Layer: services

Module: apache

Tunables Interfaces Templates

Description:

Various web servers.


Tunables:

allow_httpd_anon_write
Default value

false

Description

Determine whether httpd can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.

allow_httpd_mod_auth_pam
Default value

false

Description

Determine whether httpd can use mod_auth_pam.

allow_httpd_sys_script_anon_write
Default value

false

Description

Determine whether the script domain can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.

allow_httpd_unconfined_script_anon_write
Default value

false

Description

Determine whether the script domain can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.

allow_httpd_user_script_anon_write
Default value

false

Description

Determine whether the script domain can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.

httpd_builtin_scripting
Default value

false

Description

Determine whether httpd can use built in scripting.

httpd_can_check_spam
Default value

false

Description

Determine whether httpd can check spam.

httpd_can_network_connect
Default value

false

Description

Determine whether httpd scripts and modules can connect to the network using TCP.

httpd_can_network_connect_cobbler
Default value

false

Description

Determine whether httpd scripts and modules can connect to cobbler over the network.

httpd_can_network_connect_db
Default value

false

Description

Determine whether scripts and modules can connect to databases over the network.

httpd_can_network_connect_ldap
Default value

false

Description

Determine whether httpd can connect to ldap over the network.

httpd_can_network_connect_memcache
Default value

false

Description

Determine whether httpd can connect to memcache server over the network.

httpd_can_network_connect_zabbix
Default value

false

Description

Determine whether httpd daemon can connect to zabbix over the network.

httpd_can_network_relay
Default value

false

Description

Determine whether httpd can act as a relay.

httpd_can_sendmail
Default value

false

Description

Determine whether httpd can send mail.

httpd_dbus_avahi
Default value

false

Description

Determine whether httpd can communicate with avahi service via dbus.

httpd_enable_cgi
Default value

false

Description

Determine whether httpd can use support.

httpd_enable_ftp_server
Default value

false

Description

Determine whether httpd can act as a FTP server by listening on the ftp port.

httpd_enable_homedirs
Default value

false

Description

Determine whether httpd can traverse user home directories.

httpd_execmem
Default value

false

Description

Determine whether httpd scripts and modules can use execmem and execstack.

httpd_gpg_anon_write
Default value

false

Description

Determine whether httpd gpg can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.

httpd_graceful_shutdown
Default value

false

Description

Determine whether httpd can connect to port 80 for graceful shutdown.

httpd_manage_ipa
Default value

false

Description

Determine whether httpd can manage IPA content files.

httpd_mod_auth_ntlm_winbind
Default value

false

Description

Determine whether httpd can use mod_auth_ntlm_winbind.

httpd_read_user_content
Default value

false

Description

Determine whether httpd can read generic user home content files.

httpd_setrlimit
Default value

false

Description

Determine whether httpd can change its resource limits.

httpd_ssi_exec
Default value

false

Description

Determine whether httpd can run SSI executables in the same domain as system CGI scripts.

httpd_tmp_exec
Default value

false

Description

Determine whether httpd can execute its temporary content.

httpd_tty_comm
Default value

false

Description

Determine whether httpd can communicate with the terminal. Needed for entering the passphrase for certificates at the terminal.

httpd_unified
Default value

false

Description

Determine whether httpd can have full access to its content types.

httpd_use_cifs
Default value

false

Description

Determine whether httpd can use cifs file systems.

httpd_use_fusefs
Default value

false

Description

Determine whether httpd can use fuse file systems.

httpd_use_gpg
Default value

false

Description

Determine whether httpd can use gpg.

httpd_use_nfs
Default value

false

Description

Determine whether httpd can use nfs file systems.

Return

Interfaces:

apache_admin( domain , role )
Summary

All of the rules required to administrate an apache environment.

Parameters
Parameter:Description:
domain

Domain allowed access.

role

Role allowed access.

apache_append_all_ra_content( domain )
Summary

Append to all appendable web content

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_append_log( domain )
Summary

Append httpd log files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_append_squirrelmail_data( domain )
Summary

Append httpd squirrelmail data files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_cgi_domain( domain , entrypoint )
Summary

Execute CGI in the specified domain.

Description

This is an interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
domain

Domain run the cgi script in.

entrypoint

Type of the executable to enter the cgi domain.

apache_delete_cache_dirs( domain )
Summary

Delete httpd cache directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_delete_cache_files( domain )
Summary

Delete httpd cache files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_delete_lib_files( domain )
Summary

Delete httpd_var_lib_t files

Parameters
Parameter:Description:
domain

Domain that can delete the files

apache_delete_squirrelmail_spool( domain )
Summary

delete httpd squirrelmail spool files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_domtrans( domain )
Summary

Execute httpd with a domain transition.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

apache_domtrans_all_scripts( domain )
Summary

Execute all user scripts in the user script domain.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

apache_domtrans_helper( domain )
Summary

Execute the Apache helper program with a domain transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_domtrans_rotatelogs( domain )
Summary

Execute a domain transition to run httpd_rotatelogs.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

apache_domtrans_sys_script( domain )
Summary

Execute all httpd scripts in the system script domain.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

apache_dontaudit_append_log( domain )
Summary

Do not audit attempts to append httpd log files.

Parameters
Parameter:Description:
domain

Domain to not audit.

apache_dontaudit_rw_fifo_file( domain )
Summary

Do not audit attempts to read and write httpd unnamed pipes.

Parameters
Parameter:Description:
domain

Domain to not audit.

apache_dontaudit_rw_stream_sockets( domain )
Summary

Do not audit attempts to read and write httpd unix domain stream sockets.

Parameters
Parameter:Description:
domain

Domain to not audit.

apache_dontaudit_rw_sys_script_stream_sockets( domain )
Summary

Do not audit attempts to read and write httpd system script unix domain stream sockets.

Parameters
Parameter:Description:
domain

Domain to not audit.

apache_dontaudit_rw_tcp_sockets( domain )
Summary

Do not audit attempts to read and write httpd TCP sockets.

Parameters
Parameter:Description:
domain

Domain to not audit.

apache_dontaudit_search_modules( domain )
Summary

Do not audit attempts to search httpd module directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

apache_dontaudit_write_tmp_files( domain )
Summary

Do not audit attempts to write httpd tmp files.

Parameters
Parameter:Description:
domain

Domain to not audit.

apache_exec( domain )
Summary

Execute httpd

Parameters
Parameter:Description:
domain

Domain allowed to execute it.

apache_exec_modules( domain )
Summary

Execute httpd module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_initrc_domtrans( domain )
Summary

Execute httpd server in the httpd domain.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

apache_list_all_content( domain )
Summary

List all apache content.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_list_cache( domain )
Summary

List httpd cache directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_list_modules( domain )
Summary

List httpd module directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_list_sys_content( domain )
Summary

List httpd system content directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_manage_all_content( domain )
Summary

Create, read, write, and delete all httpd content.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_manage_all_rw_content( domain )
Summary

Manage all read/write content

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_manage_all_user_content( domain )
Summary

Create, read, write, and delete all user httpd content.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_manage_config( domain )
Summary

Create, read, write, and delete httpd configuration files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_manage_log( domain )
Summary

Create, read, write, and delete httpd log files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_manage_sys_content( domain )
Summary

Create, read, write, and delete httpd system content files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_manage_sys_rw_content( domain )
Summary

Create, read, write, and delete httpd system rw content.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_all_content( domain )
Summary

Read all web content.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_all_ra_content( domain )
Summary

Read all appendable content

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_all_rw_content( domain )
Summary

Read all read/write content

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_config( domain )
Summary

Read httpd configuration files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_log( domain )
Summary

Read httpd log files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_module_files( domain )
Summary

Read httpd module files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_squirrelmail_data( domain )
Summary

Read httpd squirrelmail data files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_sys_content( domain )
Summary

Read httpd system content.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_tmp_files( domain )
Summary

Read httpd tmp files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_user_content( domain )
Summary

Read user httpd content.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_user_scripts( domain )
Summary

Read user httpd script executable files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_reload( domain )
Summary

Reload the httpd service (systemd).

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_run_all_scripts( domain , role )
Summary

Execute all user scripts in the user script domain. Add user script domains to the specified role.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

role

Role allowed access.

apache_run_helper( domain , role )
Summary

Execute the Apache helper program with a domain transition, and allow the specified role the Apache helper domain.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

role

Role allowed access.

apache_rw_cache_files( domain )
Summary

Read and write httpd cache files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_rw_runtime_files( domain )
Summary

rw httpd_runtime_t files

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_rw_stream_sockets( domain )
Summary

Read and write httpd unix domain stream sockets.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_search_all_content( domain )
Summary

Search all apache content.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_search_config( domain )
Summary

Search httpd configuration directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_search_sys_content( domain )
Summary

Search httpd system content.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_search_sys_script_state( domain )
Summary

Search system script state directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_search_sys_scripts( domain )
Summary

Search httpd system CGI directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_setattr_cache_dirs( domain )
Summary

Set attributes httpd cache directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_sigchld( domain )
Summary

Send child terminated signals to httpd.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_signal( domain )
Summary

Send generic signals to httpd.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_signull( domain )
Summary

Send null signals to httpd.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_use_fds( domain )
Summary

Inherit and use file descriptors from httpd.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_write_log( domain )
Summary

Write apache log files.

Parameters
Parameter:Description:
domain

Domain allowed access.

Return

Templates:

apache_content_template( prefix )
Summary

Create a set of derived types for httpd web content.

Parameters
Parameter:Description:
prefix

The prefix to be used for deriving type names.

apache_role( role_prefix , user_domain , user_exec_domain , role )
Summary

Role access for apache.

Parameters
Parameter:Description:
role_prefix

The prefix of the user role (e.g., user is the prefix for user_r).

user_domain

User domain for the role.

user_exec_domain

User exec domain for execute and transition access.

role

Role allowed access

Return