Difference between revisions of "Redhat: Apache webserver SELinux Booleans"
Jump to navigation
Jump to search
(Created page with "== Apache Default Active Booleans == {| class="wikitable" |- | httpd_builtin_scripting || permissions for PHP scripts in httpd_t directories |- | httpd_dbus_avahi|| Access fr...") |
|||
| Line 18: | Line 18: | ||
== Apache Default Inactive Booleans == | == Apache Default Inactive Booleans == | ||
| + | |||
| + | The full list of inactive booleans is shown below. There are several which are of more interest: | ||
| + | |||
| + | * httpd_enable_homedirs - supports http access to files in ime directories | ||
| + | * httpd_enable_ftp | ||
| + | * httpd_use_cifs | ||
| + | * httpd_use_nfs | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |- | ||
| + | | allow_httpd_anon_write|| permissions for PHP scripts in httpd_t directories | ||
| + | |- | ||
| + | | allow_httpd_mon_auth_ntlm_winbind || Access from http services to automated IP addresses | ||
| + | |- | ||
| + | | allow_httpd_mod_auth_pam || Allows https services to execute CGI scripts | ||
| + | |- | ||
| + | | allow_httpd_sys_script_anon_write || Enables communication with controlling terminals, eg for SSL | ||
| + | |- | ||
| + | | httpd_can_check_spam|| Full read/write/execute access by all httpd_t files | ||
| + | |- | ||
| + | | httpd_can_network_connect || Allows access from secured guests | ||
| + | |- | ||
| + | | httpd_can_network_connect_cobbler || permissions for PHP scripts in httpd_t directories | ||
| + | |- | ||
| + | | httpd_can_network_connect_db || Access from http services to automated IP addresses | ||
| + | |- | ||
| + | | httpd_can_network_memcache|| Allows https services to execute CGI scripts | ||
| + | |- | ||
| + | | httpd_can_network_relay|| Enables communication with controlling terminals, eg for SSL | ||
| + | |- | ||
| + | | httpd_can_sendmail || Full read/write/execute access by all httpd_t files | ||
| + | |- | ||
| + | | httpd_enable_homedirs || Allows access from secured guests | ||
| + | |- | ||
| + | | httpd_execmem || permissions for PHP scripts in httpd_t directories | ||
| + | |- | ||
| + | | httpd_read_user_content|| Access from http services to automated IP addresses | ||
| + | |- | ||
| + | | httpd_setrlimit || Allows https services to execute CGI scripts | ||
| + | |- | ||
| + | | httpd_ssi_exec || Enables communication with controlling terminals, eg for SSL | ||
| + | |- | ||
| + | | http_tmp_exec || Full read/write/execute access by all httpd_t files | ||
| + | |- | ||
| + | | httpd_use_cifs || Allows access from secured guests | ||
| + | |- | ||
| + | | http_use_gpg|| Full read/write/execute access by all httpd_t files | ||
| + | |- | ||
| + | | http_use_nfs|| Allows access from secured guests | ||
| + | |- | ||
| + | |} | ||
Revision as of 14:09, 18 August 2013
Apache Default Active Booleans
| httpd_builtin_scripting | permissions for PHP scripts in httpd_t directories |
| httpd_dbus_avahi | Access from http services to automated IP addresses |
| httpd_enable_cgi | Allows https services to execute CGI scripts |
| httpd_tty_comm | Enables communication with controlling terminals, eg for SSL |
| http_unified | Full read/write/execute access by all httpd_t files |
| xguest_connect_network | Allows access from secured guests |
Apache Default Inactive Booleans
The full list of inactive booleans is shown below. There are several which are of more interest:
- httpd_enable_homedirs - supports http access to files in ime directories
- httpd_enable_ftp
- httpd_use_cifs
- httpd_use_nfs
| allow_httpd_anon_write | permissions for PHP scripts in httpd_t directories |
| allow_httpd_mon_auth_ntlm_winbind | Access from http services to automated IP addresses |
| allow_httpd_mod_auth_pam | Allows https services to execute CGI scripts |
| allow_httpd_sys_script_anon_write | Enables communication with controlling terminals, eg for SSL |
| httpd_can_check_spam | Full read/write/execute access by all httpd_t files |
| httpd_can_network_connect | Allows access from secured guests |
| httpd_can_network_connect_cobbler | permissions for PHP scripts in httpd_t directories |
| httpd_can_network_connect_db | Access from http services to automated IP addresses |
| httpd_can_network_memcache | Allows https services to execute CGI scripts |
| httpd_can_network_relay | Enables communication with controlling terminals, eg for SSL |
| httpd_can_sendmail | Full read/write/execute access by all httpd_t files |
| httpd_enable_homedirs | Allows access from secured guests |
| httpd_execmem | permissions for PHP scripts in httpd_t directories |
| httpd_read_user_content | Access from http services to automated IP addresses |
| httpd_setrlimit | Allows https services to execute CGI scripts |
| httpd_ssi_exec | Enables communication with controlling terminals, eg for SSL |
| http_tmp_exec | Full read/write/execute access by all httpd_t files |
| httpd_use_cifs | Allows access from secured guests |
| http_use_gpg | Full read/write/execute access by all httpd_t files |
| http_use_nfs | Allows access from secured guests |