Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
Diffstat (limited to 'man')
-rw-r--r--man/man8/ftpd_selinux.82
-rw-r--r--man/man8/git_selinux.820
-rw-r--r--man/man8/httpd_selinux.830
-rw-r--r--man/man8/kerberos_selinux.84
-rw-r--r--man/man8/named_selinux.86
-rw-r--r--man/man8/nfs_selinux.84
-rw-r--r--man/man8/rsync_selinux.810
-rw-r--r--man/man8/samba_selinux.822
-rw-r--r--man/man8/ypbind_selinux.84
9 files changed, 51 insertions, 51 deletions
diff --git a/man/man8/ftpd_selinux.8 b/man/man8/ftpd_selinux.8
index 5bebd82d..985a6e68 100644
--- a/man/man8/ftpd_selinux.8
+++ b/man/man8/ftpd_selinux.8
@@ -55,7 +55,7 @@ Allow ftp servers to use nfs for public file transfer services.
setsebool -P allow_ftpd_use_nfs on
.TP
system-config-selinux is a GUI tool available to customize SELinux policy settings.
-.SH AUTHOR
+.SH AUTHOR
.PP
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
diff --git a/man/man8/git_selinux.8 b/man/man8/git_selinux.8
index c2142e04..ed8bb76f 100644
--- a/man/man8/git_selinux.8
+++ b/man/man8/git_selinux.8
@@ -13,23 +13,23 @@ git_selinux \- Security Enhanced Linux Policy for the Git daemon.
Security-Enhanced Linux secures the Git server via flexible mandatory access
control.
.SH FILE_CONTEXTS
-SELinux requires files to have an extended attribute to define the file type.
-Policy governs the access daemons have to these files.
+SELinux requires files to have an extended attribute to define the file type.
+Policy governs the access daemons have to these files.
SELinux Git policy is very flexible allowing users to setup their web services in as secure a method as possible.
-.PP
+.PP
The following file contexts types are by default defined for Git:
.EX
-git_system_content_t
-.EE
+git_system_content_t
+.EE
- Set files with git_system_content_t if you want the Git system daemon to read the file, and if you want the file to be modifiable and executable by all "Git shell" users.
.EX
-git_session_content_t
-.EE
+git_session_content_t
+.EE
- Set files with git_session_content_t if you want the Git session and system daemon to read the file, and if you want the file to be modifiable and executable by all users. Note that "Git shell" users may not interact with this type.
.SH BOOLEANS
SELinux policy is customizable based on least access required. Git policy is extremely flexible and has several booleans that allow you to manipulate the policy and run Git with the tightest access possible.
.PP
-Allow the Git system daemon to search user home directories so that it can find git session content. This is useful if you want the Git system daemon to host users personal repositories.
+Allow the Git system daemon to search user home directories so that it can find git session content. This is useful if you want the Git system daemon to host users personal repositories.
.EX
sudo setsebool -P git_system_enable_homedirs 1
.EE
@@ -90,7 +90,7 @@ sudo restorecon -R -v /srv/git/project1
.EE
To create a "Git shell" domain that can interact with this repository create a file named project1user.te in the same directory as where the source policy for the Git systemm content type is and add the following:
.EX
-policy_module(project1user, 1.0.0)
+policy_module(project1user, 1.0.0)
git_role_template(project1user)
git_content_delegation(project1user_t, git_project1_content_t)
gen_user(project1user_u, user, project1user_r, s0, s0)
@@ -103,7 +103,7 @@ sudo useradd -Z project1user_u jane
.EE
.PP
system-config-selinux is a GUI tool available to customize SELinux policy settings.
-.SH AUTHOR
+.SH AUTHOR
This manual page was written by Dominick Grift <domg472@gmail.com>.
.SH "SEE ALSO"
selinux(8), git(8), chcon(1), semodule(8), setsebool(8)
diff --git a/man/man8/httpd_selinux.8 b/man/man8/httpd_selinux.8
index 93c4a0a5..d5500ddc 100644
--- a/man/man8/httpd_selinux.8
+++ b/man/man8/httpd_selinux.8
@@ -12,32 +12,32 @@ httpd_selinux \- Security Enhanced Linux Policy for the httpd daemon
.SH "DESCRIPTION"
Security-Enhanced Linux secures the httpd server via flexible mandatory access
-control.
+control.
.SH FILE_CONTEXTS
-SELinux requires files to have an extended attribute to define the file type.
-Policy governs the access daemons have to these files.
+SELinux requires files to have an extended attribute to define the file type.
+Policy governs the access daemons have to these files.
SELinux httpd policy is very flexible allowing users to setup their web services in as secure a method as possible.
-.PP
+.PP
The following file contexts types are defined for httpd:
.EX
-httpd_sys_content_t
-.EE
+httpd_sys_content_t
+.EE
- Set files with httpd_sys_content_t if you want httpd_sys_script_exec_t scripts and the daemon to read the file, and disallow other non sys scripts from access.
.EX
-httpd_sys_script_exec_t
-.EE
+httpd_sys_script_exec_t
+.EE
- Set cgi scripts with httpd_sys_script_exec_t to allow them to run with access to all sys types.
.EX
-httpd_sys_content_rw_t
+httpd_sys_content_rw_t
.EE
- Set files with httpd_sys_content_rw_t if you want httpd_sys_script_exec_t scripts and the daemon to read/write the data, and disallow other non sys scripts from access.
.EX
-httpd_sys_content_ra_t
+httpd_sys_content_ra_t
.EE
- Set files with httpd_sys_content_ra_t if you want httpd_sys_script_exec_t scripts and the daemon to read/append to the file, and disallow other non sys scripts from access.
.EX
-httpd_unconfined_script_exec_t
-.EE
+httpd_unconfined_script_exec_t
+.EE
- Set cgi scripts with httpd_unconfined_script_exec_t to allow them to run without any SELinux protection. This should only be used for a very complex httpd scripts, after exhausting all other options. It is better to use this script rather than turning off SELinux protection for httpd.
.SH NOTE
@@ -50,7 +50,7 @@ If you want to share files with multiple domains (Apache, FTP, rsync, Samba), yo
setsebool -P allow_httpd_anon_write=1
.EE
-or
+or
.EX
setsebool -P allow_httpd_sys_script_anon_write=1
@@ -102,7 +102,7 @@ setsebool -P httpd_builtin_scripting 0
.PP
SELinux policy can be setup such that httpd scripts are not allowed to connect out to the network.
-This would prevent a hacker from breaking into you httpd server and attacking
+This would prevent a hacker from breaking into you httpd server and attacking
other machines. If you need scripts to be able to connect you can set the httpd_can_network_connect boolean on.
.EX
@@ -111,7 +111,7 @@ setsebool -P httpd_can_network_connect 1
.PP
system-config-selinux is a GUI tool available to customize SELinux policy settings.
-.SH AUTHOR
+.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
.SH "SEE ALSO"
diff --git a/man/man8/kerberos_selinux.8 b/man/man8/kerberos_selinux.8
index a8f81c8e..f14276c2 100644
--- a/man/man8/kerberos_selinux.8
+++ b/man/man8/kerberos_selinux.8
@@ -12,7 +12,7 @@ kerberos_selinux \- Security Enhanced Linux Policy for Kerberos.
.SH "DESCRIPTION"
Security-Enhanced Linux secures the system via flexible mandatory access
-control. SELinux policy can be configured to deny Kerberos access to confined applications, since it requires daemons to be allowed greater access to certain secure files and additional access to the network.
+control. SELinux policy can be configured to deny Kerberos access to confined applications, since it requires daemons to be allowed greater access to certain secure files and additional access to the network.
.SH BOOLEANS
.PP
You must set the allow_kerberos boolean to allow your system to work properly in a Kerberos environment.
@@ -21,7 +21,7 @@ setsebool -P allow_kerberos 1
.EE
.PP
system-config-selinux is a GUI tool available to customize SELinux policy settings.
-.SH AUTHOR
+.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
.SH "SEE ALSO"
diff --git a/man/man8/named_selinux.8 b/man/man8/named_selinux.8
index fce0b481..38b76352 100644
--- a/man/man8/named_selinux.8
+++ b/man/man8/named_selinux.8
@@ -12,16 +12,16 @@ named_selinux \- Security Enhanced Linux Policy for the Internet Name server (na
.SH "DESCRIPTION"
Security-Enhanced Linux secures the named server via flexible mandatory access
-control.
+control.
.SH BOOLEANS
-SELinux policy is customizable based on least access required. So by
+SELinux policy is customizable based on least access required. So by
default SELinux policy does not allow named to write master zone files. If you want to have named update the master zone files you need to set the named_write_master_zones boolean.
.EX
setsebool -P named_write_master_zones 1
.EE
.PP
system-config-selinux is a GUI tool available to customize SELinux policy settings.
-.SH AUTHOR
+.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
.SH "SEE ALSO"
diff --git a/man/man8/nfs_selinux.8 b/man/man8/nfs_selinux.8
index 8e30c4c6..17018c2d 100644
--- a/man/man8/nfs_selinux.8
+++ b/man/man8/nfs_selinux.8
@@ -4,7 +4,7 @@ nfs_selinux \- Security Enhanced Linux Policy for NFS
.SH "DESCRIPTION"
Security Enhanced Linux secures the NFS server via flexible mandatory access
-control.
+control.
.SH BOOLEANS
SELinux policy is customizable based on the least level of access required. SELinux can be configured to not allow NFS to share files. If you want to share NFS partitions, and only allow read-only access to those NFS partitions, turn the nfs_export_all_ro boolean on:
@@ -24,7 +24,7 @@ If you want to use a remote NFS server for the home directories on this machine,
setsebool -P use_nfs_home_dirs 1
.TP
system-config-selinux is a GUI tool available to customize SELinux policy settings.
-.SH AUTHOR
+.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
.SH "SEE ALSO"
diff --git a/man/man8/rsync_selinux.8 b/man/man8/rsync_selinux.8
index ad9ccf5c..8cc38270 100644
--- a/man/man8/rsync_selinux.8
+++ b/man/man8/rsync_selinux.8
@@ -12,11 +12,11 @@ rsync_selinux \- Security Enhanced Linux Policy for the rsync daemon
.SH "DESCRIPTION"
Security-Enhanced Linux secures the rsync server via flexible mandatory access
-control.
+control.
.SH FILE_CONTEXTS
-SELinux requires files to have an extended attribute to define the file type.
-Policy governs the access daemons have to these files.
-If you want to share files using the rsync daemon, you must label the files and directories public_content_t. So if you created a special directory /var/rsync, you
+SELinux requires files to have an extended attribute to define the file type.
+Policy governs the access daemons have to these files.
+If you want to share files using the rsync daemon, you must label the files and directories public_content_t. So if you created a special directory /var/rsync, you
would need to label the directory with the chcon tool.
.TP
chcon -t public_content_t /var/rsync
@@ -45,7 +45,7 @@ setsebool -P allow_rsync_anon_write=1
.SH BOOLEANS
.TP
system-config-selinux is a GUI tool available to customize SELinux policy settings.
-.SH AUTHOR
+.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
.SH "SEE ALSO"
diff --git a/man/man8/samba_selinux.8 b/man/man8/samba_selinux.8
index ca702c79..e5de4218 100644
--- a/man/man8/samba_selinux.8
+++ b/man/man8/samba_selinux.8
@@ -4,12 +4,12 @@ samba_selinux \- Security Enhanced Linux Policy for Samba
.SH "DESCRIPTION"
Security-Enhanced Linux secures the Samba server via flexible mandatory access
-control.
+control.
.SH FILE_CONTEXTS
-SELinux requires files to have an extended attribute to define the file type.
-Policy governs the access daemons have to these files.
-If you want to share files other than home directories, those files must be
-labeled samba_share_t. So if you created a special directory /var/eng, you
+SELinux requires files to have an extended attribute to define the file type.
+Policy governs the access daemons have to these files.
+If you want to share files other than home directories, those files must be
+labeled samba_share_t. So if you created a special directory /var/eng, you
would need to label the directory with the chcon tool.
.TP
chcon -t samba_share_t /var/eng
@@ -32,24 +32,24 @@ If you want to share files with multiple domains (Apache, FTP, rsync, Samba), yo
setsebool -P allow_smbd_anon_write=1
.SH BOOLEANS
-.br
-SELinux policy is customizable based on least access required. So by
-default SELinux policy turns off SELinux sharing of home directories and
+.br
+SELinux policy is customizable based on least access required. So by
+default SELinux policy turns off SELinux sharing of home directories and
the use of Samba shares from a remote machine as a home directory.
.TP
-If you are setting up this machine as a Samba server and wish to share the home directories, you need to set the samba_enable_home_dirs boolean.
+If you are setting up this machine as a Samba server and wish to share the home directories, you need to set the samba_enable_home_dirs boolean.
.br
setsebool -P samba_enable_home_dirs 1
.TP
If you want to use a remote Samba server for the home directories on this machine, you must set the use_samba_home_dirs boolean.
-.br
+.br
setsebool -P use_samba_home_dirs 1
.TP
system-config-selinux is a GUI tool available to customize SELinux policy settings.
-.SH AUTHOR
+.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
.SH "SEE ALSO"
diff --git a/man/man8/ypbind_selinux.8 b/man/man8/ypbind_selinux.8
index 5061a5f0..8e45055b 100644
--- a/man/man8/ypbind_selinux.8
+++ b/man/man8/ypbind_selinux.8
@@ -4,7 +4,7 @@ ypbind_selinux \- Security Enhanced Linux Policy for NIS.
.SH "DESCRIPTION"
Security-Enhanced Linux secures the system via flexible mandatory access
-control. SELinux can be setup deny NIS from working, since it requires daemons to be allowed greater access to the network.
+control. SELinux can be setup deny NIS from working, since it requires daemons to be allowed greater access to the network.
.SH BOOLEANS
.TP
You must set the allow_ypbind boolean to allow your system to work properly in a NIS environment.
@@ -12,7 +12,7 @@ You must set the allow_ypbind boolean to allow your system to work properly in a
setsebool -P allow_ypbind 1
.TP
system-config-selinux is a GUI tool available to customize SELinux policy settings.
-.SH AUTHOR
+.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
.SH "SEE ALSO"