Layer: contrib

Module: apache

Tunables Interfaces Templates

Description:

Apache web server

Tunables:

httpd_anon_write

Default value

false

Description

Allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.

httpd_builtin_scripting

Default value

false

Description

Allow httpd to use built in scripting (usually php)

httpd_can_check_spam

Default value

false

Description

Allow http daemon to check spam

httpd_can_connect_ftp

Default value

false

Description

Allow httpd to act as a FTP client connecting to the ftp port and ephemeral ports

httpd_can_connect_ldap

Default value

false

Description

Allow httpd to connect to the ldap port

httpd_can_connect_mythtv

Default value

false

Description

Allow http daemon to connect to mythtv

httpd_can_connect_zabbix

Default value

false

Description

Allow http daemon to connect to zabbix

httpd_can_network_connect

Default value

false

Description

Allow HTTPD scripts and modules to connect to the network using TCP.

httpd_can_network_connect_cobbler

Default value

false

Description

Allow HTTPD scripts and modules to connect to cobbler over the network.

httpd_can_network_connect_db

Default value

false

Description

Allow HTTPD scripts and modules to connect to databases over the network.

httpd_can_network_memcache

Default value

false

Description

Allow httpd to connect to memcache server

httpd_can_network_relay

Default value

false

Description

Allow httpd to act as a relay

httpd_can_sendmail

Default value

false

Description

Allow http daemon to send mail

httpd_dbus_avahi

Default value

false

Description

Allow Apache to communicate with avahi service via dbus

httpd_dbus_sssd

Default value

false

Description

Allow Apache to communicate with sssd service via dbus

httpd_dontaudit_search_dirs

Default value

false

Description

Dontaudit Apache to search dirs.

httpd_enable_cgi

Default value

false

Description

Allow httpd cgi support

httpd_enable_ftp_server

Default value

false

Description

Allow httpd to act as a FTP server by listening on the ftp port.

httpd_enable_homedirs

Default value

false

Description

Allow httpd to read home directories

httpd_execmem

Default value

false

Description

Allow httpd scripts and modules execmem/execstack

httpd_graceful_shutdown

Default value

false

Description

Allow HTTPD to connect to port 80 for graceful shutdown

httpd_manage_ipa

Default value

false

Description

Allow httpd processes to manage IPA content

httpd_mod_auth_ntlm_winbind

Default value

false

Description

Allow Apache to use mod_auth_ntlm_winbind

httpd_mod_auth_pam

Default value

false

Description

Allow Apache to use mod_auth_pam

httpd_read_user_content

Default value

false

Description

Allow httpd to read user content

httpd_run_ipa

Default value

false

Description

Allow httpd processes to run IPA helper.

httpd_run_preupgrade

Default value

false

Description

Allow Apache to run preupgrade

httpd_run_stickshift

Default value

false

Description

Allow Apache to run in stickshift mode, not transition to passenger

httpd_serve_cobbler_files

Default value

false

Description

Allow HTTPD scripts and modules to server cobbler files.

httpd_setrlimit

Default value

false

Description

Allow httpd daemon to change its resource limits

httpd_ssi_exec

Default value

false

Description

Allow HTTPD to run SSI executables in the same domain as system CGI scripts.

httpd_sys_script_anon_write

Default value

false

Description

Allow apache scripts to write to public content, directories/files must be labeled public_rw_content_t.

httpd_tmp_exec

Default value

false

Description

Allow Apache to execute tmp content.

httpd_tty_comm

Default value

false

Description

Unify HTTPD to communicate with the terminal. Needed for entering the passphrase for certificates at the terminal.

httpd_unified

Default value

false

Description

Unify HTTPD handling of all content files.

httpd_use_cifs

Default value

false

Description

Allow httpd to access cifs file systems

httpd_use_fusefs

Default value

false

Description

Allow httpd to access FUSE file systems

httpd_use_gpg

Default value

false

Description

Allow httpd to run gpg

httpd_use_nfs

Default value

false

Description

Allow httpd to access nfs file systems

httpd_use_openstack

Default value

false

Description

Allow httpd to access openstack ports

httpd_use_sasl

Default value

false

Description

Allow httpd to connect to sasl

httpd_verify_dns

Default value

false

Description

Allow Apache to query NS records

Return

Interfaces:

apache_admin(
	
		domain
		
			,
		
		role
		
	)

Summary

All of the rules required to administrate an apache environment

Parameters

Parameter:	Description:
domain	Domain allowed access.
role	Role allowed access.

apache_append_log(
	
		domain
		
	)

Summary

Allow the specified domain to append to apache log files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_append_squirrelmail_data(
	
		domain
		
	)

Summary

Allow the specified domain to append apache squirrelmail data.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_cgi_domain(
	
		domain
		
			,
		
		entrypoint
		
	)

Summary

Execute CGI in the specified domain.

Description

Execute CGI in the specified domain.

This is an interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters

Parameter:	Description:
domain	Domain run the cgi script in.
entrypoint	Type of the executable to enter the cgi domain.

apache_dbus_chat(
	
		domain
		
	)

Summary

Send and receive messages from httpd over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_delete_cache_dirs(
	
		domain
		
	)

Summary

Allow the specified domain to delete Apache cache dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_delete_cache_files(
	
		domain
		
	)

Summary

Allow the specified domain to delete Apache cache.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_delete_sys_content_rw(
	
		domain
		
	)

Summary

Allow the specified domain to delete apache system content rw files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_domtrans(
	
		domain
		
	)

Summary

Transition to apache.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

apache_domtrans_all_scripts(
	
		domain
		
	)

Summary

Execute all user scripts in the user script domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

apache_domtrans_helper(
	
		domain
		
	)

Summary

Execute the Apache helper program with a domain transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_domtrans_rotatelogs(
	
		domain
		
	)

Summary

Execute a domain transition to run httpd_rotatelogs.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

apache_domtrans_sys_script(
	
		domain
		
	)

Summary

Execute all web scripts in the system script domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

apache_dontaudit_append_log(
	
		domain
		
	)

Summary

Do not audit attempts to append to the Apache logs.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_leaks(
	
		domain
		
	)

Summary

dontaudit read and write an leaked file descriptors

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_read_log(
	
		domain
		
	)

Summary

dontaudit attempts to read apache log files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_dontaudit_rw_fifo_file(
	
		domain
		
	)

Summary

Do not audit attempts to read and write Apache unnamed pipes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_rw_stream_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to read and write Apache unix domain stream sockets.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_rw_sys_script_stream_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to read and write Apache system script unix domain stream sockets.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_rw_tcp_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to read and write Apache TCP sockets.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_rw_tmp_files(
	
		domain
		
	)

Summary

Dontaudit attempts to read and write apache tmp files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_search_modules(
	
		domain
		
	)

Summary

Do not audit attempts to search Apache module directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_dontaudit_write_tmp_files(
	
		domain
		
	)

Summary

Dontaudit attempts to write apache tmp files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_entrypoint(
	
		domain
		
	)

Summary

Allow any httpd_exec_t to be an entrypoint of this domain

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_exec(
	
		domain
		
	)

Summary

Allow the specified domain to execute apache in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_exec_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a httpd_exec_t in the specified domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
target_domain	The type of the new process.

apache_exec_modules(
	
		domain
		
	)

Summary

Allow the specified domain to execute apache modules.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_exec_rotatelogs(
	
		domain
		
	)

Summary

Execute httpd_rotatelogs in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

apache_exec_suexec(
	
		domain
		
	)

Summary

Allow the specified domain to execute apache suexec in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_exec_sys_script(
	
		domain
		
	)

Summary

Execute httpd system scripts in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

apache_filetrans_home_content(
	
		domain
		
	)

Summary

Transition to apache home content

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_filetrans_named_content(
	
		domain
		
	)

Summary

Transition to apache named content

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_list_cache(
	
		domain
		
	)

Summary

Allow the specified domain to list Apache cache.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_list_modules(
	
		domain
		
	)

Summary

Allow the specified domain to list the contents of the apache modules directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_list_sys_content(
	
		domain
		
	)

Summary

Allow the specified domain to list apache system content files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_all_content(
	
		domain
		
	)

Summary

Create, read, write, and delete all web content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_all_user_content(
	
		domain
		
	)

Summary

Create, read, write, and delete all user web content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_config(
	
		domain
		
	)

Summary

Allow the specified domain to manage apache configuration files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_lib(
	
		domain
		
	)

Summary

Allow the specified domain to manage to apache var lib files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_log(
	
		domain
		
	)

Summary

Allow the specified domain to manage to apache log files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_sys_content(
	
		domain
		
	)

Summary

Allow the specified domain to manage apache system content files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_sys_content_rw(
	
		domain
		
	)

Summary

Allow the specified domain to manage apache system content rw files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_manage_user_content(
	
		domain
		
	)

Summary

Manage user web content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_config(
	
		domain
		
	)

Summary

Allow the specified domain to read apache configuration files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_log(
	
		domain
		
	)

Summary

Allow the specified domain to read apache log files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_modules(
	
		domain
		
	)

Summary

Allow the specified domain to read the apache module directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_pid_files(
	
		domain
		
	)

Summary

Read apache pid files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_squirrelmail_data(
	
		domain
		
	)

Summary

Allow the specified domain to read apache squirrelmail data.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_sys_content(
	
		domain
		
	)

Summary

Read apache system content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_sys_content_rw_dirs(
	
		domain
		
	)

Summary

Allow the specified domain to read apache system content rw dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_sys_content_rw_files(
	
		domain
		
	)

Summary

Allow the specified domain to read apache system content rw files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_tmp_files(
	
		domain
		
	)

Summary

Allow the specified domain to read apache tmp files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_user_content(
	
		domain
		
	)

Summary

Read user web content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_read_user_scripts(
	
		domain
		
	)

Summary

Read httpd user scripts executables.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_role(
	
		role
		
			,
		
		domain
		
	)

Summary

Role access for apache

Parameters

Parameter:	Description:
role	Role allowed access
domain	User domain for the role

apache_run_all_scripts(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute all user scripts in the user script domain. Add user script domains to the specified role.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed access.

apache_run_helper(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute the Apache helper program with a domain transition, and allow the specified role the Apache helper domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
role	Role allowed access.

apache_rw_cache_files(
	
		domain
		
	)

Summary

Allow the specified domain to read and write Apache cache files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_rw_stream_sockets(
	
		domain
		
	)

Summary

Allow attempts to read and write Apache unix domain stream sockets.

Parameters

Parameter:	Description:
domain	Domain to not audit.

apache_search_config(
	
		domain
		
	)

Summary

Allow the specified domain to search apache configuration dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_search_sys_content(
	
		domain
		
	)

Summary

Search apache system content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_search_sys_script_state(
	
		domain
		
	)

Summary

Search system script state directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_search_sys_scripts(
	
		domain
		
	)

Summary

Search apache system CGI directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_setattr_cache_dirs(
	
		domain
		
	)

Summary

Allow domain to set the attributes of the APACHE cache directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_sigchld(
	
		domain
		
	)

Summary

Send a SIGCHLD signal to apache.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_signal(
	
		domain
		
	)

Summary

Send a generic signal to apache.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_signull(
	
		domain
		
	)

Summary

Send a null signal to apache.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_systemctl(
	
		domain
		
	)

Summary

Execute httpd server in the httpd domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

apache_use_fds(
	
		domain
		
	)

Summary

Inherit and use file descriptors from Apache.

Parameters

Parameter:	Description:
domain	Domain allowed access.

apache_write_log(
	
		domain
		
	)

Summary

Allow the specified domain to write to apache log files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return

Templates:

apache_content_alias_template(
	
		prefix
		
			,
		
		oldprefix
		
	)

Summary

Create a set of derived types for apache web content.

Parameters

Parameter:	Description:
prefix	The prefix to be used for deriving new type names.
oldprefix	The prefix to be used for deriving old type names.

apache_content_template(
	
		prefix
		
	)

Summary

Create a set of derived types for apache web content.

Parameters

Parameter:	Description:
prefix	The prefix to be used for deriving type names.

apache_user_content_template(
	
		prefix
		
	)

Summary

Create a set of derived types for apache web content.

Parameters

Parameter:	Description:
prefix	The prefix to be used for deriving type names.

Return