Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   33470 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

httpd_webalizer_scripSELinuxuPolicy httpd_webhttpd_webalizer_script_selinux(8)

NAME
       httpd_webalizer_script_selinux - Security Enhanced Linux Policy for the
       httpd_webalizer_script processes

DESCRIPTION
       Security-Enhanced Linux secures	the  httpd_webalizer_script  processes
       via flexible mandatory access control.

       The  httpd_webalizer_script  processes  execute	with  the httpd_webal‐
       izer_script_t SELinux type. You can check if you have  these  processes
       running by executing the ps command with the -Z qualifier.

       For example:

       ps -eZ | grep httpd_webalizer_script_t

ENTRYPOINTS
       The  httpd_webalizer_script_t  SELinux  type  can  be  entered  via the
       shell_exec_t,	    httpd_webalizer_script_exec_t,	  httpd_webal‐
       izer_script_exec_t file types.

       The  default  entrypoint	 paths for the httpd_webalizer_script_t domain
       are the following:

       /bin/d?ash,  /bin/zsh.*,	 /bin/ksh.*,  /usr/bin/d?ash,  /usr/bin/zsh.*,
       /usr/bin/ksh.*,	/bin/esh,  /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash,
       /bin/bash,   /bin/fish,	 /bin/bash2,   /usr/bin/esh,	/usr/bin/sash,
       /usr/bin/tcsh,	  /usr/bin/yash,     /usr/bin/fish,	/usr/bin/mksh,
       /usr/bin/bash,	 /sbin/nologin,	   /usr/sbin/sesh,     /usr/bin/bash2,
       /usr/sbin/smrsh,		 /usr/bin/scponly,	    /usr/sbin/nologin,
       /usr/libexec/sesh,	/usr/sbin/scponlyc,	   /usr/bin/git-shell,
       /usr/libexec/git-core/git-shell

PROCESS TYPES
       SELinux defines process types (domains) for each process running on the
       system

       You can see the context of a process using the -Z option to ps

       Policy governs the access confined processes have  to  files.   SELinux
       httpd_webalizer_script  policy is very flexible allowing users to setup
       their httpd_webalizer_script processes in as secure a method as	possi‐
       ble.

       The following process types are defined for httpd_webalizer_script:

       httpd_webalizer_script_t

       Note:  semanage	permissive  -a httpd_webalizer_script_t can be used to
       make the process type httpd_webalizer_script_t permissive. SELinux does
       not  deny  access  to  permissive  process  types, but the AVC (SELinux
       denials) messages are still generated.

BOOLEANS
       SELinux	policy	is  customizable  based	 on  least  access   required.
       httpd_webalizer_script  policy  is  extremely  flexible and has several
       booleans that allow you to manipulate the policy and  run  httpd_webal‐
       izer_script with the tightest access possible.

       If  you	want  to deny any process from ptracing or debugging any other
       processes, you  must  turn  on  the  deny_ptrace	 boolean.  Enabled  by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors,
       you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If you want to allow all domains to have the kernel load	 modules,  you
       must  turn  on  the  domain_kernel_load_modules	boolean.  Disabled  by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn
       on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn
       on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

       If you  want  to	 allow	httpd  cgi  support,  you  must	 turn  on  the
       httpd_enable_cgi boolean. Disabled by default.

       setsebool -P httpd_enable_cgi 1

       If  you	want  to  allow	 system	 to run with NIS, you must turn on the
       nis_enabled boolean. Disabled by default.

       setsebool -P nis_enabled 1

MANAGED FILES
       The SELinux process  type  httpd_webalizer_script_t  can	 manage	 files
       labeled	with  the  following  file  types.   The  paths listed are the
       default paths for these file types.  Note the processes UID still  need
       to have DAC permissions.

       httpd_webalizer_rw_content_t

COMMANDS
       semanage	 fcontext  can also be used to manipulate default file context
       mappings.

       semanage permissive can also be used to manipulate  whether  or	not  a
       process type is permissive.

       semanage	 module can also be used to enable/disable/install/remove pol‐
       icy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux pol‐
       icy settings.

AUTHOR
       This manual page was auto-generated using sepolicy manpage .

SEE ALSO
       selinux(8),   httpd_webalizer_script(8),	  semanage(8),	restorecon(8),
       chcon(1), sepolicy(8) , setsebool(8)

httpd_webalizer_script		   14-05-08  httpd_webalizer_script_selinux(8)

Vote for polarhome