Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   29550 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

pegasus_openlmi_adminSELinuxxPolicy pegasus_oppegasus_openlmi_admin_selinux(8)

NAME
       pegasus_openlmi_admin_selinux  - Security Enhanced Linux Policy for the
       pegasus_openlmi_admin processes

DESCRIPTION
       Security-Enhanced Linux secures the pegasus_openlmi_admin processes via
       flexible mandatory access control.

       The    pegasus_openlmi_admin   processes	  execute   with   the	 pega‐
       sus_openlmi_admin_t SELinux type. You can check if you have these  pro‐
       cesses running by executing the ps command with the -Z qualifier.

       For example:

       ps -eZ | grep pegasus_openlmi_admin_t

ENTRYPOINTS
       The  pegasus_openlmi_admin_t  SELinux type can be entered via the pega‐
       sus_openlmi_admin_exec_t file type.

       The default entrypoint paths for the pegasus_openlmi_admin_t domain are
       the following:

       /usr/libexec/pegasus/cmpiLMI_Service-cimprovagt

PROCESS TYPES
       SELinux defines process types (domains) for each process running on the
       system

       You can see the context of a process using the -Z option to ps

       Policy governs the access confined processes have  to  files.   SELinux
       pegasus_openlmi_admin  policy  is very flexible allowing users to setup
       their pegasus_openlmi_admin processes in as secure a method  as	possi‐
       ble.

       The following process types are defined for pegasus_openlmi_admin:

       pegasus_openlmi_admin_t

       Note:  semanage	permissive  -a	pegasus_openlmi_admin_t can be used to
       make the process type pegasus_openlmi_admin_t permissive. SELinux  does
       not  deny  access  to  permissive  process  types, but the AVC (SELinux
       denials) messages are still generated.

BOOLEANS
       SELinux policy is customizable based on least access  required.	 pega‐
       sus_openlmi_admin policy is extremely flexible and has several booleans
       that allow you to manipulate the policy and  run	 pegasus_openlmi_admin
       with the tightest access possible.

       If you want to allow all daemons to write corefiles to /, you must turn
       on the daemons_dump_core boolean. Disabled by default.

       setsebool -P daemons_dump_core 1

       If you want to enable cluster mode for daemons, you must	 turn  on  the
       daemons_enable_cluster_mode boolean. Enabled by default.

       setsebool -P daemons_enable_cluster_mode 1

       If  you want to allow all daemons to use tcp wrappers, you must turn on
       the daemons_use_tcp_wrapper boolean. Disabled by default.

       setsebool -P daemons_use_tcp_wrapper 1

       If you want to allow all daemons the ability to	read/write  terminals,
       you must turn on the daemons_use_tty boolean. Disabled by default.

       setsebool -P daemons_use_tty 1

       If  you	want  to deny any process from ptracing or debugging any other
       processes, you  must  turn  on  the  deny_ptrace	 boolean.  Enabled  by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors,
       you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If you want to allow all domains to have the kernel load	 modules,  you
       must  turn  on  the  domain_kernel_load_modules	boolean.  Disabled  by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn
       on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn
       on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

MANAGED FILES
       The SELinux  process  type  pegasus_openlmi_admin_t  can	 manage	 files
       labeled	with  the  following  file  types.   The  paths listed are the
       default paths for these file types.  Note the processes UID still  need
       to have DAC permissions.

       cluster_conf_t

	    /etc/cluster(/.*)?

       cluster_var_lib_t

	    /var/lib/pcsd(/.*)?
	    /var/lib/cluster(/.*)?
	    /var/lib/openais(/.*)?
	    /var/lib/pengine(/.*)?
	    /var/lib/corosync(/.*)?
	    /usr/lib/heartbeat(/.*)?
	    /var/lib/heartbeat(/.*)?
	    /var/lib/pacemaker(/.*)?

       cluster_var_run_t

	    /var/run/crm(/.*)?
	    /var/run/cman_.*
	    /var/run/rsctmp(/.*)?
	    /var/run/aisexec.*
	    /var/run/heartbeat(/.*)?
	    /var/run/cpglockd.pid
	    /var/run/corosync.pid
	    /var/run/rgmanager.pid
	    /var/run/cluster/rgmanager.sk

       pegasus_data_t

	    /var/lib/Pegasus(/.*)?
	    /etc/Pegasus/pegasus_current.conf

       root_t

	    /
	    /initrd

       systemd_passwd_var_run_t

	    /var/run/systemd/ask-password(/.*)?
	    /var/run/systemd/ask-password-block(/.*)?

       systemd_unit_file_type

FILE CONTEXTS
       SELinux requires files to have an extended attribute to define the file
       type.

       You can see the context of a file using the -Z option to ls

       Policy governs the access  confined  processes  have  to	 these	files.
       SELinux pegasus_openlmi_admin policy is very flexible allowing users to
       setup their pegasus_openlmi_admin processes in as secure	 a  method  as
       possible.

       STANDARD FILE CONTEXT

       SELinux	defines	 the file context types for the pegasus_openlmi_admin,
       if you wanted to store files with these types in a diffent  paths,  you
       need to execute the semanage command to sepecify alternate labeling and
       then use restorecon to put the labels on disk.

       semanage	 fcontext  -a  -t   pegasus_openlmi_admin_exec_t   '/srv/pega‐
       sus_openlmi_admin/content(/.*)?'
       restorecon -R -v /srv/mypegasus_openlmi_admin_content

       Note:  SELinux  often  uses  regular expressions to specify labels that
       match multiple files.

       The following file types are defined for pegasus_openlmi_admin:

       pegasus_openlmi_admin_exec_t

       - Set files with the pegasus_openlmi_admin_exec_t type, if you want  to
       transition an executable to the pegasus_openlmi_admin_t domain.

       Note:  File context can be temporarily modified with the chcon command.
       If you want to permanently change the file context you need to use  the
       semanage fcontext command.  This will modify the SELinux labeling data‐
       base.  You will need to use restorecon to apply the labels.

COMMANDS
       semanage fcontext can also be used to manipulate default	 file  context
       mappings.

       semanage	 permissive  can  also	be used to manipulate whether or not a
       process type is permissive.

       semanage module can also be used to enable/disable/install/remove  pol‐
       icy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux pol‐
       icy settings.

AUTHOR
       This manual page was auto-generated using sepolicy manpage .

SEE ALSO
       selinux(8),   pegasus_openlmi_admin(8),	 semanage(8),	restorecon(8),
       chcon(1), sepolicy(8) , setsebool(8)

pegasus_openlmi_admin		   13-11-20   pegasus_openlmi_admin_selinux(8)

Vote for polarhome