zarafa_selinux
Section: zarafa SELinux Policy documentation (8)Updated: zarafa
Index Return to Main Contents
NAME
zarafa_selinux - Security Enhanced Linux Policy for the zarafa processesDESCRIPTION
SELinux Linux secures zarafa (Zarafa collaboration platform) processes via flexible mandatory access control.
FILE CONTEXTS
SELinux requires files to have an extended attribute to define the file type.You can see the context of a file using the -Z option to lsP Policy governs the access confined processes have to these files. SELinux zarafa policy is very flexible allowing users to setup their zarafa processes in as secure a method as possible.
The following file types are defined for zarafa:
zarafa_deliver_exec_t
- Set files with the zarafa_deliver_exec_t type, if you want to transition an executable to the zarafa_deliver_t domain.
zarafa_deliver_log_t
- Set files with the zarafa_deliver_log_t type, if you want to treat the data as zarafa deliver log data, usually stored under the /var/log directory.
zarafa_deliver_tmp_t
- Set files with the zarafa_deliver_tmp_t type, if you want to store zarafa deliver temporary files in the /tmp directories.
zarafa_deliver_var_run_t
- Set files with the zarafa_deliver_var_run_t type, if you want to store the zarafa deliver files under the /run directory.
zarafa_etc_t
- Set files with the zarafa_etc_t type, if you want to store zarafa files in the /etc directories.
zarafa_gateway_exec_t
- Set files with the zarafa_gateway_exec_t type, if you want to transition an executable to the zarafa_gateway_t domain.
zarafa_gateway_log_t
- Set files with the zarafa_gateway_log_t type, if you want to treat the data as zarafa gateway log data, usually stored under the /var/log directory.
zarafa_gateway_var_run_t
- Set files with the zarafa_gateway_var_run_t type, if you want to store the zarafa gateway files under the /run directory.
zarafa_ical_exec_t
- Set files with the zarafa_ical_exec_t type, if you want to transition an executable to the zarafa_ical_t domain.
zarafa_ical_log_t
- Set files with the zarafa_ical_log_t type, if you want to treat the data as zarafa ical log data, usually stored under the /var/log directory.
zarafa_ical_var_run_t
- Set files with the zarafa_ical_var_run_t type, if you want to store the zarafa ical files under the /run directory.
zarafa_indexer_exec_t
- Set files with the zarafa_indexer_exec_t type, if you want to transition an executable to the zarafa_indexer_t domain.
zarafa_indexer_log_t
- Set files with the zarafa_indexer_log_t type, if you want to treat the data as zarafa indexer log data, usually stored under the /var/log directory.
zarafa_indexer_tmp_t
- Set files with the zarafa_indexer_tmp_t type, if you want to store zarafa indexer temporary files in the /tmp directories.
zarafa_indexer_var_run_t
- Set files with the zarafa_indexer_var_run_t type, if you want to store the zarafa indexer files under the /run directory.
zarafa_monitor_exec_t
- Set files with the zarafa_monitor_exec_t type, if you want to transition an executable to the zarafa_monitor_t domain.
zarafa_monitor_log_t
- Set files with the zarafa_monitor_log_t type, if you want to treat the data as zarafa monitor log data, usually stored under the /var/log directory.
zarafa_monitor_var_run_t
- Set files with the zarafa_monitor_var_run_t type, if you want to store the zarafa monitor files under the /run directory.
zarafa_server_exec_t
- Set files with the zarafa_server_exec_t type, if you want to transition an executable to the zarafa_server_t domain.
zarafa_server_log_t
- Set files with the zarafa_server_log_t type, if you want to treat the data as zarafa server log data, usually stored under the /var/log directory.
zarafa_server_tmp_t
- Set files with the zarafa_server_tmp_t type, if you want to store zarafa server temporary files in the /tmp directories.
zarafa_server_var_run_t
- Set files with the zarafa_server_var_run_t type, if you want to store the zarafa server files under the /run directory.
- Paths:
-
/var/run/zarafa, /var/run/zarafa-server.pid
zarafa_share_t
- Set files with the zarafa_share_t type, if you want to treat the files as zarafa share data.
zarafa_spooler_exec_t
- Set files with the zarafa_spooler_exec_t type, if you want to transition an executable to the zarafa_spooler_t domain.
zarafa_spooler_log_t
- Set files with the zarafa_spooler_log_t type, if you want to treat the data as zarafa spooler log data, usually stored under the /var/log directory.
zarafa_spooler_var_run_t
- Set files with the zarafa_spooler_var_run_t type, if you want to store the zarafa spooler files under the /run directory.
zarafa_var_lib_t
- Set files with the zarafa_var_lib_t type, if you want to store the zarafa files under the /var/lib directory.
- Paths:
-
/var/lib/zarafa-webaccess(/.*)?, /var/lib/zarafa(/.*)?
Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the semanage fcontext command. This will modify the SELinux labeling database. You will need to use restorecon to apply the labels.
PORT TYPES
SELinux defines port types to represent TCP and UDP ports.You can see the types associated with a port by using the following command:
semanage port -l
Policy governs the access confined processes have to these ports. SELinux zarafa policy is very flexible allowing users to setup their zarafa processes in as secure a method as possible.
The following port types are defined for zarafa:
- zarafa_port_t
-
Default Defined Ports: tcp 8021
PROCESS TYPES
SELinux defines process types (domains) for each process running on the systemYou can see the context of a process using the -Z option to psP Policy governs the access confined processes have to files. SELinux zarafa policy is very flexible allowing users to setup their zarafa processes in as secure a method as possible.
The following process types are defined for zarafa:
zarafa_gateway_t, zarafa_spooler_t, zarafa_deliver_t, zarafa_monitor_t, zarafa_indexer_t, zarafa_server_t, zarafa_ical_t
Note: semanage permissive -a PROCESS_TYPE can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated.
COMMANDS
semanage fcontext can also be used to manipulate default file context mappings.semanage permissive can also be used to manipulate whether or not a process type is permissive.
semanage module can also be used to enable/disable/install/remove policy modules.
semanage port can also be used to manipulate the port definitions
system-config-selinux is a GUI tool available to customize SELinux policy settings.
AUTHOR
This manual page was autogenerated by genman.py.SEE ALSO
selinux(8), zarafa(8), semanage(8), restorecon(8), chcon(1)
Index
This document was created by man2html, using the manual pages.
Time: 05:34:31 GMT, December 24, 2015