27.2. Types

The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with Red Hat Gluster Storage. Different types allow you to configure flexible access:

Process types

The Gluster processes are associated with the glusterd_t SELinux type.

Types on executables

The SELinux-specific script type context for the Gluster init script files.
The SELinux-specific executable type context for the Gluster executable files.

Port Types

This type is defined for glusterd. By default, glusterd uses 204007-24027, and 38465-38469 TCP ports.

File Contexts

This type is used for files threated as glusterd brick data.
This type is associated with the glusterd configuration data, usually stored in the /etc directory.
Files with this type are treated as glusterd log data, usually stored under the /var/log/ directory.
This type is used for storing the glusterd temporary files in the /tmp directory.
This type allows storing the glusterd files in the /var/lib/ directory.
This type allows storing the glusterd files in the /run/ or /var/run/ directory.