Layer: services

Module: apache

Tunables Interfaces Templates

Description:

Various web servers.

Tunables:

allow_httpd_anon_write

Default value

false

Description

Determine whether httpd can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.

allow_httpd_mod_auth_pam

Default value

false

Description

Determine whether httpd can use mod_auth_pam.

allow_httpd_sys_script_anon_write

Default value

false

Description

Determine whether the script domain can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.

allow_httpd_unconfined_script_anon_write

Default value

false

Description

Determine whether the script domain can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.

allow_httpd_user_script_anon_write

Default value

false

Description

Determine whether the script domain can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.

httpd_builtin_scripting

Default value

false

Description

Determine whether httpd can use built in scripting.

httpd_can_check_spam

Default value

false

Description

Determine whether httpd can check spam.

httpd_can_network_connect

Default value

false

Description

Determine whether httpd scripts and modules can connect to the network using TCP.

httpd_can_network_connect_cobbler

Default value

false

Description

Determine whether httpd scripts and modules can connect to cobbler over the network.

httpd_can_network_connect_db

Default value

false

Description

Determine whether scripts and modules can connect to databases over the network.

httpd_can_network_connect_ldap

Default value

false

Description

Determine whether httpd can connect to ldap over the network.

httpd_can_network_connect_memcache

Default value

false

Description

Determine whether httpd can connect to memcache server over the network.

httpd_can_network_connect_zabbix

Default value

false

Description

Determine whether httpd daemon can connect to zabbix over the network.

httpd_can_network_relay

Default value

false

Description

Determine whether httpd can act as a relay.

httpd_can_sendmail

Default value

false

Description

Determine whether httpd can send mail.

httpd_dbus_avahi

Default value

false

Description

Determine whether httpd can communicate with avahi service via dbus.

httpd_enable_cgi

Default value

false

Description

Determine whether httpd can use support.

httpd_enable_ftp_server

Default value

false

Description

Determine whether httpd can act as a FTP server by listening on the ftp port.

httpd_enable_homedirs

Default value

false

Description

Determine whether httpd can traverse user home directories.

httpd_execmem

Default value

false

Description

Determine whether httpd scripts and modules can use execmem and execstack.

httpd_gpg_anon_write

Default value

false

Description

Determine whether httpd gpg can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.

httpd_graceful_shutdown

Default value

false

Description

Determine whether httpd can connect to port 80 for graceful shutdown.

httpd_manage_ipa

Default value

false

Description

Determine whether httpd can manage IPA content files.

httpd_mod_auth_ntlm_winbind

Default value

false

Description

Determine whether httpd can use mod_auth_ntlm_winbind.

httpd_read_user_content

Default value

false

Description

Determine whether httpd can read generic user home content files.

httpd_setrlimit

Default value

false

Description

Determine whether httpd can change its resource limits.

httpd_ssi_exec

Default value

false

Description

Determine whether httpd can run SSI executables in the same domain as system CGI scripts.

httpd_tmp_exec

Default value

false

Description

Determine whether httpd can execute its temporary content.

httpd_tty_comm

Default value

false

Description

Determine whether httpd can communicate with the terminal. Needed for entering the passphrase for certificates at the terminal.

httpd_unified

Default value

false

Description

Determine whether httpd can have full access to its content types.

httpd_use_cifs

Default value

false

Description

Determine whether httpd can use cifs file systems.

httpd_use_fusefs

Default value

false

Description

Determine whether httpd can use fuse file systems.

httpd_use_gpg

Default value

false

Description

Determine whether httpd can use gpg.

httpd_use_nfs

Default value

false

Description

Determine whether httpd can use nfs file systems.

Return

Interfaces:

apache_admin(
	
		domain
		
			,
		
		role
		
	)

Summary

All of the rules required to administrate an apache environment.

Parameters

Parameter:	Description:
domain	Domain allowed access.
role	Role allowed access.

apache_append_all_ra_content(
	
		domain
		
	)

Summary

Append to all appendable web content

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_append_log(
	
		domain
		
	)

Summary

Append httpd log files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_append_squirrelmail_data(
	
		domain
		
	)

Summary

Append httpd squirrelmail data files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_cgi_domain(
	
		domain
		
			,
		
		entrypoint
		
	)

Summary

Execute CGI in the specified domain.

Description

This is an interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters

Parameter:	Description:
domain	Domain run the cgi script in.
entrypoint	Type of the executable to enter the cgi domain.

apache_delete_cache_dirs(
	
		domain
		
	)

Summary

Delete httpd cache directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_delete_cache_files(
	
		domain
		
	)

Summary

Delete httpd cache files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_delete_lib_files(
	
		domain
		
	)

Summary

Delete httpd_var_lib_t files

Parameters

Parameter:	Description:
domain	Domain that can delete the files

apache_delete_squirrelmail_spool(
	
		domain
		
	)

Summary

delete httpd squirrelmail spool files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_domtrans(
	
		domain
		
	)

Summary

Execute httpd with a domain transition.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

apache_domtrans_all_scripts(
	
		domain
		
	)

Summary

Execute all user scripts in the user script domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

apache_domtrans_helper(
	
		domain
		
	)

Summary

Execute the Apache helper program with a domain transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_domtrans_rotatelogs(
	
		domain
		
	)

Summary

Execute a domain transition to run httpd_rotatelogs.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

apache_domtrans_sys_script(
	
		domain
		
	)

Summary

Execute all httpd scripts in the system script domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

apache_dontaudit_append_log(
	
		domain
		
	)

Summary

Do not audit attempts to append httpd log files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_rw_fifo_file(
	
		domain
		
	)

Summary

Do not audit attempts to read and write httpd unnamed pipes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_rw_stream_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to read and write httpd unix domain stream sockets.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_rw_sys_script_stream_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to read and write httpd system script unix domain stream sockets.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_rw_tcp_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to read and write httpd TCP sockets.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_search_modules(
	
		domain
		
	)

Summary

Do not audit attempts to search httpd module directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_write_tmp_files(
	
		domain
		
	)

Summary

Do not audit attempts to write httpd tmp files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_exec(
	
		domain
		
	)

Summary

Execute httpd

Parameters

Parameter:	Description:
domain	Domain allowed to execute it.

apache_exec_modules(
	
		domain
		
	)

Summary

Execute httpd module files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_initrc_domtrans(
	
		domain
		
	)

Summary

Execute httpd server in the httpd domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

apache_list_all_content(
	
		domain
		
	)

Summary

List all apache content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_list_cache(
	
		domain
		
	)

Summary

List httpd cache directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_list_modules(
	
		domain
		
	)

Summary

List httpd module directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_list_sys_content(
	
		domain
		
	)

Summary

List httpd system content directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_all_content(
	
		domain
		
	)

Summary

Create, read, write, and delete all httpd content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_all_rw_content(
	
		domain
		
	)

Summary

Manage all read/write content

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_all_user_content(
	
		domain
		
	)

Summary

Create, read, write, and delete all user httpd content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_config(
	
		domain
		
	)

Summary

Create, read, write, and delete httpd configuration files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_log(
	
		domain
		
	)

Summary

Create, read, write, and delete httpd log files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_sys_content(
	
		domain
		
	)

Summary

Create, read, write, and delete httpd system content files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_sys_rw_content(
	
		domain
		
	)

Summary

Create, read, write, and delete httpd system rw content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_all_content(
	
		domain
		
	)

Summary

Read all web content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_all_ra_content(
	
		domain
		
	)

Summary

Read all appendable content

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_all_rw_content(
	
		domain
		
	)

Summary

Read all read/write content

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_config(
	
		domain
		
	)

Summary

Read httpd configuration files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_log(
	
		domain
		
	)

Summary

Read httpd log files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_module_files(
	
		domain
		
	)

Summary

Read httpd module files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_squirrelmail_data(
	
		domain
		
	)

Summary

Read httpd squirrelmail data files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_sys_content(
	
		domain
		
	)

Summary

Read httpd system content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_tmp_files(
	
		domain
		
	)

Summary

Read httpd tmp files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_user_content(
	
		domain
		
	)

Summary

Read user httpd content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_user_scripts(
	
		domain
		
	)

Summary

Read user httpd script executable files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_reload(
	
		domain
		
	)

Summary

Reload the httpd service (systemd).

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_run_all_scripts(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute all user scripts in the user script domain. Add user script domains to the specified role.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed access.

apache_run_helper(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute the Apache helper program with a domain transition, and allow the specified role the Apache helper domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed access.

apache_rw_cache_files(
	
		domain
		
	)

Summary

Read and write httpd cache files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_rw_runtime_files(
	
		domain
		
	)

Summary

rw httpd_runtime_t files

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_rw_stream_sockets(
	
		domain
		
	)

Summary

Read and write httpd unix domain stream sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_search_all_content(
	
		domain
		
	)

Summary

Search all apache content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_search_config(
	
		domain
		
	)

Summary

Search httpd configuration directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_search_sys_content(
	
		domain
		
	)

Summary

Search httpd system content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_search_sys_script_state(
	
		domain
		
	)

Summary

Search system script state directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_search_sys_scripts(
	
		domain
		
	)

Summary

Search httpd system CGI directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_setattr_cache_dirs(
	
		domain
		
	)

Summary

Set attributes httpd cache directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_sigchld(
	
		domain
		
	)

Summary

Send child terminated signals to httpd.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_signal(
	
		domain
		
	)

Summary

Send generic signals to httpd.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_signull(
	
		domain
		
	)

Summary

Send null signals to httpd.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_use_fds(
	
		domain
		
	)

Summary

Inherit and use file descriptors from httpd.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_write_log(
	
		domain
		
	)

Summary

Write apache log files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return

Templates:

apache_content_template(
	
		prefix
		
	)

Summary

Create a set of derived types for httpd web content.

Parameters

Parameter:	Description:
prefix	The prefix to be used for deriving type names.

apache_role(
	
		role_prefix
		
			,
		
		user_domain
		
			,
		
		user_exec_domain
		
			,
		
		role
		
	)

Summary

Role access for apache.

Parameters

Parameter:	Description:
role_prefix	The prefix of the user role (e.g., user is the prefix for user_r).
user_domain	User domain for the role.
user_exec_domain	User exec domain for execute and transition access.
role	Role allowed access

Return