apps_xscreensaver.html'> xscreensaver</a><br/> - <a href='apps_yam.html'> yam</a><br/> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> - <a href='kernel_corecommands.html'> corecommands</a><br/> - <a href='kernel_corenetwork.html'> corenetwork</a><br/> - <a href='kernel_devices.html'> devices</a><br/> - <a href='kernel_domain.html'> domain</a><br/> - <a href='kernel_files.html'> files</a><br/> - <a href='kernel_filesystem.html'> filesystem</a><br/> - <a href='kernel_kernel.html'> kernel</a><br/> - <a href='kernel_mcs.html'> mcs</a><br/> - <a href='kernel_mls.html'> mls</a><br/> - <a href='kernel_selinux.html'> selinux</a><br/> - <a href='kernel_storage.html'> storage</a><br/> - <a href='kernel_terminal.html'> terminal</a><br/> - <a href='kernel_ubac.html'> ubac</a><br/> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> - <a href='roles_auditadm.html'> auditadm</a><br/> - <a href='roles_dbadm.html'> dbadm</a><br/> - <a href='roles_guest.html'> guest</a><br/> - <a href='roles_logadm.html'> logadm</a><br/> - <a href='roles_secadm.html'> secadm</a><br/> - <a href='roles_staff.html'> staff</a><br/> - <a href='roles_sysadm.html'> sysadm</a><br/> - <a href='roles_unconfineduser.html'> unconfineduser</a><br/> - <a href='roles_unprivuser.html'> unprivuser</a><br/> - <a href='roles_webadm.html'> webadm</a><br/> - <a href='roles_xguest.html'> xguest</a><br/> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> - <a href='services_abrt.html'> abrt</a><br/> - <a href='services_afs.html'> afs</a><br/> - <a href='services_aiccu.html'> aiccu</a><br/> - <a href='services_aide.html'> aide</a><br/> - <a href='services_aisexec.html'> aisexec</a><br/> - <a href='services_amavis.html'> amavis</a><br/> - <a href='services_apache.html'> apache</a><br/> - <a href='services_apcupsd.html'> apcupsd</a><br/> - <a href='services_apm.html'> apm</a><br/> - <a href='services_arpwatch.html'> arpwatch</a><br/> - <a href='services_asterisk.html'> asterisk</a><br/> - <a href='services_audioentropy.html'> audioentropy</a><br/> - <a href='services_automount.html'> automount</a><br/> - <a href='services_avahi.html'> avahi</a><br/> - <a href='services_bind.html'> bind</a><br/> - <a href='services_bitlbee.html'> bitlbee</a><br/> - <a href='services_bluetooth.html'> bluetooth</a><br/> - <a href='services_boinc.html'> boinc</a><br/> - <a href='services_bugzilla.html'> bugzilla</a><br/> - <a href='services_cachefilesd.html'> cachefilesd</a><br/> - <a href='services_canna.html'> canna</a><br/> - <a href='services_ccs.html'> ccs</a><br/> - <a href='services_certmaster.html'> certmaster</a><br/> - <a href='services_certmonger.html'> certmonger</a><br/> - <a href='services_cgroup.html'> cgroup</a><br/> - <a href='services_chronyd.html'> chronyd</a><br/> - <a href='services_cipe.html'> cipe</a><br/> - <a href='services_clamav.html'> clamav</a><br/> - <a href='services_clockspeed.html'> clockspeed</a><br/> - <a href='services_clogd.html'> clogd</a><br/> - <a href='services_cmirrord.html'> cmirrord</a><br/> - <a href='services_cobbler.html'> cobbler</a><br/> - <a href='services_comsat.html'> comsat</a><br/> - <a href='services_consolekit.html'> consolekit</a><br/> - <a href='services_corosync.html'> corosync</a><br/> - <a href='services_courier.html'> courier</a><br/> - <a href='services_cpucontrol.html'> cpucontrol</a><br/> - <a href='services_cron.html'> cron</a><br/> - <a href='services_cups.html'> cups</a><br/> - <a href='services_cvs.html'> cvs</a><br/> - <a href='services_cyphesis.html'> cyphesis</a><br/> - <a href='services_cyrus.html'> cyrus</a><br/> - <a href='services_dante.html'> dante</a><br/> - <a href='services_dbskk.html'> dbskk</a><br/> - <a href='services_dbus.html'> dbus</a><br/> - <a href='services_dcc.html'> dcc</a><br/> - <a href='services_ddclient.html'> ddclient</a><br/> - <a href='services_denyhosts.html'> denyhosts</a><br/> - <a href='services_devicekit.html'> devicekit</a><br/> - <a href='services_dhcp.html'> dhcp</a><br/> - <a href='services_dictd.html'> dictd</a><br/> - <a href='services_dirsrv.html'> dirsrv</a><br/> - <a href='services_dirsrv-admin.html'> dirsrv-admin</a><br/> - <a href='services_distcc.html'> distcc</a><br/> - <a href='services_djbdns.html'> djbdns</a><br/> - <a href='services_dkim.html'> dkim</a><br/> - <a href='services_dnsmasq.html'> dnsmasq</a><br/> - <a href='services_dovecot.html'> dovecot</a><br/> - <a href='services_exim.html'> exim</a><br/> - <a href='services_fail2ban.html'> fail2ban</a><br/> - <a href='services_fetchmail.html'> fetchmail</a><br/> - <a href='services_finger.html'> finger</a><br/> - <a href='services_fprintd.html'> fprintd</a><br/> - <a href='services_ftp.html'> ftp</a><br/> - <a href='services_gatekeeper.html'> gatekeeper</a><br/> - <a href='services_git.html'> git</a><br/> - <a href='services_gnomeclock.html'> gnomeclock</a><br/> - <a href='services_gpm.html'> gpm</a><br/> - <a href='services_gpsd.html'> gpsd</a><br/> - <a href='services_hal.html'> hal</a><br/> - <a href='services_hddtemp.html'> hddtemp</a><br/> - <a href='services_howl.html'> howl</a><br/> - <a href='services_i18n_input.html'> i18n_input</a><br/> - <a href='services_icecast.html'> icecast</a><br/> - <a href='services_ifplugd.html'> ifplugd</a><br/> - <a href='services_imaze.html'> imaze</a><br/> - <a href='services_inetd.html'> inetd</a><br/> - <a href='services_inn.html'> inn</a><br/> - <a href='services_ircd.html'> ircd</a><br/> - <a href='services_irqbalance.html'> irqbalance</a><br/> - <a href='services_jabber.html'> jabber</a><br/> - <a href='services_kerberos.html'> kerberos</a><br/> - <a href='services_kerneloops.html'> kerneloops</a><br/> - <a href='services_ksmtuned.html'> ksmtuned</a><br/> - <a href='services_ktalk.html'> ktalk</a><br/> - <a href='services_ldap.html'> ldap</a><br/> - <a href='services_likewise.html'> likewise</a><br/> - <a href='services_lircd.html'> lircd</a><br/> - <a href='services_lpd.html'> lpd</a><br/> - <a href='services_mailman.html'> mailman</a><br/> - <a href='services_matahari.html'> matahari</a><br/> - <a href='services_memcached.html'> memcached</a><br/> - <a href='services_milter.html'> milter</a><br/> - <a href='services_modemmanager.html'> modemmanager</a><br/> - <a href='services_monop.html'> monop</a><br/> - <a href='services_mpd.html'> mpd</a><br/> - <a href='services_mta.html'> mta</a><br/> - <a href='services_munin.html'> munin</a><br/> - <a href='services_mysql.html'> mysql</a><br/> - <a href='services_nagios.html'> nagios</a><br/> - <a href='services_nessus.html'> nessus</a><br/> - <a href='services_networkmanager.html'> networkmanager</a><br/> - <a href='services_nis.html'> nis</a><br/> - <a href='services_nscd.html'> nscd</a><br/> - <a href='services_nsd.html'> nsd</a><br/> - <a href='services_nslcd.html'> nslcd</a><br/> - <a href='services_ntop.html'> ntop</a><br/> - <a href='services_ntp.html'> ntp</a><br/> - <a href='services_nut.html'> nut</a><br/> - <a href='services_nx.html'> nx</a><br/> - <a href='services_oav.html'> oav</a><br/> - <a href='services_oddjob.html'> oddjob</a><br/> - <a href='services_oident.html'> oident</a><br/> - <a href='services_openca.html'> openca</a><br/> - <a href='services_openct.html'> openct</a><br/> - <a href='services_openvpn.html'> openvpn</a><br/> - <a href='services_pads.html'> pads</a><br/> - <a href='services_passenger.html'> passenger</a><br/> - <a href='services_pcscd.html'> pcscd</a><br/> - <a href='services_pegasus.html'> pegasus</a><br/> - <a href='services_perdition.html'> perdition</a><br/> - <a href='services_pingd.html'> pingd</a><br/> - <a href='services_piranha.html'> piranha</a><br/> - <a href='services_plymouthd.html'> plymouthd</a><br/> - <a href='services_policykit.html'> policykit</a><br/> - <a href='services_portmap.html'> portmap</a><br/> - <a href='services_portreserve.html'> portreserve</a><br/> - <a href='services_portslave.html'> portslave</a><br/> - <a href='services_postfix.html'> postfix</a><br/> - <a href='services_postfixpolicyd.html'> postfixpolicyd</a><br/> - <a href='services_postgresql.html'> postgresql</a><br/> - <a href='services_postgrey.html'> postgrey</a><br/> - <a href='services_ppp.html'> ppp</a><br/> - <a href='services_prelude.html'> prelude</a><br/> - <a href='services_privoxy.html'> privoxy</a><br/> - <a href='services_procmail.html'> procmail</a><br/> - <a href='services_psad.html'> psad</a><br/> - <a href='services_publicfile.html'> publicfile</a><br/> - <a href='services_puppet.html'> puppet</a><br/> - <a href='services_pxe.html'> pxe</a><br/> - <a href='services_pyicqt.html'> pyicqt</a><br/> - <a href='services_pyzor.html'> pyzor</a><br/> - <a href='services_qmail.html'> qmail</a><br/> - <a href='services_qpidd.html'> qpidd</a><br/> - <a href='services_radius.html'> radius</a><br/> - <a href='services_radvd.html'> radvd</a><br/> - <a href='services_razor.html'> razor</a><br/> - <a href='services_rdisc.html'> rdisc</a><br/> - <a href='services_remotelogin.html'> remotelogin</a><br/> - <a href='services_resmgr.html'> resmgr</a><br/> - <a href='services_rgmanager.html'> rgmanager</a><br/> - <a href='services_rhcs.html'> rhcs</a><br/> - <a href='services_rhgb.html'> rhgb</a><br/> - <a href='services_ricci.html'> ricci</a><br/> - <a href='services_rlogin.html'> rlogin</a><br/> - <a href='services_roundup.html'> roundup</a><br/> - <a href='services_rpc.html'> rpc</a><br/> - <a href='services_rpcbind.html'> rpcbind</a><br/> - <a href='services_rshd.html'> rshd</a><br/> - <a href='services_rsync.html'> rsync</a><br/> - <a href='services_rtkit.html'> rtkit</a><br/> - <a href='services_rwho.html'> rwho</a><br/> - <a href='services_samba.html'> samba</a><br/> - <a href='services_sasl.html'> sasl</a><br/> - <a href='services_sendmail.html'> sendmail</a><br/> - <a href='services_setroubleshoot.html'> setroubleshoot</a><br/> - <a href='services_slrnpull.html'> slrnpull</a><br/> - <a href='services_smartmon.html'> smartmon</a><br/> - <a href='services_smokeping.html'> smokeping</a><br/> - <a href='services_snmp.html'> snmp</a><br/> - <a href='services_snort.html'> snort</a><br/> - <a href='services_soundserver.html'> soundserver</a><br/> - <a href='services_spamassassin.html'> spamassassin</a><br/> - <a href='services_speedtouch.html'> speedtouch</a><br/> - <a href='services_squid.html'> squid</a><br/> - <a href='services_ssh.html'> ssh</a><br/> - <a href='services_sssd.html'> sssd</a><br/> - <a href='services_stunnel.html'> stunnel</a><br/> - <a href='services_sysstat.html'> sysstat</a><br/> - <a href='services_tcpd.html'> tcpd</a><br/> - <a href='services_telnet.html'> telnet</a><br/> - <a href='services_tftp.html'> tftp</a><br/> - <a href='services_tgtd.html'> tgtd</a><br/> - <a href='services_timidity.html'> timidity</a><br/> - <a href='services_tor.html'> tor</a><br/> - <a href='services_transproxy.html'> transproxy</a><br/> - <a href='services_tuned.html'> tuned</a><br/> - <a href='services_ucspitcp.html'> ucspitcp</a><br/> - <a href='services_ulogd.html'> ulogd</a><br/> - <a href='services_uptime.html'> uptime</a><br/> - <a href='services_usbmuxd.html'> usbmuxd</a><br/> - <a href='services_uucp.html'> uucp</a><br/> - <a href='services_uwimap.html'> uwimap</a><br/> - <a href='services_varnishd.html'> varnishd</a><br/> - <a href='services_vdagent.html'> vdagent</a><br/> - <a href='services_vhostmd.html'> vhostmd</a><br/> - <a href='services_virt.html'> virt</a><br/> - <a href='services_w3c.html'> w3c</a><br/> - <a href='services_watchdog.html'> watchdog</a><br/> - <a href='services_xfs.html'> xfs</a><br/> - <a href='services_xprint.html'> xprint</a><br/> - <a href='services_xserver.html'> xserver</a><br/> - <a href='services_zabbix.html'> zabbix</a><br/> - <a href='services_zebra.html'> zebra</a><br/> - <a href='services_zosremote.html'> zosremote</a><br/> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> - <a href='system_application.html'> application</a><br/> - <a href='system_authlogin.html'> authlogin</a><br/> - <a href='system_clock.html'> clock</a><br/> - <a href='system_daemontools.html'> daemontools</a><br/> - <a href='system_fstools.html'> fstools</a><br/> - <a href='system_getty.html'> getty</a><br/> - <a href='system_hostname.html'> hostname</a><br/> - <a href='system_hotplug.html'> hotplug</a><br/> - <a href='system_init.html'> init</a><br/> - <a href='system_ipsec.html'> ipsec</a><br/> - <a href='system_iptables.html'> iptables</a><br/> - <a href='system_iscsi.html'> iscsi</a><br/> - <a href='system_kdump.html'> kdump</a><br/> - <a href='system_libraries.html'> libraries</a><br/> - <a href='system_locallogin.html'> locallogin</a><br/> - <a href='system_logging.html'> logging</a><br/> - <a href='system_lvm.html'> lvm</a><br/> - <a href='system_miscfiles.html'> miscfiles</a><br/> - <a href='system_modutils.html'> modutils</a><br/> - <a href='system_mount.html'> mount</a><br/> - <a href='system_netlabel.html'> netlabel</a><br/> - <a href='system_pcmcia.html'> pcmcia</a><br/> - <a href='system_raid.html'> raid</a><br/> - <a href='system_selinuxutil.html'> selinuxutil</a><br/> - <a href='system_setrans.html'> setrans</a><br/> - <a href='system_sosreport.html'> sosreport</a><br/> - <a href='system_sysnetwork.html'> sysnetwork</a><br/> - <a href='system_udev.html'> udev</a><br/> - <a href='system_unconfined.html'> unconfined</a><br/> - <a href='system_userdomain.html'> userdomain</a><br/> - <a href='system_xen.html'> xen</a><br/> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <h3>Master tunable index:</h3> <div id="interfacesmall"> Module: <a href='services_abrt.html#link_abrt_anon_write'> abrt</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> abrt_anon_write <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow ABRT to modify public files used for public file transfer services. </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> allow_console_login <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow direct login to the console device. Required for System 390 </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_cvs.html#link_allow_cvs_read_shadow'> cvs</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_cvs_read_shadow <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow cvs daemon to read shadow </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_init.html#link_allow_daemons_dump_core'> init</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> allow_daemons_dump_core <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow all daemons to write corefiles to / </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_init.html#link_allow_daemons_use_tcp_wrapper'> init</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> allow_daemons_use_tcp_wrapper <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow all daemons to use tcp wrappers. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_init.html#link_allow_daemons_use_tty'> init</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> allow_daemons_use_tty <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow all daemons the ability to read/write terminals </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='kernel_domain.html#link_allow_domain_fd_use'> domain</a><p/> Layer: <a href='kernel.html'> kernel</a><p/> <div id="codeblock"> allow_domain_fd_use <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow all domains to use other domains file descriptors </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> allow_execheap <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> allow_execmem <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla") </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> allow_execmod <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t") </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> allow_execstack <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla") </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ftp.html#link_allow_ftpd_anon_write'> ftp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_ftpd_anon_write <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow ftp servers to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ftp.html#link_allow_ftpd_full_access'> ftp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_ftpd_full_access <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow ftp servers to login to local users and read/write all files on the system, governed by DAC. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ftp.html#link_allow_ftpd_use_cifs'> ftp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_ftpd_use_cifs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow ftp servers to use cifs used for public file transfer services. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ftp.html#link_allow_ftpd_use_nfs'> ftp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_ftpd_use_nfs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow ftp servers to use nfs used for public file transfer services. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_rpc.html#link_allow_gssd_read_tmp'> rpc</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_gssd_read_tmp <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow gssd to read temp directory. For access to kerberos tgt. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_allow_httpd_anon_write'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_httpd_anon_write <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_rw_content_t. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_allow_httpd_mod_auth_ntlm_winbind'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_httpd_mod_auth_ntlm_winbind <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Apache to use mod_auth_ntlm_winbind </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_allow_httpd_mod_auth_pam'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_httpd_mod_auth_pam <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Apache to use mod_auth_pam </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_allow_httpd_sys_script_anon_write'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_httpd_sys_script_anon_write <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow apache scripts to write to public content. Directories/Files must be labeled public_rw_content_t. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_java.html#link_allow_java_execstack'> java</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> allow_java_execstack <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow java executable stack </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_kerberos.html#link_allow_kerberos'> kerberos</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_kerberos <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow confined applications to run with kerberos. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_mount.html#link_allow_mount_anyfile'> mount</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> allow_mount_anyfile <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow the mount command to mount any directory or file. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_mplayer.html#link_allow_mplayer_execstack'> mplayer</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> allow_mplayer_execstack <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow mplayer executable stack </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_rpc.html#link_allow_nfsd_anon_write'> rpc</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_nfsd_anon_write <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow nfs servers to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_nsplugin.html#link_allow_nsplugin_execmem'> nsplugin</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> allow_nsplugin_execmem <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow nsplugin code to execmem/execstack </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> allow_polyinstantiation <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Enable polyinstantiated directory support. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_postfix.html#link_allow_postfix_local_write_mail_spool'> postfix</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_postfix_local_write_mail_spool <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow postfix_local domain full write access to mail_spool directories </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='roles_sysadm.html#link_allow_ptrace'> sysadm</a><p/> Layer: <a href='roles.html'> roles</a><p/> <div id="codeblock"> allow_ptrace <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow sysadm to debug or ptrace all processes. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_rsync.html#link_allow_rsync_anon_write'> rsync</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_rsync_anon_write <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow rsync to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_sasl.html#link_allow_saslauthd_read_shadow'> sasl</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_saslauthd_read_shadow <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow sasl to read shadow </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_samba.html#link_allow_smbd_anon_write'> samba</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_smbd_anon_write <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow samba to modify public files used for public file transfer services. Files/Directories must be labeled public_content_rw_t. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ssh.html#link_allow_ssh_keysign'> ssh</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_ssh_keysign <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> allow host key based authentication </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='roles_unconfineduser.html#link_allow_unconfined_nsplugin_transition'> unconfineduser</a><p/> Layer: <a href='roles.html'> roles</a><p/> <div id="codeblock"> allow_unconfined_nsplugin_transition <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Transition to confined nsplugin domains from unconfined user </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='roles_unconfineduser.html#link_allow_unconfined_qemu_transition'> unconfineduser</a><p/> Layer: <a href='roles.html'> roles</a><p/> <div id="codeblock"> allow_unconfined_qemu_transition <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Transition to confined qemu domains from unconfined user </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_userdomain.html#link_allow_user_mysql_connect'> userdomain</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> allow_user_mysql_connect <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow users to connect to mysql </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_userdomain.html#link_allow_user_postgresql_connect'> userdomain</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> allow_user_postgresql_connect <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow users to connect to PostgreSQL </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_xserver.html#link_allow_write_xshm'> xserver</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_write_xshm <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allows clients to write to the X server shared memory segments. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_xserver.html#link_allow_xserver_execmem'> xserver</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_xserver_execmem <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allows XServer to execute writable memory </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> allow_ypbind <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow system to run with NIS </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_zebra.html#link_allow_zebra_write_config'> zebra</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> allow_zebra_write_config <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow zebra daemon to write it configuration files </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_authlogin.html#link_authlogin_radius'> authlogin</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> authlogin_radius <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow users to login using a radius server </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_cdrecord.html#link_cdrecord_read_content'> cdrecord</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> cdrecord_read_content <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow cdrecord to read various content. nfs, samba, removable devices, user temp and untrusted content files </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_clamav.html#link_clamd_use_jit'> clamav</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> clamd_use_jit <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow clamd to use JIT compiler </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_cobbler.html#link_cobbler_anon_write'> cobbler</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> cobbler_anon_write <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Cobbler to modify public files used for public file transfer services. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_cobbler.html#link_cobbler_can_network_connect'> cobbler</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> cobbler_can_network_connect <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Cobbler to connect to the network using TCP. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_cobbler.html#link_cobbler_use_cifs'> cobbler</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> cobbler_use_cifs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Cobbler to access cifs file systems. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_cobbler.html#link_cobbler_use_nfs'> cobbler</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> cobbler_use_nfs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Cobbler to access nfs file systems. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_cron.html#link_cron_can_relabel'> cron</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> cron_can_relabel <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow system cron jobs to relabel filesystem for restoring file contexts. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_sysnetwork.html#link_dhcpc_exec_iptables'> sysnetwork</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> dhcpc_exec_iptables <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow dhcpc client applications to execute iptables commands </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='kernel_domain.html#link_domain_kernel_load_modules'> domain</a><p/> Layer: <a href='kernel.html'> kernel</a><p/> <div id="codeblock"> domain_kernel_load_modules <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow all domains to have the kernel load modules </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_exim.html#link_exim_can_connect_db'> exim</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> exim_can_connect_db <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow exim to connect to databases (postgres, mysql) </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_exim.html#link_exim_manage_user_files'> exim</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> exim_manage_user_files <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow exim to create, read, write, and delete unprivileged user files. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_exim.html#link_exim_read_user_files'> exim</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> exim_read_user_files <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow exim to read unprivileged user files. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_cron.html#link_fcron_crond'> cron</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> fcron_crond <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Enable extra rules in the cron domain to support fcron. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_rhcs.html#link_fenced_can_network_connect'> rhcs</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> fenced_can_network_connect <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow fenced domain to connect to the network using TCP. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ftp.html#link_ftp_home_dir'> ftp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> ftp_home_dir <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow ftp to read and write files in the user home directories </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ftp.html#link_ftpd_connect_db'> ftp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> ftpd_connect_db <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow ftp servers to use connect to mysql database </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_git.html#link_git_session_bind_all_unreserved_ports'> git</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> git_session_bind_all_unreserved_ports <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Git daemon session to bind tcp sockets to all unreserved ports. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_git.html#link_git_system_enable_homedirs'> git</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> git_system_enable_homedirs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Git daemon system to search home directories. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_git.html#link_git_system_use_cifs'> git</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> git_system_use_cifs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Git daemon system to access cifs file systems. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_git.html#link_git_system_use_nfs'> git</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> git_system_use_nfs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Git daemon system to access nfs file systems. </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> global_ssp <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Enable reading of urandom for all domains. </p><p> </p><p> This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_gpg.html#link_gpg_agent_env_file'> gpg</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> gpg_agent_env_file <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow usage of the gpg-agent --write-env-file option. This also allows gpg-agent to manage user files. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_gpg.html#link_gpg_web_anon_write'> gpg</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> gpg_web_anon_write <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow gpg web domain to modify public files used for public file transfer services. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_builtin_scripting'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_builtin_scripting <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow httpd to use built in scripting (usually php) </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_can_check_spam'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_can_check_spam <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow http daemon to check spam </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_can_network_connect'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_can_network_connect <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow HTTPD scripts and modules to connect to the network using TCP. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_can_network_connect_cobbler'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_can_network_connect_cobbler <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow HTTPD scripts and modules to connect to cobbler over the network. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_can_network_connect_db'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_can_network_connect_db <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow HTTPD scripts and modules to connect to databases over the network. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_can_network_memcache'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_can_network_memcache <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow httpd to connect to memcache server </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_can_network_relay'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_can_network_relay <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow httpd to act as a relay </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_can_sendmail'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_can_sendmail <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow http daemon to send mail </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_dbus_avahi'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_dbus_avahi <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Apache to communicate with avahi service via dbus </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_enable_cgi'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_enable_cgi <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow httpd cgi support </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_enable_ftp_server'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_enable_ftp_server <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow httpd to act as a FTP server by listening on the ftp port. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_enable_homedirs'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_enable_homedirs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow httpd to read home directories </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_execmem'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_execmem <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow httpd scripts and modules execmem/execstack </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_read_user_content'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_read_user_content <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow httpd to read user content </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_setrlimit'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_setrlimit <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow httpd daemon to change system limits </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_ssi_exec'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_ssi_exec <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow HTTPD to run SSI executables in the same domain as system CGI scripts. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_tmp_exec'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_tmp_exec <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Apache to execute tmp content. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_tty_comm'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_tty_comm <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Unify HTTPD to communicate with the terminal. Needed for entering the passphrase for certificates at the terminal. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_unified'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_unified <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Unify HTTPD handling of all content files. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_use_cifs'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_use_cifs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow httpd to access cifs file systems </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_use_gpg'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_use_gpg <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow httpd to run gpg in gpg-web domain </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_apache.html#link_httpd_use_nfs'> apache</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> httpd_use_nfs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow httpd to access nfs file systems </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_icecast.html#link_icecast_connect_any'> icecast</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> icecast_connect_any <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow icecast to connect to all ports, not just sound ports. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_init.html#link_init_upstart'> init</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> init_upstart <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Enable support for upstart as the init program. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_irc.html#link_irssi_use_full_network'> irc</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> irssi_use_full_network <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow the Irssi IRC Client to connect to any port, and to bind to any unreserved port. </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> mmap_low_allowed <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow certain domains to map low memory in the kernel </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_mozilla.html#link_mozilla_read_content'> mozilla</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> mozilla_read_content <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Control mozilla content access </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_mysql.html#link_mysql_connect_any'> mysql</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> mysql_connect_any <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow mysqld to connect to all ports </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_bind.html#link_named_write_master_zones'> bind</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> named_write_master_zones <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow BIND to write the master zone files. Generally this is used for dynamic DNS or zone transfers. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='admin_ncftool.html#link_ncftool_read_user_content'> ncftool</a><p/> Layer: <a href='admin.html'> admin</a><p/> <div id="codeblock"> ncftool_read_user_content <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow ncftool to read user content. </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> nfs_export_all_ro <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow any files/directories to be exported read/only via NFS. </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> nfs_export_all_rw <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow any files/directories to be exported read/write via NFS. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_nscd.html#link_nscd_use_shm'> nscd</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> nscd_use_shm <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow confined applications to use nscd shared memory. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_nsplugin.html#link_nsplugin_can_network'> nsplugin</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> nsplugin_can_network <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow nsplugin code to connect to unreserved ports </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_openvpn.html#link_openvpn_enable_homedirs'> openvpn</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> openvpn_enable_homedirs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow openvpn to read home directories </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_piranha.html#link_piranha_lvs_can_network_connect'> piranha</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> piranha_lvs_can_network_connect <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow piranha-lvs domain to connect to the network using TCP. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ppp.html#link_pppd_can_insmod'> ppp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> pppd_can_insmod <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow pppd to load kernel modules for certain modems </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ppp.html#link_pppd_for_user'> ppp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> pppd_for_user <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow pppd to be run for a regular user </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_privoxy.html#link_privoxy_connect_any'> privoxy</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> privoxy_connect_any <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_puppet.html#link_puppet_manage_all_files'> puppet</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> puppet_manage_all_files <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow Puppet client to manage all file types. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_puppet.html#link_puppetmaster_use_db'> puppet</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> puppetmaster_use_db <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Alow Pupper master to use connect to mysql and postgresql database </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_qemu.html#link_qemu_full_network'> qemu</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> qemu_full_network <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow qemu to connect fully to the network </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_qemu.html#link_qemu_use_cifs'> qemu</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> qemu_use_cifs <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow qemu to use cifs/Samba file systems </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_qemu.html#link_qemu_use_comm'> qemu</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> qemu_use_comm <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow qemu to user serial/parallel communication ports </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_qemu.html#link_qemu_use_nfs'> qemu</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> qemu_use_nfs <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow qemu to use nfs file systems </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_qemu.html#link_qemu_use_usb'> qemu</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> qemu_use_usb <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow qemu to use usb devices </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_ipsec.html#link_racoon_read_shadow'> ipsec</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> racoon_read_shadow <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow racoon to read shadow </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_rgmanager.html#link_rgmanager_can_network_connect'> rgmanager</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> rgmanager_can_network_connect <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow rgmanager domain to connect to the network using TCP. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_rsync.html#link_rsync_client'> rsync</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> rsync_client <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow rsync to run as a client </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_rsync.html#link_rsync_export_all_ro'> rsync</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> rsync_export_all_ro <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow rsync to export any files/directories read only. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_samba.html#link_samba_create_home_dirs'> samba</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> samba_create_home_dirs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow samba to create new home directories (e.g. via PAM) </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_samba.html#link_samba_domain_controller'> samba</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> samba_domain_controller <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow samba to act as the domain controller, add users, groups and change passwords. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_samba.html#link_samba_enable_home_dirs'> samba</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> samba_enable_home_dirs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow samba to share users home directories. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_samba.html#link_samba_export_all_ro'> samba</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> samba_export_all_ro <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow samba to share any file/directory read only. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_samba.html#link_samba_export_all_rw'> samba</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> samba_export_all_rw <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow samba to share any file/directory read/write. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_samba.html#link_samba_run_unconfined'> samba</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> samba_run_unconfined <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow samba to run unconfined scripts </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_samba.html#link_samba_share_fusefs'> samba</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> samba_share_fusefs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow samba to export ntfs/fusefs volumes. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_samba.html#link_samba_share_nfs'> samba</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> samba_share_nfs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow samba to export NFS volumes. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_postgresql.html#link_sepgsql_enable_users_ddl'> postgresql</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> sepgsql_enable_users_ddl <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow unprived users to execute DDL statement </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_postgresql.html#link_sepgsql_unconfined_dbadm'> postgresql</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> sepgsql_unconfined_dbadm <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow database admins to execute DML statement </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ftp.html#link_sftpd_anon_write'> ftp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> sftpd_anon_write <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow anon internal-sftp to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ftp.html#link_sftpd_enable_homedirs'> ftp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> sftpd_enable_homedirs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow sftp-internal to read and write files in the user home directories </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ftp.html#link_sftpd_full_access'> ftp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> sftpd_full_access <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow sftp-internal to login to local users and read/write all files on the system, governed by DAC. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ftp.html#link_sftpd_write_ssh_home'> ftp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> sftpd_write_ssh_home <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow interlnal-sftp to read and write files in the user ssh home directories. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_smartmon.html#link_smartmon_3ware'> smartmon</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> smartmon_3ware <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Enable additional permissions needed to support devices on 3ware controllers. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_spamassassin.html#link_spamassassin_can_network'> spamassassin</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> spamassassin_can_network <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow user spamassassin clients to use the network. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_spamassassin.html#link_spamd_enable_home_dirs'> spamassassin</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> spamd_enable_home_dirs <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow spamd to read/write user home directories. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_squid.html#link_squid_connect_any'> squid</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> squid_connect_any <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_squid.html#link_squid_use_tproxy'> squid</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> squid_use_tproxy <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow squid to run as a transparent proxy (TPROXY) </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_ssh.html#link_ssh_sysadm_login'> ssh</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> ssh_sysadm_login <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow ssh logins as sysadm_r:sysadm_t </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_telepathy.html#link_telepathy_tcp_connect_generic_network_ports'> telepathy</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> telepathy_tcp_connect_generic_network_ports <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow the Telepathy connection managers to connect to any generic TCP port. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_tftp.html#link_tftp_anon_write'> tftp</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> tftp_anon_write <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow tftp to modify public files used for public file transfer services. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_tor.html#link_tor_bind_all_unreserved_ports'> tor</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> tor_bind_all_unreserved_ports <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow tor daemon to bind tcp sockets to all unreserved ports. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='roles_unconfineduser.html#link_unconfined_login'> unconfineduser</a><p/> Layer: <a href='roles.html'> roles</a><p/> <div id="codeblock"> unconfined_login <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow a user to login as an unconfined domain </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='roles_unconfineduser.html#link_unconfined_mmap_zero_ignore'> unconfineduser</a><p/> Layer: <a href='roles.html'> roles</a><p/> <div id="codeblock"> unconfined_mmap_zero_ignore <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Ignore unconfined mmap_zero errors </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> use_fusefs_home_dirs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Support fusefs home directories </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_lpd.html#link_use_lpd_server'> lpd</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> use_lpd_server <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Use lpd server instead of cups </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> use_nfs_home_dirs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Support NFS home directories </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> use_samba_home_dirs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Support SAMBA home directories </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_xserver.html#link_user_direct_dri'> xserver</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> user_direct_dri <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow regular users direct dri device access </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_userdomain.html#link_user_direct_mouse'> userdomain</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> user_direct_mouse <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow regular users direct mouse access </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='admin_netutils.html#link_user_ping'> netutils</a><p/> Layer: <a href='admin.html'> admin</a><p/> <div id="codeblock"> user_ping <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Control users use of ping and traceroute </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_userdomain.html#link_user_rw_noexattrfile'> userdomain</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> user_rw_noexattrfile <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY) </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_userdomain.html#link_user_setrlimit'> userdomain</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> user_setrlimit <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow user processes to change their priority </p><p> </p> </div> </div> <div id="interfacesmall"> Global <div id="codeblock"> user_tcp_server <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_userdomain.html#link_user_ttyfile_stat'> userdomain</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> user_ttyfile_stat <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow w to display everyone </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_varnishd.html#link_varnishd_connect_any'> varnishd</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> varnishd_connect_any <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow varnishd to connect to all ports, not just HTTP. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='admin_vbetool.html#link_vbetool_mmap_zero_ignore'> vbetool</a><p/> Layer: <a href='admin.html'> admin</a><p/> <div id="codeblock"> vbetool_mmap_zero_ignore <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Ignore vbetool mmap_zero errors. </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_virt.html#link_virt_use_comm'> virt</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> virt_use_comm <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow virt to use serial/parallell communication ports </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_virt.html#link_virt_use_fusefs'> virt</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> virt_use_fusefs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow virt to read fuse files </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_virt.html#link_virt_use_nfs'> virt</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> virt_use_nfs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow virt to manage nfs files </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_virt.html#link_virt_use_samba'> virt</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> virt_use_samba <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow virt to manage cifs files </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_virt.html#link_virt_use_sysfs'> virt</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> virt_use_sysfs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow virt to manage device configuration, (pci) </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_virt.html#link_virt_use_usb'> virt</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> virt_use_usb <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow virt to use usb devices </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_virt.html#link_virt_use_xserver'> virt</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> virt_use_xserver <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow virtual machine to interact with the xserver </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='roles_webadm.html#link_webadm_manage_user_files'> webadm</a><p/> Layer: <a href='roles.html'> roles</a><p/> <div id="codeblock"> webadm_manage_user_files <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow webadm to manage files in users home directories </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='roles_webadm.html#link_webadm_read_user_files'> webadm</a><p/> Layer: <a href='roles.html'> roles</a><p/> <div id="codeblock"> webadm_read_user_files <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow webadm to read files in users home directories </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='apps_wine.html#link_wine_mmap_zero_ignore'> wine</a><p/> Layer: <a href='apps.html'> apps</a><p/> <div id="codeblock"> wine_mmap_zero_ignore <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Ignore wine mmap_zero errors </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_xserver.html#link_xdm_exec_bootloader'> xserver</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> xdm_exec_bootloader <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allows xdm to execute bootloader </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_xserver.html#link_xdm_sysadm_login'> xserver</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> xdm_sysadm_login <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow xdm logins as sysadm </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='system_xen.html#link_xen_use_nfs'> xen</a><p/> Layer: <a href='system.html'> system</a><p/> <div id="codeblock"> xen_use_nfs <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Allow xen to manage nfs files </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='roles_xguest.html#link_xguest_connect_network'> xguest</a><p/> Layer: <a href='roles.html'> roles</a><p/> <div id="codeblock"> xguest_connect_network <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow xguest to configure Network Manager and connect to apache ports </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='roles_xguest.html#link_xguest_mount_media'> xguest</a><p/> Layer: <a href='roles.html'> roles</a><p/> <div id="codeblock"> xguest_mount_media <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow xguest users to mount removable media </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='roles_xguest.html#link_xguest_use_bluetooth'> xguest</a><p/> Layer: <a href='roles.html'> roles</a><p/> <div id="codeblock"> xguest_use_bluetooth <small>(Default: true)</small> </div> <div id="description"> <p> </p><p> Allow xguest to use blue tooth devices </p><p> </p> </div> </div> <div id="interfacesmall"> Module: <a href='services_xserver.html#link_xserver_object_manager'> xserver</a><p/> Layer: <a href='services.html'> services</a><p/> <div id="codeblock"> xserver_object_manager <small>(Default: false)</small> </div> <div id="description"> <p> </p><p> Support X userspace object manager </p><p> </p> </div> </div> </div> </body> </html>