Difference between revisions of "Redhat: Apache webserver SELinux Booleans"
Jump to navigation
Jump to search
(Created page with "== Apache Default Active Booleans == {| class="wikitable" |- | httpd_builtin_scripting || permissions for PHP scripts in httpd_t directories |- | httpd_dbus_avahi|| Access fr...") |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 18: | Line 18: | ||
== Apache Default Inactive Booleans == | == Apache Default Inactive Booleans == | ||
| + | |||
| + | The full list of inactive booleans is shown below. There are several which are of more interest: | ||
| + | |||
| + | * httpd_enable_homedirs - supports http access to files in ime directories | ||
| + | * httpd_enable_ftp | ||
| + | * httpd_use_cifs | ||
| + | * httpd_use_nfs | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |- | ||
| + | | allow_httpd_anon_write|| allows apache to write new files with public_content_rw_t type | ||
| + | |- | ||
| + | | allow_httpd_mon_auth_ntlm_winbind || support Microsoft authentication databases | ||
| + | |- | ||
| + | | allow_httpd_mod_auth_pam || enables access to PAM authentication | ||
| + | |- | ||
| + | | allow_httpd_sys_script_anon_write || configures write access by scripts to files with public_content_rw_t type | ||
| + | |- | ||
| + | | httpd_can_check_spam|| web based email spam detection | ||
| + | |- | ||
| + | | httpd_can_network_connect || apache connections to remote ports | ||
| + | |- | ||
| + | | httpd_can_network_connect_cobbler || apache connections to cobbler installation servers | ||
| + | |- | ||
| + | | httpd_can_network_connect_db || apcahe connections to database servers | ||
| + | |- | ||
| + | | httpd_can_network_memcache|| http memory caching for translation servers | ||
| + | |- | ||
| + | | httpd_can_network_relay|| httpd proxy support | ||
| + | |- | ||
| + | | httpd_can_sendmail || allows httpd based email services | ||
| + | |- | ||
| + | | httpd_enable_homedirs || https access to home directories | ||
| + | |- | ||
| + | | httpd_execmem || operation of executable programs requiring access to memory | ||
| + | |- | ||
| + | | httpd_read_user_content|| access to scripts from home directories | ||
| + | |- | ||
| + | | httpd_setrlimit || apache can modify the max number of file descriptors | ||
| + | |- | ||
| + | | httpd_ssi_exec || access to ssi scripts | ||
| + | |- | ||
| + | | http_tmp_exec || apache access to scripts that require access to /tmp | ||
| + | |- | ||
| + | | httpd_use_cifs || access to samba directories | ||
| + | |- | ||
| + | | http_use_gpg|| allows use of gpg encryption | ||
| + | |- | ||
| + | | http_use_nfs|| access to nfs shared directories | ||
| + | |- | ||
| + | |} | ||
Latest revision as of 14:23, 18 August 2013
Apache Default Active Booleans
| httpd_builtin_scripting | permissions for PHP scripts in httpd_t directories |
| httpd_dbus_avahi | Access from http services to automated IP addresses |
| httpd_enable_cgi | Allows https services to execute CGI scripts |
| httpd_tty_comm | Enables communication with controlling terminals, eg for SSL |
| http_unified | Full read/write/execute access by all httpd_t files |
| xguest_connect_network | Allows access from secured guests |
Apache Default Inactive Booleans
The full list of inactive booleans is shown below. There are several which are of more interest:
- httpd_enable_homedirs - supports http access to files in ime directories
- httpd_enable_ftp
- httpd_use_cifs
- httpd_use_nfs
| allow_httpd_anon_write | allows apache to write new files with public_content_rw_t type |
| allow_httpd_mon_auth_ntlm_winbind | support Microsoft authentication databases |
| allow_httpd_mod_auth_pam | enables access to PAM authentication |
| allow_httpd_sys_script_anon_write | configures write access by scripts to files with public_content_rw_t type |
| httpd_can_check_spam | web based email spam detection |
| httpd_can_network_connect | apache connections to remote ports |
| httpd_can_network_connect_cobbler | apache connections to cobbler installation servers |
| httpd_can_network_connect_db | apcahe connections to database servers |
| httpd_can_network_memcache | http memory caching for translation servers |
| httpd_can_network_relay | httpd proxy support |
| httpd_can_sendmail | allows httpd based email services |
| httpd_enable_homedirs | https access to home directories |
| httpd_execmem | operation of executable programs requiring access to memory |
| httpd_read_user_content | access to scripts from home directories |
| httpd_setrlimit | apache can modify the max number of file descriptors |
| httpd_ssi_exec | access to ssi scripts |
| http_tmp_exec | apache access to scripts that require access to /tmp |
| httpd_use_cifs | access to samba directories |
| http_use_gpg | allows use of gpg encryption |
| http_use_nfs | access to nfs shared directories |