Notes for Default Security Policy
This document is not up to date.

This document describes notice to use default policy of SELinux Policy Editor.

1.Supported distributions
Redhat 7.2,7.3,8.0 is supported.

2.Supported daemons
apache(To show static webpage is possible. Modification is needed to use CGI.)
webmin(Use of SELinux Policy Editor is possible.)
anacron
telnet
sshd
syslogd
xinetd

Policies for sendmail,rpcd and portmap are provided, but it is
uncertain whether these daemons work correctly.

3.Supported roles
sysadm_r: Linux system administrator
This role can reboot system , write /etc , modify .network
configuration, restart daemons and use Xserver.

secadm_r: SELinux security policy administrator
This role can use avc_toggle,load_policy and can relabel all files.

webmaster_r: Website administrator
This role can write /var/www and configure apache and restart apache.

user_r:Normal user
This role can write /home and use some commands.

4. SELinux specific commands
Domains for run_init,newrole,spasswd,sadminpasswd are provided.

5. X Window System
Only sysadm_r can use X Window System(KDE) via startx. Disable
rpc,portmap,fam to use X.

6.Other
Daemons not configured should be stopped. Such daemons cause flood of
security logs

