]>
Commit | Line | Data |
---|---|---|
3002f9ae SS |
1 | # Authors: Jason Tang <jtang@tresys.com> |
2 | # | |
3 | # Copyright (C) 2004-2005 Tresys Technology, LLC | |
4 | # | |
5 | # This library is free software; you can redistribute it and/or | |
6 | # modify it under the terms of the GNU Lesser General Public | |
7 | # License as published by the Free Software Foundation; either | |
8 | # version 2.1 of the License, or (at your option) any later version. | |
9 | # | |
10 | # This library is distributed in the hope that it will be useful, | |
11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 | # Lesser General Public License for more details. | |
14 | # | |
15 | # You should have received a copy of the GNU Lesser General Public | |
16 | # License along with this library; if not, write to the Free Software | |
17 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
18 | # | |
19 | # Specify how libsemanage will interact with a SELinux policy manager. | |
20 | # The four options are: | |
21 | # | |
22 | # "source" - libsemanage manipulates a source SELinux policy | |
23 | # "direct" - libsemanage will write directly to a module store. | |
24 | # /foo/bar - Write by way of a policy management server, whose | |
25 | # named socket is at /foo/bar. The path must begin | |
26 | # with a '/'. | |
27 | # foo.com:4242 - Establish a TCP connection to a remote policy | |
28 | # management server at foo.com. If there is a colon | |
29 | # then the remainder is interpreted as a port number; | |
30 | # otherwise default to port 4242. | |
31 | module-store = direct | |
32 | ||
33 | # When generating the final linked and expanded policy, by default | |
34 | # semanage will set the policy version to POLICYDB_VERSION_MAX, as | |
35 | # given in <sepol/policydb.h>. Change this setting if a different | |
36 | # version is necessary. | |
37 | #policy-version = 19 | |
38 | ||
39 | # expand-check check neverallow rules when executing all semanage commands. | |
40 | # Large penalty in time if you turn this on. | |
41 | expand-check=0 | |
42 | ||
43 | # usepasswd check tells semanage to scan all pass word records for home directories | |
44 | # and setup the labeling correctly. If this is turned off, SELinux will label /home | |
45 | # correctly only. You will need to use semanage fcontext command. | |
46 | # For example, if you had home dirs in /althome directory you would have to execute | |
47 | # semanage fcontext -a -e /home /althome | |
48 | usepasswd=False | |
0a80ab86 SS |
49 | bzip-small=true |
50 | bzip-blocksize=5 |