8.3.3. Manual Pages for Services
Manual pages for services contain valuable information, such as what file type to use for a given situation, and Booleans to change the access a service has (such as
httpdaccessing NFS volumes). This information may be in the standard manual page, or a manual page with
selinuxprepended or appended.
For example, the httpd_selinux(8) manual page has information about what file type to use for a given situation, as well as Booleans to allow scripts, sharing files, accessing directories inside user home directories, and so on. Other manual pages with SELinux information for services include:
- Samba: the samba_selinux(8) manual page describes that files and directories to be exported via Samba must be labeled with the
samba_share_ttype, as well as Booleans to allow files labeled with types other than
samba_share_tto be exported via Samba.
- Berkeley Internet Name Domain (BIND): the named(8) manual page describes what file type to use for a given situation (see the
Red Hat SELinux BIND Security Profilesection). The named_selinux(8) manual page describes that, by default,
namedcannot write to master zone files, and to allow such access, the
named_write_master_zonesBoolean must be enabled.
The information in manual pages helps you configure the correct file types and Booleans, helping to prevent SELinux from denying access.