False12Add Booleans Dialogmouse400dialogTrueFalse6TrueFalseendgtk-cancelTrueTrueTrueFalseTrueFalseFalse0gtk-addTrueTrueTrueFalseTrueFalseFalse1FalseTrueend0TrueFalse22126TrueFalse0Boolean NameGTK_FILLTrueFalse0Description12GTK_FILLTrueTrue•FalseFalseTrueTrue12TrueTrue•FalseFalseTrueTrue1212TrueTrue1cancelbutton1okbutton1False5mousedialogTrueTrueTrueFalse24TrueFalseendgtk-cancelTrueTrueTrueFalseTrueFalseFalse0gtk-addTrueTrueTrueTrueFalseTrueFalseFalse1FalseTrueend0button5button6TrueFalseSELinux Policy Generation ToolTrueFalse18TrueFalseleftFalseTrueFalseTrueFalse0<b>Select the policy type for the application or user role you want to confine:</b>TrueFalseFalse50TrueFalseTrueFalseTrueFalse12TrueFalse6TrueFalse0<b>Applications</b>TrueFalseFalse0TrueFalseTrueFalseFalseFalse0TrueFalse6Standard Init DaemonTrueTrueFalseStandard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.dTrueTrueFalseFalse0DBUS System DaemonTrueTrueFalseStandard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.dTrueTrueinit_radiobuttonFalseFalse1Internet Services Daemon (inetd)TrueTrueFalseInternet Services Daemon are daemons started by xinetdTrueTrueinit_radiobuttonFalseFalse2Web Application/Script (CGI)TrueTrueFalseWeb Applications/Script (CGI) CGI scripts started by the web server (apache)TrueTrueinit_radiobuttonFalseFalse3User ApplicationTrueTrueFalseUser Application are any application that you would like to confine that is started by a userTrueTrueinit_radiobuttonFalseFalse4SandboxTrueTrueFalseUser Application are any application that you would like to confine that is started by a userTrueTrueinit_radiobuttonFalseFalse5FalseFalse1TrueTrue1FalseTrue0TrueFalse6TrueFalse0<b>Login Users</b>TrueFalseFalse0TrueFalseTrueFalseFalseFalse0TrueFalse6Existing User RolesTrueTrueFalseModify an existing login user record.TrueTrueinit_radiobuttonFalseFalse0Minimal Terminal User RoleTrueTrueFalseThis user will login to a machine only via a terminal or remote login. By default this user will have no setuid, no networking, no su, no sudo.TrueTrueinit_radiobuttonFalseFalse1Minimal X Windows User RoleTrueTrueFalseThis user can login to a machine via X or terminal. By default this user will have no setuid, no networking, no sudo, no suTrueTrueinit_radiobuttonFalseFalse2User RoleTrueTrueFalseUser with full networking, no setuid applications without transition, no sudo, no su.TrueTrueinit_radiobuttonFalseFalse3Admin User RoleTrueTrueFalseUser with full networking, no setuid applications without transition, no su, can sudo to Root Administration RolesTrueTrueinit_radiobuttonFalseFalse4TrueFalse1TrueTrue1FalseTrue1TrueFalse6TrueFalse0<b>Root Users</b>TrueFalseFalse0TrueFalseTrueFalseFalseFalse0TrueFalseRoot Admin User RoleTrueTrueFalseSelect Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly.TrueTrueinit_radiobuttonFalseFalse0FalseFalse1TrueTrue1TrueTrue2TrueTrue0TrueTrue0TrueTrue1TrueFalseMain TabFalseTrueFalseTrueFalse0<b>Enter name of application or user role:</b>TrueFalseFalse50TrueFalse33126TrueFalse0NameGTK_FILLTrueTrueEnter complete path for executable to be confined.•FalseFalseTrueTrue1212...TrueTrueFalseTrue2312GTK_FILLTrueTrueEnter unique name for the confined application or user role.•FalseFalseTrueTrue13TrueFalse0Executable12GTK_FILLTrueFalse0Init script23GTK_FILLTrueTrueEnter complete path to init script used to start the confined application.•FalseFalseTrueTrue1223...TrueTrueFalseTrue2323GTK_FILLTrueTrue1TrueFalseName Tab1FalseTrueFalseTrueFalse0<b>Select existing role to modify:</b>TrueFalseFalse50TrueTrueautomaticautomaticinTrueTrueSelect the user roles that will transiton to the %s domain.FalseTrueTrue1TrueFalserole tab2FalseTrueFalseTrueFalse0<b>Select roles that %s will transition to:</b>TrueFalseFalse50TrueTrueTrueTrueSelect applications domains that %s will transition to.FalseTrueTrue1TrueFalsetransition
role tab3FalseTrueFalseTrueFalse0<b>Select the user_roles that will transition to %s:</b>TrueFalseFalse50TrueTrueTrueTrueSelect the user roles that will transiton to this applications domains.FalseTrueTrue1TrueFalseUser Tab4FalseTrueFalseTrueFalse0<b>Select domains that %s will administer:</b>TrueFalseFalse50TrueTrueTrueTrueSelect the domains that you would like this user administer.FalseTrueTrue1TrueFalseAdmin Tab5FalseTrueFalseTrueFalse0<b>Select additional roles for %s:</b>TrueFalseFalse50TrueTrueTrueTrueSelect the domains that you would like this user administer.FalseTrueTrue1TrueFalseRoles Tab6FalseTrueFalseTrueFalse0<b>Enter network ports that %s binds on:</b>TrueFalseFalse50TrueFalse6TrueFalse0<b>TCP Ports</b>TrueFalseFalse0TrueFalseTrueFalseFalseFalse0TrueFalse6TrueFalse12AllTrueTrueFalseAllows %s to bind to any udp portTrueTrueFalseFalse100600-1024TrueTrueFalseAllow %s to call bindresvport with 0. Binding to port 600-1024TrueTrueFalseFalse101Unreserved Ports (>1024)TrueTrueFalseEnter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660TrueTrueFalseFalse102TrueTrue0TrueFalse12TrueFalse0Select PortsFalseFalse50TrueTrueAllows %s to bind to any udp ports > 1024•FalseFalseTrueTrueTrueTrue1TrueTrue1TrueTrue1TrueTrue1TrueTrue1TrueFalse6TrueFalse0<b>UDP Ports</b>TrueFalseFalse0TrueFalseTrueFalseFalseFalse0TrueFalse6TrueFalse12AllTrueTrueFalseAllows %s to bind to any udp portTrueTrueFalseFalse100600-1024TrueTrueFalseAllow %s to call bindresvport with 0. Binding to port 600-1024TrueTrueFalseFalse101Unreserved Ports (>1024)TrueTrueFalseEnter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660TrueTrueFalseFalse102TrueTrue0TrueFalse12TrueFalse0Select PortsFalseFalse50TrueTrueAllows %s to bind to any udp ports > 1024•FalseFalseTrueTrueTrueTrue1TrueTrue1TrueTrue1TrueTrue1TrueTrue2TrueFalseNetwork
Bind tab7FalseTrueFalseTrueFalse0<b>Select network ports that %s connects to:</b>TrueFalseFalse50TrueFalse6TrueFalse0<b>TCP Ports</b>TrueFalseFalse0TrueFalseTrueFalseFalseFalse0TrueFalse12AllTrueTrueFalseAllows %s to connect to any tcp portTrueTrueFalseFalse100TrueFalse0Select PortsFalseFalse51TrueTrueEnter a comma separated list of tcp ports or ranges of ports that %s connects to. Example: 612, 650-660•FalseFalseTrueTrueTrueTrue2TrueTrue1TrueTrue1TrueTrue1TrueFalse6TrueFalse0<b>UDP Ports</b>TrueFalseFalse0TrueFalseTrueFalseFalseFalse0TrueFalse12AllTrueTrueFalseAllows %s to connect to any udp portTrueTrueFalseFalse100TrueFalse0Select PortsFalseFalse51TrueTrueEnter a comma separated list of udp ports or ranges of ports that %s connects to. Example: 612, 650-660•FalseFalseTrueTrueTrueTrue2TrueTrue1TrueTrue1TrueTrue2TrueFalseNetwork
Connect Tab8FalseTrueFalseTrueFalse0<b>Select common application traits for %s:</b>TrueFalseFalse50TrueFalse6Writes syslog messages TrueTrueFalseTrueTrueFalseFalse0Create/Manipulate temporary files in /tmpTrueTrueFalseTrueTrueFalseFalse1Uses Pam for authenticationTrueTrueFalseTrueTrueFalseFalse2Uses nsswitch or getpw* callsTrueTrueFalseTrueTrueFalseFalse3Uses dbusTrueTrueFalseTrueTrueFalseFalse4Sends audit messagesTrueTrueFalseTrueTrueFalseFalse5Interacts with the terminalTrueTrueFalseTrueTrueFalseFalse6Sends emailTrueTrueFalseTrueTrueFalseFalse7TrueTrue1TrueFalseCommon
Tab9FalseTrueFalseTrueFalse0<b>Add files/directories that %s manages</b>TrueFalseFalse50TrueFalse12TrueFalse6TrueTrueFalseTrueFalse00TrueFalse2TrueFalsegtk-addFalseFalse0TrueFalseAdd FileTrueFalseFalse1FalseFalse0TrueTrueFalseTrueFalse00TrueFalse2TrueFalsegtk-addFalseFalse0TrueFalseAdd DirectoryTrueFalseFalse1FalseFalse1gtk-deleteTrueTrueFalseTrueFalseFalse2FalseFalse40TrueTrueautomaticautomaticinTrueTrueFiles/Directories which the %s "manages". Pid Files, Log Files, /var/lib Files ...FalseTrueTrue1TrueTrue1TrueFalseAdd Tab10FalseTrueFalseTrueFalse0<b>Add booleans from the %s policy:</b>TrueFalseFalse50TrueFalse12TrueFalse6TrueTrueFalseTrueFalse00TrueFalse2TrueFalsegtk-addFalseFalse0TrueFalseAdd BooleanTrueFalseFalse1FalseFalse0gtk-deleteTrueTrueFalseTrueFalseFalse1FalseTrue40TrueTrueautomaticautomaticinTrueTrueAdd/Remove booleans used by the %s domainTrueTrue1TrueTrue1TrueFalse11FalseTrueFalseTrueFalse0<b>Which directory you will generate the %s policy?</b>TrueFalseFalse0TrueFalse12TrueFalsePolicy DirectoryFalseFalse50TrueTrue•FalseFalseTrueTrueTrueTrue1...TrueTrueFalseTrueFalseFalse2FalseFalse121TrueFalse12FalseTrueTrue0TrueFalseendgtk-cancelTrueTrueTrueFalseTrueFalseFalse0gtk-go-backTrueTrueTrueFalseTrueFalseFalse1gtk-go-forwardTrueTrueTrueFalseTrueFalseFalse2FalseFalse51