False 5 normal Red Hat 2007 www.redhat.com GPL Daniel Walsh <dwalsh@redhat.com> translator-credits False False False True end 0 False 12 Add Booleans Dialog mouse 400 dialog True False 6 True False end gtk-cancel -6 True True True False True False False 0 gtk-add -5 True True True False True False False 1 False True end 0 True False 2 2 12 6 True False 0 Boolean Name GTK_FILL True False 0 Description 1 2 GTK_FILL True True • False False True True 1 2 True True • False False True True 1 2 1 2 True True 1 False 5 mouse dialog True True True False 24 True False end gtk-cancel -6 True True True False True False False 0 gtk-add -5 True True True True False True False False 1 False True end 0 True False SELinux Policy Generation Tool True False 18 True False left False True False True False 0 Select the policy type for the application or user role you want to confine: True False False 5 0 True False True False True False 12 True False 6 True False 0 Applications True False False 0 True False True False False False 0 True False 6 Standard Init Daemon True True False Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d True True False False 0 DBUS System Daemon True True False Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d True True init_radiobutton False False 1 Internet Services Daemon (inetd) True True False Internet Services Daemon are daemons started by xinetd True True init_radiobutton False False 2 Web Application/Script (CGI) True True False Web Applications/Script (CGI) CGI scripts started by the web server (apache) True True init_radiobutton False False 3 User Application True True False User Application are any application that you would like to confine that is started by a user True True init_radiobutton False False 4 Sandbox True True False User Application are any application that you would like to confine that is started by a user True True init_radiobutton False False 5 False False 1 True True 1 False True 0 True False 6 True False 0 Login Users True False False 0 True False True False False False 0 True False 6 Existing User Roles True True False Modify an existing login user record. True True init_radiobutton False False 0 Minimal Terminal User Role True True False This user will login to a machine only via a terminal or remote login. By default this user will have no setuid, no networking, no su, no sudo. True True init_radiobutton False False 1 Minimal X Windows User Role True True False This user can login to a machine via X or terminal. By default this user will have no setuid, no networking, no sudo, no su True True init_radiobutton False False 2 User Role True True False User with full networking, no setuid applications without transition, no sudo, no su. True True init_radiobutton False False 3 Admin User Role True True False User with full networking, no setuid applications without transition, no su, can sudo to Root Administration Roles True True init_radiobutton False False 4 True False 1 True True 1 False True 1 True False 6 True False 0 Root Users True False False 0 True False True False False False 0 True False Root Admin User Role True True False Select Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly. True True init_radiobutton False False 0 False False 1 True True 1 True True 2 True True 0 True True 0 True True 1 True True False Main Tab False tab True False True False 0 Enter name of application or user role: True False False 5 0 True False 3 3 12 6 True False 0 Name GTK_FILL True True Enter complete path for executable to be confined. • False False True True 1 2 1 2 ... True True False True 2 3 1 2 GTK_FILL True True Enter unique name for the confined application or user role. • False False True True 1 3 True False 0 Executable 1 2 GTK_FILL True False 0 Init script 2 3 GTK_FILL True True Enter complete path to init script used to start the confined application. • False False True True 1 2 2 3 ... True True False True 2 3 2 3 GTK_FILL True True 1 1 True False Name Tab 1 False tab True False True False 0 Select existing role to modify: True False False 5 0 True True automatic automatic in True True Select the user roles that will transiton to the %s domain. False True True 1 2 True False role tab 2 False tab True False True False 0 Select roles that %s will transition to: True False False 5 0 True True True True Select applications domains that %s will transition to. False True True 1 3 True False transition role tab 3 False tab True False True False 0 Select the user_roles that will transition to %s: True False False 5 0 True True True True Select the user roles that will transiton to this applications domains. False True True 1 4 True False User Tab 4 False tab True False True False 0 Select domains that %s will administer: True False False 5 0 True True True True Select the domains that you would like this user administer. False True True 1 5 True False Admin Tab 5 False tab True False True False 0 Select additional roles for %s: True False False 5 0 True True True True Select the domains that you would like this user administer. False True True 1 6 True False Roles Tab 6 False tab True False True False 0 Enter network ports that %s binds on: True False False 5 0 True False 6 True False 0 TCP Ports True False False 0 True False True False False False 0 True False 6 True False 12 All True True False Allows %s to bind to any udp port True True False False 10 0 600-1024 True True False Allow %s to call bindresvport with 0. Binding to port 600-1024 True True False False 10 1 Unreserved Ports (>1024) True True False Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660 True True False False 10 2 True True 0 True False 12 True False 0 Select Ports False False 5 0 True True Allows %s to bind to any udp ports > 1024 • False False True True True True 1 True True 1 True True 1 True True 1 True True 1 True False 6 True False 0 UDP Ports True False False 0 True False True False False False 0 True False 6 True False 12 All True True False Allows %s to bind to any udp port True True False False 10 0 600-1024 True True False Allow %s to call bindresvport with 0. Binding to port 600-1024 True True False False 10 1 Unreserved Ports (>1024) True True False Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660 True True False False 10 2 True True 0 True False 12 True False 0 Select Ports False False 5 0 True True Allows %s to bind to any udp ports > 1024 • False False True True True True 1 True True 1 True True 1 True True 1 True True 2 7 True False Network Bind tab 7 False tab True False True False 0 Select network ports that %s connects to: True False False 5 0 True False 6 True False 0 TCP Ports True False False 0 True False True False False False 0 True False 12 All True True False Allows %s to connect to any tcp port True True False False 10 0 True False 0 Select Ports False False 5 1 True True Enter a comma separated list of tcp ports or ranges of ports that %s connects to. Example: 612, 650-660 • False False True True True True 2 True True 1 True True 1 True True 1 True False 6 True False 0 UDP Ports True False False 0 True False True False False False 0 True False 12 All True True False Allows %s to connect to any udp port True True False False 10 0 True False 0 Select Ports False False 5 1 True True Enter a comma separated list of udp ports or ranges of ports that %s connects to. Example: 612, 650-660 • False False True True True True 2 True True 1 True True 1 True True 2 8 True False Network Connect Tab 8 False tab True False True False 0 Select common application traits for %s: True False False 5 0 True False 6 Writes syslog messages True True False True True False False 0 Create/Manipulate temporary files in /tmp True True False True True False False 1 Uses Pam for authentication True True False True True False False 2 Uses nsswitch or getpw* calls True True False True True False False 3 Uses dbus True True False True True False False 4 Sends audit messages True True False True True False False 5 Interacts with the terminal True True False True True False False 6 Sends email True True False True True False False 7 True True 1 9 True False Common Tab 9 False tab True False True False 0 Add files/directories that %s manages True False False 5 0 True False 12 True False 6 True True False True False 0 0 True False 2 True False gtk-add False False 0 True False Add File True False False 1 False False 0 True True False True False 0 0 True False 2 True False gtk-add False False 0 True False Add Directory True False False 1 False False 1 gtk-delete True True False True False False 2 False False 4 0 True True automatic automatic in True True Files/Directories which the %s "manages". Pid Files, Log Files, /var/lib Files ... False True True 1 True True 1 10 True False Add Tab 10 False tab True False True False 0 Add booleans from the %s policy: True False False 5 0 True False 12 True False 6 True True False True False 0 0 True False 2 True False gtk-add False False 0 True False Add Boolean True False False 1 False False 0 gtk-delete True True False True False False 1 False True 4 0 True True automatic automatic in True True Add/Remove booleans used by the %s domain True True 1 True True 1 11 True False 11 False tab True False True False 0 Which directory you will generate the %s policy? True False False 0 True False 12 True False Policy Directory False False 5 0 True True • False False True True True True 1 ... True True False True False False 2 False False 12 1 12 True False 12 False tab True True 0 True False end gtk-cancel True True True False True False False 0 gtk-go-back True True True False True False False 1 gtk-go-forward True True True False True False False 2 False False 5 1