Layer: services

Module: apache

Tunables Interfaces Templates

Description:

Apache web server


Tunables:

allow_httpd_anon_write
Default value

false

Description

Allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t.

allow_httpd_mod_auth_pam
Default value

false

Description

Allow Apache to use mod_auth_pam

httpd_builtin_scripting
Default value

false

Description

Allow httpd to use built in scripting (usually php)

httpd_can_network_connect
Default value

false

Description

Allow HTTPD scripts and modules to connect to the network using TCP.

httpd_can_network_connect_db
Default value

false

Description

Allow HTTPD scripts and modules to connect to databases over the network.

httpd_can_network_relay
Default value

false

Description

Allow httpd to act as a relay

httpd_enable_cgi
Default value

false

Description

Allow httpd cgi support

httpd_enable_ftp_server
Default value

false

Description

Allow httpd to act as a FTP server by listening on the ftp port.

httpd_enable_homedirs
Default value

false

Description

Allow httpd to read home directories

httpd_ssi_exec
Default value

false

Description

Allow HTTPD to run SSI executables in the same domain as system CGI scripts.

httpd_tty_comm
Default value

false

Description

Unify HTTPD to communicate with the terminal. Needed for entering the passphrase for certificates at the terminal.

httpd_unified
Default value

false

Description

Unify HTTPD handling of all content files.

Return

Interfaces:

apache_append_log( domain )
Summary

Allow the specified domain to append to apache log files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_append_squirrelmail_data( domain )
Summary

Allow the specified domain to append apache squirrelmail data.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_cgi_domain( domain , entrypoint )
Summary

Execute CGI in the specified domain.

Description

Execute CGI in the specified domain.

This is an interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters
Parameter:Description:
domain

Domain run the cgi script in.

entrypoint

Type of the executable to enter the cgi domain.

apache_domtrans( domain )
Summary

Transition to apache.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_domtrans_all_scripts( domain )
Summary

Execute all user scripts in the user script domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_domtrans_helper( domain )
Summary

Execute the Apache helper program with a domain transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_domtrans_rotatelogs( domain )
Summary

Execute a domain transition to run httpd_rotatelogs.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_domtrans_sys_script( domain )
Summary

Execute all web scripts in the system script domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_dontaudit_append_log( domain )
Summary

Do not audit attempts to append to the Apache logs.

Parameters
Parameter:Description:
domain

Domain to not audit.

apache_dontaudit_rw_stream_sockets( domain )
Summary

Do not audit attempts to read and write Apache unix domain stream sockets.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_dontaudit_rw_sys_script_stream_sockets( domain )
Summary

Do not audit attempts to read and write Apache system script unix domain stream sockets.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_dontaudit_rw_tcp_sockets( domain )
Summary

Do not audit attempts to read and write Apache TCP sockets.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_dontaudit_search_modules( domain )
Summary

Do not audit attempts to search Apache module directories.

Parameters
Parameter:Description:
domain

Domain to not audit.

apache_exec_modules( domain )
Summary

Allow the specified domain to execute apache modules.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_list_modules( domain )
Summary

Allow the specified domain to list the contents of the apache modules directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_manage_all_content( domain )
Summary

Create, read, write, and delete all web content.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_manage_all_user_content( domain )
Summary

Create, read, write, and delete all user web content.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_manage_config( domain )
Summary

Allow the specified domain to manage apache configuration files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_manage_log( domain )
Summary

Allow the specified domain to manage to apache log files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_manage_sys_content( domain )
Summary

Allow the specified domain to manage apache system content files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_config( domain )
Summary

Allow the specified domain to read apache configuration files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_log( domain )
Summary

Allow the specified domain to read apache log files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_squirrelmail_data( domain )
Summary

Allow the specified domain to read apache squirrelmail data.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_read_sys_content( domain )
Summary

Read apache system content.

Parameters
Parameter:Description:
domain

Domain to not audit.

apache_run_all_scripts( domain , role )
Summary

Execute all user scripts in the user script domain. Add user script domains to the specified role.

Parameters
Parameter:Description:
domain

Domain allowed access.

role

The role to be allowed the script domains.

apache_run_helper( domain , role , terminal )
Summary

Execute the Apache helper program with a domain transition, and allow the specified role the dmidecode domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

role

The role to be allowed the dmidecode domain.

terminal

The type of the terminal allow the dmidecode domain to use.

apache_rw_cache_files( domain )
Summary

Allow the specified domain to read and write Apache cache files.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_search_sys_content( domain )
Summary

Search apache system content.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_search_sys_script_state( domain )
Summary

Search system script state directory.

Parameters
Parameter:Description:
domain

Domain to not audit.

apache_search_sys_scripts( domain )
Summary

Search apache system CGI directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_sigchld( domain )
Summary

Send a SIGCHLD signal to apache.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_signull( domain )
Summary

Send a null signal to apache.

Parameters
Parameter:Description:
domain

Domain allowed access.

apache_use_fds( domain )
Summary

Inherit and use file descriptors from Apache.

Parameters
Parameter:Description:
domain

Domain allowed access.

Return

Templates:

apache_content_template( prefix )
Summary

Create a set of derived types for apache web content.

Parameters
Parameter:Description:
prefix

The prefix to be used for deriving type names.

apache_per_role_template( userdomain_prefix , user_domain , user_role )
Summary

The per role template for the apache module.

Description

This template creates types used for web pages and web cgi to be used from the user home directory.

This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers.

Parameters
Parameter:Description:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

user_domain

The type of the user domain.

user_role

The role associated with the user domain.

apache_read_user_content( domain_prefix , domain )
Summary

Read user web content.

Parameters
Parameter:Description:
domain_prefix

Prefix of the domain. Example, user would be the prefix for the uder_t domain.

domain

Domain allowed access.

apache_read_user_scripts( domain_prefix , domain )
Summary

Read httpd user scripts executables.

Parameters
Parameter:Description:
domain_prefix

Prefix of the domain. Example, user would be the prefix for the uder_t domain.

domain

Domain allowed access.

Return