30

Chapter 3. Targeted Policy Overview

  dhcpd

  this policy is dissected and explained in Chapter 4 Example Policy Reference  

dhcpd

.

  httpd

  mysqld

  named

  nscd

  ntpd

  portmap

  postgres

  snmpd

  squid

  syslogd

  winbind

The policy can be manipulated using command line or GUI tools. This is discussed extensively in

Chapter 5 Controlling and Maintaining SELinux. Chapter 6 Tools for Manipulating and Analyzing

SELinux and Chapter 7 Compiling SELinux Policy are two other chapters that detail working with the

targeted policy.

3.2. Files and Directories of the Targeted Policy

These are common files and directories, and their purposes.

/etc/selinux/targeted/booleans

This is the default setting for the Booleans in the targeted policy:

cat /etc/selinux/targeted/booleans

allow_ypbind=1

dhcpd_disable_trans=1

httpd_disable_trans=0

httpd_enable_cgi=1

httpd_enable_homedirs=1

httpd_ssi_exec=1

httpd_tty_comm=0

httpd_unified=1

mysqld_disable_trans=0

named_disable_trans=0

named_write_master_zones=0

nscd_disable_trans=0

ntpd_disable_trans=0

portmap_disable_trans=0

postgresql_disable_trans=0

snmpd_disable_trans=0

squid_disable_trans=0

syslogd_disable_trans=0

winbind_disable_trans=0

ypbind_disable_trans=0

Using Boolean values to define the state of optional policy allows for the tunables

to be switchable during runtime. The kernel accesses the state of the values in

/selinux/booleans/*

, with a separate file for each Boolean. If you run

echo "1

1"

squid_disable_trans

to turn off the targeted policy for

squid

by disabling

>

the transition from

unconfined_t

to

squid_t

, you can then make the change take

effect

by

running

echo 1 > /selinux/commit_pending_bools

.

The

value

in