Questo contenuto non è disponibile nella lingua selezionata.
11.3. Booleans
SELinux is based on the least level of access required for a service to run. Services can be run in a variety of ways; therefore, you need to specify how you run your services. Use the following Booleans to set up SELinux:
allow_rsync_anon_write- Having this Boolean enabled allows
rsyncin the rsync_t domain to manage files, links and directories that have a type of public_content_rw_t. Often these are public files used for public file transfer services. Files and directories must be labeledpublic_content_rw_t. rsync_client- Having this Boolean enabled allows
rsyncto initiate connections to ports defined as rsync_port_t, as well as allowingrsyncto manage files, links and directories that have a type of rsync_data_t. Note that thersyncdaemon must be in the rsync_t domain in order for SELinux to enact its control overrsync. The configuration example in this chapter demonstratesrsyncrunning in the rsync_t domain. rsync_export_all_ro- Having this Boolean enabled allows
rsyncin the rsync_t domain to export NFS and CIFS volumes with read-only access to clients.
Note
Due to the continuous development of the SELinux policy, the list above might not contain all Booleans related to the service at all times. To list them, run the following command as root:
~]# semanage boolean -l | grep service_name