15.2. Types
The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with Red Hat Gluster Storage. Different types allow you to configure flexible access:
Process types
glusterd_t
- The Gluster processes are associated with the
glusterd_t
SELinux type.
Types on executables
glusterd_initrc_exec_t
- The SELinux-specific script type context for the Gluster init script files.
glusterd_exec_t
- The SELinux-specific executable type context for the Gluster executable files.
Port Types
gluster_port_t
- This type is defined for
glusterd
. By default,glusterd
uses 204007-24027, and 38465-38469 TCP ports.
File Contexts
glusterd_brick_t
- This type is used for files threated as
glusterd
brick data. glusterd_conf_t
- This type is associated with the
glusterd
configuration data, usually stored in the/etc/
directory. glusterd_log_t
- Files with this type are treated as
glusterd
log data, usually stored under the/var/log/
directory. glusterd_tmp_t
- This type is used for storing the
glusterd
temporary files in the/tmp/
directory. glusterd_var_lib_t
- This type allows storing the
glusterd
files in the/var/lib/
directory. glusterd_var_run_t
- This type allows storing the
glusterd
files in the/run/
or/var/run/
directory.