16


Chapter 2. SELinux Policy Overview


mta_delivery_agent


This attribute allows for flexibility in choosing a mail transfer agent (MTA) such as


sendmail


or


postfix


. Rules allow it to perform mail handling and take tasks from


mailman


. However,


this attribute is not used in the targeted policy since none of the MTAs are targeted daemons for


Red Hat Enterprise Linux 4.


domain


This attribute is for all types that can be assigned to a process. This is the method for identifying


what is a domain in SELinux. In other Type Enforcement systems, domains may be implemented


separately from types. In SELinux, domains are essentially types with the


domain


attribute.


This attribute allows you to have rules that can be applied to all domains, such as allowing


init


to send signals to all processes. Another example is the following rule that allows all processes


to perform a search on directory objects that have a type of


var_t


or


var_run_t


, that is, the


directories


/var


and


/var/run


:


allow domain { var_run_t var_t } : dir search ;


Here are the domains covered by this attribute:


unconfined_t: kernel_t, init_t, initrc_t, sysadm_t, rpm_t, \


rpm_script_t, logrotate_t


mount_t


httpd_t


httpd_sys_script_t


httpd_suexec_t


httpd_php_t


httpd_helper_t


dhcpd_t


ldconfig_t


mailman_queue_t


mailman_mail_t


mailman_cgi_t


system_mail_t


mysqld_t


named_t


ndc_t


nscd_t


ntpd_t


portmap_t


postgresql_t


snmpd_t


squid_t


syslogd_t


winbind_t


ypbind_t


reserved_port_type


This attribute identifies all the types that are assigned to any of the reserved network ports, that


is, ports numbered lower than 1024. The attribute is used to control binding. An example binding


rule is followed here by the types that are part of this attribute:


# The allow rule permits the domain portmap_t to bind to a


# port with a type of portmap_port_t, which is one of the


# types identified by the reserved_port_type attribute.


The


# dontaudit rule tells SELinux to never audit the access of


# portmap_t to a reserved_port_type.


allow portmap_t portmap_port_t:{ udp_socket tcp_socket } \


name_bind;


dontaudit portmap_t reserved_port_type:tcp_socket name_bind;


# Types associated with the reserved_port_type attribute








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved