libsemanage/semanage.conf

   1 # Authors: Jason Tang <jtang@tresys.com>
   2 #
   3 # Copyright (C) 2004-2005 Tresys Technology, LLC
   4 #
   5 #  This library is free software; you can redistribute it and/or
   6 #  modify it under the terms of the GNU Lesser General Public
   7 #  License as published by the Free Software Foundation; either
   8 #  version 2.1 of the License, or (at your option) any later version.
   9 #
  10 #  This library is distributed in the hope that it will be useful,
  11 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13 #  Lesser General Public License for more details.
  14 #
  15 #  You should have received a copy of the GNU Lesser General Public
  16 #  License along with this library; if not, write to the Free Software
  17 #  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  18 #
  19 # Specify how libsemanage will interact with a SELinux policy manager.
  20 # The four options are:
  21 #
  22 #  "source"     - libsemanage manipulates a source SELinux policy
  23 #  "direct"     - libsemanage will write directly to a module store.
  24 #  /foo/bar     - Write by way of a policy management server, whose
  25 #                 named socket is at /foo/bar.  The path must begin
  26 #                 with a '/'.
  27 #  foo.com:4242 - Establish a TCP connection to a remote policy
  28 #                 management server at foo.com.  If there is a colon
  29 #                 then the remainder is interpreted as a port number;
  30 #                 otherwise default to port 4242.
  31 module-store = direct
  32
  33 # When generating the final linked and expanded policy, by default
  34 # semanage will set the policy version to POLICYDB_VERSION_MAX, as
  35 # given in <sepol/policydb.h>.  Change this setting if a different
  36 # version is necessary.
  37 #policy-version = 19
  38
  39 # expand-check check neverallow rules when executing all semanage commands.
  40 # Large penalty in time if you turn this on.
  41 expand-check=0
  42
  43 # usepasswd check tells semanage to scan all pass word records for home directories
  44 # and setup the labeling correctly.  If this is turned off, SELinux will label /home
  45 # correctly only.  You will need to use semanage fcontext command.
  46 # For example, if you had home dirs in /althome directory you would have to execute
  47 # semanage fcontext -a -e /home /althome
  48 usepasswd=False