Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
8.3.3. Manual Pages for Services
Manual pages for services contain valuable information, such as what file type to use for a given situation, and Booleans to change the access a service has (such as
httpd
accessing NFS volumes). This information may be in the standard manual page, or a manual page with selinux
prepended or appended.
For example, the httpd_selinux(8) manual page has information about what file type to use for a given situation, as well as Booleans to allow scripts, sharing files, accessing directories inside user home directories, and so on. Other manual pages with SELinux information for services include:
- Samba: the samba_selinux(8) manual page describes that files and directories to be exported via Samba must be labeled with the
samba_share_t
type, as well as Booleans to allow files labeled with types other thansamba_share_t
to be exported via Samba. - Berkeley Internet Name Domain (BIND): the named(8) manual page describes what file type to use for a given situation (see the
Red Hat SELinux BIND Security Profile
section). The named_selinux(8) manual page describes that, by default,named
cannot write to master zone files, and to allow such access, thenamed_write_master_zones
Boolean must be enabled.
The information in manual pages helps you configure the correct file types and Booleans, helping to prevent SELinux from denying access.