\u8ad6\u7406\u30d1\u30e9\u30e1\u30fc\u30bf\u540d\u72b6\u614b\u521d\u671f\u5024\u8aac\u660eabrt_anon_write00ABRT \u304c\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u306a\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u306b\u4f7f\u7528\u3055\u308c\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow ABRT to modify public files used for public file transfer services.abrt_handle_event00ABRT \u30a4\u30d9\u30f3\u30c8\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u51e6\u7406\u304c\u3067\u304d\u308b\u3088\u3046\u3001abrt_handle_event_t domain \u30c9\u30e1\u30a4\u30f3\u3067\u306e ABRT \u306e\u5b9f\u884c\u3092\u8a31\u53ef\u3059\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether ABRT can run in the abrt_handle_event_t domain to handle ABRT event scripts.abrt_upload_watch_anon_write11\/var\/spool\/abrt-upload\/ \u5185\u306e\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u306b\u4f7f\u7528\u3055\u308c\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u306e\u5909\u66f4\u3092\u3001abrt-handle-upload \u306b\u8a31\u53ef\u3059\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether abrt-handle-upload can modify public files used for public file transfer services in \/var\/spool\/abrt-upload\/.antivirus_can_scan_system00\u30a6\u30a4\u30eb\u30b9\u5bfe\u7b56\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u304c\u3001\u30b7\u30b9\u30c6\u30e0\u306b\u3042\u308b\u975e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u8fbc\u3080\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow antivirus programs to read non security files on a systemantivirus_use_jit00\u30a6\u30a4\u30eb\u30b9\u5bfe\u7b56\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u304c\u3001JIT \u30b3\u30f3\u30d1\u30a4\u30e9\u30fc\u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether can antivirus programs use JIT compiler.auditadm_exec_content11Allow auditadm to exec content
\nAllow auditadm to exec contentauthlogin_nsswitch_use_ldap00\u30e6\u30fc\u30b6\u30fc\u304c SSSD \u30b5\u30fc\u30d0\u30fc\u3092\u4ecb\u3055\u305a\u3001LDAP \u304b\u3089\u76f4\u63a5\u30e6\u30fc\u30b6\u30fc passwd \u30a8\u30f3\u30c8\u30ea\u30fc\u3092\u89e3\u6c7a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow users to resolve user passwd entries directly from ldap rather then using a sssd serverauthlogin_radius00\u30e6\u30fc\u30b6\u30fc\u304c\u3001RADIUS \u30b5\u30fc\u30d0\u30fc\u3092\u4f7f\u7528\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow users to login using a radius serverauthlogin_yubikey00\u30e6\u30fc\u30b6\u30fc\u304c yubikey OTP \u30b5\u30fc\u30d0\u30fc\u3092\u4f7f\u7528\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3053\u3068\u3001\u307e\u305f\u306f\u5fdc\u7b54\u30e2\u30fc\u30c9\u306b\u30c1\u30e3\u30ec\u30f3\u30b8\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow users to login using a yubikey OTP server or challenge response modeawstats_purge_apache_log_files00awstats \u304c httpd \u30ed\u30b0\u30d5\u30a1\u30a4\u30eb\u3092\u30d1\u30fc\u30b8\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether awstats can purge httpd log files.boinc_execmem11boinc \u306b\u3088\u308b xecmem \u307e\u305f\u306f execstack \u3092\u8a31\u53ef\u3059\u308b\u304b\u3069\u3046\u304b\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether boinc can execmem\/execstack.cdrecord_read_content00cdrecord \u304c\u3055\u307e\u3056\u307e\u306a\u5185\u5bb9\u3092\u8aad\u307f\u53d6\u308a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002NFS\u3001Samba\u3001\u30ea\u30e0\u30fc\u30d0\u30d6\u30eb\u30c7\u30d0\u30a4\u30b9\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u4e00\u6642\u9818\u57df\u304a\u3088\u3073\u4fe1\u983c\u3055\u308c\u3066\u3044\u306a\u3044\u5185\u5bb9\u306e\u30d5\u30a1\u30a4\u30eb\u3002
\nDetermine whether cdrecord can read various content. nfs, samba, removable devices, user temp and untrusted content filescluster_can_network_connect00\u30af\u30e9\u30b9\u30bf\u30fc\u7ba1\u7406\u30c9\u30e1\u30a4\u30f3\u304c TCP \u3092\u4f7f\u7528\u3057\u3066\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow cluster administrative domains to connect to the network using TCP.cluster_manage_all_files00\u30af\u30e9\u30b9\u30bf\u30fc\u7ba1\u7406\u30c9\u30e1\u30a4\u30f3\u304c\u30b7\u30b9\u30c6\u30e0\u306b\u3042\u308b\u3059\u3079\u3066\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow cluster administrative domains to manage all files on a system.cluster_use_execmem00\u30af\u30e9\u30b9\u30bf\u30fc\u7ba1\u7406\u30c9\u30e1\u30a4\u30f3\u306e memcheck-amd64- \u304c\u5b9f\u884c\u53ef\u80fd\u306a\u30e1\u30e2\u30ea\u30fc\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow cluster administrative cluster domains memcheck-amd64- to use executable memorycobbler_anon_write00Cobbler \u304c\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u306b\u4f7f\u7528\u3055\u308c\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Cobbler can modify public files used for public file transfer services.cobbler_can_network_connect00Cobbler \u304c TCP \u3092\u4f7f\u7528\u3057\u3066\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Cobbler can connect to the network using TCP.cobbler_use_cifs00Cobbler \u304c CIFS \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Cobbler can access cifs file systems.cobbler_use_nfs00Cobbler \u304c NFS \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Cobbler can access nfs file systems.collectd_tcp_network_connect00collectd \u304c TCP \u3092\u4f7f\u7528\u3057\u3066\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether collectd can connect to the network using TCP.condor_tcp_network_connect00Condor \u304c TCP \u3092\u4f7f\u7528\u3057\u3066\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Condor can connect to the network using TCP.conman_can_network00conman \u304c\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether conman can connect to all TCP portsconman_use_nfs00conman \u304c nfs \u30d5\u30a1\u30a4\u30eb\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow conman to manage nfs filescontainer_connect_any00docker \u304c\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether docker can connect to all TCP ports.cron_can_relabel00\u30b7\u30b9\u30c6\u30e0\u306e cron \u30b8\u30e7\u30d6\u304c\u30d5\u30a1\u30a4\u30eb\u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u5fa9\u5143\u306e\u305f\u3081\u3001\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306e\u30e9\u30d9\u30eb\u3092\u3064\u3051\u76f4\u3059\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow system cron jobs to relabel filesystem for restoring file contexts.cron_system_cronjob_use_shares00NFS\u3001CIFS \u307e\u305f\u306f FUSE \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3067\u3001\u30b7\u30b9\u30c6\u30e0\u306b\u3088\u308b cronjob \u306e\u5b9f\u884c\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow system cronjob to be executed on on NFS, CIFS or FUSE filesystem.cron_userdomain_transition11\u6c4e\u7528\u306e cronjob \u30c9\u30e1\u30a4\u30f3\u5185\u306e\u30b8\u30e7\u30d6\u3068\u306f\u5225\u306b\u3001\u30e6\u30fc\u30b6\u30fc\u30c9\u30e1\u30a4\u30f3\u5185\u306e\u30b8\u30e7\u30d6\u306e\u5b9f\u884c\u3092 crond \u306b\u8a31\u53ef\u3059\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether crond can execute jobs in the user domain as opposed to the the generic cronjob domain.cups_execmem00cups \u306e execmem \u3068 execstack \u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow cups execmem\/execstackcvs_read_shadow00cvs \u304c shadow \u30d1\u30b9\u30ef\u30fc\u30c9\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u8fbc\u3081\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether cvs can read shadow password files.daemons_dump_core00\u3059\u3079\u3066\u306e\u30c7\u30fc\u30e2\u30f3\u304c \/ \u306b\u30b3\u30a2\u30d5\u30a1\u30a4\u30eb\u3092\u66f8\u304d\u8fbc\u3080\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow all daemons to write corefiles to \/daemons_enable_cluster_mode00\u30c7\u30fc\u30e2\u30f3\u306e\u30af\u30e9\u30b9\u30bf\u30fc\u30e2\u30fc\u30c9\u3092\u6709\u52b9\u306b\u3057\u307e\u3059\u3002
\nEnable cluster mode for daemons.daemons_use_tcp_wrapper00\u3059\u3079\u3066\u306e\u30c7\u30fc\u30e2\u30f3\u304c tcp wrappers \u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow all daemons to use tcp wrappers.daemons_use_tty00\u3059\u3079\u3066\u306e\u30c7\u30fc\u30e2\u30f3\u304c\u7aef\u672b\u3092\u8aad\u307f\u66f8\u304d\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow all daemons the ability to read\/write terminalsdbadm_exec_content11Allow dbadm to exec content
\nAllow dbadm to exec contentdbadm_manage_user_files00dbadm \u304c\u4e00\u822c\u7684\u306a\u30e6\u30fc\u30b6\u30fc\u30d5\u30a1\u30a4\u30eb\u3092\u7ba1\u7406\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether dbadm can manage generic user files.dbadm_read_user_files00dbadm \u304c\u4e00\u822c\u7684\u306a\u30e6\u30fc\u30b6\u30fc\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u8fbc\u3081\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether dbadm can read generic user files.deny_execmem00\u30e6\u30fc\u30b6\u30fc\u30c9\u30e1\u30a4\u30f3\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u3088\u308b\u30e1\u30e2\u30ea\u30fc\u9818\u57df\u306e\u30de\u30c3\u30d4\u30f3\u30b0\u3092\u3001\u5b9f\u884c\u53ef\u80fd\u3068\u66f8\u304d\u8fbc\u307f\u53ef\u80fd\u306e\u4e21\u65b9\u3067\u884c\u3046\u3053\u3068\u3092\u62d2\u5426\u3057\u307e\u3059\u3002 \u3053\u308c\u306f\u975e\u5e38\u306b\u5371\u967a\u3067\u3059\u306e\u3067\u3001 \u5b9f\u884c\u53ef\u80fd\u30d5\u30a1\u30a4\u30eb\u306b\u3064\u3044\u3066\u306f Bugzilla \u306b\u5831\u544a\u3057\u3066\u304f\u3060\u3055\u3044\u3002
\nDeny user domains applications to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilladeny_ptrace00\u3059\u3079\u3066\u306e\u30d7\u30ed\u30bb\u30b9\u304c\u3001\u4ed6\u306e\u3059\u3079\u3066\u306e\u30d7\u30ed\u30bb\u30b9\u3092 ptrace \u307e\u305f\u306f\u30c7\u30d0\u30c3\u30b0\u3059\u308b\u3053\u3068\u3092\u62d2\u5426\u3057\u307e\u3059\u3002
\nDeny any process from ptracing or debugging any other processes.dhcpc_exec_iptables00dhcpc \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30b3\u30de\u30f3\u30c9\u304c iptables \u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow dhcpc client applications to execute iptables commandsdhcpd_use_ldap00DHCP \u30c7\u30fc\u30e2\u30f3\u304c LDAP \u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether DHCP daemon can use LDAP backends.domain_can_mmap_files11file_type \u5c5e\u6027\u3092\u6301\u3064\u30b7\u30b9\u30c6\u30e0\u4e0a\u306e\u3059\u3079\u3066\u306e\u30d5\u30a1\u30a4\u30eb\u3092 mmap \u3059\u308b\u3059\u3079\u3066\u306e\u30d7\u30ed\u30bb\u30b9\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow any process to mmap any file on system with attribute file_type.domain_can_write_kmsg00systemd.log_target=kmsg \u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3067\u30ab\u30fc\u30cd\u30eb\u3092\u5b9f\u884c\u4e2d\u306b\u3001\u3059\u3079\u3066\u306e\u30c9\u30e1\u30a4\u30f3\u304c kmsg_device \u306b\u66f8\u304d\u8fbc\u3080\u3053\u3068\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow all domains write to kmsg_device, while kernel is executed with systemd.log_target=kmsg parameter.domain_fd_use11\u3059\u3079\u3066\u306e\u30c9\u30e1\u30a4\u30f3\u304c\u4ed6\u306e\u30c9\u30e1\u30a4\u30f3\u306e\u30d5\u30a1\u30a4\u30eb\u8a18\u8ff0\u5b50\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow all domains to use other domains file descriptorsdomain_kernel_load_modules00\u3059\u3079\u3066\u306e\u30c9\u30e1\u30a4\u30f3\u304c\u30ab\u30fc\u30cd\u30eb\u306e\u30ed\u30fc\u30c9\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u6301\u3064\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow all domains to have the kernel load modulesentropyd_use_audio11entropyd \u304c\u3001\u30a8\u30f3\u30c8\u30ed\u30d4\u30fc\u30d5\u30a3\u30fc\u30c9\u306e\u30bd\u30fc\u30b9\u3068\u3057\u3066\u3001\u30aa\u30fc\u30c7\u30a3\u30aa\u30c7\u30d0\u30a4\u30b9\u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether entropyd can use audio devices as the source for the entropy feeds.exim_can_connect_db00exim \u304c\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether exim can connect to databases.exim_manage_user_files00exim \u304c\u4e00\u822c\u7684\u306a\u5185\u5bb9\u306e\u30e6\u30fc\u30b6\u30fc\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3001\u8aad\u307f\u53d6\u308a\u3001\u66f8\u304d\u8fbc\u307f\u3001\u304a\u3088\u3073\u524a\u9664\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether exim can create, read, write, and delete generic user content files.exim_read_user_files00exim \u304c\u4e00\u822c\u7684\u306a\u5185\u5bb9\u306e\u30e6\u30fc\u30b6\u30fc\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u8fbc\u3081\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether exim can read generic user content files.fcron_crond00fcron \u306b\u5bfe\u5fdc\u3059\u308b\u305f\u3081\u3001cron \u30c9\u30e1\u30a4\u30f3\u5185\u3067\u8ffd\u52a0\u306e\u30eb\u30fc\u30eb\u3092\u6709\u52b9\u306b\u3057\u307e\u3059\u3002
\nEnable extra rules in the cron domain to support fcron.fenced_can_network_connect00fenced \u304c TCP \u3092\u4f7f\u7528\u3057\u3066\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether fenced can connect to the TCP network.fenced_can_ssh00fenced \u304c SSH \u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether fenced can use ssh.fips_mode11\u3059\u3079\u3066\u306e\u30c9\u30e1\u30a4\u30f3\u304c fips_mode \u3067\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow all domains to execute in fips_modeftpd_anon_write00ftpd \u304c\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u306b\u4f7f\u7528\u3055\u308c\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304a\u3088\u3073\u30d5\u30a1\u30a4\u30eb\u306e\u30e9\u30d9\u30eb\u306f public_content_rw_t \u306b\u3057\u306a\u3051\u308c\u3070\u306a\u308a\u307e\u305b\u3093\u3002
\nDetermine whether ftpd can modify public files used for public file transfer services. Directories\/Files must be labeled public_content_rw_t.ftpd_connect_all_unreserved00ftpd \u304c\u3001\u4e88\u7d04\u3055\u308c\u3066\u3044\u306a\u3044\u3059\u3079\u3066\u306e\u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether ftpd can connect to all unreserved ports.ftpd_connect_db00ftpd \u304c TCP \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u7d4c\u7531\u3067\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether ftpd can connect to databases over the TCP network.ftpd_full_access00ftpd \u304c\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u306b\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u3001DAC \u304c\u7ba1\u7406\u3059\u308b\u30b7\u30b9\u30c6\u30e0\u306b\u3042\u308b\u3059\u3079\u3066\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u66f8\u304d\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether ftpd can login to local users and can read and write all files on the system, governed by DAC.ftpd_use_cifs00ftpd \u304c\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u306b\u4f7f\u7528\u3055\u308c\u308b CIFS \u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether ftpd can use CIFS used for public file transfer services.ftpd_use_fusefs00ftpd \u306b\u3088\u308b ntfs \u30dc\u30ea\u30e5\u30fc\u30e0\u307e\u305f\u306f fusefs \u30dc\u30ea\u30e5\u30fc\u30e0\u306e\u4f7f\u7528\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow ftpd to use ntfs\/fusefs volumes.ftpd_use_nfs00ftpd \u304c\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u306b\u4f7f\u7528\u3055\u308c\u308b NFS \u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether ftpd can use NFS used for public file transfer services.ftpd_use_passive_mode00ftpd \u304c\u3001\u4e88\u7d04\u3055\u308c\u3066\u3044\u306a\u3044\u3059\u3079\u3066\u306e\u30dd\u30fc\u30c8\u306b\u3001\u30d1\u30c3\u30b7\u30d6\u30e2\u30fc\u30c9\u3067\u30d0\u30a4\u30f3\u30c9\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether ftpd can bind to all unreserved ports for passive mode.ganesha_use_fusefs00Allow ganesha to read\/write fuse files
\nAllow ganesha to read\/write fuse filesgit_cgi_enable_homedirs00Git CGI \u306b\u3088\u308b\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u691c\u7d22\u304c\u53ef\u80fd\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Git CGI can search home directories.git_cgi_use_cifs00Git CGI \u306b\u3088\u308b cifs \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3078\u306e\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Git CGI can access cifs file systems.git_cgi_use_nfs00Git CGI \u306b\u3088\u308b nfs \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3078\u306e\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Git CGI can access nfs file systems.git_session_bind_all_unreserved_ports00Git \u30bb\u30c3\u30b7\u30e7\u30f3\u30c7\u30fc\u30e2\u30f3\u304c\u3001\u4e88\u7d04\u3055\u308c\u3066\u3044\u306a\u3044\u3059\u3079\u3066\u306e\u30dd\u30fc\u30c8\u306b\u3001TCP \u30bd\u30b1\u30c3\u30c8\u3092\u30d0\u30a4\u30f3\u30c9\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Git session daemon can bind TCP sockets to all unreserved ports.git_session_users00\u30e6\u30fc\u30b6\u30fc\u30c9\u30e1\u30a4\u30f3\u3092\u547c\u3073\u51fa\u3057\u3066\u3001git_session_t domain \u3067 Git \u30c7\u30fc\u30e2\u30f3\u3092\u5b9f\u884c\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether calling user domains can execute Git daemon in the git_session_t domain.git_system_enable_homedirs00Git \u30b7\u30b9\u30c6\u30e0\u30c7\u30fc\u30e2\u30f3\u306b\u3088\u308b\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u691c\u7d22\u304c\u53ef\u80fd\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Git system daemon can search home directories.git_system_use_cifs00Git \u30b7\u30b9\u30c6\u30e0\u30c7\u30fc\u30e2\u30f3\u306b\u3088\u308b cifs \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3078\u306e\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Git system daemon can access cifs file systems.git_system_use_nfs00Git \u30b7\u30b9\u30c6\u30e0\u30c7\u30fc\u30e2\u30f3\u306b\u3088\u308b nfs \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3078\u306e\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Git system daemon can access nfs file systems.gitosis_can_sendmail00Gitosis \u304c\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Gitosis can send mail.glance_api_can_network00glance-api \u304c\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether glance-api can connect to all TCP portsglance_use_execmem00glance \u30c9\u30e1\u30a4\u30f3\u304c\u3001\u5b9f\u884c\u53ef\u80fd\u306a\u30e1\u30e2\u30ea\u304a\u3088\u3073\u5b9f\u884c\u53ef\u80fd\u306a\u30b9\u30bf\u30c3\u30af\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow glance domain to use executable memory and executable stackglance_use_fusefs00glance \u30c9\u30e1\u30a4\u30f3\u304c fuse \u30d5\u30a1\u30a4\u30eb\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow glance domain to manage fuse filesglobal_ssp00\u5168\u30c9\u30e1\u30a4\u30f3\u306b\u5bfe\u3057\u3066 urandom \u306e\u8aad\u307f\u53d6\u308a\u3092\u6709\u52b9\u306b\u3057\u307e\u3059\u3002
\nEnable reading of urandom for all domains.gluster_anon_write00glusterfsd \u304c\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u306b\u4f7f\u7528\u3059\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002 \u30d5\u30a1\u30a4\u30eb\u304a\u3088\u3073\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u30e9\u30d9\u30eb\u306f public_content_rw_t \u3067\u306a\u3051\u308c\u3070\u306a\u308a\u307e\u305b\u3093\u3002
\nAllow glusterfsd to modify public files used for public file transfer services. Files\/Directories must be labeled public_content_rw_t.gluster_export_all_ro00glusterfsd \u304c\u3001\u3059\u3079\u3066\u306e\u30d5\u30a1\u30a4\u30eb\u304a\u3088\u3073\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u3001\u8aad\u307f\u53d6\u308a\u5c02\u7528\u3067\u5171\u6709\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow glusterfsd to share any file\/directory read only.gluster_export_all_rw11glusterfsd \u304c\u3001\u3059\u3079\u3066\u306e\u30d5\u30a1\u30a4\u30eb\u304a\u3088\u3073\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u3001\u8aad\u307f\u66f8\u304d\u53ef\u80fd\u3067\u5171\u6709\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow glusterfsd to share any file\/directory read\/write.gluster_use_execmem00glusterd_t \u30c9\u30e1\u30a4\u30f3\u304c\u3001\u5b9f\u884c\u53ef\u80fd\u306a\u30e1\u30e2\u30ea\u30fc\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow glusterd_t domain to use executable memorygpg_web_anon_write00gpg web \u30c9\u30e1\u30a4\u30f3\u304c\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u306b\u4f7f\u7528\u3055\u308c\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow gpg web domain to modify public files used for public file transfer services.gssd_read_tmp11gssd \u304c\u3001\u4e00\u6642\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u8868\u793a\u3057\u3001kerberos \u8a8d\u8a3c\u60c5\u5831\u306e\u30ad\u30e3\u30c3\u30b7\u30e5\u3092\u8aad\u307f\u8fbc\u3080\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow gssd to list tmp directories and read the kerberos credential cache.guest_exec_content11Allow guest to exec content
\nAllow guest to exec contenthaproxy_connect_any00haproxy \u304c\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether haproxy can connect to all TCP ports.httpd_anon_write00Apache \u304c\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u306b\u4f7f\u7528\u3055\u308c\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u304a\u3088\u3073\u30d5\u30a1\u30a4\u30eb\u306e\u30e9\u30d9\u30eb\u306f public_content_rw_t \u306b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
\nAllow Apache to modify public files used for public file transfer services. Directories\/Files must be labeled public_content_rw_t.httpd_builtin_scripting11httpd \u304c\u7d44\u307f\u8fbc\u307f\u30b9\u30af\u30ea\u30d7\u30c8 (\u4e00\u822c\u7684\u306b PHP) \u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to use built in scripting (usually php)httpd_can_check_spam00httpd \u30c7\u30fc\u30e2\u30f3\u304c\u8ff7\u60d1\u30e1\u30fc\u30eb\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow http daemon to check spamhttpd_can_connect_ftp00httpd \u304c\u3001FTP \u30dd\u30fc\u30c8\u3068\u4e00\u6642\u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3059\u308b FTP \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u3057\u3066\u52d5\u4f5c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to act as a FTP client connecting to the ftp port and ephemeral portshttpd_can_connect_ldap00httpd \u304c LDAP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to connect to the ldap porthttpd_can_connect_mythtv00HTTP \u30c7\u30fc\u30e2\u30f3\u304c mythtv \u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow http daemon to connect to mythtvhttpd_can_connect_zabbix00HTTP \u30c7\u30fc\u30e2\u30f3\u304c Zabbix \u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow http daemon to connect to zabbixhttpd_can_network_connect00httpd \u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3068\u30e2\u30b8\u30e5\u30fc\u30eb\u304c\u3001TCP \u3092\u4f7f\u7528\u3059\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow HTTPD scripts and modules to connect to the network using TCP.httpd_can_network_connect_cobbler00https \u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3068\u30e2\u30b8\u30e5\u30fc\u30eb\u304c\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u7d4c\u7531\u3067 cobbler \u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow HTTPD scripts and modules to connect to cobbler over the network.httpd_can_network_connect_db00httpd \u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3068\u30e2\u30b8\u30e5\u30fc\u30eb\u304c\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u7d4c\u7531\u3067\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow HTTPD scripts and modules to connect to databases over the network.httpd_can_network_memcache00httpd \u304c memcache \u30b5\u30fc\u30d0\u30fc\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to connect to memcache serverhttpd_can_network_relay00httpd \u304c\u30ea\u30ec\u30fc\u3068\u3057\u3066\u52d5\u4f5c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to act as a relayhttpd_can_sendmail00HTTP \u30c7\u30fc\u30e2\u30f3\u304c\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow http daemon to send mailhttpd_dbus_avahi00Apache \u304c\u3001dbus \u7d4c\u7531\u3067 avahi \u30b5\u30fc\u30d3\u30b9\u3068\u901a\u4fe1\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow Apache to communicate with avahi service via dbushttpd_dbus_sssd00Apache \u304c\u3001dbus \u7d4c\u7531\u3067 sssd \u30b5\u30fc\u30d3\u30b9\u3068\u901a\u4fe1\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow Apache to communicate with sssd service via dbushttpd_dontaudit_search_dirs00Dontaudit Apache \u304c\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u691c\u7d22\u3002
\nDontaudit Apache to search dirs.httpd_enable_cgi11httpd \u304c cgi \u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059
\nAllow httpd cgi supporthttpd_enable_ftp_server00httpd \u304c FTP \u30dd\u30fc\u30c8\u3092\u30ea\u30c3\u30b9\u30f3\u3057\u3001FTP \u30b5\u30fc\u30d0\u30fc\u3068\u3057\u3066\u52d5\u4f5c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to act as a FTP server by listening on the ftp port.httpd_enable_homedirs00httpd \u304c\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u8aad\u307f\u53d6\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to read home directorieshttpd_execmem00httpd \u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3068\u30e2\u30b8\u30e5\u30fc\u30eb\u304c\u3001execmem\/execstack \u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd scripts and modules execmem\/execstackhttpd_graceful_shutdown11HTTPD \u304c\u6b63\u3057\u304f\u30b7\u30e3\u30c3\u30c8\u30c0\u30a6\u30f3\u3059\u308b\u3088\u3046\u300180 \u756a\u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow HTTPD to connect to port 80 for graceful shutdownhttpd_manage_ipa00httpd \u30d7\u30ed\u30bb\u30b9\u304c IPA \u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd processes to manage IPA contenthttpd_mod_auth_ntlm_winbind00Apache \u304c mod_auth_ntlm_winbind \u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow Apache to use mod_auth_ntlm_winbindhttpd_mod_auth_pam00Apache \u304c mod_auth_pam \u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow Apache to use mod_auth_pamhttpd_read_user_content00httpd \u304c\u30e6\u30fc\u30b6\u30fc\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u8aad\u307f\u53d6\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to read user contenthttpd_run_ipa00httpd \u30d7\u30ed\u30bb\u30b9\u304c IPA \u30d8\u30eb\u30d1\u30fc\u3092\u8d77\u52d5\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd processes to run IPA helper.httpd_run_preupgrade00Apache \u304c preupgrade \u3092\u8d77\u52d5\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow Apache to run preupgradehttpd_run_stickshift00Apache \u304c\u30d1\u30c3\u30bb\u30f3\u30b8\u30e3\u30fc\u306b\u9077\u79fb\u3059\u308b\u3053\u3068\u306a\u304f\u3001stickshift \u30e2\u30fc\u30c9\u3067\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow Apache to run in stickshift mode, not transition to passengerhttpd_serve_cobbler_files00HTTPD \u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3068\u30e2\u30b8\u30e5\u30fc\u30eb\u304c cobbler \u30d5\u30a1\u30a4\u30eb\u3092\u51e6\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow HTTPD scripts and modules to server cobbler files.httpd_setrlimit00httpd \u30c7\u30fc\u30e2\u30f3\u304c\u30ea\u30bd\u30fc\u30b9\u306e\u5236\u9650\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd daemon to change its resource limitshttpd_ssi_exec00HTTPD \u304c\u3001\u30b7\u30b9\u30c6\u30e0 CGI \u30b9\u30af\u30ea\u30d7\u30c8\u3068\u540c\u3058\u30c9\u30e1\u30a4\u30f3\u3067\u3001SSI \u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow HTTPD to run SSI executables in the same domain as system CGI scripts.httpd_sys_script_anon_write00Apache \u30b9\u30af\u30ea\u30d7\u30c8\u304c\u30d1\u30d6\u30ea\u30c3\u30af\u30b3\u30f3\u30c6\u30f3\u30c4\u306b\u66f8\u304d\u8fbc\u3080\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3068\u30d5\u30a1\u30a4\u30eb\u306e\u30e9\u30d9\u30eb\u306f public_rw_content_t \u306b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
\nAllow apache scripts to write to public content, directories\/files must be labeled public_rw_content_t.httpd_tmp_exec00Apache \u304c tmp \u306e\u5185\u5bb9\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow Apache to execute tmp content.httpd_tty_comm00\u30bf\u30fc\u30df\u30ca\u30eb\u3068\u306e\u901a\u4fe1\u306e\u305f\u3081 HTTPD \u3092\u7d71\u4e00\u3057\u307e\u3059\u3002 \u30bf\u30fc\u30df\u30ca\u30eb\u3067\u8a3c\u660e\u66f8\u306e\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u5165\u529b\u3059\u308b\u969b\u306b\u5fc5\u8981\u306b\u306a\u308a\u307e\u3059\u3002
\nUnify HTTPD to communicate with the terminal. Needed for entering the passphrase for certificates at the terminal.httpd_unified00\u5168\u30b3\u30f3\u30c6\u30f3\u30c4\u30d5\u30a1\u30a4\u30eb\u306e HTTPD \u51e6\u7406\u3092\u7d71\u4e00\u3057\u307e\u3059\u3002
\nUnify HTTPD handling of all content files.httpd_use_cifs00httpd \u304c CIFS \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to access cifs file systemshttpd_use_fusefs00httpd \u304c FUSE \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to access FUSE file systemshttpd_use_gpg00httpd \u304c gpg \u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to run gpghttpd_use_nfs00httpd \u304c NFS \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to access nfs file systemshttpd_use_openstack00httpd \u304c OpenStack \u30dd\u30fc\u30c8\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to access openstack portshttpd_use_sasl00httpd \u304c SASL \u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow httpd to connect to saslhttpd_verify_dns00Apache \u304c NS \u30ec\u30b3\u30fc\u30c9\u3092\u30af\u30a8\u30ea\u30fc\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow Apache to query NS recordsicecast_use_any_tcp_ports00icecast \u304c\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u3092\u30ea\u30c3\u30b9\u30f3\u3067\u304d\u3001\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether icecast can listen on and connect to any TCP port.irc_use_any_tcp_ports00IRC \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u3001\u4e88\u7d04\u3055\u308c\u3066\u3044\u306a\u3044\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u3092\u30ea\u30c3\u30b9\u30f3\u3067\u304d\u3001\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether irc clients can listen on and connect to any unreserved TCP ports.irssi_use_full_network00\u3042\u3089\u3086\u308b\u30dd\u30fc\u30c8\u3078\u306e\u63a5\u7d9a\u3001\u304a\u3088\u3073\u4e88\u7d04\u3055\u308c\u3066\u3044\u306a\u3044\u30dd\u30fc\u30c8\u3078\u306e\u30d0\u30a4\u30f3\u30c9\u3092\u3001Irssi IRC \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow the Irssi IRC Client to connect to any port, and to bind to any unreserved port.kdumpgui_run_bootloader00bootloader_t \u5185\u3067\u306e\u30d6\u30fc\u30c8\u30ed\u30fc\u30c0\u30fc\u306e\u5b9f\u884c\u3092\u3001s-c-kdump \u306b\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow s-c-kdump to run bootloader in bootloader_t.keepalived_connect_any00keepalived \u304c\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether keepalived can connect to all TCP ports.kerberos_enabled11\u5236\u9650\u3055\u308c\u305f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c Kerberos \u3068\u3068\u3082\u306b\u52d5\u4f5c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined applications to run with kerberos.ksmtuned_use_cifs00ksmtuned \u304c CIFS\/Samba \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow ksmtuned to use cifs\/Samba file systemsksmtuned_use_nfs00ksmtuned \u304c NFS \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow ksmtuned to use nfs file systemslogadm_exec_content11Allow logadm to exec content
\nAllow logadm to exec contentlogging_syslogd_can_sendmail00syslogd \u30c7\u30fc\u30e2\u30f3\u304c\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow syslogd daemon to send maillogging_syslogd_run_nagios_plugins00syslogd \u304c nagios \u30d7\u30e9\u30b0\u30a4\u30f3\u3092\u547c\u3073\u51fa\u3059\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002\u3053\u308c\u306f\u3001omprog rsyslog \u30d7\u30e9\u30b0\u30a4\u30f3\u3067\u6709\u52b9\u306b\u3057\u307e\u3059\u3002
\nAllow syslogd the ability to call nagios plugins. It is turned on by omprog rsyslog plugin.logging_syslogd_use_tty11syslogd \u304c\u7aef\u672b\u3092\u8aad\u307f\u66f8\u304d\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow syslogd the ability to read\/write terminalslogin_console_enabled11\/dev\/console \u304b\u3089\u30ed\u30b0\u30a4\u30f3\u3057\u3001\u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow logging in and using the system from \/dev\/console.logrotate_read_inside_containers00logrotate \u304c\u5185\u90e8\u306e\u30ed\u30b0\u3092\u8aad\u307f\u53d6\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow logrotate to read logs insidelogrotate_use_nfs00logrotate \u304c NFS \u30d5\u30a1\u30a4\u30eb\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow logrotate to manage nfs fileslogwatch_can_network_connect_mail00\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u7d4c\u7531\u306b\u3088\u308b\u30e1\u30fc\u30eb\u3078\u306e\u63a5\u7d9a\u3092\u3001logwatch \u306b\u8a31\u53ef\u3059\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether logwatch can connect to mail over the network.lsmd_plugin_connect_any00lsmd_plugin \u304c\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether lsmd_plugin can connect to all TCP ports.mailman_use_fusefs00mailman \u304c FUSE \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow mailman to access FUSE file systemsmcelog_client00mcelog \u304c\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30e2\u30fc\u30c9\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether mcelog supports client mode.mcelog_exec_scripts11mcelog \u304c\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether mcelog can execute scripts.mcelog_foreground00mcelog \u304c\u3059\u3079\u3066\u306e\u30e6\u30fc\u30b6\u30fc tty \u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether mcelog can use all the user ttys.mcelog_server00mcelog \u304c\u30b5\u30fc\u30d0\u30fc\u30e2\u30fc\u30c9\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether mcelog supports server mode.minidlna_read_generic_user_content00minidlna \u306b\u3088\u308b\u6c4e\u7528\u306e\u30e6\u30fc\u30b6\u30fc\u30b3\u30f3\u30c6\u30f3\u30c4\u8aad\u307f\u8fbc\u307f\u3092\u8a31\u53ef\u3059\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether minidlna can read generic user content.mmap_low_allowed00\/proc\/sys\/vm\/mmap_min_addr \u3067\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u3088\u3046\u306b\u3001\u30a2\u30c9\u30ec\u30b9\u7a7a\u9593\u306e\u4e0b\u90e8\u306b mmap \u3059\u308b\u6a5f\u80fd\u3092\u5236\u5fa1\u3057\u307e\u3059\u3002
\nControl the ability to mmap a low area of the address space, as configured by \/proc\/sys\/vm\/mmap_min_addr.mock_enable_homedirs00mock \u304c\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u306b\u3042\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u8fbc\u3080\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow mock to read files in home directories.mount_anyfile11mount \u30b3\u30de\u30f3\u30c9\u304c\u3001\u3044\u304b\u306a\u308b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3068\u30d5\u30a1\u30a4\u30eb\u3092\u30de\u30a6\u30f3\u30c8\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow the mount commands to mount any directory or file.mozilla_plugin_bind_unreserved_ports00Mozilla \u30d7\u30e9\u30b0\u30a4\u30f3\u30c9\u30e1\u30a4\u30f3\u304c\u3001\u4e88\u7d04\u3055\u308c\u3066\u3044\u306a\u3044 tcp\/udp \u30dd\u30fc\u30c8\u3092\u30d0\u30a4\u30f3\u30c9\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow mozilla plugin domain to bind unreserved tcp\/udp ports.mozilla_plugin_can_network_connect00Mozilla \u30d7\u30e9\u30b0\u30a4\u30f3\u304c\u3001TCP \u3092\u4f7f\u7528\u3057\u3066\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow mozilla plugin domain to connect to the network using TCP.mozilla_plugin_use_bluejeans00Mozilla \u30d7\u30e9\u30b0\u30a4\u30f3\u304c Bluejeans \u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow mozilla plugin to use Bluejeans.mozilla_plugin_use_gps00Mozilla \u30d7\u30e9\u30b0\u30a4\u30f3\u304c GPS \u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow mozilla plugin to support GPS.mozilla_plugin_use_spice00Mozilla \u30d7\u30e9\u30b0\u30a4\u30f3\u304c SPICE \u30d7\u30ed\u30c8\u30b3\u30eb\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow mozilla plugin to support spice protocols.mozilla_read_content00\u5236\u9650\u3055\u308c\u305f Web \u30d6\u30e9\u30a6\u30b6\u30fc\u304c\u3001\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u8aad\u307f\u53d6\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined web browsers to read home directory contentmpd_enable_homedirs00mpd \u304c\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u306e\u4e0a\u4f4d\u3092\u53c2\u7167\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether mpd can traverse user home directories.mpd_use_cifs00mpd \u304c CIFS \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether mpd can use cifs file systems.mpd_use_nfs00mpd \u304c NFS \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether mpd can use nfs file systems.mplayer_execstack00mplayer \u304c\u3001\u5b9f\u884c\u53ef\u80fd\u306a\u30b9\u30bf\u30c3\u30af\u3092\u4f5c\u6210\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether mplayer can make its stack executable.mysql_connect_any00mysqld \u304c\u3001\u3059\u3079\u3066\u306e\u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow mysqld to connect to all portsnagios_run_pnp4nagios00nagios \u306e PNP4Nagios \u3068\u306e\u5b9f\u884c\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow nagios run in conjunction with PNP4Nagios.nagios_run_sudo00nagios\/nrpe \u304c\u3001NRPE utils \u30b9\u30af\u30ea\u30d7\u30c8\u304b\u3089 sudo \u3092\u547c\u3073\u51fa\u3059\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow nagios\/nrpe to call sudo from NRPE utils scripts.nagios_use_nfs00Nagios\u3001NRPE \u304c\u3001nfs \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Nagios, NRPE can access nfs file systems.named_tcp_bind_http_port00BIND \u304c\u3001TCP \u30bd\u30b1\u30c3\u30c8\u3092 HTTP \u30dd\u30fc\u30c8\u306b\u30d0\u30a4\u30f3\u30c9\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Bind can bind tcp socket to http ports.named_write_master_zones00BIND \u304c\u3001\u30de\u30b9\u30bf\u30fc\u30be\u30fc\u30f3\u30d5\u30a1\u30a4\u30eb\u306b\u66f8\u304d\u8fbc\u3081\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002\u3053\u308c\u306f\u901a\u5e38\u3001\u52d5\u7684 DNS \u307e\u305f\u306f\u30be\u30fc\u30f3\u8ee2\u9001\u306e\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002
\nDetermine whether Bind can write to master zone files. Generally this is used for dynamic DNS or zone transfers.neutron_can_network00neutron \u304c\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether neutron can connect to all TCP portsnfs_export_all_ro11\u3042\u3089\u3086\u308b\u30d5\u30a1\u30a4\u30eb\u3068\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u3001NFS \u7d4c\u7531\u3067\u8aad\u307f\u53d6\u308a\u5c02\u7528\u3068\u3057\u3066\u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u3055\u308c\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow any files\/directories to be exported read\/only via NFS.nfs_export_all_rw11\u3042\u3089\u3086\u308b\u30d5\u30a1\u30a4\u30eb\u3068\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u3001NFS \u7d4c\u7531\u3067\u8aad\u307f\u66f8\u304d\u7528\u3068\u3057\u3066\u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u3055\u308c\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow any files\/directories to be exported read\/write via NFS.nfsd_anon_write00NFS \u30b5\u30fc\u30d0\u30fc\u304c\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u306a\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u306b\u4f7f\u7528\u3055\u308c\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002\u30d5\u30a1\u30a4\u30eb\u3068\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u306f public_content_rw_t \u306e\u30e9\u30d9\u30eb\u304c\u4ed8\u3051\u3089\u308c\u3066\u3044\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
\nAllow nfs servers to modify public files used for public file transfer services. Files\/Directories must be labeled public_content_rw_t.nis_enabled00\u30b7\u30b9\u30c6\u30e0\u304c NIS \u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow system to run with NISnscd_use_shm11\u5236\u9650\u3055\u308c\u305f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c NSCD \u5171\u6709\u30e1\u30e2\u30ea\u30fc\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined applications to use nscd shared memory.openshift_use_nfs00openshift \u304c\u3001\u30e9\u30d9\u30eb\u7121\u3057\u3067 NFS \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow openshift to access nfs file systems without labelsopenvpn_can_network_connect11openvpn \u306b\u3088\u308b TCP \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3078\u306e\u63a5\u7d9a\u3092\u8a31\u53ef\u3059\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether openvpn can connect to the TCP network.openvpn_enable_homedirs11openvpn \u304c\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u306b\u3042\u308b\u4e00\u822c\u7684\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u8fbc\u3081\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether openvpn can read generic user home content files.openvpn_run_unconfined00openvpn \u304c\u5236\u9650\u306e\u306a\u3044\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3059\u308b\u306e\u3092\u8a31\u53ef\u3059\u308b
\nAllow openvpn to run unconfined scriptspcp_bind_all_unreserved_ports00unreserved_ports \u3078\u306e\u30d0\u30a4\u30f3\u30c9\u3092 pcp \u306b\u8a31\u53ef\u3059\u308b
\nAllow pcp to bind to all unreserved_portspcp_read_generic_logs00pcp \u304c\u4e00\u822c\u306e\u30ed\u30b0\u3092\u8aad\u307f\u53d6\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow pcp to read generic logspiranha_lvs_can_network_connect00piranha-lvs \u30c9\u30e1\u30a4\u30f3\u304c\u3001TCP \u3092\u4f7f\u7528\u3057\u3066\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow piranha-lvs domain to connect to the network using TCP.polipo_connect_all_unreserved00polipo \u304c\u30011024 \u4ee5\u4e0a\u306e\u3044\u304b\u306a\u308b\u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow polipo to connect to all ports > 1023polipo_session_bind_all_unreserved_ports00Polipo \u30bb\u30c3\u30b7\u30e7\u30f3\u30c7\u30fc\u30e2\u30f3\u304c\u3001TCP \u30bd\u30b1\u30c3\u30c8\u3092\u3001\u4e88\u7d04\u3057\u3066\u3044\u306a\u3044\u3059\u3079\u3066\u306e\u30dd\u30fc\u30c8\u306b\u30d0\u30a4\u30f3\u30c9\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Polipo session daemon can bind tcp sockets to all unreserved ports.polipo_session_users00\u547c\u3073\u51fa\u3057\u3066\u3044\u308b\u30e6\u30fc\u30b6\u30fc\u30c9\u30e1\u30a4\u30f3\u304c\u3001polipo_session_t \u30c9\u30e1\u30a4\u30f3\u306b\u304a\u3044\u3066 Polipo \u30c7\u30fc\u30e2\u30f3\u3092\u5b9f\u884c\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether calling user domains can execute Polipo daemon in the polipo_session_t domain.polipo_use_cifs00Polipo \u304c CIFS \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether polipo can access cifs file systems.polipo_use_nfs00Polipo \u304c NFS \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether Polipo can access nfs file systems.polyinstantiation_enabled00polyinstantiated \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u306e\u30b5\u30dd\u30fc\u30c8\u3092\u6709\u52b9\u306b\u3057\u307e\u3059\u3002
\nEnable polyinstantiated directory support.postfix_local_write_mail_spool11postfix_local \u30c9\u30e1\u30a4\u30f3\u304c\u3001mail_spool \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3078\u306e\u5b8c\u5168\u66f8\u304d\u8fbc\u307f\u30a2\u30af\u30bb\u30b9\u6a29\u3092\u6301\u3064\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow postfix_local domain full write access to mail_spool directoriespostgresql_can_rsync00PostgreSQL \u304c\u3001\u30dd\u30a4\u30f3\u30c8\u30a4\u30f3\u30bf\u30a4\u30e0\u30ea\u30ab\u30d0\u30ea\u30fc\u306b\u3001ssh \u3068 rsync \u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow postgresql to use ssh and rsync for point-in-time recoverypostgresql_selinux_transmit_client_label00\u7570\u7a2e\u306e\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30e9\u30d9\u30eb\u3092\u9077\u79fb\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow transmit client label to foreign databasepostgresql_selinux_unconfined_dbadm11\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u7ba1\u7406\u8005\u304c DML \u6587\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow database admins to execute DML statementpostgresql_selinux_users_ddl11\u975e\u7279\u6a29\u30e6\u30fc\u30b6\u30fc\u304c DDL \u6587\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow unprivileged users to execute DDL statementpppd_can_insmod00pppd \u304c\u3001\u7279\u5b9a\u30e2\u30c7\u30e0\u7528\u306b\u30ab\u30fc\u30cd\u30eb\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u30ed\u30fc\u30c9\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow pppd to load kernel modules for certain modemspppd_for_user00pppd \u304c\u3001\u901a\u5e38\u306e\u30e6\u30fc\u30b6\u30fc\u306b\u5b9f\u884c\u3055\u308c\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow pppd to be run for a regular userprivoxy_connect_any11privoxy \u304c\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether privoxy can connect to all tcp ports.prosody_bind_http_port00prosody \u304c Apache \u306e\u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002BOSH \u306e\u4f7f\u7528\u3092\u6709\u52b9\u306b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
\nPermit to prosody to bind apache port. Need to be activated to use BOSH.puppetagent_manage_all_files00Puppet \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u3059\u3079\u3066\u306e\u30d5\u30a1\u30a4\u30eb\u5f62\u5f0f\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow Puppet client to manage all file types.puppetmaster_use_db00Puppet \u30de\u30b9\u30bf\u30fc\u304c\u3001MySQL \u304a\u3088\u3073 PostgreSQL \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow Puppet master to use connect to MySQL and PostgreSQL databaseracoon_read_shadow00racoon \u304c shadow \u3092\u8aad\u307f\u53d6\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow racoon to read shadowradius_use_jit00radius \u304c JIT \u30b3\u30f3\u30d1\u30a4\u30e9\u30fc\u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether radius can use JIT compiler.redis_enable_notify00Redis \u304c\u3001redis-sentinal \u901a\u77e5\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow Redis to run redis-sentinal notification scripts.rpcd_use_fusefs00rpcd_t \u306b\u3088\u308b fuse \u30d5\u30a1\u30a4\u30eb\u306e\u7ba1\u7406\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow rpcd_t to manage fuse filesrsync_anon_write00rsync \u304c\u3001\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u306b\u4f7f\u7528\u3059\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002\u30d5\u30a1\u30a4\u30eb\u3068\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u306e\u30e9\u30d9\u30eb\u306f public_content_rw_t \u306b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
\nAllow rsync to modify public files used for public file transfer services. Files\/Directories must be labeled public_content_rw_t.rsync_client00rsync \u304c\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u3057\u3066\u52d5\u4f5c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow rsync to run as a clientrsync_export_all_ro00rsync \u304c\u3001\u3044\u304b\u306a\u308b\u30d5\u30a1\u30a4\u30eb\u304a\u3088\u3073\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u8aad\u307f\u53d6\u308a\u5c02\u7528\u3067\u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow rsync to export any files\/directories read only.rsync_full_access00rsync \u30b5\u30fc\u30d0\u30fc\u304c\u3001\u30b7\u30b9\u30c6\u30e0\u306b\u3042\u308b\u3059\u3079\u3066\u306e\u30d5\u30a1\u30a4\u30eb\u304a\u3088\u3073\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow rsync server to manage all files\/directories on the system.samba_create_home_dirs00Samba \u304c\u3001(PAM \u7d4c\u7531\u306a\u3069\u3067) \u65b0\u3057\u3044\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow samba to create new home directories (e.g. via PAM)samba_domain_controller00Samba \u304c\u3001\u30c9\u30e1\u30a4\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u3068\u3057\u3066\u52d5\u4f5c\u3057\u3001\u30e6\u30fc\u30b6\u30fc\u3068\u30b0\u30eb\u30fc\u30d7\u3092\u8ffd\u52a0\u3057\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow samba to act as the domain controller, add users, groups and change passwords.samba_enable_home_dirs00Samba \u304c\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u5171\u6709\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow samba to share users home directories.samba_export_all_ro00Samba \u304c\u3001\u3044\u304b\u306a\u308b\u30d5\u30a1\u30a4\u30eb\u3068\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u8aad\u307f\u53d6\u308a\u5c02\u7528\u3067\u5171\u6709\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow samba to share any file\/directory read only.samba_export_all_rw00Samba \u304c\u3001\u3044\u304b\u306a\u308b\u30d5\u30a1\u30a4\u30eb\u3068\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u8aad\u307f\u66f8\u304d\u53ef\u80fd\u3067\u5171\u6709\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow samba to share any file\/directory read\/write.samba_load_libgfapi00smbd \u304c\u3001gluster \u304b\u3089 libgfapi \u3092\u30ed\u30fc\u30c9\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow smbd to load libgfapi from gluster.samba_portmapper00Samba \u304c\u30dd\u30fc\u30c8\u30de\u30c3\u30d1\u30fc\u3068\u3057\u3066\u52d5\u4f5c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow samba to act as a portmappersamba_run_unconfined00Samba \u304c\u3001\u5236\u9650\u306e\u306a\u3044\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow samba to run unconfined scriptssamba_share_fusefs00Samba \u304c ntfs\/fusefs \u30dc\u30ea\u30e5\u30fc\u30e0\u3092\u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow samba to export ntfs\/fusefs volumes.samba_share_nfs00Samba \u304c NFS \u30dc\u30ea\u30e5\u30fc\u30e0\u3092\u30a8\u30af\u30b9\u30dd\u30fc\u30c8\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow samba to export NFS volumes.sanlock_enable_home_dirs00sanlock \u304c\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u8aad\u307f\u66f8\u304d\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow sanlock to read\/write user home directories.sanlock_use_fusefs00sanlock \u304c fuse \u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u66f8\u304d\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow sanlock to read\/write fuse filessanlock_use_nfs00sanlock \u304c NFS \u30d5\u30a1\u30a4\u30eb\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow sanlock to manage nfs filessanlock_use_samba00sanlock \u304c CIFS \u30d5\u30a1\u30a4\u30eb\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow sanlock to manage cifs filessaslauthd_read_shadow00SASL \u304c shadow \u3092\u8aad\u307f\u53d6\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow sasl to read shadowsecadm_exec_content11Allow secadm to exec content
\nAllow secadm to exec contentsecure_mode00newrole \u306a\u3069\u306e\u30d7\u30ed\u30b0\u30e9\u30e0\u304c\u3001\u7ba1\u7406\u30e6\u30fc\u30b6\u30fc\u30c9\u30e1\u30a4\u30f3\u306b\u9077\u79fb\u3059\u308b\u306e\u3092\u8a31\u53ef\u3057\u307e\u305b\u3093\u3002
\ndisallow programs, such as newrole, from transitioning to administrative user domains.secure_mode_insmod00\u30ab\u30fc\u30cd\u30eb\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u30ed\u30fc\u30c9\u3092\u7121\u52b9\u306b\u3057\u307e\u3059\u3002
\nDisable kernel module loading.secure_mode_policyload00\u30dd\u30ea\u30b7\u30fc\u306e\u30ed\u30fc\u30c9\u3001enforcing \u30e2\u30fc\u30c9\u306e\u8a2d\u5b9a\u3001 boolean \u5024\u306e\u5909\u66f4\u3092\u30b7\u30b9\u30c6\u30e0\u306b\u8a31\u53ef\u3059\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3059\u308b Boolean \u3067\u3059\u3002 true \u306b\u8a2d\u5b9a\u3059\u308b\u3068\u3001 \u5143\u306b\u623b\u3059\u969b\u306b\u518d\u8d77\u52d5\u304c\u5fc5\u8981\u306b\u306a\u308a\u307e\u3059\u3002
\nBoolean to determine whether the system permits loading policy, setting enforcing mode, and changing boolean values. Set this to true and you have to reboot to set it back.selinuxuser_direct_dri_enabled11\u901a\u5e38\u306e\u30e6\u30fc\u30b6\u30fc\u304c dri \u30c7\u30d0\u30a4\u30b9\u306b\u76f4\u63a5\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow regular users direct dri device accessselinuxuser_execheap00\u5236\u9650\u3055\u308c\u306a\u3044\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u304c\u3001heap \u30e1\u30e2\u30ea\u30fc\u3092\u5b9f\u884c\u53ef\u80fd\u306b\u3059\u308b\u306e\u3092\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002 \u3053\u306e\u8a2d\u5b9a\u306f\u63a8\u5968\u3055\u308c\u307e\u305b\u3093\u3002\u304a\u305d\u3089\u304f\u3001 \u4e0d\u9069\u5207\u306b\u30b3\u30fc\u30c9\u5316\u3055\u308c\u305f\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u3092\u793a\u3057\u307e\u3059\u304c\u3001 \u653b\u6483\u3092\u793a\u3059\u5834\u5408\u3082\u3042\u308a\u307e\u3059\u3002 \u3053\u306e\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u306f Bugzilla \u306b\u5831\u544a\u3057\u3066\u304f\u3060\u3055\u3044\u3002
\nAllow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzillaselinuxuser_execmod11textrel_shlib_t \u306e\u30e9\u30d9\u30eb\u4ed8\u3051\u304c\u3055\u308c\u3066\u3044\u306a\u3044\u30c6\u30ad\u30b9\u30c8\u306e\u79fb\u52d5\u306b\u5fc5\u8981\u306a\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u4f7f\u7528\u3067\u304d\u308b\u3088\u3046\u3001\u5236\u9650\u306e\u306a\u3044\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u3092\u3059\u3079\u3066\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_tselinuxuser_execstack11\u5236\u9650\u3055\u308c\u306a\u3044\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u304c\u3001\u3053\u308c\u3089\u306e\u30b9\u30bf\u30c3\u30af\u3092\u5b9f\u884c\u53ef\u80fd\u306b\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002\u3053\u308c\u306f\u63a8\u5968\u3055\u308c\u307e\u305b\u3093\u3002\u304a\u305d\u3089\u304f\u3001\u4e0d\u9069\u5207\u306b\u30b3\u30fc\u30c9\u5316\u3055\u308c\u305f\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u3092\u610f\u5473\u3057\u307e\u3059\u304c\u3001\u653b\u6483\u3092\u610f\u5473\u3059\u308b\u5834\u5408\u3082\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u306f Bugzilla \u306b\u5831\u544a\u3057\u3066\u304f\u3060\u3055\u3044\u3002
\nAllow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzillaselinuxuser_mysql_connect_enabled00\u30e6\u30fc\u30b6\u30fc\u304c\u30ed\u30fc\u30ab\u30eb\u306e MySQL \u30b5\u30fc\u30d0\u30fc\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow users to connect to the local mysql serverselinuxuser_ping11\u5236\u9650\u3055\u308c\u305f\u30e6\u30fc\u30b6\u30fc\u304c\u3001ping \u304a\u3088\u3073 traceroute \u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined users the ability to execute the ping and traceroute commands.selinuxuser_postgresql_connect_enabled00\u30e6\u30fc\u30b6\u30fc\u304c PostgreSQL \u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow users to connect to PostgreSQLselinuxuser_rw_noexattrfile11\u62e1\u5f35\u5c5e\u6027 (FAT, CDROM, FLOPPY) \u3092\u6301\u305f\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3067\u3001\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u66f8\u304d\u3059\u308b\u3053\u3068\u3092\u30e6\u30fc\u30b6\u30fc\u306b\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow user to r\/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)selinuxuser_share_music00\u30e6\u30fc\u30b6\u30fc\u304c\u30df\u30e5\u30fc\u30b8\u30c3\u30af\u3092\u5171\u6709\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow user music sharingselinuxuser_tcp_server00\u30e6\u30fc\u30b6\u30fc\u304c TCP \u30b5\u30fc\u30d0\u30fc (\u30dd\u30fc\u30c8\u3092\u30d0\u30a4\u30f3\u30c9\u3057\u3001\u540c\u3058\u30c9\u30e1\u30a4\u30f3\u3068\u5916\u90e8\u306e\u30e6\u30fc\u30b6\u30fc\u304b\u3089\u306e\u63a5\u7d9a\u3092\u53d7\u3051\u4ed8\u3051\u308b) \u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002\u3053\u308c\u306f\u5f37\u5236\u7684\u306b FTP \u30d1\u30c3\u30b7\u30d6\u30e2\u30fc\u30c9\u306b\u8a2d\u5b9a\u3057\u3001\u305d\u306e\u4ed6\u306e\u30d7\u30ed\u30c8\u30b3\u30eb\u3092\u5909\u66f4\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002
\nAllow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols.selinuxuser_udp_server00\u30e6\u30fc\u30b6\u30fc\u304c UDP \u30b5\u30fc\u30d0\u30fc (\u30dd\u30fc\u30c8\u3092\u30d0\u30a4\u30f3\u30c9\u3057\u3001\u540c\u3058\u30c9\u30e1\u30a4\u30f3\u3068\u5916\u90e8\u306e\u30e6\u30fc\u30b6\u30fc\u304b\u3089\u306e\u63a5\u7d9a\u3092\u53d7\u3051\u4ed8\u3051\u308b) \u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002\u3053\u308c\u3092\u7121\u52b9\u306b\u3059\u308b\u3068\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u4e0a\u306e avahi \u691c\u51fa\u30b5\u30fc\u30d3\u30b9\u3068\u3001\u305d\u306e\u4ed6\u306e udp \u95a2\u9023\u30b5\u30fc\u30d3\u30b9\u3092\u4e2d\u65ad\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002
\nAllow users to run UDP servers (bind to ports and accept connection from the same domain and outside users) disabling this may break avahi discovering services on the network and other udp related services.selinuxuser_use_ssh_chroot00\u30e6\u30fc\u30b6\u30fc\u304c SSH chroot \u74b0\u5883\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow user to use ssh chroot environment.sge_domain_can_network_connect00sge \u304c\u3001\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u3092\u4f7f\u7528\u3057\u3066\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow sge to connect to the network using any TCP portsge_use_nfs00sge \u304c\u3001NFS \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow sge to access nfs file systems.smartmon_3ware00smartmon \u304c\u30013ware \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u306b\u304a\u3044\u3066\u30c7\u30d0\u30a4\u30b9\u3092\u30b5\u30dd\u30fc\u30c8\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether smartmon can support devices on 3ware controllers.smbd_anon_write00\u30d1\u30d6\u30ea\u30c3\u30af\u306a\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u5411\u3051\u306b\u4f7f\u7528\u3055\u308c\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3092 Samba \u306b\u8a31\u53ef\u3057\u307e\u3059\u3002\u30d5\u30a1\u30a4\u30eb\/\u30c7\u30a3\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u306b public_content_rw_t \u3068\u3044\u3046\u30e9\u30d9\u30eb\u304c\u4ed8\u3051\u3089\u308c\u3066\u3044\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
\nAllow samba to modify public files used for public file transfer services. Files\/Directories must be labeled public_content_rw_t.spamassassin_can_network00\u30e6\u30fc\u30b6\u30fc spamassassin \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow user spamassassin clients to use the network.spamd_enable_home_dirs11spamd \u304c\u30e6\u30fc\u30b6\u30fc\u306e\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u8aad\u307f\u66f8\u304d\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow spamd to read\/write user home directories.spamd_update_can_network00spamd_update \u306b\u3088\u308b\u5168\u30dd\u30fc\u30c8\u3078\u306e\u63a5\u7d9a\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow spamd_update to connect to all ports.squid_connect_any11squid \u304c\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether squid can connect to all TCP ports.squid_use_tproxy00squid \u3092\u900f\u904e\u30d7\u30ed\u30ad\u30b7\u30fc\u3068\u3057\u3066\u5b9f\u884c\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether squid can run as a transparent proxy.ssh_chroot_rw_homedirs00chroot \u74b0\u5883\u306e SSH \u304c\u30e6\u30fc\u30b6\u30fc\u306e\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u306b\u3042\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u66f8\u304d\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow ssh with chroot env to read and write files in the user home directoriesssh_keysign00\u30db\u30b9\u30c8\u9375\u306b\u3088\u308b\u8a8d\u8a3c\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nallow host key based authenticationssh_sysadm_login00sysadm_r:sysadm_t \u3068\u3057\u3066\u306e ssh \u30ed\u30b0\u30a4\u30f3\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow ssh logins as sysadm_r:sysadm_tstaff_exec_content11Allow staff to exec content
\nAllow staff to exec contentstaff_use_svirt00staff \u30e6\u30fc\u30b6\u30fc\u304c sVirt \u30c9\u30e1\u30a4\u30f3\u3092\u4f5c\u6210\u3057\u3001\u307e\u305f\u306f\u305d\u308c\u306b\u9077\u79fb\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nallow staff user to create and transition to svirt domains.swift_can_network00swift \u304c\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether swift can connect to all TCP portssysadm_exec_content11Allow sysadm to exec content
\nAllow sysadm to exec contenttelepathy_connect_all_ports00Telepathy \u63a5\u7d9a\u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u304c\u3059\u3079\u3066\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow the Telepathy connection managers to connect to any network port.telepathy_tcp_connect_generic_network_ports11Telepathy \u63a5\u7d9a\u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u304c\u3059\u3079\u3066\u306e\u4e00\u822c\u7684\u306a TCP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow the Telepathy connection managers to connect to any generic TCP port.tftp_anon_write00\u30d1\u30d6\u30ea\u30c3\u30af\u306a\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u5411\u3051\u306b\u30d1\u30d6\u30ea\u30c3\u30af\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3092 tftp \u306b\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow tftp to modify public files used for public file transfer services.tftp_home_dir00tftp \u304c\u30e6\u30fc\u30b6\u30fc\u306e\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u306b\u3042\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u66f8\u304d\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow tftp to read and write files in the user home directoriestmpreaper_use_cifs00tmpreaper \u304c cifs \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether tmpreaper can use cifs file systems.tmpreaper_use_nfs00tmpreaper \u304c NFS \u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether tmpreaper can use nfs file systems.tmpreaper_use_samba00tmpreaper \u304c samba_share \u30d5\u30a1\u30a4\u30eb\u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether tmpreaper can use samba_share filestomcat_can_network_connect_db00tomcat \u304c\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u7d4c\u7531\u3067\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow tomcat to connect to databases over the network.tomcat_read_rpm_db00tomcat \u304c rpm \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092\u8aad\u307f\u8fbc\u3080\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow tomcat to read rpm database.tomcat_use_execmem00tomcat \u304c\u3001\u5b9f\u884c\u53ef\u80fd\u306a\u30e1\u30e2\u30ea\u30fc\u304a\u3088\u3073\u5b9f\u884c\u53ef\u80fd\u306a\u30b9\u30bf\u30c3\u30af\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow tomcat to use executable memory and executable stacktor_bind_all_unreserved_ports00tor \u304c TCP \u30bd\u30b1\u30c3\u30c8\u3092\u3001\u4e88\u7d04\u3055\u308c\u3066\u3044\u306a\u3044\u3059\u3079\u3066\u306e\u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether tor can bind tcp sockets to all unreserved ports.tor_can_network_relay00Tor \u304c\u30ea\u30ec\u30fc\u3068\u3057\u3066\u52d5\u4f5c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow tor to act as a relayunconfined_chrome_sandbox_transition11\u5236\u9650\u3055\u308c\u3066\u3044\u306a\u3044\u30e6\u30fc\u30b6\u30fc\u304c chrome-sandbox \u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u3068\u304d\u306b\u3001chrome sandbox \u30c9\u30e1\u30a4\u30f3\u306b\u9077\u79fb\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nallow unconfined users to transition to the chrome sandbox domains when running chrome-sandboxunconfined_login11\u30e6\u30fc\u30b6\u30fc\u304c\u5236\u9650\u3055\u308c\u305f\u30c9\u30e1\u30a4\u30f3\u3068\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow a user to login as an unconfined domainunconfined_mozilla_plugin_transition11\u5236\u9650\u3055\u308c\u305f\u30e6\u30fc\u30b6\u30fc\u304c running xulrunner plugin-container \u3092\u5b9f\u884c\u3059\u308b\u3068\u304d\u3001Mozilla \u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u30c9\u30e1\u30a4\u30f3\u306b\u9077\u79fb\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container.unprivuser_use_svirt00\u6a29\u9650\u306e\u306a\u3044\u30e6\u30fc\u30b6\u30fc\u304c sVirt \u30c9\u30e1\u30a4\u30f3\u3092\u4f5c\u6210\u3057\u3001\u305d\u3053\u306b\u9077\u79fb\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow unprivileged user to create and transition to svirt domains.use_ecryptfs_home_dirs00ecryptfs \u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u307e\u3059\u3002
\nSupport ecryptfs home directoriesuse_fusefs_home_dirs00fusefs \u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u307e\u3059\u3002
\nSupport fusefs home directoriesuse_lpd_server00lpd \u30b5\u30fc\u30d0\u30fc\u3092\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether to support lpd server.use_nfs_home_dirs00NFS \u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u307e\u3059\u3002
\nSupport NFS home directoriesuse_samba_home_dirs00Samba \u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u307e\u3059\u3002
\nSupport SAMBA home directoriesuser_exec_content11Allow user to exec content
\nAllow user to exec contentvarnishd_connect_any00varnishd \u304c\u5b8c\u5168\u306a TCP \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3092\u4f7f\u7528\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether varnishd can use the full TCP network.virt_read_qemu_ga_data00qemu-ga \u304c qemu-ga \u30c7\u30fc\u30bf\u3092\u8aad\u307f\u53d6\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow qemu-ga to read qemu-ga date.virt_rw_qemu_ga_data00qemu-ga \u304c qemu-ga \u30c7\u30fc\u30bf\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow qemu-ga to manage qemu-ga date.virt_sandbox_use_all_caps11\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u30b3\u30f3\u30c6\u30ca\u30fc\u304c\u5168\u6a5f\u80fd\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3059\u308b
\nAllow sandbox containers to use all capabilitiesvirt_sandbox_use_audit11\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u30b3\u30f3\u30c6\u30ca\u30fc\u306b\u3088\u308b\u76e3\u67fb\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u9001\u4fe1\u3092\u8a31\u53ef\u3059\u308b
\nAllow sandbox containers to send audit messagesvirt_sandbox_use_fusefs00\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u30b3\u30f3\u30c6\u30ca\u30fc\u306b\u3088\u308b fuse \u30d5\u30a1\u30a4\u30eb\u306e\u7ba1\u7406\u3092\u8a31\u53ef\u3059\u308b
\nAllow sandbox containers manage fuse filesvirt_sandbox_use_mknod00\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u30b3\u30f3\u30c6\u30ca\u30fc\u306b\u3088\u308b mknod \u30b7\u30b9\u30c6\u30e0\u30b3\u30fc\u30eb\u306e\u4f7f\u7528\u3092\u8a31\u53ef\u3059\u308b
\nAllow sandbox containers to use mknod system callsvirt_sandbox_use_netlink00\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u30b3\u30f3\u30c6\u30ca\u30fc\u306b\u3088\u308b netlink \u30b7\u30b9\u30c6\u30e0\u30b3\u30fc\u30eb\u306e\u4f7f\u7528\u3092\u8a31\u53ef\u3059\u308b
\nAllow sandbox containers to use netlink system callsvirt_sandbox_use_sys_admin00\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u30b3\u30f3\u30c6\u30ca\u30fc\u304c sys_admin \u30b7\u30b9\u30c6\u30e0\u30b3\u30fc\u30eb (\u305f\u3068\u3048\u3070 mount) \u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow sandbox containers to use sys_admin system calls, for example mountvirt_transition_userdomain00\u30e6\u30fc\u30b6\u30fc\u30c9\u30e1\u30a4\u30f3\u3068\u3057\u3066\u306e\u4eee\u60f3\u30d7\u30ed\u30bb\u30b9\u306e\u5b9f\u884c\u3092\u8a31\u53ef\u3059\u308b
\nAllow virtual processes to run as userdomainsvirt_use_comm00\u5236\u9650\u3055\u308c\u308b\u4eee\u60f3\u30de\u30b7\u30f3\u304c\u30b7\u30ea\u30a2\u30eb\/\u30d1\u30e9\u30ec\u30eb\u901a\u4fe1\u30dd\u30fc\u30c8\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined virtual guests to use serial\/parallel communication portsvirt_use_execmem00\u5236\u9650\u3055\u308c\u308b\u4eee\u60f3\u30de\u30b7\u30f3\u304c\u5b9f\u884c\u53ef\u80fd\u306a\u30e1\u30e2\u30ea\u30fc\u304a\u3088\u3073\u5b9f\u884c\u53ef\u80fd\u306a\u30b9\u30bf\u30c3\u30af\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined virtual guests to use executable memory and executable stackvirt_use_fusefs00\u5236\u9650\u3055\u308c\u308b\u4eee\u60f3\u30de\u30b7\u30f3\u304c FUSE \u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u8fbc\u3080\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined virtual guests to read fuse filesvirt_use_glusterd00\u5236\u9650\u3055\u308c\u308b\u4eee\u60f3\u30b2\u30b9\u30c8\u304c glusterd \u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined virtual guests to use glusterdvirt_use_nfs00\u5236\u9650\u3055\u308c\u308b\u4eee\u60f3\u30de\u30b7\u30f3\u304c NFS \u30d5\u30a1\u30a4\u30eb\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined virtual guests to manage nfs filesvirt_use_rawip00\u5236\u9650\u3055\u308c\u308b\u4eee\u60f3\u30de\u30b7\u30f3\u304c rawip \u30bd\u30b1\u30c3\u30c8\u3068\u901a\u4fe1\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined virtual guests to interact with rawip socketsvirt_use_samba00\u5236\u9650\u3055\u308c\u308b\u4eee\u60f3\u30de\u30b7\u30f3\u304c CIFS \u30d5\u30a1\u30a4\u30eb\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined virtual guests to manage cifs filesvirt_use_sanlock00\u5236\u9650\u3055\u308c\u308b\u4eee\u60f3\u30de\u30b7\u30f3\u304c sanlock \u3068\u901a\u4fe1\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined virtual guests to interact with the sanlockvirt_use_usb11\u4eee\u60f3\u30de\u30b7\u30f3\u304c USB \u30c7\u30d0\u30a4\u30b9\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined virtual guests to use usb devicesvirt_use_xserver00\u4eee\u60f3\u30de\u30b7\u30f3\u304c X \u30b5\u30fc\u30d0\u30fc\u3068\u901a\u4fe1\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow confined virtual guests to interact with the xserverwebadm_manage_user_files00webadm \u304c\u4e00\u822c\u7684\u306a\u30e6\u30fc\u30b6\u30fc\u30d5\u30a1\u30a4\u30eb\u3092\u7ba1\u7406\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether webadm can manage generic user files.webadm_read_user_files00webadm \u304c\u4e00\u822c\u7684\u306a\u30e6\u30fc\u30b6\u30fc\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u8fbc\u3081\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether webadm can read generic user files.wine_mmap_zero_ignore00wine \u304c\u4f4e\u30ea\u30fc\u30b8\u30e7\u30f3\u3092 mmap \u3059\u308b\u8a66\u884c\u304c\u3001\u6697\u9ed9\u7684\u306b\u30d6\u30ed\u30c3\u30af\u3055\u308c\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether attempts by wine to mmap low regions should be silently blocked.xdm_bind_vnc_tcp_port00xdm_t \u304c vnc_port_t(5910) \u3078\u30d0\u30a4\u30f3\u30c9\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059
\nAllows xdm_t to bind on vnc_port_t(5910)xdm_exec_bootloader00\u30b0\u30e9\u30d5\u30a3\u30ab\u30eb\u30ed\u30b0\u30a4\u30f3\u30d7\u30ed\u30b0\u30e9\u30e0\u304c\u30d6\u30fc\u30c8\u30ed\u30fc\u30c0\u30fc\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow the graphical login program to execute bootloaderxdm_sysadm_login00\u30b0\u30e9\u30d5\u30a3\u30ab\u30eb\u30ed\u30b0\u30a4\u30f3\u30d7\u30ed\u30b0\u30e9\u30e0\u304c\u3001sysadm_r:sysadm_t \u3068\u3057\u3066\u76f4\u63a5\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow the graphical login program to login directly as sysadm_r:sysadm_txdm_write_home00\u30b0\u30e9\u30d5\u30a3\u30ab\u30eb\u30ed\u30b0\u30a4\u30f3\u30d7\u30ed\u30b0\u30e9\u30e0\u304c\u3001xdm_home_t \u3068\u3057\u3066\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc\u306b\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow the graphical login program to create files in HOME dirs as xdm_home_t.xen_use_nfs00Xen \u304c NFS \u30d5\u30a1\u30a4\u30eb\u3092\u7ba1\u7406\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow xen to manage nfs filesxend_run_blktap11xend \u304c blktapctrl\/tapdisk \u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002\u30c7\u30a3\u30b9\u30af\u30a4\u30e1\u30fc\u30b8\u7528\u306e\u5c02\u7528\u8ad6\u7406\u30dc\u30ea\u30e5\u30fc\u30e0\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3092\u9664\u3044\u3066\u3001\u5fc5\u8981\u3042\u308a\u307e\u305b\u3093\u3002
\nAllow xend to run blktapctrl\/tapdisk. Not required if using dedicated logical volumes for disk images.xend_run_qemu11xend \u304c qemu-dm \u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002\u6e96\u4eee\u60f3\u5316\u3092\u4f7f\u7528\u3057\u3066\u3044\u3066\u3001vfb \u304c\u306a\u3051\u308c\u3070\u3001\u5fc5\u8981\u3042\u308a\u307e\u305b\u3093\u3002
\nAllow xend to run qemu-dm. Not required if using paravirt and no vfb.xguest_connect_network11xguest \u30e6\u30fc\u30b6\u30fc\u304c Network Manager \u3092\u8a2d\u5b9a\u3057\u3001Apache \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow xguest users to configure Network Manager and connect to apache portsxguest_exec_content11Allow xguest to exec content
\nAllow xguest to exec contentxguest_mount_media11xguest \u30e6\u30fc\u30b6\u30fc\u304c\u30ea\u30e0\u30fc\u30d0\u30d6\u30eb\u30e1\u30c7\u30a3\u30a2\u3092\u30de\u30a6\u30f3\u30c8\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow xguest users to mount removable mediaxguest_use_bluetooth11xguest \u304c Bluetooth \u30c7\u30d0\u30a4\u30b9\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow xguest to use blue tooth devicesxserver_clients_write_xshm00\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c X \u30b5\u30fc\u30d0\u30fc\u5171\u6709\u30e1\u30e2\u30ea\u30fc\u30bb\u30b0\u30e1\u30f3\u30c8\u306b\u66f8\u304d\u8fbc\u3080\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllows clients to write to the X server shared memory segments.xserver_execmem00XServer \u304c\u66f8\u304d\u8fbc\u307f\u53ef\u80fd\u30e1\u30e2\u30ea\u30fc\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllows XServer to execute writable memoryxserver_object_manager00X userspace object manager \u3092\u30b5\u30dd\u30fc\u30c8\u3057\u307e\u3059\u3002
\nSupport X userspace object managerzabbix_can_network00Zabbix \u304c\u3059\u3079\u3066\u306e TCP \u30dd\u30fc\u30c8\u306b\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3069\u3046\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002
\nDetermine whether zabbix can connect to all TCP portszabbix_run_sudo00Zabbix \u304c su\/sudo \u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow Zabbix to run su\/sudo.zarafa_setrlimit00zarafa \u30c9\u30e1\u30a4\u30f3\u306b\u3088\u308b setrlimit\/sys_rouserce \u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow zarafa domains to setrlimit\/sys_resource.zebra_write_config00zebra \u30c7\u30fc\u30e2\u30f3\u304c\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306b\u66f8\u304d\u8fbc\u3080\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow zebra daemon to write it configuration fileszoneminder_anon_write00ZoneMinder \u304c\u30d1\u30d6\u30ea\u30c3\u30af\u306a\u30d5\u30a1\u30a4\u30eb\u8ee2\u9001\u30b5\u30fc\u30d3\u30b9\u306b\u4f7f\u7528\u3055\u308c\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow ZoneMinder to modify public files used for public file transfer services.zoneminder_run_sudo00ZoneMinder \u304c su\/sudo \u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002
\nAllow ZoneMinder to run su\/sudo.<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
\u8ad6\u7406\u53c3\u6578\u6e05\u55ae\u3002 \u57f7\u884c semanage boolean -l \u6703\u986f\u793a\u51fa\u7684\u6771\u897f\u3002 “\u72c0\u614b” […]<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-34827","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n
SELinux\u7684\u903b\u8f91\u53c2\u6570\u5217\u8868(CentOS7) - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/selinux\u7684\u903b\u8f91\u53c2\u6570\u5217\u8868centos7\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SELinux\u7684\u903b\u8f91\u53c2\u6570\u5217\u8868(CentOS7)\" \/>\n<meta property=\"og:description\" content=\"\u8ad6\u7406\u53c3\u6578\u6e05\u55ae\u3002 \u57f7\u884c semanage boolean -l \u6703\u986f\u793a\u51fa\u7684\u6771\u897f\u3002 “\u72c0\u614b” […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/selinux\u7684\u903b\u8f91\u53c2\u6570\u5217\u8868centos7\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-25T12:19:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-28T17:36:36+00:00\" \/>\n<meta name=\"author\" content=\"\u5b87, \u534e\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u5b87, \u534e\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"23 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/selinux%e7%9a%84%e9%80%bb%e8%be%91%e5%8f%82%e6%95%b0%e5%88%97%e8%a1%a8centos7\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/selinux%e7%9a%84%e9%80%bb%e8%be%91%e5%8f%82%e6%95%b0%e5%88%97%e8%a1%a8centos7\/\",\"name\":\"SELinux\u7684\u903b\u8f91\u53c2\u6570\u5217\u8868(CentOS7) - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-01-25T12:19:14+00:00\",\"dateModified\":\"2024-04-28T17:36:36+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/513018e4e121d3add1b7c5de8be21458\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/selinux%e7%9a%84%e9%80%bb%e8%be%91%e5%8f%82%e6%95%b0%e5%88%97%e8%a1%a8centos7\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/selinux%e7%9a%84%e9%80%bb%e8%be%91%e5%8f%82%e6%95%b0%e5%88%97%e8%a1%a8centos7\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/selinux%e7%9a%84%e9%80%bb%e8%be%91%e5%8f%82%e6%95%b0%e5%88%97%e8%a1%a8centos7\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SELinux\u7684\u903b\u8f91\u53c2\u6570\u5217\u8868(CentOS7)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/513018e4e121d3add1b7c5de8be21458\",\"name\":\"\u5b87, \u534e\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63cd45cbc05a35fc4ff7637a163c83c4962ef58d27472726c3a3e0c9c5194f0f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63cd45cbc05a35fc4ff7637a163c83c4962ef58d27472726c3a3e0c9c5194f0f?s=96&d=mm&r=g\",\"caption\":\"\u5b87, \u534e\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/yuhua\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/selinux%e7%9a%84%e9%80%bb%e8%be%91%e5%8f%82%e6%95%b0%e5%88%97%e8%a1%a8centos7\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SELinux\u7684\u903b\u8f91\u53c2\u6570\u5217\u8868(CentOS7) - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/selinux\u7684\u903b\u8f91\u53c2\u6570\u5217\u8868centos7\/","og_locale":"zh_CN","og_type":"article","og_title":"SELinux\u7684\u903b\u8f91\u53c2\u6570\u5217\u8868(CentOS7)","og_description":"\u8ad6\u7406\u53c3\u6578\u6e05\u55ae\u3002 \u57f7\u884c semanage boolean -l \u6703\u986f\u793a\u51fa\u7684\u6771\u897f\u3002 “\u72c0\u614b” […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/selinux\u7684\u903b\u8f91\u53c2\u6570\u5217\u8868centos7\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-01-25T12:19:14+00:00","article_modified_time":"2024-04-28T17:36:36+00:00","author":"\u5b87, \u534e","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u5b87, \u534e","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"23 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/selinux%e7%9a%84%e9%80%bb%e8%be%91%e5%8f%82%e6%95%b0%e5%88%97%e8%a1%a8centos7\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/selinux%e7%9a%84%e9%80%bb%e8%be%91%e5%8f%82%e6%95%b0%e5%88%97%e8%a1%a8centos7\/","name":"SELinux\u7684\u903b\u8f91\u53c2\u6570\u5217\u8868(CentOS7) - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-01-25T12:19:14+00:00","dateModified":"2024-04-28T17:36:36+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/513018e4e121d3add1b7c5de8be21458"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/selinux%e7%9a%84%e9%80%bb%e8%be%91%e5%8f%82%e6%95%b0%e5%88%97%e8%a1%a8centos7\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/selinux%e7%9a%84%e9%80%bb%e8%be%91%e5%8f%82%e6%95%b0%e5%88%97%e8%a1%a8centos7\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/selinux%e7%9a%84%e9%80%bb%e8%be%91%e5%8f%82%e6%95%b0%e5%88%97%e8%a1%a8centos7\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"SELinux\u7684\u903b\u8f91\u53c2\u6570\u5217\u8868(CentOS7)"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/513018e4e121d3add1b7c5de8be21458","name":"\u5b87, \u534e","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63cd45cbc05a35fc4ff7637a163c83c4962ef58d27472726c3a3e0c9c5194f0f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63cd45cbc05a35fc4ff7637a163c83c4962ef58d27472726c3a3e0c9c5194f0f?s=96&d=mm&r=g","caption":"\u5b87, \u534e"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/yuhua\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/selinux%e7%9a%84%e9%80%bb%e8%be%91%e5%8f%82%e6%95%b0%e5%88%97%e8%a1%a8centos7\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/34827","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=34827"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/34827\/revisions"}],"predecessor-version":[{"id":72138,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/34827\/revisions\/72138"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=34827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=34827"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=34827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}