SELinux User's And Administrator's Guide Red Hat Enterprise Linux 7 Users Administrators En US

User Manual:

Open the PDF directly: View PDF .
Page Count: 189 [warning: Documents this large are best viewed by clicking the View PDF Link!]

Scroll down to view the document on your mobile browser.

Table of Contents
PART I. SELINUX
CHAPTER 1. INTRODUCTION
- ADDITIONAL RESOURCES
- 1.1. BENEFITS OF RUNNING SELINUX
- 1.2. EXAMPLES
- 1.3. SELINUX ARCHITECTURE
- 1.4. SELINUX STATES AND MODES
- 1.5. ADDITIONAL RESOURCES
CHAPTER 2. SELINUX CONTEXTS
- 2.1. DOMAIN TRANSITIONS
- 2.2. SELINUX CONTEXTS FOR PROCESSES
- 2.3. SELINUX CONTEXTS FOR USERS
CHAPTER 3. TARGETED POLICY
- 3.1. CONFINED PROCESSES
- 3.2. UNCONFINED PROCESSES
- 3.3. CONFINED AND UNCONFINED USERS
  - 3.3.1. The sudo Transition and SELinux Roles
CHAPTER 4. WORKING WITH SELINUX
- 4.1. SELINUX PACKAGES
- 4.2. WHICH LOG FILE IS USED
- 4.3. MAIN CONFIGURATION FILE
- 4.4. PERMANENT CHANGES IN SELINUX STATES AND MODES
  - 4.4.1. Enabling SELinux
    - 4.4.1.1. Permissive Mode
    - 4.4.1.2. Enforcing Mode
  - 4.4.2. Disabling SELinux
- 4.5. CHANGING SELINUX MODES AT BOOT TIME
- 4.6. BOOLEANS
- 4.7. SELINUX CONTEXTS – LABELING FILES
- 4.8. THE FILE_T AND DEFAULT_T TYPES
- 4.9. MOUNTING FILE SYSTEMS
- 4.10. MAINTAINING SELINUX LABELS
- 4.11. INFORMATION GATHERING TOOLS
- 4.12. PRIORITIZING AND DISABLING SELINUX POLICY MODULES
  - Disabling a System Policy Module
- 4.13. MULTI-LEVEL SECURITY (MLS)
- 4.14. FILE NAME TRANSITION
- 4.15. DISABLING PTRACE()
- 4.16. THUMBNAIL PROTECTION
CHAPTER 5. THE SEPOLICY SUITE
- 5.1. THE SEPOLICY PYTHON BINDINGS
- 5.2. GENERATING SELINUX POLICY MODULES: SEPOLICY GENERATE
- 5.3. UNDERSTANDING DOMAIN TRANSITIONS: SEPOLICY TRANSITION
- 5.4. GENERATING MANUAL PAGES: SEPOLICY MANPAGE
CHAPTER 6. CONFINING USERS
- 6.1. LINUX AND SELINUX USER MAPPINGS
- 6.2. CONFINING NEW LINUX USERS: USERADD
- 6.3. CONFINING EXISTING LINUX USERS: SEMANAGE LOGIN
- 6.4. CHANGING THE DEFAULT MAPPING
- 6.5. XGUEST: KIOSK MODE
- 6.6. BOOLEANS FOR USERS EXECUTING APPLICATIONS
CHAPTER 7. SECURING PROGRAMS USING SANDBOX
- 7.1. RUNNING AN APPLICATION USING SANDBOX
CHAPTER 8. SVIRT
- Non-Virtualized Environment
- Virtualized Environment
- 8.1. SECURITY AND VIRTUALIZATION
- 8.2. SVIRT LABELING
CHAPTER 9. SECURE LINUX CONTAINERS
CHAPTER 10. SELINUX SYSTEMD ACCESS CONTROL
- 10.1. SELINUX ACCESS PERMISSIONS FOR SERVICES
- 10.2. SELINUX AND JOURNALD
CHAPTER 11. TROUBLESHOOTING
- 11.1. WHAT HAPPENS WHEN ACCESS IS DENIED
- 11.2. TOP THREE CAUSES OF PROBLEMS
- 11.3. FIXING PROBLEMS
CHAPTER 12. FURTHER INFORMATION
- 12.1. CONTRIBUTORS
- 12.2. OTHER RESOURCES
PART II. MANAGING CONFINED SERVICES
CHAPTER 13. INTRODUCTION
CHAPTER 14. THE APACHE HTTP SERVER
- 14.1. THE APACHE HTTP SERVER AND SELINUX
- 14.2. TYPES
- 14.3. BOOLEANS
- 14.4. CONFIGURATION EXAMPLES
CHAPTER 15. SAMBA
- 15.1. SAMBA AND SELINUX
- 15.2. TYPES
- 15.3. BOOLEANS
- 15.4. CONFIGURATION EXAMPLES
  - 15.4.1. Sharing directories you create
  - 15.4.2. Sharing a website
CHAPTER 16. FILE TRANSFER PROTOCOL
- 16.1. TYPES
- 16.2. BOOLEANS
CHAPTER 17. NETWORK FILE SYSTEM
- 17.1. NFS AND SELINUX
- 17.2. TYPES
- 17.3. BOOLEANS
- 17.4. CONFIGURATION EXAMPLES
  - 17.4.1. Enabling SELinux Labeled NFS Support
CHAPTER 18. BERKELEY INTERNET NAME DOMAIN
- 18.1. BIND AND SELINUX
- 18.2. TYPES
- 18.3. BOOLEANS
- 18.4. CONFIGURATION EXAMPLES
  - 18.4.1. Dynamic DNS
CHAPTER 19. CONCURRENT VERSIONING SYSTEM
- 19.1. CVS AND SELINUX
- 19.2. TYPES
- 19.3. BOOLEANS
- 19.4. CONFIGURATION EXAMPLES
  - 19.4.1. Setting up CVS
CHAPTER 20. SQUID CACHING PROXY
- 20.1. SQUID CACHING PROXY AND SELINUX
- 20.2. TYPES
- 20.3. BOOLEANS
- 20.4. CONFIGURATION EXAMPLES
  - 20.4.1. Squid Connecting to Non-Standard Ports
CHAPTER 21. MARIADB (A REPLACEMENT FOR MYSQL)
- 21.1. MARIADB AND SELINUX
- 21.2. TYPES
- 21.3. BOOLEANS
- 21.4. CONFIGURATION EXAMPLES
  - 21.4.1. MariaDB Changing Database Location
CHAPTER 22. POSTGRESQL
- 22.1. POSTGRESQL AND SELINUX
- 22.2. TYPES
- 22.3. BOOLEANS
- 22.4. CONFIGURATION EXAMPLES
  - 22.4.1. PostgreSQL Changing Database Location
CHAPTER 23. RSYNC
- 23.1. RSYNC AND SELINUX
- 23.2. TYPES
- 23.3. BOOLEANS
- 23.4. CONFIGURATION EXAMPLES
  - 23.4.1. Rsync as a daemon
CHAPTER 24. POSTFIX
- 24.1. POSTFIX AND SELINUX
- 24.2. TYPES
- 24.3. BOOLEANS
- 24.4. CONFIGURATION EXAMPLES
  - 24.4.1. SpamAssassin and Postfix
CHAPTER 25. DHCP
- 25.1. DHCP AND SELINUX
- 25.2. TYPES
CHAPTER 26. OPENSHIFT BY RED HAT
- 26.1. OPENSHIFT AND SELINUX
- 26.2. TYPES
- 26.3. BOOLEANS
- 26.4. CONFIGURATION EXAMPLES
  - 26.4.1. Changing the Default OpenShift Directory
CHAPTER 27. IDENTITY MANAGEMENT
- 27.1. IDENTITY MANAGEMENT AND SELINUX
  - 27.1.1. Trust to Active Directory Domains
- 27.2. CONFIGURATION EXAMPLES
  - 27.2.1. Mapping SELinux users to IdM users
CHAPTER 28. RED HAT GLUSTER STORAGE
- 28.1. RED HAT GLUSTER STORAGE AND SELINUX
- 28.2. TYPES
- 28.3. BOOLEANS
- 28.4. CONFIGURATION EXAMPLES
  - 28.4.1. Labeling Gluster Bricks
CHAPTER 29. REFERENCES
APPENDIX A. REVISION HISTORY

Navigation menu