Product SiteDocumentation Site

Fedora 13

Managing Confined Services

Edition 1.4

Fedora Documentation Project

Scott Radvan

Red Hat Engineering Content Services

Legal Notice

Copyright © 2010 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
For guidelines on the permitted uses of the Fedora trademarks, refer to
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
All other trademarks are the property of their respective owners.
The Managing Confined Services guide is designed to assist advanced users and administrators when using and configuring SELinux. It is focused on Fedora Linux and describes the components of SELinux as they pertain to services an advanced user or administrator might need to configure. Also included are real-world examples of configuring these services and demonstrations of how SELinux complements their operation.

1. Document Conventions
1.1. Typographic Conventions
1.2. Pull-quote Conventions
1.3. Notes and Warnings
2. We Need Feedback!
1. Trademark Information
2. Introduction
3. Targeted policy
3.1. Type Enforcement
3.2. Confined processes
3.3. Unconfined processes
4. The Apache HTTP Server
4.1. The Apache HTTP Server and SELinux
4.2. Types
4.3. Booleans
4.4. Configuration examples
4.4.1. Running a static site
4.4.2. Sharing NFS and CIFS file systems
4.4.3. Sharing files between services
4.4.4. Changing port numbers
5. Samba
5.1. Samba and SELinux
5.2. Types
5.3. Booleans
5.4. Configuration examples
5.4.1. Sharing directories you create
5.4.2. Sharing a website
6. File Transfer Protocol
6.1. FTP and SELinux
6.2. Types
6.3. Booleans
6.4. Configuration Examples
6.4.1. Uploading to an FTP site
7. Network File System
7.1. NFS and SELinux
7.2. Types
7.3. Booleans
7.4. Configuration Examples
7.4.1. Sharing directories using NFS
8. Berkeley Internet Name Domain
8.1. BIND and SELinux
8.2. Types
8.3. Booleans
8.4. Configuration Examples
8.4.1. Dynamic DNS
9. Concurrent Versioning System
9.1. CVS and SELinux
9.2. Types
9.3. Booleans
9.4. Configuration Examples
9.4.1. Setting up CVS
9.4.2. Server setup
10. Squid Caching Proxy
10.1. Squid Caching Proxy and SELinux
10.2. Types
10.3. Booleans
10.4. Configuration Examples
10.4.1. Squid Connecting to Non-Standard Ports
11. MySQL
11.1. MySQL and SELinux
11.2. Types
11.3. Booleans
11.4. Configuration Examples
11.4.1. MySQL Changing Database Location
12. PostgreSQL
12.1. PostgreSQL and SELinux
12.2. Types
12.3. Booleans
12.4. Configuration Examples
12.4.1. PostgreSQL Changing Database Location
13. rsync
13.1. rsync and SELinux
13.2. Types
13.3. Booleans
13.4. Configuration Examples
13.4.1. Rsync as a daemon
14. Postfix
14.1. Postfix and SELinux
14.2. Types
14.3. Booleans
14.4. Configuration Examples
14.4.1. SpamAssassin and Postfix
15. References