8.3.3. Manual Pages for Services
Manual pages for services contain valuable information, such as what file type to use for a given situation, and Booleans to change the access a service has (such as
httpd
accessing NFS volumes). This information may be in the standard manual page, or a manual page with selinux
prepended or appended.
For example, the httpd_selinux(8) manual page has information about what file type to use for a given situation, as well as Booleans to allow scripts, sharing files, accessing directories inside user home directories, and so on. Other manual pages with SELinux information for services include:
- Samba: the samba_selinux(8) manual page describes that files and directories to be exported via Samba must be labeled with the
samba_share_t
type, as well as Booleans to allow files labeled with types other thansamba_share_t
to be exported via Samba. - Berkeley Internet Name Domain (BIND): the named(8) manual page describes what file type to use for a given situation (see the
Red Hat SELinux BIND Security Profile
section). The named_selinux(8) manual page describes that, by default,named
cannot write to master zone files, and to allow such access, thenamed_write_master_zones
Boolean must be enabled.
The information in manual pages helps you configure the correct file types and Booleans, helping to prevent SELinux from denying access.