Apache web server
false
Allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.
false
Allow Apache to communicate with avahi service via dbus
false
Allow Apache to use mod_auth_pam
false
Allow Apache to use mod_auth_pam
false
Allow apache scripts to write to public content. Directories/Files must be labeled public_content_rw_t.
false
Allow httpd to use built in scripting (usually php)
false
Allow HTTPD scripts and modules to connect to the network
false
Allow HTTPD scripts and modules to connect to databases over the network.
false
Allow httpd to act as a relay
false
Allow http daemon to send mail
false
Allow httpd cgi support
false
Allow httpd to act as a FTP server by listening on the ftp port.
false
Allow httpd to read home directories
false
Allow httpd scripts and modules execmem/execstack
false
Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
false
Unify HTTPD to communicate with the terminal. Needed for entering the passphrase for certificates at the terminal.
false
Unify HTTPD handling of all content files.
false
Allow httpd to access cifs file systems
false
Allow httpd to access nfs file systems
All of the rules required to administrate an apache environment
Parameter: | Description: |
---|---|
prefix |
Prefix of the domain. Example, user would be the prefix for the uder_t domain. |
domain |
Domain allowed access. |
role |
The role to be allowed to manage the apache domain. |
Allow the specified domain to append to apache log files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to append apache squirrelmail data.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute CGI in the specified domain.
Execute CGI in the specified domain.
This is an interface to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
domain |
Domain run the cgi script in. |
entrypoint |
Type of the executable to enter the cgi domain. |
Allow the specified domain to delete apache system content rw files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Transition to apache.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute all user scripts in the user script domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute the Apache helper program with a domain transition.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute a domain transition to run httpd_rotatelogs.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute all web scripts in the system script domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to append to the Apache logs.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read and write Apache bugzill script unix domain stream sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to read and write Apache unix domain stream sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to read and write Apache system script unix domain stream sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to read and write Apache TCP sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to search Apache module directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Allow the specified domain to execute apache modules.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to list the contents of the apache modules directory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete all web content.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete all user web content.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to manage apache configuration files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to manage to apache log files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to manage apache system content files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to read apache configuration files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to read apache log files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow the specified domain to read apache squirrelmail data.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read apache system content.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Execute all user scripts in the user script domain. Add user script domains to the specified role.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
role |
The role to be allowed the script domains. |
Execute the Apache helper program with a domain transition, and allow the specified role the dmidecode domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
role |
The role to be allowed the dmidecode domain. |
terminal |
The type of the terminal allow the dmidecode domain to use. |
Allow the specified domain to read and write Apache cache files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute apache server in the ntpd domain.
Parameter: | Description: |
---|---|
domain |
The type of the process performing this action. |
Allow the specified domain to search apache bugzilla directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search apache system content.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search system script state directory.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Search apache system CGI directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a SIGCHLD signal to apache.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a null signal to apache.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Inherit and use file descriptors from Apache.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create a set of derived types for apache web content.
Parameter: | Description: |
---|---|
prefix |
The prefix to be used for deriving type names. |
The per role template for the apache module.
This template creates types used for web pages and web cgi to be used from the user home directory.
This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
user_domain |
The type of the user domain. |
user_role |
The role associated with the user domain. |
Read user web content.
Parameter: | Description: |
---|---|
domain_prefix |
Prefix of the domain. Example, user would be the prefix for the uder_t domain. |
domain |
Domain allowed access. |
Read httpd user scripts executables.
Parameter: | Description: |
---|---|
domain_prefix |
Prefix of the domain. Example, user would be the prefix for the uder_t domain. |
domain |
Domain allowed access. |