Security Enhanced Linux Reference Policy
+ admin
-
acct
-
alsa
-
amanda
-
amtu
-
anaconda
-
apt
-
backup
-
bootloader
-
brctl
-
certwatch
-
consoletype
-
ddcprobe
-
dmesg
-
dmidecode
-
dpkg
-
firstboot
-
kdump
-
kismet
-
kudzu
-
logrotate
-
logwatch
-
mcelog
-
mrtg
-
ncftool
-
netutils
-
passenger
-
portage
-
prelink
-
quota
-
readahead
-
rpm
-
sectoolm
-
shorewall
-
shutdown
-
smoltclient
-
sosreport
-
su
-
sudo
-
sxid
-
tmpreaper
-
tripwire
-
tzdata
-
updfstab
-
usbmodules
-
usermanage
-
vbetool
-
vpn
+ apps
-
ada
-
authbind
-
awstats
-
calamaris
-
cdrecord
-
chrome
-
cpufreqselector
-
evolution
-
firewallgui
-
games
-
gift
-
gitosis
-
gnome
-
gpg
-
irc
-
java
-
jockey
-
kde
-
kdumpgui
-
livecd
-
loadkeys
-
lockdev
-
mono
-
mozilla
-
mplayer
-
namespace
-
nsplugin
-
podsleuth
-
ptchown
-
pulseaudio
-
qemu
-
rssh
-
sambagui
-
sandbox
-
screen
-
seunshare
-
slocate
-
telepathy
-
thumb
-
thunderbird
-
tvtime
-
uml
-
userhelper
-
usernetctl
-
vlock
-
vmware
-
webalizer
-
wine
-
wireshark
-
wm
-
xscreensaver
-
yam
+ kernel
-
corecommands
-
corenetwork
-
devices
-
domain
-
files
-
filesystem
-
kernel
-
mcs
-
mls
-
selinux
-
storage
-
terminal
-
ubac
-
unlabelednet
+ roles
-
auditadm
-
dbadm
-
guest
-
logadm
-
secadm
-
staff
-
sysadm
-
sysadm_secadm
-
unconfineduser
-
unprivuser
-
webadm
-
xguest
+ services
-
abrt
-
accountsd
-
afs
-
aiccu
-
aide
-
aisexec
-
ajaxterm
-
amavis
-
apache
-
apcupsd
-
apm
-
arpwatch
-
asterisk
-
automount
-
avahi
-
bcfg2
-
bind
-
bitlbee
-
blueman
-
bluetooth
-
boinc
-
bugzilla
-
cachefilesd
-
callweaver
-
canna
-
ccs
-
certmaster
-
certmonger
-
cfengine
-
cgroup
-
chronyd
-
cipe
-
clamav
-
clockspeed
-
clogd
-
cloudform
-
cmirrord
-
cobbler
-
collectd
-
colord
-
comsat
-
condor
-
consolekit
-
corosync
-
couchdb
-
courier
-
cpucontrol
-
cron
-
ctdbd
-
cups
-
cvs
-
cyphesis
-
cyrus
-
dante
-
dbskk
-
dbus
-
dcc
-
ddclient
-
denyhosts
-
devicekit
-
dhcp
-
dictd
-
dirsrv
-
dirsrv-admin
-
distcc
-
djbdns
-
dkim
-
dnsmasq
-
dnssec
-
dovecot
-
drbd
-
dspam
-
entropyd
-
exim
-
fail2ban
-
fcoemon
-
fetchmail
-
finger
-
firewalld
-
fprintd
-
ftp
-
gatekeeper
-
git
-
glance
-
gnomeclock
-
gpm
-
gpsd
-
hadoop
-
hal
-
hddtemp
-
howl
-
i18n_input
-
icecast
-
ifplugd
-
imaze
-
inetd
-
inn
-
ircd
-
irqbalance
-
jabber
-
jetty
-
kerberos
-
kerneloops
-
keyboardd
-
keystone
-
ksmtuned
-
ktalk
-
l2tpd
-
ldap
-
likewise
-
lircd
-
lldpad
-
lpd
-
mailman
-
mailscanner
-
matahari
-
mediawiki
-
memcached
-
milter
-
mock
-
modemmanager
-
mojomojo
-
monop
-
mpd
-
mta
-
munin
-
mysql
-
nagios
-
nessus
-
networkmanager
-
nis
-
nova
-
nscd
-
nsd
-
nslcd
-
ntop
-
ntp
-
numad
-
nut
-
nx
-
oav
-
obex
-
oddjob
-
oident
-
openca
-
openct
-
openhpid
-
openvpn
-
pacemaker
-
pads
-
pcscd
-
pegasus
-
perdition
-
pingd
-
piranha
-
plymouthd
-
policykit
-
polipo
-
portmap
-
portreserve
-
portslave
-
postfix
-
postfixpolicyd
-
postgresql
-
postgrey
-
ppp
-
prelude
-
privoxy
-
procmail
-
psad
-
publicfile
-
puppet
-
pxe
-
pyicqt
-
pyzor
-
qmail
-
qpid
-
quantum
-
rabbitmq
-
radius
-
radvd
-
razor
-
rdisc
-
remotelogin
-
resmgr
-
rgmanager
-
rhcs
-
rhev
-
rhgb
-
rhsmcertd
-
ricci
-
rlogin
-
roundup
-
rpc
-
rpcbind
-
rshd
-
rsync
-
rtkit
-
rwho
-
samba
-
samhain
-
sanlock
-
sasl
-
sblim
-
sendmail
-
setroubleshoot
-
sge
-
slrnpull
-
smartmon
-
smokeping
-
snmp
-
snort
-
soundserver
-
spamassassin
-
speedtouch
-
squid
-
ssh
-
sssd
-
stunnel
-
sysstat
-
tcpd
-
tcsd
-
telnet
-
tftp
-
tgtd
-
timidity
-
tor
-
transproxy
-
tuned
-
ucspitcp
-
ulogd
-
uptime
-
usbmuxd
-
uucp
-
uuidd
-
uwimap
-
varnishd
-
vdagent
-
vhostmd
-
virt
-
vnstatd
-
w3c
-
watchdog
-
wdmd
-
xfs
-
xprint
-
xserver
-
zabbix
-
zarafa
-
zebra
-
zoneminder
-
zosremote
+ system
-
application
-
authlogin
-
clock
-
daemontools
-
fstools
-
getty
-
hostname
-
hotplug
-
init
-
ipsec
-
iptables
-
iscsi
-
libraries
-
locallogin
-
logging
-
lvm
-
miscfiles
-
modutils
-
mount
-
netlabel
-
pcmcia
-
raid
-
selinuxutil
-
setrans
-
sysnetwork
-
systemd
-
udev
-
unconfined
-
userdomain
-
xen
* Global Booleans
* Global Tunables
* Layer Index
* Boolean Index
* Tunable Index
* Interface Index
* Template Index
Global booleans:
secure_mode
Default value
false
Description
disallow programs, such as newrole, from transitioning to administrative user domains.