Red Hat Enterprise Linux 6

Managing Confined Services

Guide to configuring services under control of SELinux


Mirek Jahoda

Red Hat Customer Content Services

Robert Krátký

Red Hat Customer Content Services

Barbora Ančincová

Red Hat Customer Content Services

Legal Notice

Copyright © 2016 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.


This book provides assistance to advanced users and administrators when using and configuring Security-Enhanced Linux (SELinux). It focuses on Red Hat Enterprise Linux and describes the components of SELinux as they pertain to services an advanced user or administrator might need to configure. Also included are real-world examples of configuring those services and demonstrations of how SELinux complements their operation.
1. Introduction
2. The Apache HTTP Server
2.1. The Apache HTTP Server and SELinux
2.2. Types
2.3. Booleans
2.4. Configuration examples
2.4.1. Running a static site
2.4.2. Sharing NFS and CIFS volumes
2.4.3. Sharing files between services
2.4.4. Changing port numbers
3. Samba
3.1. Samba and SELinux
3.2. Types
3.3. Booleans
3.4. Configuration examples
3.4.1. Sharing directories you create
3.4.2. Sharing a website
4. File Transfer Protocol
4.1. FTP and SELinux
4.2. Types
4.3. Booleans
4.4. Configuration Examples
4.4.1. Uploading to an FTP site
5. Network File System
5.1. NFS and SELinux
5.2. Types
5.3. Booleans
6. Berkeley Internet Name Domain
6.1. BIND and SELinux
6.2. Types
6.3. Booleans
6.4. Configuration Examples
6.4.1. Dynamic DNS
7. Concurrent Versioning System
7.1. CVS and SELinux
7.2. Types
7.3. Booleans
7.4. Configuration Examples
7.4.1. Setting up CVS
8. Squid Caching Proxy
8.1. Squid Caching Proxy and SELinux
8.2. Types
8.3. Booleans
8.4. Configuration Examples
8.4.1. Squid Connecting to Non-Standard Ports
9. MySQL
9.1. MySQL and SELinux
9.2. Types
9.3. Booleans
9.4. Configuration Examples
9.4.1. MySQL Changing Database Location
10. PostgreSQL
10.1. PostgreSQL and SELinux
10.2. Types
10.3. Booleans
10.4. Configuration Examples
10.4.1. PostgreSQL Changing Database Location
11. rsync
11.1. rsync and SELinux
11.2. Types
11.3. Booleans
11.4. Configuration Examples
11.4.1. Rsync as a daemon
12. Postfix
12.1. Postfix and SELinux
12.2. Types
12.3. Booleans
12.4. Configuration Examples
12.4.1. SpamAssassin and Postfix
13. DHCP
13.1. DHCP and SELinux
13.2. Types
14. OpenShift by Red Hat
14.1. OpenShift and SELinux
14.2. Types
14.3. Booleans
14.4. Configuration Examples
14.4.1. Changing the Default OpenShift Directory
15. Red Hat Gluster Storage
15.1. Red Hat Gluster Storage and SELinux
15.2. Types
15.3. Booleans
15.4. Configuration Examples
15.4.1. Labeling Gluster Bricks
16. References
A. Revision History