etc/selinux/semanage.conf000064400000005127147204570070011450 0ustar00# Authors: Jason Tang # # Copyright (C) 2004-2005 Tresys Technology, LLC # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # Specify how libsemanage will interact with a SELinux policy manager. # The four options are: # # "source" - libsemanage manipulates a source SELinux policy # "direct" - libsemanage will write directly to a module store. # /foo/bar - Write by way of a policy management server, whose # named socket is at /foo/bar. The path must begin # with a '/'. # foo.com:4242 - Establish a TCP connection to a remote policy # management server at foo.com. If there is a colon # then the remainder is interpreted as a port number; # otherwise default to port 4242. module-store = direct # When generating the final linked and expanded policy, by default # semanage will set the policy version to POLICYDB_VERSION_MAX, as # given in . Change this setting if a different # version is necessary. #policy-version = 19 # expand-check check neverallow rules when executing all semanage # commands. There might be a penalty in execution time if this # option is enabled. expand-check=0 # usepasswd check tells semanage to scan all pass word records for home directories # and setup the labeling correctly. If this is turned off, SELinux will label only /home # and home directories of users with SELinux login mappings defined, see # semanage login -l for the list of such users. # If you want to use a different home directory, you will need to use semanage fcontext command. # For example, if you had home dirs in /althome directory you would have to execute # semanage fcontext -a -e /home /althome usepasswd=False bzip-small=true bzip-blocksize=5 ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var [sefcontext_compile] path = /usr/sbin/sefcontext_compile args = -r $@ [end]