From ff716bd7b8abe7fbcbc8f7042175a47c7f7c32e2 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Feb 29 2012 08:01:39 +0000 Subject: man page fixes Fix up spamassassin.fc --- diff --git a/policy-F16.patch b/policy-F16.patch index 83859fa..ecf4e57 100644 --- a/policy-F16.patch +++ b/policy-F16.patch @@ -42,10 +42,10 @@ index 168a14f..c2bf491 100644 ######################################## diff --git a/man/man8/NetworkManager_selinux.8 b/man/man8/NetworkManager_selinux.8 new file mode 100644 -index 0000000..9e415ff +index 0000000..ed65fa5 --- /dev/null +++ b/man/man8/NetworkManager_selinux.8 -@@ -0,0 +1,161 @@ +@@ -0,0 +1,163 @@ +.TH "NetworkManager_selinux" "8" "NetworkManager" "dwalsh@redhat.com" "NetworkManager SELinux Policy documentation" +.SH "NAME" +NetworkManager_selinux \- Security Enhanced Linux Policy for the NetworkManager processes @@ -66,83 +66,63 @@ index 0000000..9e415ff + + +.EX ++.PP +.B NetworkManager_etc_rw_t +.EE + +- Set files with the NetworkManager_etc_rw_t type, if you want to treat the files as NetworkManager etc read/write content. + +.br ++.TP 5 +Paths: +/etc/NetworkManager/system-connections(/.*)?, /etc/NetworkManager/NetworkManager\.conf -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B NetworkManager_etc_t +.EE + +- Set files with the NetworkManager_etc_t type, if you want to store NetworkManager files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B NetworkManager_exec_t +.EE + +- Set files with the NetworkManager_exec_t type, if you want to transition an executable to the NetworkManager_t domain. + +.br ++.TP 5 +Paths: +/usr/s?bin/wpa_supplicant, /usr/sbin/wpa_supplicant, /sbin/wpa_supplicant, /usr/sbin/nm-system-settings, /usr/sbin/wicd, /usr/s?bin/NetworkManager, /usr/sbin/NetworkManagerDispatcher -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B NetworkManager_initrc_exec_t +.EE + +- Set files with the NetworkManager_initrc_exec_t type, if you want to transition an executable to the NetworkManager_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/wicd, /etc/NetworkManager/dispatcher\.d(/.*)?, /usr/libexec/nm-dispatcher.action -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B NetworkManager_log_t +.EE + +- Set files with the NetworkManager_log_t type, if you want to treat the data as NetworkManager log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/wpa_supplicant.*, /var/log/wicd.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B NetworkManager_tmp_t +.EE + @@ -150,53 +130,75 @@ index 0000000..9e415ff + + +.EX ++.PP +.B NetworkManager_unit_file_t +.EE + +- Set files with the NetworkManager_unit_file_t type, if you want to treat the files as NetworkManager unit content. + +.br ++.TP 5 +Paths: +/usr/lib/systemd/system/NetworkManager\.service, /lib/systemd/system/NetworkManager\.service -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B NetworkManager_var_lib_t +.EE + +- Set files with the NetworkManager_var_lib_t type, if you want to store the NetworkManager files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/etc/wicd/wired-settings.conf, /var/lib/wicd(/.*)?, /etc/wicd/manager-settings.conf, /etc/wicd/wireless-settings.conf, /var/lib/NetworkManager(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B NetworkManager_var_run_t +.EE + +- Set files with the NetworkManager_var_run_t type, if you want to store the NetworkManager files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/wpa_supplicant-global, /var/run/nm-dhclient.*, /var/run/wpa_supplicant(/.*)?, /var/run/NetworkManager\.pid, /var/run/nm-dns-dnsmasq\.conf, /var/run/NetworkManager(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux NetworkManager policy is very flexible allowing users to setup their NetworkManager processes in as secure a method as possible. ++.PP ++The following process types are defined for NetworkManager: ++ ++.EX ++.B NetworkManager_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -209,10 +211,10 @@ index 0000000..9e415ff +selinux(8), NetworkManager(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/abrt_selinux.8 b/man/man8/abrt_selinux.8 new file mode 100644 -index 0000000..8226408 +index 0000000..ba80de4 --- /dev/null +++ b/man/man8/abrt_selinux.8 -@@ -0,0 +1,263 @@ +@@ -0,0 +1,236 @@ +.TH "abrt_selinux" "8" "abrt" "dwalsh@redhat.com" "abrt SELinux Policy documentation" +.SH "NAME" +abrt_selinux \- Security Enhanced Linux Policy for the abrt processes @@ -239,18 +241,16 @@ index 0000000..8226408 +.PP +.B +semanage fcontext -a -t public_content_t "/var/abrt(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/abrt ++.br ++.B restorecon -F -R -v /var/abrt +.pp +.TP +Allow abrt servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_abrtd_anon_write boolean to be set. +.PP +.B +semanage fcontext -a -t public_content_rw_t "/var/abrt/incoming(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/abrt/incoming ++.br ++.B restorecon -F -R -v /var/abrt/incoming + + +.PP @@ -272,145 +272,99 @@ index 0000000..8226408 + + +.EX ++.PP +.B abrt_dump_oops_exec_t +.EE + +- Set files with the abrt_dump_oops_exec_t type, if you want to transition an executable to the abrt_dump_oops_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B abrt_etc_t +.EE + +- Set files with the abrt_etc_t type, if you want to store abrt files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B abrt_exec_t +.EE + +- Set files with the abrt_exec_t type, if you want to transition an executable to the abrt_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B abrt_handle_event_exec_t +.EE + +- Set files with the abrt_handle_event_exec_t type, if you want to transition an executable to the abrt_handle_event_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B abrt_helper_exec_t +.EE + +- Set files with the abrt_helper_exec_t type, if you want to transition an executable to the abrt_helper_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B abrt_initrc_exec_t +.EE + +- Set files with the abrt_initrc_exec_t type, if you want to transition an executable to the abrt_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B abrt_retrace_cache_t +.EE + +- Set files with the abrt_retrace_cache_t type, if you want to store the files under the /var/cache directory. + +.br ++.TP 5 +Paths: +/var/cache/retrace-server(/.*)?, /var/cache/abrt-retrace(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B abrt_retrace_coredump_exec_t +.EE + +- Set files with the abrt_retrace_coredump_exec_t type, if you want to transition an executable to the abrt_retrace_coredump_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B abrt_retrace_spool_t +.EE + +- Set files with the abrt_retrace_spool_t type, if you want to store the abrt retrace files under the /var/spool directory. + +.br ++.TP 5 +Paths: +/var/spool/retrace-server(/.*)?, /var/spool/abrt-retrace(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B abrt_retrace_worker_exec_t +.EE + +- Set files with the abrt_retrace_worker_exec_t type, if you want to transition an executable to the abrt_retrace_worker_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/retrace-server-worker, /usr/bin/abrt-retrace-worker -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B abrt_tmp_t +.EE + @@ -418,50 +372,71 @@ index 0000000..8226408 + + +.EX ++.PP +.B abrt_var_cache_t +.EE + +- Set files with the abrt_var_cache_t type, if you want to store the files under the /var/cache directory. + +.br ++.TP 5 +Paths: +/var/cache/abrt(/.*)?, /var/spool/abrt(/.*)?, /var/cache/abrt-di(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B abrt_var_log_t +.EE + +- Set files with the abrt_var_log_t type, if you want to treat the data as abrt var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B abrt_var_run_t +.EE + +- Set files with the abrt_var_run_t type, if you want to store the abrt files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/abrtd?\.socket, /var/run/abrtd?\.lock, /var/run/abrt(/.*)?, /var/run/abrt\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux abrt policy is very flexible allowing users to setup their abrt processes in as secure a method as possible. ++.PP ++The following process types are defined for abrt: ++ ++.EX ++.B abrt_handle_event_t, abrt_helper_t, abrt_retrace_coredump_t, abrt_t, abrt_retrace_worker_t, abrt_dump_oops_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -479,10 +454,10 @@ index 0000000..8226408 \ No newline at end of file diff --git a/man/man8/accountsd_selinux.8 b/man/man8/accountsd_selinux.8 new file mode 100644 -index 0000000..801e6ca +index 0000000..f65b021 --- /dev/null +++ b/man/man8/accountsd_selinux.8 -@@ -0,0 +1,55 @@ +@@ -0,0 +1,79 @@ +.TH "accountsd_selinux" "8" "accountsd" "dwalsh@redhat.com" "accountsd SELinux Policy documentation" +.SH "NAME" +accountsd_selinux \- Security Enhanced Linux Policy for the accountsd processes @@ -503,31 +478,55 @@ index 0000000..801e6ca + + +.EX ++.PP +.B accountsd_exec_t +.EE + +- Set files with the accountsd_exec_t type, if you want to transition an executable to the accountsd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B accountsd_var_lib_t +.EE + +- Set files with the accountsd_var_lib_t type, if you want to store the accountsd files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux accountsd policy is very flexible allowing users to setup their accountsd processes in as secure a method as possible. ++.PP ++The following process types are defined for accountsd: ++ ++.EX ++.B accountsd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -540,10 +539,10 @@ index 0000000..801e6ca +selinux(8), accountsd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/acct_selinux.8 b/man/man8/acct_selinux.8 new file mode 100644 -index 0000000..0a013e4 +index 0000000..d07992c --- /dev/null +++ b/man/man8/acct_selinux.8 -@@ -0,0 +1,61 @@ +@@ -0,0 +1,87 @@ +.TH "acct_selinux" "8" "acct" "dwalsh@redhat.com" "acct SELinux Policy documentation" +.SH "NAME" +acct_selinux \- Security Enhanced Linux Policy for the acct processes @@ -564,37 +563,63 @@ index 0000000..0a013e4 + + +.EX ++.PP +.B acct_data_t +.EE + +- Set files with the acct_data_t type, if you want to treat the files as acct content. + +.br ++.TP 5 +Paths: +/var/log/account(/.*)?, /var/account(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B acct_exec_t +.EE + +- Set files with the acct_exec_t type, if you want to transition an executable to the acct_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/accton, /sbin/accton, /etc/cron\.(daily|monthly)/acct ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux acct policy is very flexible allowing users to setup their acct processes in as secure a method as possible. ++.PP ++The following process types are defined for acct: ++ ++.EX ++.B acct_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -607,10 +632,10 @@ index 0000000..0a013e4 +selinux(8), acct(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/afs_selinux.8 b/man/man8/afs_selinux.8 new file mode 100644 -index 0000000..7d8abaa +index 0000000..51441ba --- /dev/null +++ b/man/man8/afs_selinux.8 -@@ -0,0 +1,316 @@ +@@ -0,0 +1,288 @@ +.TH "afs_selinux" "8" "afs" "dwalsh@redhat.com" "afs SELinux Policy documentation" +.SH "NAME" +afs_selinux \- Security Enhanced Linux Policy for the afs processes @@ -631,211 +656,150 @@ index 0000000..7d8abaa + + +.EX ++.PP +.B afs_bosserver_exec_t +.EE + +- Set files with the afs_bosserver_exec_t type, if you want to transition an executable to the afs_bosserver_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_cache_t +.EE + +- Set files with the afs_cache_t type, if you want to store the files under the /var/cache directory. + +.br ++.TP 5 +Paths: +/var/cache/afs(/.*)?, /usr/vice/cache(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_config_t +.EE + +- Set files with the afs_config_t type, if you want to treat the files as afs configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/usr/afs/local(/.*)?, /usr/afs/etc(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_dbdir_t +.EE + +- Set files with the afs_dbdir_t type, if you want to treat the files as afs dbdir data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_exec_t +.EE + +- Set files with the afs_exec_t type, if you want to transition an executable to the afs_t domain. + +.br ++.TP 5 +Paths: +/usr/vice/etc/afsd, /usr/sbin/afsd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_files_t +.EE + +- Set files with the afs_files_t type, if you want to treat the files as afs content. + +.br ++.TP 5 +Paths: +/vicepc, /vicepb, /vicepa -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_fsserver_exec_t +.EE + +- Set files with the afs_fsserver_exec_t type, if you want to transition an executable to the afs_fsserver_t domain. + +.br ++.TP 5 +Paths: +/usr/afs/bin/volserver, /usr/afs/bin/fileserver, /usr/afs/bin/salvager -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_initrc_exec_t +.EE + +- Set files with the afs_initrc_exec_t type, if you want to transition an executable to the afs_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/afs, /etc/rc\.d/init\.d/openafs-client -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_ka_db_t +.EE + +- Set files with the afs_ka_db_t type, if you want to treat the files as afs ka database content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_kaserver_exec_t +.EE + +- Set files with the afs_kaserver_exec_t type, if you want to transition an executable to the afs_kaserver_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_logfile_t +.EE + +- Set files with the afs_logfile_t type, if you want to treat the files as afs logfile data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_pt_db_t +.EE + +- Set files with the afs_pt_db_t type, if you want to treat the files as afs pt database content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_ptserver_exec_t +.EE + +- Set files with the afs_ptserver_exec_t type, if you want to transition an executable to the afs_ptserver_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_vl_db_t +.EE + +- Set files with the afs_vl_db_t type, if you want to treat the files as afs vl database content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B afs_vlserver_exec_t +.EE + +- Set files with the afs_vlserver_exec_t type, if you want to transition an executable to the afs_vlserver_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -854,69 +818,102 @@ index 0000000..7d8abaa +SELinux afs policy is very flexible allowing users to setup their afs processes in as secure a method as possible. +.PP +The following port types are defined for afs: -+.EX + ++.EX ++.TP 5 +.B afs_bos_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B udp 7007 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B afs_client_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B udp 7001 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B afs_fs_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 2040 -+.EE -+.B udp 7000,7005 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B afs_ka_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B udp 7004 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B afs_pt_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B udp 7002 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B afs_vl_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux afs policy is very flexible allowing users to setup their afs processes in as secure a method as possible. ++.PP ++The following process types are defined for afs: + -+.B udp 7003 ++.EX ++.B afs_kaserver_t, afs_t, afs_fsserver_t, afs_bosserver_t, afs_vlserver_t, afs_ptserver_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -929,10 +926,10 @@ index 0000000..7d8abaa +selinux(8), afs(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/aiccu_selinux.8 b/man/man8/aiccu_selinux.8 new file mode 100644 -index 0000000..a713ef7 +index 0000000..320e7cf --- /dev/null +++ b/man/man8/aiccu_selinux.8 -@@ -0,0 +1,81 @@ +@@ -0,0 +1,95 @@ +.TH "aiccu_selinux" "8" "aiccu" "dwalsh@redhat.com" "aiccu SELinux Policy documentation" +.SH "NAME" +aiccu_selinux \- Security Enhanced Linux Policy for the aiccu processes @@ -953,57 +950,71 @@ index 0000000..a713ef7 + + +.EX ++.PP +.B aiccu_etc_t +.EE + +- Set files with the aiccu_etc_t type, if you want to store aiccu files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B aiccu_exec_t +.EE + +- Set files with the aiccu_exec_t type, if you want to transition an executable to the aiccu_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B aiccu_initrc_exec_t +.EE + +- Set files with the aiccu_initrc_exec_t type, if you want to transition an executable to the aiccu_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B aiccu_var_run_t +.EE + +- Set files with the aiccu_var_run_t type, if you want to store the aiccu files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux aiccu policy is very flexible allowing users to setup their aiccu processes in as secure a method as possible. ++.PP ++The following process types are defined for aiccu: ++ ++.EX ++.B aiccu_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -1016,10 +1027,10 @@ index 0000000..a713ef7 +selinux(8), aiccu(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/aide_selinux.8 b/man/man8/aide_selinux.8 new file mode 100644 -index 0000000..5ba9d4d +index 0000000..6e55008 --- /dev/null +++ b/man/man8/aide_selinux.8 -@@ -0,0 +1,71 @@ +@@ -0,0 +1,91 @@ +.TH "aide_selinux" "8" "aide" "dwalsh@redhat.com" "aide SELinux Policy documentation" +.SH "NAME" +aide_selinux \- Security Enhanced Linux Policy for the aide processes @@ -1040,47 +1051,67 @@ index 0000000..5ba9d4d + + +.EX ++.PP +.B aide_db_t +.EE + +- Set files with the aide_db_t type, if you want to treat the files as aide database content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B aide_exec_t +.EE + +- Set files with the aide_exec_t type, if you want to transition an executable to the aide_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B aide_log_t +.EE + +- Set files with the aide_log_t type, if you want to treat the data as aide log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/aide\.log, /var/log/aide(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux aide policy is very flexible allowing users to setup their aide processes in as secure a method as possible. ++.PP ++The following process types are defined for aide: ++ ++.EX ++.B aide_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -1093,10 +1124,10 @@ index 0000000..5ba9d4d +selinux(8), aide(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/aisexec_selinux.8 b/man/man8/aisexec_selinux.8 new file mode 100644 -index 0000000..3d6feb1 +index 0000000..c9701c5 --- /dev/null +++ b/man/man8/aisexec_selinux.8 -@@ -0,0 +1,108 @@ +@@ -0,0 +1,119 @@ +.TH "aisexec_selinux" "8" "aisexec" "dwalsh@redhat.com" "aisexec SELinux Policy documentation" +.SH "NAME" +aisexec_selinux \- Security Enhanced Linux Policy for the aisexec processes @@ -1117,32 +1148,23 @@ index 0000000..3d6feb1 + + +.EX ++.PP +.B aisexec_exec_t +.EE + +- Set files with the aisexec_exec_t type, if you want to transition an executable to the aisexec_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B aisexec_initrc_exec_t +.EE + +- Set files with the aisexec_initrc_exec_t type, if you want to transition an executable to the aisexec_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B aisexec_tmp_t +.EE + @@ -1150,6 +1172,7 @@ index 0000000..3d6feb1 + + +.EX ++.PP +.B aisexec_tmpfs_t +.EE + @@ -1157,44 +1180,63 @@ index 0000000..3d6feb1 + + +.EX ++.PP +.B aisexec_var_lib_t +.EE + +- Set files with the aisexec_var_lib_t type, if you want to store the aisexec files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B aisexec_var_log_t +.EE + +- Set files with the aisexec_var_log_t type, if you want to treat the data as aisexec var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B aisexec_var_run_t +.EE + +- Set files with the aisexec_var_run_t type, if you want to store the aisexec files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux aisexec policy is very flexible allowing users to setup their aisexec processes in as secure a method as possible. ++.PP ++The following process types are defined for aisexec: ++ ++.EX ++.B aisexec_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -1207,10 +1249,10 @@ index 0000000..3d6feb1 +selinux(8), aisexec(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ajaxterm_selinux.8 b/man/man8/ajaxterm_selinux.8 new file mode 100644 -index 0000000..0166cbe +index 0000000..aaabeb6 --- /dev/null +++ b/man/man8/ajaxterm_selinux.8 -@@ -0,0 +1,90 @@ +@@ -0,0 +1,113 @@ +.TH "ajaxterm_selinux" "8" "ajaxterm" "dwalsh@redhat.com" "ajaxterm SELinux Policy documentation" +.SH "NAME" +ajaxterm_selinux \- Security Enhanced Linux Policy for the ajaxterm processes @@ -1231,37 +1273,30 @@ index 0000000..0166cbe + + +.EX ++.PP +.B ajaxterm_exec_t +.EE + +- Set files with the ajaxterm_exec_t type, if you want to transition an executable to the ajaxterm_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ajaxterm_initrc_exec_t +.EE + +- Set files with the ajaxterm_initrc_exec_t type, if you want to transition an executable to the ajaxterm_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ajaxterm_var_run_t +.EE + +- Set files with the ajaxterm_var_run_t type, if you want to store the ajaxterm files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -1280,17 +1315,47 @@ index 0000000..0166cbe +SELinux ajaxterm policy is very flexible allowing users to setup their ajaxterm processes in as secure a method as possible. +.PP +The following port types are defined for ajaxterm: -+.EX + ++.EX ++.TP 5 +.B ajaxterm_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ajaxterm policy is very flexible allowing users to setup their ajaxterm processes in as secure a method as possible. ++.PP ++The following process types are defined for ajaxterm: + -+.B tcp 8022 ++.EX ++.B ajaxterm_ssh_t, ajaxterm_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -1303,10 +1368,10 @@ index 0000000..0166cbe +selinux(8), ajaxterm(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/alsa_selinux.8 b/man/man8/alsa_selinux.8 new file mode 100644 -index 0000000..bb67209 +index 0000000..9ca6a8d --- /dev/null +++ b/man/man8/alsa_selinux.8 -@@ -0,0 +1,88 @@ +@@ -0,0 +1,111 @@ +.TH "alsa_selinux" "8" "alsa" "dwalsh@redhat.com" "alsa SELinux Policy documentation" +.SH "NAME" +alsa_selinux \- Security Enhanced Linux Policy for the alsa processes @@ -1327,38 +1392,31 @@ index 0000000..bb67209 + + +.EX ++.PP +.B alsa_etc_rw_t +.EE + +- Set files with the alsa_etc_rw_t type, if you want to treat the files as alsa etc read/write content. + +.br ++.TP 5 +Paths: +/etc/alsa/pcm(/.*)?, /etc/alsa/asound\.state, /usr/share/alsa/pcm(/.*)?, /etc/asound\.state, /etc/asound(/.*)?, /usr/share/alsa/alsa\.conf -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B alsa_exec_t +.EE + +- Set files with the alsa_exec_t type, if you want to transition an executable to the alsa_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/salsa, /bin/alsaunmute, /sbin/alsactl, /usr/bin/ainit, /usr/bin/alsaunmute, /sbin/salsa, /usr/sbin/alsactl -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B alsa_home_t +.EE + @@ -1366,6 +1424,7 @@ index 0000000..bb67209 + + +.EX ++.PP +.B alsa_tmp_t +.EE + @@ -1373,18 +1432,47 @@ index 0000000..bb67209 + + +.EX ++.PP +.B alsa_var_lib_t +.EE + +- Set files with the alsa_var_lib_t type, if you want to store the alsa files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux alsa policy is very flexible allowing users to setup their alsa processes in as secure a method as possible. ++.PP ++The following process types are defined for alsa: ++ ++.EX ++.B alsa_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -1397,10 +1485,10 @@ index 0000000..bb67209 +selinux(8), alsa(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/amanda_selinux.8 b/man/man8/amanda_selinux.8 new file mode 100644 -index 0000000..b681677 +index 0000000..69f39b8 --- /dev/null +++ b/man/man8/amanda_selinux.8 -@@ -0,0 +1,231 @@ +@@ -0,0 +1,213 @@ +.TH "amanda_selinux" "8" "amanda" "dwalsh@redhat.com" "amanda SELinux Policy documentation" +.SH "NAME" +amanda_selinux \- Security Enhanced Linux Policy for the amanda processes @@ -1421,148 +1509,103 @@ index 0000000..b681677 + + +.EX ++.PP +.B amanda_amandates_t +.EE + +- Set files with the amanda_amandates_t type, if you want to treat the files as amanda amandates data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amanda_config_t +.EE + +- Set files with the amanda_config_t type, if you want to treat the files as amanda configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/etc/amanda(/.*)?, /var/lib/amanda/\.amandahosts -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amanda_data_t +.EE + +- Set files with the amanda_data_t type, if you want to treat the files as amanda content. + +.br ++.TP 5 +Paths: +/var/lib/amanda/[^/]+(/.*)?, /etc/amanda/.*/tapelist(/.*)?, /etc/amanda/.*/index(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amanda_dumpdates_t +.EE + +- Set files with the amanda_dumpdates_t type, if you want to treat the files as amanda dumpdates data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amanda_exec_t +.EE + +- Set files with the amanda_exec_t type, if you want to transition an executable to the amanda_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amanda_gnutarlists_t +.EE + +- Set files with the amanda_gnutarlists_t type, if you want to treat the files as amanda gnutarlists data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amanda_inetd_exec_t +.EE + +- Set files with the amanda_inetd_exec_t type, if you want to transition an executable to the amanda_inetd_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/amanda/amindexd, /usr/lib/amanda/amidxtaped, /usr/lib/amanda/amandad -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amanda_log_t +.EE + +- Set files with the amanda_log_t type, if you want to treat the data as amanda log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/amanda(/.*)?, /var/lib/amanda/[^/]*/log(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amanda_recover_dir_t +.EE + +- Set files with the amanda_recover_dir_t type, if you want to treat the files as amanda recover dir data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amanda_recover_exec_t +.EE + +- Set files with the amanda_recover_exec_t type, if you want to transition an executable to the amanda_recover_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amanda_tmp_t +.EE + @@ -1570,27 +1613,26 @@ index 0000000..b681677 + + +.EX ++.PP +.B amanda_usr_lib_t +.EE + +- Set files with the amanda_usr_lib_t type, if you want to treat the files as amanda usr lib data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amanda_var_lib_t +.EE + +- Set files with the amanda_var_lib_t type, if you want to store the amanda files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/amanda, /var/lib/amanda/[^/]+/index(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -1609,19 +1651,47 @@ index 0000000..b681677 +SELinux amanda policy is very flexible allowing users to setup their amanda processes in as secure a method as possible. +.PP +The following port types are defined for amanda: -+.EX + ++.EX ++.TP 5 +.B amanda_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 10080-10083 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 10080-10082 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux amanda policy is very flexible allowing users to setup their amanda processes in as secure a method as possible. ++.PP ++The following process types are defined for amanda: ++ ++.EX ++.B amanda_t, amanda_recover_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -1634,10 +1704,10 @@ index 0000000..b681677 +selinux(8), amanda(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/amavis_selinux.8 b/man/man8/amavis_selinux.8 new file mode 100644 -index 0000000..0aa8650 +index 0000000..179fa80 --- /dev/null +++ b/man/man8/amavis_selinux.8 -@@ -0,0 +1,181 @@ +@@ -0,0 +1,184 @@ +.TH "amavis_selinux" "8" "amavis" "dwalsh@redhat.com" "amavis SELinux Policy documentation" +.SH "NAME" +amavis_selinux \- Security Enhanced Linux Policy for the amavis processes @@ -1658,77 +1728,55 @@ index 0000000..0aa8650 + + +.EX ++.PP +.B amavis_etc_t +.EE + +- Set files with the amavis_etc_t type, if you want to store amavis files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/amavis\.conf, /etc/amavisd(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amavis_exec_t +.EE + +- Set files with the amavis_exec_t type, if you want to transition an executable to the amavis_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/amavisd.*, /usr/lib/AntiVir/antivir -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amavis_initrc_exec_t +.EE + +- Set files with the amavis_initrc_exec_t type, if you want to transition an executable to the amavis_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amavis_quarantine_t +.EE + +- Set files with the amavis_quarantine_t type, if you want to treat the files as amavis quarantine data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amavis_spool_t +.EE + +- Set files with the amavis_spool_t type, if you want to store the amavis files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amavis_tmp_t +.EE + @@ -1736,40 +1784,34 @@ index 0000000..0aa8650 + + +.EX ++.PP +.B amavis_var_lib_t +.EE + +- Set files with the amavis_var_lib_t type, if you want to store the amavis files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/amavis(/.*)?, /var/amavis(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amavis_var_log_t +.EE + +- Set files with the amavis_var_log_t type, if you want to treat the data as amavis var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B amavis_var_run_t +.EE + +- Set files with the amavis_var_run_t type, if you want to store the amavis files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -1788,27 +1830,58 @@ index 0000000..0aa8650 +SELinux amavis policy is very flexible allowing users to setup their amavis processes in as secure a method as possible. +.PP +The following port types are defined for amavis: -+.EX + ++.EX ++.TP 5 +.B amavisd_recv_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 10024 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B amavisd_send_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux amavis policy is very flexible allowing users to setup their amavis processes in as secure a method as possible. ++.PP ++The following process types are defined for amavis: + -+.B tcp 10025 ++.EX ++.B amavis_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -1821,10 +1894,10 @@ index 0000000..0aa8650 +selinux(8), amavis(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/amtu_selinux.8 b/man/man8/amtu_selinux.8 new file mode 100644 -index 0000000..cb385b9 +index 0000000..6d9165d --- /dev/null +++ b/man/man8/amtu_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "amtu_selinux" "8" "amtu" "dwalsh@redhat.com" "amtu SELinux Policy documentation" +.SH "NAME" +amtu_selinux \- Security Enhanced Linux Policy for the amtu processes @@ -1845,18 +1918,47 @@ index 0000000..cb385b9 + + +.EX ++.PP +.B amtu_exec_t +.EE + +- Set files with the amtu_exec_t type, if you want to transition an executable to the amtu_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux amtu policy is very flexible allowing users to setup their amtu processes in as secure a method as possible. ++.PP ++The following process types are defined for amtu: ++ ++.EX ++.B amtu_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -1869,10 +1971,10 @@ index 0000000..cb385b9 +selinux(8), amtu(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/apcupsd_selinux.8 b/man/man8/apcupsd_selinux.8 new file mode 100644 -index 0000000..ca9fb35 +index 0000000..5d2ce82 --- /dev/null +++ b/man/man8/apcupsd_selinux.8 -@@ -0,0 +1,131 @@ +@@ -0,0 +1,145 @@ +.TH "apcupsd_selinux" "8" "apcupsd" "dwalsh@redhat.com" "apcupsd SELinux Policy documentation" +.SH "NAME" +apcupsd_selinux \- Security Enhanced Linux Policy for the apcupsd processes @@ -1893,64 +1995,47 @@ index 0000000..ca9fb35 + + +.EX ++.PP +.B apcupsd_exec_t +.EE + +- Set files with the apcupsd_exec_t type, if you want to transition an executable to the apcupsd_t domain. + +.br ++.TP 5 +Paths: +/sbin/apcupsd, /usr/sbin/apcupsd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B apcupsd_initrc_exec_t +.EE + +- Set files with the apcupsd_initrc_exec_t type, if you want to transition an executable to the apcupsd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B apcupsd_lock_t +.EE + +- Set files with the apcupsd_lock_t type, if you want to treat the files as apcupsd lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B apcupsd_log_t +.EE + +- Set files with the apcupsd_log_t type, if you want to treat the data as apcupsd log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/apcupsd\.status.*, /var/log/apcupsd\.events.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B apcupsd_tmp_t +.EE + @@ -1958,11 +2043,14 @@ index 0000000..ca9fb35 + + +.EX ++.PP +.B apcupsd_var_run_t +.EE + +- Set files with the apcupsd_var_run_t type, if you want to store the apcupsd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -1981,19 +2069,47 @@ index 0000000..ca9fb35 +SELinux apcupsd policy is very flexible allowing users to setup their apcupsd processes in as secure a method as possible. +.PP +The following port types are defined for apcupsd: -+.EX + ++.EX ++.TP 5 +.B apcupsd_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 3551 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 3551 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux apcupsd policy is very flexible allowing users to setup their apcupsd processes in as secure a method as possible. ++.PP ++The following process types are defined for apcupsd: ++ ++.EX ++.B apcupsd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -2006,10 +2122,10 @@ index 0000000..ca9fb35 +selinux(8), apcupsd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/apm_selinux.8 b/man/man8/apm_selinux.8 new file mode 100644 -index 0000000..adcfc17 +index 0000000..c83eb35 --- /dev/null +++ b/man/man8/apm_selinux.8 -@@ -0,0 +1,101 @@ +@@ -0,0 +1,119 @@ +.TH "apm_selinux" "8" "apm" "dwalsh@redhat.com" "apm SELinux Policy documentation" +.SH "NAME" +apm_selinux \- Security Enhanced Linux Policy for the apm processes @@ -2030,35 +2146,27 @@ index 0000000..adcfc17 + + +.EX ++.PP +.B apm_exec_t +.EE + +- Set files with the apm_exec_t type, if you want to transition an executable to the apm_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B apmd_exec_t +.EE + +- Set files with the apmd_exec_t type, if you want to transition an executable to the apmd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/powersaved, /usr/sbin/acpid, /usr/sbin/apmd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B apmd_lock_t +.EE + @@ -2066,19 +2174,15 @@ index 0000000..adcfc17 + + +.EX ++.PP +.B apmd_log_t +.EE + +- Set files with the apmd_log_t type, if you want to treat the data as apmd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B apmd_tmp_t +.EE + @@ -2086,21 +2190,51 @@ index 0000000..adcfc17 + + +.EX ++.PP +.B apmd_var_run_t +.EE + +- Set files with the apmd_var_run_t type, if you want to store the apmd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/\.?acpid\.socket, /var/run/apmd\.pid, /var/run/powersaved\.pid, /var/run/powersave_socket ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux apm policy is very flexible allowing users to setup their apm processes in as secure a method as possible. ++.PP ++The following process types are defined for apm: ++ ++.EX ++.B apm_t, apmd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -2113,10 +2247,10 @@ index 0000000..adcfc17 +selinux(8), apm(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/apmd_selinux.8 b/man/man8/apmd_selinux.8 new file mode 100644 -index 0000000..2ac1cdc +index 0000000..459709d --- /dev/null +++ b/man/man8/apmd_selinux.8 -@@ -0,0 +1,88 @@ +@@ -0,0 +1,111 @@ +.TH "apmd_selinux" "8" "apmd" "dwalsh@redhat.com" "apmd SELinux Policy documentation" +.SH "NAME" +apmd_selinux \- Security Enhanced Linux Policy for the apmd processes @@ -2137,22 +2271,19 @@ index 0000000..2ac1cdc + + +.EX ++.PP +.B apmd_exec_t +.EE + +- Set files with the apmd_exec_t type, if you want to transition an executable to the apmd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/powersaved, /usr/sbin/acpid, /usr/sbin/apmd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B apmd_lock_t +.EE + @@ -2160,19 +2291,15 @@ index 0000000..2ac1cdc + + +.EX ++.PP +.B apmd_log_t +.EE + +- Set files with the apmd_log_t type, if you want to treat the data as apmd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B apmd_tmp_t +.EE + @@ -2180,21 +2307,51 @@ index 0000000..2ac1cdc + + +.EX ++.PP +.B apmd_var_run_t +.EE + +- Set files with the apmd_var_run_t type, if you want to store the apmd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/\.?acpid\.socket, /var/run/apmd\.pid, /var/run/powersaved\.pid, /var/run/powersave_socket ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux apmd policy is very flexible allowing users to setup their apmd processes in as secure a method as possible. ++.PP ++The following process types are defined for apmd: ++ ++.EX ++.B apm_t, apmd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -2207,10 +2364,10 @@ index 0000000..2ac1cdc +selinux(8), apmd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/arpwatch_selinux.8 b/man/man8/arpwatch_selinux.8 new file mode 100644 -index 0000000..fadbdd1 +index 0000000..d24f28e --- /dev/null +++ b/man/man8/arpwatch_selinux.8 -@@ -0,0 +1,85 @@ +@@ -0,0 +1,107 @@ +.TH "arpwatch_selinux" "8" "arpwatch" "dwalsh@redhat.com" "arpwatch SELinux Policy documentation" +.SH "NAME" +arpwatch_selinux \- Security Enhanced Linux Policy for the arpwatch processes @@ -2231,48 +2388,35 @@ index 0000000..fadbdd1 + + +.EX ++.PP +.B arpwatch_data_t +.EE + +- Set files with the arpwatch_data_t type, if you want to treat the files as arpwatch content. + +.br ++.TP 5 +Paths: +/var/arpwatch(/.*)?, /var/lib/arpwatch(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B arpwatch_exec_t +.EE + +- Set files with the arpwatch_exec_t type, if you want to transition an executable to the arpwatch_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B arpwatch_initrc_exec_t +.EE + +- Set files with the arpwatch_initrc_exec_t type, if you want to transition an executable to the arpwatch_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B arpwatch_tmp_t +.EE + @@ -2280,12 +2424,47 @@ index 0000000..fadbdd1 + + +.EX ++.PP +.B arpwatch_var_run_t +.EE + +- Set files with the arpwatch_var_run_t type, if you want to store the arpwatch files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux arpwatch policy is very flexible allowing users to setup their arpwatch processes in as secure a method as possible. ++.PP ++The following process types are defined for arpwatch: ++ ++.EX ++.B arpwatch_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -2298,10 +2477,10 @@ index 0000000..fadbdd1 +selinux(8), arpwatch(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/asterisk_selinux.8 b/man/man8/asterisk_selinux.8 new file mode 100644 -index 0000000..fbf0991 +index 0000000..2e39074 --- /dev/null +++ b/man/man8/asterisk_selinux.8 -@@ -0,0 +1,158 @@ +@@ -0,0 +1,161 @@ +.TH "asterisk_selinux" "8" "asterisk" "dwalsh@redhat.com" "asterisk SELinux Policy documentation" +.SH "NAME" +asterisk_selinux \- Security Enhanced Linux Policy for the asterisk processes @@ -2322,71 +2501,47 @@ index 0000000..fbf0991 + + +.EX ++.PP +.B asterisk_etc_t +.EE + +- Set files with the asterisk_etc_t type, if you want to store asterisk files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B asterisk_exec_t +.EE + +- Set files with the asterisk_exec_t type, if you want to transition an executable to the asterisk_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B asterisk_initrc_exec_t +.EE + +- Set files with the asterisk_initrc_exec_t type, if you want to transition an executable to the asterisk_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B asterisk_log_t +.EE + +- Set files with the asterisk_log_t type, if you want to treat the data as asterisk log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B asterisk_spool_t +.EE + +- Set files with the asterisk_spool_t type, if you want to store the asterisk files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B asterisk_tmp_t +.EE + @@ -2394,6 +2549,7 @@ index 0000000..fbf0991 + + +.EX ++.PP +.B asterisk_tmpfs_t +.EE + @@ -2401,24 +2557,22 @@ index 0000000..fbf0991 + + +.EX ++.PP +.B asterisk_var_lib_t +.EE + +- Set files with the asterisk_var_lib_t type, if you want to store the asterisk files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B asterisk_var_run_t +.EE + +- Set files with the asterisk_var_run_t type, if you want to store the asterisk files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -2437,19 +2591,47 @@ index 0000000..fbf0991 +SELinux asterisk policy is very flexible allowing users to setup their asterisk processes in as secure a method as possible. +.PP +The following port types are defined for asterisk: -+.EX + ++.EX ++.TP 5 +.B asterisk_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 1720 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 2427,2727,4569 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux asterisk policy is very flexible allowing users to setup their asterisk processes in as secure a method as possible. ++.PP ++The following process types are defined for asterisk: ++ ++.EX ++.B asterisk_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -2462,10 +2644,10 @@ index 0000000..fbf0991 +selinux(8), asterisk(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/audisp_selinux.8 b/man/man8/audisp_selinux.8 new file mode 100644 -index 0000000..c795e6c +index 0000000..6b9e0bd --- /dev/null +++ b/man/man8/audisp_selinux.8 -@@ -0,0 +1,74 @@ +@@ -0,0 +1,95 @@ +.TH "audisp_selinux" "8" "audisp" "dwalsh@redhat.com" "audisp SELinux Policy documentation" +.SH "NAME" +audisp_selinux \- Security Enhanced Linux Policy for the audisp processes @@ -2486,50 +2668,71 @@ index 0000000..c795e6c + + +.EX ++.PP +.B audisp_exec_t +.EE + +- Set files with the audisp_exec_t type, if you want to transition an executable to the audisp_t domain. + +.br ++.TP 5 +Paths: +/sbin/audispd, /usr/sbin/audispd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B audisp_remote_exec_t +.EE + +- Set files with the audisp_remote_exec_t type, if you want to transition an executable to the audisp_remote_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/audisp-remote, /sbin/audisp-remote -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B audisp_var_run_t +.EE + +- Set files with the audisp_var_run_t type, if you want to store the audisp files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux audisp policy is very flexible allowing users to setup their audisp processes in as secure a method as possible. ++.PP ++The following process types are defined for audisp: ++ ++.EX ++.B audisp_remote_t, audisp_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -2542,10 +2745,10 @@ index 0000000..c795e6c +selinux(8), audisp(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/auditctl_selinux.8 b/man/man8/auditctl_selinux.8 new file mode 100644 -index 0000000..21f4245 +index 0000000..63236fa --- /dev/null +++ b/man/man8/auditctl_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "auditctl_selinux" "8" "auditctl" "dwalsh@redhat.com" "auditctl SELinux Policy documentation" +.SH "NAME" +auditctl_selinux \- Security Enhanced Linux Policy for the auditctl processes @@ -2566,21 +2769,51 @@ index 0000000..21f4245 + + +.EX ++.PP +.B auditctl_exec_t +.EE + +- Set files with the auditctl_exec_t type, if you want to transition an executable to the auditctl_t domain. + +.br ++.TP 5 +Paths: +/sbin/auditctl, /usr/sbin/auditctl ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux auditctl policy is very flexible allowing users to setup their auditctl processes in as secure a method as possible. ++.PP ++The following process types are defined for auditctl: ++ ++.EX ++.B auditctl_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -2593,10 +2826,10 @@ index 0000000..21f4245 +selinux(8), auditctl(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/auditd_selinux.8 b/man/man8/auditd_selinux.8 new file mode 100644 -index 0000000..2eb3fbc +index 0000000..c36fe78 --- /dev/null +++ b/man/man8/auditd_selinux.8 -@@ -0,0 +1,125 @@ +@@ -0,0 +1,141 @@ +.TH "auditd_selinux" "8" "auditd" "dwalsh@redhat.com" "auditd SELinux Policy documentation" +.SH "NAME" +auditd_selinux \- Security Enhanced Linux Policy for the auditd processes @@ -2617,72 +2850,58 @@ index 0000000..2eb3fbc + + +.EX ++.PP +.B auditd_etc_t +.EE + +- Set files with the auditd_etc_t type, if you want to store auditd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B auditd_exec_t +.EE + +- Set files with the auditd_exec_t type, if you want to transition an executable to the auditd_t domain. + +.br ++.TP 5 +Paths: +/sbin/auditd, /usr/sbin/auditd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B auditd_initrc_exec_t +.EE + +- Set files with the auditd_initrc_exec_t type, if you want to transition an executable to the auditd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B auditd_log_t +.EE + +- Set files with the auditd_log_t type, if you want to treat the data as auditd log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/audit(/.*)?, /var/log/audit\.log -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B auditd_var_run_t +.EE + +- Set files with the auditd_var_run_t type, if you want to store the auditd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/audit_events, /var/run/auditd_sock, /var/run/auditd\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -2701,17 +2920,47 @@ index 0000000..2eb3fbc +SELinux auditd policy is very flexible allowing users to setup their auditd processes in as secure a method as possible. +.PP +The following port types are defined for auditd: -+.EX + ++.EX ++.TP 5 +.B audit_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux auditd policy is very flexible allowing users to setup their auditd processes in as secure a method as possible. ++.PP ++The following process types are defined for auditd: + -+.B tcp 60 ++.EX ++.B auditadm_su_t, auditadm_seunshare_t, auditadm_dbusd_t, auditadm_t, auditadm_sudo_t, auditadm_wine_t, auditadm_screen_t, auditadm_gkeyringd_t, auditd_t, auditctl_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -2724,10 +2973,10 @@ index 0000000..2eb3fbc +selinux(8), auditd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/automount_selinux.8 b/man/man8/automount_selinux.8 new file mode 100644 -index 0000000..2dfd3c5 +index 0000000..fde796e --- /dev/null +++ b/man/man8/automount_selinux.8 -@@ -0,0 +1,92 @@ +@@ -0,0 +1,115 @@ +.TH "automount_selinux" "8" "automount" "dwalsh@redhat.com" "automount SELinux Policy documentation" +.SH "NAME" +automount_selinux \- Security Enhanced Linux Policy for the automount processes @@ -2748,35 +2997,27 @@ index 0000000..2dfd3c5 + + +.EX ++.PP +.B automount_exec_t +.EE + +- Set files with the automount_exec_t type, if you want to transition an executable to the automount_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/automount, /etc/apm/event\.d/autofs -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B automount_initrc_exec_t +.EE + +- Set files with the automount_initrc_exec_t type, if you want to transition an executable to the automount_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B automount_keytab_t +.EE + @@ -2784,6 +3025,7 @@ index 0000000..2dfd3c5 + + +.EX ++.PP +.B automount_lock_t +.EE + @@ -2791,6 +3033,7 @@ index 0000000..2dfd3c5 + + +.EX ++.PP +.B automount_tmp_t +.EE + @@ -2798,18 +3041,47 @@ index 0000000..2dfd3c5 + + +.EX ++.PP +.B automount_var_run_t +.EE + +- Set files with the automount_var_run_t type, if you want to store the automount files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux automount policy is very flexible allowing users to setup their automount processes in as secure a method as possible. ++.PP ++The following process types are defined for automount: ++ ++.EX ++.B automount_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -2822,10 +3094,10 @@ index 0000000..2dfd3c5 +selinux(8), automount(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/avahi_selinux.8 b/man/man8/avahi_selinux.8 new file mode 100644 -index 0000000..938a600 +index 0000000..396a2c6 --- /dev/null +++ b/man/man8/avahi_selinux.8 -@@ -0,0 +1,99 @@ +@@ -0,0 +1,114 @@ +.TH "avahi_selinux" "8" "avahi" "dwalsh@redhat.com" "avahi SELinux Policy documentation" +.SH "NAME" +avahi_selinux \- Security Enhanced Linux Policy for the avahi processes @@ -2857,60 +3129,75 @@ index 0000000..938a600 + + +.EX ++.PP +.B avahi_exec_t +.EE + +- Set files with the avahi_exec_t type, if you want to transition an executable to the avahi_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/avahi-dnsconfd, /usr/sbin/avahi-autoipd, /usr/sbin/avahi-daemon -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B avahi_initrc_exec_t +.EE + +- Set files with the avahi_initrc_exec_t type, if you want to transition an executable to the avahi_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B avahi_var_lib_t +.EE + +- Set files with the avahi_var_lib_t type, if you want to store the avahi files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B avahi_var_run_t +.EE + +- Set files with the avahi_var_run_t type, if you want to store the avahi files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux avahi policy is very flexible allowing users to setup their avahi processes in as secure a method as possible. ++.PP ++The following process types are defined for avahi: ++ ++.EX ++.B avahi_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -2928,10 +3215,10 @@ index 0000000..938a600 \ No newline at end of file diff --git a/man/man8/awstats_selinux.8 b/man/man8/awstats_selinux.8 new file mode 100644 -index 0000000..137b0f1 +index 0000000..d137073 --- /dev/null +++ b/man/man8/awstats_selinux.8 -@@ -0,0 +1,62 @@ +@@ -0,0 +1,87 @@ +.TH "awstats_selinux" "8" "awstats" "dwalsh@redhat.com" "awstats SELinux Policy documentation" +.SH "NAME" +awstats_selinux \- Security Enhanced Linux Policy for the awstats processes @@ -2952,19 +3239,15 @@ index 0000000..137b0f1 + + +.EX ++.PP +.B awstats_exec_t +.EE + +- Set files with the awstats_exec_t type, if you want to transition an executable to the awstats_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B awstats_tmp_t +.EE + @@ -2972,18 +3255,47 @@ index 0000000..137b0f1 + + +.EX ++.PP +.B awstats_var_lib_t +.EE + +- Set files with the awstats_var_lib_t type, if you want to store the awstats files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux awstats policy is very flexible allowing users to setup their awstats processes in as secure a method as possible. ++.PP ++The following process types are defined for awstats: ++ ++.EX ++.B awstats_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -2996,10 +3308,10 @@ index 0000000..137b0f1 +selinux(8), awstats(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/bitlbee_selinux.8 b/man/man8/bitlbee_selinux.8 new file mode 100644 -index 0000000..584a7ec +index 0000000..3e45bfd --- /dev/null +++ b/man/man8/bitlbee_selinux.8 -@@ -0,0 +1,120 @@ +@@ -0,0 +1,127 @@ +.TH "bitlbee_selinux" "8" "bitlbee" "dwalsh@redhat.com" "bitlbee SELinux Policy documentation" +.SH "NAME" +bitlbee_selinux \- Security Enhanced Linux Policy for the bitlbee processes @@ -3020,61 +3332,43 @@ index 0000000..584a7ec + + +.EX ++.PP +.B bitlbee_conf_t +.EE + +- Set files with the bitlbee_conf_t type, if you want to treat the files as bitlbee configuration data, usually stored under the /etc directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B bitlbee_exec_t +.EE + +- Set files with the bitlbee_exec_t type, if you want to transition an executable to the bitlbee_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/bitlbee, /usr/bin/bip -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B bitlbee_initrc_exec_t +.EE + +- Set files with the bitlbee_initrc_exec_t type, if you want to transition an executable to the bitlbee_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B bitlbee_log_t +.EE + +- Set files with the bitlbee_log_t type, if you want to treat the data as bitlbee log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B bitlbee_tmp_t +.EE + @@ -3082,34 +3376,59 @@ index 0000000..584a7ec + + +.EX ++.PP +.B bitlbee_var_run_t +.EE + +- Set files with the bitlbee_var_run_t type, if you want to store the bitlbee files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/bitlbee\.pid, /var/run/bip(/.*)?, /var/run/bitlbee\.sock -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B bitlbee_var_t +.EE + +- Set files with the bitlbee_var_t type, if you want to store the bit files under the /var directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux bitlbee policy is very flexible allowing users to setup their bitlbee processes in as secure a method as possible. ++.PP ++The following process types are defined for bitlbee: ++ ++.EX ++.B bitlbee_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -3122,10 +3441,10 @@ index 0000000..584a7ec +selinux(8), bitlbee(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/blktap_selinux.8 b/man/man8/blktap_selinux.8 new file mode 100644 -index 0000000..cbf4658 +index 0000000..37cb567 --- /dev/null +++ b/man/man8/blktap_selinux.8 -@@ -0,0 +1,67 @@ +@@ -0,0 +1,98 @@ +.TH "blktap_selinux" "8" "blktap" "dwalsh@redhat.com" "blktap SELinux Policy documentation" +.SH "NAME" +blktap_selinux \- Security Enhanced Linux Policy for the blktap processes @@ -3157,28 +3476,59 @@ index 0000000..cbf4658 + + +.EX ++.PP +.B blktap_exec_t +.EE + +- Set files with the blktap_exec_t type, if you want to transition an executable to the blktap_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/blktapctrl, /usr/sbin/tapdisk ++ ++.EX ++.PP ++.B blktap_var_run_t ++.EE ++ ++- Set files with the blktap_var_run_t type, if you want to store the blktap files under the /run directory. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux blktap policy is very flexible allowing users to setup their blktap processes in as secure a method as possible. ++.PP ++The following process types are defined for blktap: + +.EX -+.B blktap_var_run_t ++.B blktap_t +.EE -+ -+- Set files with the blktap_var_run_t type, if you want to store the blktap files under the /run directory. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -3196,10 +3546,10 @@ index 0000000..cbf4658 \ No newline at end of file diff --git a/man/man8/blueman_selinux.8 b/man/man8/blueman_selinux.8 new file mode 100644 -index 0000000..aa9c8d9 +index 0000000..bdead53 --- /dev/null +++ b/man/man8/blueman_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "blueman_selinux" "8" "blueman" "dwalsh@redhat.com" "blueman SELinux Policy documentation" +.SH "NAME" +blueman_selinux \- Security Enhanced Linux Policy for the blueman processes @@ -3220,18 +3570,47 @@ index 0000000..aa9c8d9 + + +.EX ++.PP +.B blueman_exec_t +.EE + +- Set files with the blueman_exec_t type, if you want to transition an executable to the blueman_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux blueman policy is very flexible allowing users to setup their blueman processes in as secure a method as possible. ++.PP ++The following process types are defined for blueman: ++ ++.EX ++.B blueman_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -3244,10 +3623,10 @@ index 0000000..aa9c8d9 +selinux(8), blueman(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/bluetooth_selinux.8 b/man/man8/bluetooth_selinux.8 new file mode 100644 -index 0000000..a147c12 +index 0000000..e4ecb88 --- /dev/null +++ b/man/man8/bluetooth_selinux.8 -@@ -0,0 +1,165 @@ +@@ -0,0 +1,170 @@ +.TH "bluetooth_selinux" "8" "bluetooth" "dwalsh@redhat.com" "bluetooth SELinux Policy documentation" +.SH "NAME" +bluetooth_selinux \- Security Enhanced Linux Policy for the bluetooth processes @@ -3279,61 +3658,43 @@ index 0000000..a147c12 + + +.EX ++.PP +.B bluetooth_conf_rw_t +.EE + +- Set files with the bluetooth_conf_rw_t type, if you want to treat the files as bluetooth conf read/write content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B bluetooth_conf_t +.EE + +- Set files with the bluetooth_conf_t type, if you want to treat the files as bluetooth configuration data, usually stored under the /etc directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B bluetooth_exec_t +.EE + +- Set files with the bluetooth_exec_t type, if you want to transition an executable to the bluetooth_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/hcid, /usr/bin/rfcomm, /usr/sbin/sdpd, /usr/bin/hidd, /usr/sbin/bluetoothd, /usr/sbin/hid2hci, /usr/bin/dund, /usr/sbin/hciattach -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B bluetooth_helper_exec_t +.EE + +- Set files with the bluetooth_helper_exec_t type, if you want to transition an executable to the bluetooth_helper_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B bluetooth_helper_tmp_t +.EE + @@ -3341,6 +3702,7 @@ index 0000000..a147c12 + + +.EX ++.PP +.B bluetooth_helper_tmpfs_t +.EE + @@ -3348,22 +3710,19 @@ index 0000000..a147c12 + + +.EX ++.PP +.B bluetooth_initrc_exec_t +.EE + +- Set files with the bluetooth_initrc_exec_t type, if you want to transition an executable to the bluetooth_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/dund, /etc/rc\.d/init\.d/bluetooth, /etc/rc\.d/init\.d/pand -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B bluetooth_lock_t +.EE + @@ -3371,34 +3730,59 @@ index 0000000..a147c12 + + +.EX ++.PP +.B bluetooth_var_lib_t +.EE + +- Set files with the bluetooth_var_lib_t type, if you want to store the bluetooth files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B bluetooth_var_run_t +.EE + +- Set files with the bluetooth_var_run_t type, if you want to store the bluetooth files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/bluetoothd_address, /var/run/sdp ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux bluetooth policy is very flexible allowing users to setup their bluetooth processes in as secure a method as possible. ++.PP ++The following process types are defined for bluetooth: ++ ++.EX ++.B bluetooth_helper_t, bluetooth_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -3416,10 +3800,10 @@ index 0000000..a147c12 \ No newline at end of file diff --git a/man/man8/boinc_selinux.8 b/man/man8/boinc_selinux.8 new file mode 100644 -index 0000000..df0d80f +index 0000000..573c0af --- /dev/null +++ b/man/man8/boinc_selinux.8 -@@ -0,0 +1,137 @@ +@@ -0,0 +1,160 @@ +.TH "boinc_selinux" "8" "boinc" "dwalsh@redhat.com" "boinc SELinux Policy documentation" +.SH "NAME" +boinc_selinux \- Security Enhanced Linux Policy for the boinc processes @@ -3440,32 +3824,23 @@ index 0000000..df0d80f + + +.EX ++.PP +.B boinc_exec_t +.EE + +- Set files with the boinc_exec_t type, if you want to transition an executable to the boinc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B boinc_initrc_exec_t +.EE + +- Set files with the boinc_initrc_exec_t type, if you want to transition an executable to the boinc_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B boinc_project_tmp_t +.EE + @@ -3473,22 +3848,19 @@ index 0000000..df0d80f + + +.EX ++.PP +.B boinc_project_var_lib_t +.EE + +- Set files with the boinc_project_var_lib_t type, if you want to store the boinc project files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/boinc/projects(/.*)?, /var/lib/boinc/slots(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B boinc_tmp_t +.EE + @@ -3496,6 +3868,7 @@ index 0000000..df0d80f + + +.EX ++.PP +.B boinc_tmpfs_t +.EE + @@ -3503,11 +3876,14 @@ index 0000000..df0d80f + + +.EX ++.PP +.B boinc_var_lib_t +.EE + +- Set files with the boinc_var_lib_t type, if you want to store the boinc files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -3526,27 +3902,58 @@ index 0000000..df0d80f +SELinux boinc policy is very flexible allowing users to setup their boinc processes in as secure a method as possible. +.PP +The following port types are defined for boinc: -+.EX + ++.EX ++.TP 5 +.B boinc_client_ctrl_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 1043 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B boinc_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux boinc policy is very flexible allowing users to setup their boinc processes in as secure a method as possible. ++.PP ++The following process types are defined for boinc: + -+.B tcp 31416 ++.EX ++.B boinc_t, boinc_project_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -3559,10 +3966,10 @@ index 0000000..df0d80f +selinux(8), boinc(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/bootloader_selinux.8 b/man/man8/bootloader_selinux.8 new file mode 100644 -index 0000000..7b3e941 +index 0000000..f02452d --- /dev/null +++ b/man/man8/bootloader_selinux.8 -@@ -0,0 +1,83 @@ +@@ -0,0 +1,110 @@ +.TH "bootloader_selinux" "8" "bootloader" "dwalsh@redhat.com" "bootloader SELinux Policy documentation" +.SH "NAME" +bootloader_selinux \- Security Enhanced Linux Policy for the bootloader processes @@ -3594,44 +4001,71 @@ index 0000000..7b3e941 + + +.EX ++.PP +.B bootloader_etc_t +.EE + +- Set files with the bootloader_etc_t type, if you want to store bootloader files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/yaboot\.conf.*, /etc/default/grub, /etc/lilo\.conf.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B bootloader_exec_t +.EE + +- Set files with the bootloader_exec_t type, if you want to transition an executable to the bootloader_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/ybin.*, /usr/sbin/grub.*, /sbin/lilo.*, /sbin/ybin.*, /usr/sbin/lilo.*, /sbin/grub.* ++ ++.EX ++.PP ++.B bootloader_tmp_t ++.EE ++ ++- Set files with the bootloader_tmp_t type, if you want to store bootloader temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux bootloader policy is very flexible allowing users to setup their bootloader processes in as secure a method as possible. ++.PP ++The following process types are defined for bootloader: + +.EX -+.B bootloader_tmp_t ++.B bootloader_t +.EE -+ -+- Set files with the bootloader_tmp_t type, if you want to store bootloader temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -3649,10 +4083,10 @@ index 0000000..7b3e941 \ No newline at end of file diff --git a/man/man8/brctl_selinux.8 b/man/man8/brctl_selinux.8 new file mode 100644 -index 0000000..ecdfd09 +index 0000000..42a24ad --- /dev/null +++ b/man/man8/brctl_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "brctl_selinux" "8" "brctl" "dwalsh@redhat.com" "brctl SELinux Policy documentation" +.SH "NAME" +brctl_selinux \- Security Enhanced Linux Policy for the brctl processes @@ -3673,18 +4107,47 @@ index 0000000..ecdfd09 + + +.EX ++.PP +.B brctl_exec_t +.EE + +- Set files with the brctl_exec_t type, if you want to transition an executable to the brctl_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux brctl policy is very flexible allowing users to setup their brctl processes in as secure a method as possible. ++.PP ++The following process types are defined for brctl: ++ ++.EX ++.B brctl_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -3697,10 +4160,10 @@ index 0000000..ecdfd09 +selinux(8), brctl(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cachefilesd_selinux.8 b/man/man8/cachefilesd_selinux.8 new file mode 100644 -index 0000000..b3c7fe4 +index 0000000..32fa62a --- /dev/null +++ b/man/man8/cachefilesd_selinux.8 -@@ -0,0 +1,52 @@ +@@ -0,0 +1,83 @@ +.TH "cachefilesd_selinux" "8" "cachefilesd" "dwalsh@redhat.com" "cachefilesd SELinux Policy documentation" +.SH "NAME" +cachefilesd_selinux \- Security Enhanced Linux Policy for the cachefilesd processes @@ -3721,28 +4184,59 @@ index 0000000..b3c7fe4 + + +.EX ++.PP +.B cachefilesd_exec_t +.EE + +- Set files with the cachefilesd_exec_t type, if you want to transition an executable to the cachefilesd_t domain. + +.br ++.TP 5 +Paths: +/sbin/cachefilesd, /usr/sbin/cachefilesd ++ ++.EX ++.PP ++.B cachefilesd_var_run_t ++.EE ++ ++- Set files with the cachefilesd_var_run_t type, if you want to store the cachefilesd files under the /run directory. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cachefilesd policy is very flexible allowing users to setup their cachefilesd processes in as secure a method as possible. ++.PP ++The following process types are defined for cachefilesd: + +.EX -+.B cachefilesd_var_run_t ++.B cachefilesd_t, cachefiles_kernel_t +.EE -+ -+- Set files with the cachefilesd_var_run_t type, if you want to store the cachefilesd files under the /run directory. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -3755,10 +4249,10 @@ index 0000000..b3c7fe4 +selinux(8), cachefilesd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/calamaris_selinux.8 b/man/man8/calamaris_selinux.8 new file mode 100644 -index 0000000..3b97319 +index 0000000..1ecc071 --- /dev/null +++ b/man/man8/calamaris_selinux.8 -@@ -0,0 +1,68 @@ +@@ -0,0 +1,87 @@ +.TH "calamaris_selinux" "8" "calamaris" "dwalsh@redhat.com" "calamaris SELinux Policy documentation" +.SH "NAME" +calamaris_selinux \- Security Enhanced Linux Policy for the calamaris processes @@ -3779,44 +4273,63 @@ index 0000000..3b97319 + + +.EX ++.PP +.B calamaris_exec_t +.EE + +- Set files with the calamaris_exec_t type, if you want to transition an executable to the calamaris_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B calamaris_log_t +.EE + +- Set files with the calamaris_log_t type, if you want to treat the data as calamaris log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B calamaris_www_t +.EE + +- Set files with the calamaris_www_t type, if you want to treat the files as calamaris www data. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux calamaris policy is very flexible allowing users to setup their calamaris processes in as secure a method as possible. ++.PP ++The following process types are defined for calamaris: ++ ++.EX ++.B calamaris_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -3829,10 +4342,10 @@ index 0000000..3b97319 +selinux(8), calamaris(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/callweaver_selinux.8 b/man/man8/callweaver_selinux.8 new file mode 100644 -index 0000000..62e0ea7 +index 0000000..a316dae --- /dev/null +++ b/man/man8/callweaver_selinux.8 -@@ -0,0 +1,107 @@ +@@ -0,0 +1,111 @@ +.TH "callweaver_selinux" "8" "callweaver" "dwalsh@redhat.com" "callweaver SELinux Policy documentation" +.SH "NAME" +callweaver_selinux \- Security Enhanced Linux Policy for the callweaver processes @@ -3853,83 +4366,87 @@ index 0000000..62e0ea7 + + +.EX ++.PP +.B callweaver_exec_t +.EE + +- Set files with the callweaver_exec_t type, if you want to transition an executable to the callweaver_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B callweaver_initrc_exec_t +.EE + +- Set files with the callweaver_initrc_exec_t type, if you want to transition an executable to the callweaver_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B callweaver_log_t +.EE + +- Set files with the callweaver_log_t type, if you want to treat the data as callweaver log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B callweaver_spool_t +.EE + +- Set files with the callweaver_spool_t type, if you want to store the callweaver files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B callweaver_var_lib_t +.EE + +- Set files with the callweaver_var_lib_t type, if you want to store the callweaver files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B callweaver_var_run_t +.EE + +- Set files with the callweaver_var_run_t type, if you want to store the callweaver files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux callweaver policy is very flexible allowing users to setup their callweaver processes in as secure a method as possible. ++.PP ++The following process types are defined for callweaver: ++ ++.EX ++.B callweaver_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -3942,10 +4459,10 @@ index 0000000..62e0ea7 +selinux(8), callweaver(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/canna_selinux.8 b/man/man8/canna_selinux.8 new file mode 100644 -index 0000000..32eba02 +index 0000000..4e20e4f --- /dev/null +++ b/man/man8/canna_selinux.8 -@@ -0,0 +1,106 @@ +@@ -0,0 +1,119 @@ +.TH "canna_selinux" "8" "canna" "dwalsh@redhat.com" "canna SELinux Policy documentation" +.SH "NAME" +canna_selinux \- Security Enhanced Linux Policy for the canna processes @@ -3966,82 +4483,95 @@ index 0000000..32eba02 + + +.EX ++.PP +.B canna_exec_t +.EE + +- Set files with the canna_exec_t type, if you want to transition an executable to the canna_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/catdic, /usr/bin/cannaping, /usr/sbin/jserver, /usr/sbin/cannaserver -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B canna_initrc_exec_t +.EE + +- Set files with the canna_initrc_exec_t type, if you want to transition an executable to the canna_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B canna_log_t +.EE + +- Set files with the canna_log_t type, if you want to treat the data as canna log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/wnn(/.*)?, /var/log/canna(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B canna_var_lib_t +.EE + +- Set files with the canna_var_lib_t type, if you want to store the canna files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/wnn/dic(/.*)?, /var/lib/canna/dic(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B canna_var_run_t +.EE + +- Set files with the canna_var_run_t type, if you want to store the canna files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/\.iroha_unix/.*, /var/run/wnn-unix(/.*)?, /var/run/\.iroha_unix ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux canna policy is very flexible allowing users to setup their canna processes in as secure a method as possible. ++.PP ++The following process types are defined for canna: ++ ++.EX ++.B canna_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -4054,10 +4584,10 @@ index 0000000..32eba02 +selinux(8), canna(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cardmgr_selinux.8 b/man/man8/cardmgr_selinux.8 new file mode 100644 -index 0000000..5ad97b4 +index 0000000..69fc214 --- /dev/null +++ b/man/man8/cardmgr_selinux.8 -@@ -0,0 +1,82 @@ +@@ -0,0 +1,111 @@ +.TH "cardmgr_selinux" "8" "cardmgr" "dwalsh@redhat.com" "cardmgr SELinux Policy documentation" +.SH "NAME" +cardmgr_selinux \- Security Enhanced Linux Policy for the cardmgr processes @@ -4078,6 +4608,7 @@ index 0000000..5ad97b4 + + +.EX ++.PP +.B cardmgr_dev_t +.EE + @@ -4085,22 +4616,19 @@ index 0000000..5ad97b4 + + +.EX ++.PP +.B cardmgr_exec_t +.EE + +- Set files with the cardmgr_exec_t type, if you want to transition an executable to the cardmgr_t domain. + +.br ++.TP 5 +Paths: +/sbin/cardmgr, /etc/apm/event\.d/pcmcia, /usr/sbin/cardmgr -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cardmgr_lnk_t +.EE + @@ -4108,6 +4636,7 @@ index 0000000..5ad97b4 + + +.EX ++.PP +.B cardmgr_var_lib_t +.EE + @@ -4115,21 +4644,51 @@ index 0000000..5ad97b4 + + +.EX ++.PP +.B cardmgr_var_run_t +.EE + +- Set files with the cardmgr_var_run_t type, if you want to store the cardmgr files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/cardmgr\.pid, /var/run/stab, /var/lib/pcmcia(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cardmgr policy is very flexible allowing users to setup their cardmgr processes in as secure a method as possible. ++.PP ++The following process types are defined for cardmgr: ++ ++.EX ++.B cardmgr_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -4142,10 +4701,10 @@ index 0000000..5ad97b4 +selinux(8), cardmgr(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ccs_selinux.8 b/man/man8/ccs_selinux.8 new file mode 100644 -index 0000000..2da09ae +index 0000000..92ed5b6 --- /dev/null +++ b/man/man8/ccs_selinux.8 -@@ -0,0 +1,89 @@ +@@ -0,0 +1,119 @@ +.TH "ccs_selinux" "8" "ccs" "dwalsh@redhat.com" "ccs SELinux Policy documentation" +.SH "NAME" +ccs_selinux \- Security Enhanced Linux Policy for the ccs processes @@ -4166,22 +4725,19 @@ index 0000000..2da09ae + + +.EX ++.PP +.B ccs_exec_t +.EE + +- Set files with the ccs_exec_t type, if you want to transition an executable to the ccs_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/ccsd, /sbin/ccsd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ccs_tmp_t +.EE + @@ -4189,6 +4745,7 @@ index 0000000..2da09ae + + +.EX ++.PP +.B ccs_tmpfs_t +.EE + @@ -4196,6 +4753,7 @@ index 0000000..2da09ae + + +.EX ++.PP +.B ccs_var_lib_t +.EE + @@ -4203,6 +4761,7 @@ index 0000000..2da09ae + + +.EX ++.PP +.B ccs_var_log_t +.EE + @@ -4210,21 +4769,51 @@ index 0000000..2da09ae + + +.EX ++.PP +.B ccs_var_run_t +.EE + +- Set files with the ccs_var_run_t type, if you want to store the ccs files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/cluster/ccsd\.pid, /var/run/cluster/ccsd\.sock ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ccs policy is very flexible allowing users to setup their ccs processes in as secure a method as possible. ++.PP ++The following process types are defined for ccs: ++ ++.EX ++.B ccs_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -4237,10 +4826,10 @@ index 0000000..2da09ae +selinux(8), ccs(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cdcc_selinux.8 b/man/man8/cdcc_selinux.8 new file mode 100644 -index 0000000..62260da +index 0000000..1a69cb2 --- /dev/null +++ b/man/man8/cdcc_selinux.8 -@@ -0,0 +1,49 @@ +@@ -0,0 +1,79 @@ +.TH "cdcc_selinux" "8" "cdcc" "dwalsh@redhat.com" "cdcc SELinux Policy documentation" +.SH "NAME" +cdcc_selinux \- Security Enhanced Linux Policy for the cdcc processes @@ -4261,25 +4850,55 @@ index 0000000..62260da + + +.EX ++.PP +.B cdcc_exec_t +.EE + +- Set files with the cdcc_exec_t type, if you want to transition an executable to the cdcc_t domain. + ++ ++.EX ++.PP ++.B cdcc_tmp_t ++.EE ++ ++- Set files with the cdcc_tmp_t type, if you want to store cdcc temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cdcc policy is very flexible allowing users to setup their cdcc processes in as secure a method as possible. ++.PP ++The following process types are defined for cdcc: + +.EX -+.B cdcc_tmp_t ++.B cdcc_t +.EE -+ -+- Set files with the cdcc_tmp_t type, if you want to store cdcc temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -4292,10 +4911,10 @@ index 0000000..62260da +selinux(8), cdcc(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cdrecord_selinux.8 b/man/man8/cdrecord_selinux.8 new file mode 100644 -index 0000000..c3f00ae +index 0000000..4328281 --- /dev/null +++ b/man/man8/cdrecord_selinux.8 -@@ -0,0 +1,60 @@ +@@ -0,0 +1,90 @@ +.TH "cdrecord_selinux" "8" "cdrecord" "dwalsh@redhat.com" "cdrecord SELinux Policy documentation" +.SH "NAME" +cdrecord_selinux \- Security Enhanced Linux Policy for the cdrecord processes @@ -4327,21 +4946,51 @@ index 0000000..c3f00ae + + +.EX ++.PP +.B cdrecord_exec_t +.EE + +- Set files with the cdrecord_exec_t type, if you want to transition an executable to the cdrecord_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/cdrecord, /usr/bin/wodim, /usr/bin/growisofs ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cdrecord policy is very flexible allowing users to setup their cdrecord processes in as secure a method as possible. ++.PP ++The following process types are defined for cdrecord: ++ ++.EX ++.B cdrecord_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -4359,10 +5008,10 @@ index 0000000..c3f00ae \ No newline at end of file diff --git a/man/man8/certmaster_selinux.8 b/man/man8/certmaster_selinux.8 new file mode 100644 -index 0000000..01c9688 +index 0000000..ebcc043 --- /dev/null +++ b/man/man8/certmaster_selinux.8 -@@ -0,0 +1,129 @@ +@@ -0,0 +1,137 @@ +.TH "certmaster_selinux" "8" "certmaster" "dwalsh@redhat.com" "certmaster SELinux Policy documentation" +.SH "NAME" +certmaster_selinux \- Security Enhanced Linux Policy for the certmaster processes @@ -4383,76 +5032,54 @@ index 0000000..01c9688 + + +.EX ++.PP +.B certmaster_etc_rw_t +.EE + +- Set files with the certmaster_etc_rw_t type, if you want to treat the files as certmaster etc read/write content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B certmaster_exec_t +.EE + +- Set files with the certmaster_exec_t type, if you want to transition an executable to the certmaster_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B certmaster_initrc_exec_t +.EE + +- Set files with the certmaster_initrc_exec_t type, if you want to transition an executable to the certmaster_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B certmaster_var_lib_t +.EE + +- Set files with the certmaster_var_lib_t type, if you want to store the certmaster files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B certmaster_var_log_t +.EE + +- Set files with the certmaster_var_log_t type, if you want to treat the data as certmaster var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B certmaster_var_run_t +.EE + +- Set files with the certmaster_var_run_t type, if you want to store the certmaster files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -4471,17 +5098,47 @@ index 0000000..01c9688 +SELinux certmaster policy is very flexible allowing users to setup their certmaster processes in as secure a method as possible. +.PP +The following port types are defined for certmaster: -+.EX + ++.EX ++.TP 5 +.B certmaster_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux certmaster policy is very flexible allowing users to setup their certmaster processes in as secure a method as possible. ++.PP ++The following process types are defined for certmaster: + -+.B tcp 51235 ++.EX ++.B certmaster_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -4494,10 +5151,10 @@ index 0000000..01c9688 +selinux(8), certmaster(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/certmonger_selinux.8 b/man/man8/certmonger_selinux.8 new file mode 100644 -index 0000000..967a834 +index 0000000..e976a51 --- /dev/null +++ b/man/man8/certmonger_selinux.8 -@@ -0,0 +1,81 @@ +@@ -0,0 +1,95 @@ +.TH "certmonger_selinux" "8" "certmonger" "dwalsh@redhat.com" "certmonger SELinux Policy documentation" +.SH "NAME" +certmonger_selinux \- Security Enhanced Linux Policy for the certmonger processes @@ -4518,57 +5175,71 @@ index 0000000..967a834 + + +.EX ++.PP +.B certmonger_exec_t +.EE + +- Set files with the certmonger_exec_t type, if you want to transition an executable to the certmonger_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B certmonger_initrc_exec_t +.EE + +- Set files with the certmonger_initrc_exec_t type, if you want to transition an executable to the certmonger_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B certmonger_var_lib_t +.EE + +- Set files with the certmonger_var_lib_t type, if you want to store the certmonger files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B certmonger_var_run_t +.EE + +- Set files with the certmonger_var_run_t type, if you want to store the certmonger files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux certmonger policy is very flexible allowing users to setup their certmonger processes in as secure a method as possible. ++.PP ++The following process types are defined for certmonger: ++ ++.EX ++.B certmonger_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -4581,10 +5252,10 @@ index 0000000..967a834 +selinux(8), certmonger(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/certwatch_selinux.8 b/man/man8/certwatch_selinux.8 new file mode 100644 -index 0000000..2df87dd +index 0000000..a972ef4 --- /dev/null +++ b/man/man8/certwatch_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "certwatch_selinux" "8" "certwatch" "dwalsh@redhat.com" "certwatch SELinux Policy documentation" +.SH "NAME" +certwatch_selinux \- Security Enhanced Linux Policy for the certwatch processes @@ -4605,18 +5276,47 @@ index 0000000..2df87dd + + +.EX ++.PP +.B certwatch_exec_t +.EE + +- Set files with the certwatch_exec_t type, if you want to transition an executable to the certwatch_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux certwatch policy is very flexible allowing users to setup their certwatch processes in as secure a method as possible. ++.PP ++The following process types are defined for certwatch: ++ ++.EX ++.B certwatch_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -4629,10 +5329,10 @@ index 0000000..2df87dd +selinux(8), certwatch(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cfengine_selinux.8 b/man/man8/cfengine_selinux.8 new file mode 100644 -index 0000000..4350167 +index 0000000..5ecab5f --- /dev/null +++ b/man/man8/cfengine_selinux.8 -@@ -0,0 +1,97 @@ +@@ -0,0 +1,107 @@ +.TH "cfengine_selinux" "8" "cfengine" "dwalsh@redhat.com" "cfengine SELinux Policy documentation" +.SH "NAME" +cfengine_selinux \- Security Enhanced Linux Policy for the cfengine processes @@ -4653,73 +5353,83 @@ index 0000000..4350167 + + +.EX ++.PP +.B cfengine_execd_exec_t +.EE + +- Set files with the cfengine_execd_exec_t type, if you want to transition an executable to the cfengine_execd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cfengine_initrc_exec_t +.EE + +- Set files with the cfengine_initrc_exec_t type, if you want to transition an executable to the cfengine_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/cf-serverd, /etc/rc\.d/init\.d/cf-execd, /etc/rc\.d/init\.d/cf-monitord -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cfengine_monitord_exec_t +.EE + +- Set files with the cfengine_monitord_exec_t type, if you want to transition an executable to the cfengine_monitord_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cfengine_serverd_exec_t +.EE + +- Set files with the cfengine_serverd_exec_t type, if you want to transition an executable to the cfengine_serverd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cfengine_var_lib_t +.EE + +- Set files with the cfengine_var_lib_t type, if you want to store the cfengine files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cfengine policy is very flexible allowing users to setup their cfengine processes in as secure a method as possible. ++.PP ++The following process types are defined for cfengine: ++ ++.EX ++.B cfengine_execd_t, cfengine_monitord_t, cfengine_serverd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -4732,10 +5442,10 @@ index 0000000..4350167 +selinux(8), cfengine(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cgclear_selinux.8 b/man/man8/cgclear_selinux.8 new file mode 100644 -index 0000000..e397ccf +index 0000000..0772c20 --- /dev/null +++ b/man/man8/cgclear_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "cgclear_selinux" "8" "cgclear" "dwalsh@redhat.com" "cgclear SELinux Policy documentation" +.SH "NAME" +cgclear_selinux \- Security Enhanced Linux Policy for the cgclear processes @@ -4756,21 +5466,51 @@ index 0000000..e397ccf + + +.EX ++.PP +.B cgclear_exec_t +.EE + +- Set files with the cgclear_exec_t type, if you want to transition an executable to the cgclear_t domain. + +.br ++.TP 5 +Paths: +/sbin/cgclear, /usr/sbin/cgclear ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cgclear policy is very flexible allowing users to setup their cgclear processes in as secure a method as possible. ++.PP ++The following process types are defined for cgclear: ++ ++.EX ++.B cgclear_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -4783,10 +5523,10 @@ index 0000000..e397ccf +selinux(8), cgclear(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cgconfig_selinux.8 b/man/man8/cgconfig_selinux.8 new file mode 100644 -index 0000000..7c27fec +index 0000000..6d4e306 --- /dev/null +++ b/man/man8/cgconfig_selinux.8 -@@ -0,0 +1,74 @@ +@@ -0,0 +1,95 @@ +.TH "cgconfig_selinux" "8" "cgconfig" "dwalsh@redhat.com" "cgconfig SELinux Policy documentation" +.SH "NAME" +cgconfig_selinux \- Security Enhanced Linux Policy for the cgconfig processes @@ -4807,50 +5547,71 @@ index 0000000..7c27fec + + +.EX ++.PP +.B cgconfig_etc_t +.EE + +- Set files with the cgconfig_etc_t type, if you want to store cgconfig files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/sysconfig/cgconfig, /etc/cgconfig.conf -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cgconfig_exec_t +.EE + +- Set files with the cgconfig_exec_t type, if you want to transition an executable to the cgconfig_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/cgconfigparser, /sbin/cgconfigparser -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cgconfig_initrc_exec_t +.EE + +- Set files with the cgconfig_initrc_exec_t type, if you want to transition an executable to the cgconfig_initrc_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cgconfig policy is very flexible allowing users to setup their cgconfig processes in as secure a method as possible. ++.PP ++The following process types are defined for cgconfig: ++ ++.EX ++.B cgconfig_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -4863,10 +5624,10 @@ index 0000000..7c27fec +selinux(8), cgconfig(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cgred_selinux.8 b/man/man8/cgred_selinux.8 new file mode 100644 -index 0000000..a96b3c1 +index 0000000..8d16942 --- /dev/null +++ b/man/man8/cgred_selinux.8 -@@ -0,0 +1,84 @@ +@@ -0,0 +1,99 @@ +.TH "cgred_selinux" "8" "cgred" "dwalsh@redhat.com" "cgred SELinux Policy documentation" +.SH "NAME" +cgred_selinux \- Security Enhanced Linux Policy for the cgred processes @@ -4887,60 +5648,75 @@ index 0000000..a96b3c1 + + +.EX ++.PP +.B cgred_exec_t +.EE + +- Set files with the cgred_exec_t type, if you want to transition an executable to the cgred_t domain. + +.br ++.TP 5 +Paths: +/sbin/cgrulesengd, /usr/sbin/cgrulesengd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cgred_initrc_exec_t +.EE + +- Set files with the cgred_initrc_exec_t type, if you want to transition an executable to the cgred_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cgred_log_t +.EE + +- Set files with the cgred_log_t type, if you want to treat the data as cgred log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cgred_var_run_t +.EE + +- Set files with the cgred_var_run_t type, if you want to store the cgred files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cgred policy is very flexible allowing users to setup their cgred processes in as secure a method as possible. ++.PP ++The following process types are defined for cgred: ++ ++.EX ++.B cgred_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -4953,10 +5729,10 @@ index 0000000..a96b3c1 +selinux(8), cgred(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/checkpc_selinux.8 b/man/man8/checkpc_selinux.8 new file mode 100644 -index 0000000..a48a3fa +index 0000000..7b0dd32 --- /dev/null +++ b/man/man8/checkpc_selinux.8 -@@ -0,0 +1,49 @@ +@@ -0,0 +1,79 @@ +.TH "checkpc_selinux" "8" "checkpc" "dwalsh@redhat.com" "checkpc SELinux Policy documentation" +.SH "NAME" +checkpc_selinux \- Security Enhanced Linux Policy for the checkpc processes @@ -4977,25 +5753,55 @@ index 0000000..a48a3fa + + +.EX ++.PP +.B checkpc_exec_t +.EE + +- Set files with the checkpc_exec_t type, if you want to transition an executable to the checkpc_t domain. + ++ ++.EX ++.PP ++.B checkpc_log_t ++.EE ++ ++- Set files with the checkpc_log_t type, if you want to treat the data as checkpc log data, usually stored under the /var/log directory. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux checkpc policy is very flexible allowing users to setup their checkpc processes in as secure a method as possible. ++.PP ++The following process types are defined for checkpc: + +.EX -+.B checkpc_log_t ++.B checkpc_t +.EE -+ -+- Set files with the checkpc_log_t type, if you want to treat the data as checkpc log data, usually stored under the /var/log directory. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -5008,10 +5814,10 @@ index 0000000..a48a3fa +selinux(8), checkpc(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/checkpolicy_selinux.8 b/man/man8/checkpolicy_selinux.8 new file mode 100644 -index 0000000..9f22de4 +index 0000000..1fac025 --- /dev/null +++ b/man/man8/checkpolicy_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "checkpolicy_selinux" "8" "checkpolicy" "dwalsh@redhat.com" "checkpolicy SELinux Policy documentation" +.SH "NAME" +checkpolicy_selinux \- Security Enhanced Linux Policy for the checkpolicy processes @@ -5032,18 +5838,47 @@ index 0000000..9f22de4 + + +.EX ++.PP +.B checkpolicy_exec_t +.EE + +- Set files with the checkpolicy_exec_t type, if you want to transition an executable to the checkpolicy_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux checkpolicy policy is very flexible allowing users to setup their checkpolicy processes in as secure a method as possible. ++.PP ++The following process types are defined for checkpolicy: ++ ++.EX ++.B checkpolicy_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -5056,10 +5891,10 @@ index 0000000..9f22de4 +selinux(8), checkpolicy(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/chfn_selinux.8 b/man/man8/chfn_selinux.8 new file mode 100644 -index 0000000..a6a0f69 +index 0000000..bdd6ff2 --- /dev/null +++ b/man/man8/chfn_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "chfn_selinux" "8" "chfn" "dwalsh@redhat.com" "chfn SELinux Policy documentation" +.SH "NAME" +chfn_selinux \- Security Enhanced Linux Policy for the chfn processes @@ -5080,21 +5915,51 @@ index 0000000..a6a0f69 + + +.EX ++.PP +.B chfn_exec_t +.EE + +- Set files with the chfn_exec_t type, if you want to transition an executable to the chfn_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/chfn, /usr/bin/chsh ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux chfn policy is very flexible allowing users to setup their chfn processes in as secure a method as possible. ++.PP ++The following process types are defined for chfn: ++ ++.EX ++.B chfn_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -5107,10 +5972,10 @@ index 0000000..a6a0f69 +selinux(8), chfn(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/chkpwd_selinux.8 b/man/man8/chkpwd_selinux.8 new file mode 100644 -index 0000000..5cf0ded +index 0000000..0c1d7d4 --- /dev/null +++ b/man/man8/chkpwd_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "chkpwd_selinux" "8" "chkpwd" "dwalsh@redhat.com" "chkpwd SELinux Policy documentation" +.SH "NAME" +chkpwd_selinux \- Security Enhanced Linux Policy for the chkpwd processes @@ -5131,21 +5996,51 @@ index 0000000..5cf0ded + + +.EX ++.PP +.B chkpwd_exec_t +.EE + +- Set files with the chkpwd_exec_t type, if you want to transition an executable to the chkpwd_t domain. + +.br ++.TP 5 +Paths: +/sbin/unix_verify, /sbin/unix_chkpwd, /usr/sbin/unix_verify, /usr/sbin/validate, /usr/sbin/unix_chkpwd ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux chkpwd policy is very flexible allowing users to setup their chkpwd processes in as secure a method as possible. ++.PP ++The following process types are defined for chkpwd: ++ ++.EX ++.B chkpwd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -5158,10 +6053,10 @@ index 0000000..5cf0ded +selinux(8), chkpwd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/chrome_selinux.8 b/man/man8/chrome_selinux.8 new file mode 100644 -index 0000000..1d88bee +index 0000000..1623249 --- /dev/null +++ b/man/man8/chrome_selinux.8 -@@ -0,0 +1,90 @@ +@@ -0,0 +1,118 @@ +.TH "chrome_selinux" "8" "chrome" "dwalsh@redhat.com" "chrome SELinux Policy documentation" +.SH "NAME" +chrome_selinux \- Security Enhanced Linux Policy for the chrome processes @@ -5193,38 +6088,31 @@ index 0000000..1d88bee + + +.EX ++.PP +.B chrome_sandbox_exec_t +.EE + +- Set files with the chrome_sandbox_exec_t type, if you want to transition an executable to the chrome_sandbox_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/chromium-browser/chrome-sandbox, /opt/google/chrome/chrome-sandbox -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B chrome_sandbox_nacl_exec_t +.EE + +- Set files with the chrome_sandbox_nacl_exec_t type, if you want to transition an executable to the chrome_sandbox_nacl_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/chromium-browser/nacl_helper_bootstrap, /opt/google/chrome/nacl_helper_bootstrap -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B chrome_sandbox_tmp_t +.EE + @@ -5232,12 +6120,47 @@ index 0000000..1d88bee + + +.EX ++.PP +.B chrome_sandbox_tmpfs_t +.EE + +- Set files with the chrome_sandbox_tmpfs_t type, if you want to store chrome sandbox files on a tmpfs file system. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux chrome policy is very flexible allowing users to setup their chrome processes in as secure a method as possible. ++.PP ++The following process types are defined for chrome: ++ ++.EX ++.B chrome_sandbox_t, chrome_sandbox_nacl_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -5255,10 +6178,10 @@ index 0000000..1d88bee \ No newline at end of file diff --git a/man/man8/chronyd_selinux.8 b/man/man8/chronyd_selinux.8 new file mode 100644 -index 0000000..e923118 +index 0000000..105912c --- /dev/null +++ b/man/man8/chronyd_selinux.8 -@@ -0,0 +1,155 @@ +@@ -0,0 +1,161 @@ +.TH "chronyd_selinux" "8" "chronyd" "dwalsh@redhat.com" "chronyd SELinux Policy documentation" +.SH "NAME" +chronyd_selinux \- Security Enhanced Linux Policy for the chronyd processes @@ -5279,45 +6202,31 @@ index 0000000..e923118 + + +.EX ++.PP +.B chronyd_exec_t +.EE + +- Set files with the chronyd_exec_t type, if you want to transition an executable to the chronyd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B chronyd_initrc_exec_t +.EE + +- Set files with the chronyd_initrc_exec_t type, if you want to transition an executable to the chronyd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B chronyd_keys_t +.EE + +- Set files with the chronyd_keys_t type, if you want to treat the files as chronyd keys data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B chronyd_tmpfs_t +.EE + @@ -5325,56 +6234,46 @@ index 0000000..e923118 + + +.EX ++.PP +.B chronyd_unit_file_t +.EE + +- Set files with the chronyd_unit_file_t type, if you want to treat the files as chronyd unit content. + +.br ++.TP 5 +Paths: +/lib/systemd/system/chronyd.*, /usr/lib/systemd/system/chronyd.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B chronyd_var_lib_t +.EE + +- Set files with the chronyd_var_lib_t type, if you want to store the chronyd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B chronyd_var_log_t +.EE + +- Set files with the chronyd_var_log_t type, if you want to treat the data as chronyd var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B chronyd_var_run_t +.EE + +- Set files with the chronyd_var_run_t type, if you want to store the chronyd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/chronyd(/.*), /var/run/chronyd\.sock, /var/run/chronyd\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -5393,17 +6292,47 @@ index 0000000..e923118 +SELinux chronyd policy is very flexible allowing users to setup their chronyd processes in as secure a method as possible. +.PP +The following port types are defined for chronyd: -+.EX + ++.EX ++.TP 5 +.B chronyd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux chronyd policy is very flexible allowing users to setup their chronyd processes in as secure a method as possible. ++.PP ++The following process types are defined for chronyd: + -+.B udp 323 ++.EX ++.B chronyd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -5416,10 +6345,10 @@ index 0000000..e923118 +selinux(8), chronyd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ciped_selinux.8 b/man/man8/ciped_selinux.8 new file mode 100644 -index 0000000..87dd8c0 +index 0000000..2ada9d4 --- /dev/null +++ b/man/man8/ciped_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "ciped_selinux" "8" "ciped" "dwalsh@redhat.com" "ciped SELinux Policy documentation" +.SH "NAME" +ciped_selinux \- Security Enhanced Linux Policy for the ciped processes @@ -5440,18 +6369,47 @@ index 0000000..87dd8c0 + + +.EX ++.PP +.B ciped_exec_t +.EE + +- Set files with the ciped_exec_t type, if you want to transition an executable to the ciped_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ciped policy is very flexible allowing users to setup their ciped processes in as secure a method as possible. ++.PP ++The following process types are defined for ciped: ++ ++.EX ++.B ciped_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -5464,10 +6422,10 @@ index 0000000..87dd8c0 +selinux(8), ciped(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/clamd_selinux.8 b/man/man8/clamd_selinux.8 new file mode 100644 -index 0000000..b37da1a +index 0000000..4ee0c57 --- /dev/null +++ b/man/man8/clamd_selinux.8 -@@ -0,0 +1,170 @@ +@@ -0,0 +1,183 @@ +.TH "clamd_selinux" "8" "clamd" "dwalsh@redhat.com" "clamd SELinux Policy documentation" +.SH "NAME" +clamd_selinux \- Security Enhanced Linux Policy for the clamd processes @@ -5506,48 +6464,35 @@ index 0000000..b37da1a + + +.EX ++.PP +.B clamd_etc_t +.EE + +- Set files with the clamd_etc_t type, if you want to store clamd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B clamd_exec_t +.EE + +- Set files with the clamd_exec_t type, if you want to transition an executable to the clamd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/clamd, /usr/sbin/clamav-milter -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B clamd_initrc_exec_t +.EE + +- Set files with the clamd_initrc_exec_t type, if you want to transition an executable to the clamd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B clamd_tmp_t +.EE + @@ -5555,46 +6500,42 @@ index 0000000..b37da1a + + +.EX ++.PP +.B clamd_var_lib_t +.EE + +- Set files with the clamd_var_lib_t type, if you want to store the clamd files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/clamd.*, /var/clamav(/.*)?, /var/lib/clamav(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B clamd_var_log_t +.EE + +- Set files with the clamd_var_log_t type, if you want to treat the data as clamd var log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/clamav.*, /var/log/clamd.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B clamd_var_run_t +.EE + +- Set files with the clamd_var_run_t type, if you want to store the clamd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/amavis(d)?/clamd\.pid, /var/run/clamd.*, /var/run/clamav.*, /var/spool/MailScanner(/.*)?, /var/spool/amavisd/clamd\.sock ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -5613,17 +6554,47 @@ index 0000000..b37da1a +SELinux clamd policy is very flexible allowing users to setup their clamd processes in as secure a method as possible. +.PP +The following port types are defined for clamd: -+.EX + ++.EX ++.TP 5 +.B clamd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux clamd policy is very flexible allowing users to setup their clamd processes in as secure a method as possible. ++.PP ++The following process types are defined for clamd: + -+.B tcp 3310 ++.EX ++.B clamd_t, clamscan_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -5641,10 +6612,10 @@ index 0000000..b37da1a \ No newline at end of file diff --git a/man/man8/clamscan_selinux.8 b/man/man8/clamscan_selinux.8 new file mode 100644 -index 0000000..594b124 +index 0000000..9f7ec16 --- /dev/null +++ b/man/man8/clamscan_selinux.8 -@@ -0,0 +1,67 @@ +@@ -0,0 +1,98 @@ +.TH "clamscan_selinux" "8" "clamscan" "dwalsh@redhat.com" "clamscan SELinux Policy documentation" +.SH "NAME" +clamscan_selinux \- Security Enhanced Linux Policy for the clamscan processes @@ -5676,28 +6647,59 @@ index 0000000..594b124 + + +.EX ++.PP +.B clamscan_exec_t +.EE + +- Set files with the clamscan_exec_t type, if you want to transition an executable to the clamscan_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/clamdscan, /usr/bin/clamscan ++ ++.EX ++.PP ++.B clamscan_tmp_t ++.EE ++ ++- Set files with the clamscan_tmp_t type, if you want to store clamscan temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux clamscan policy is very flexible allowing users to setup their clamscan processes in as secure a method as possible. ++.PP ++The following process types are defined for clamscan: + +.EX -+.B clamscan_tmp_t ++.B clamscan_t +.EE -+ -+- Set files with the clamscan_tmp_t type, if you want to store clamscan temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -5715,10 +6717,10 @@ index 0000000..594b124 \ No newline at end of file diff --git a/man/man8/clogd_selinux.8 b/man/man8/clogd_selinux.8 new file mode 100644 -index 0000000..2131068 +index 0000000..40ad9f3 --- /dev/null +++ b/man/man8/clogd_selinux.8 -@@ -0,0 +1,62 @@ +@@ -0,0 +1,87 @@ +.TH "clogd_selinux" "8" "clogd" "dwalsh@redhat.com" "clogd SELinux Policy documentation" +.SH "NAME" +clogd_selinux \- Security Enhanced Linux Policy for the clogd processes @@ -5739,19 +6741,15 @@ index 0000000..2131068 + + +.EX ++.PP +.B clogd_exec_t +.EE + +- Set files with the clogd_exec_t type, if you want to transition an executable to the clogd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B clogd_tmpfs_t +.EE + @@ -5759,18 +6757,47 @@ index 0000000..2131068 + + +.EX ++.PP +.B clogd_var_run_t +.EE + +- Set files with the clogd_var_run_t type, if you want to store the clogd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux clogd policy is very flexible allowing users to setup their clogd processes in as secure a method as possible. ++.PP ++The following process types are defined for clogd: ++ ++.EX ++.B clogd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -5783,10 +6810,10 @@ index 0000000..2131068 +selinux(8), clogd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/clvmd_selinux.8 b/man/man8/clvmd_selinux.8 new file mode 100644 -index 0000000..c70b415 +index 0000000..bc0a460 --- /dev/null +++ b/man/man8/clvmd_selinux.8 -@@ -0,0 +1,69 @@ +@@ -0,0 +1,95 @@ +.TH "clvmd_selinux" "8" "clvmd" "dwalsh@redhat.com" "clvmd SELinux Policy documentation" +.SH "NAME" +clvmd_selinux \- Security Enhanced Linux Policy for the clvmd processes @@ -5807,19 +6834,15 @@ index 0000000..c70b415 + + +.EX ++.PP +.B clvmd_exec_t +.EE + +- Set files with the clvmd_exec_t type, if you want to transition an executable to the clvmd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B clvmd_initrc_exec_t +.EE + @@ -5827,6 +6850,7 @@ index 0000000..c70b415 + + +.EX ++.PP +.B clvmd_tmpfs_t +.EE + @@ -5834,18 +6858,47 @@ index 0000000..c70b415 + + +.EX ++.PP +.B clvmd_var_run_t +.EE + +- Set files with the clvmd_var_run_t type, if you want to store the clvmd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux clvmd policy is very flexible allowing users to setup their clvmd processes in as secure a method as possible. ++.PP ++The following process types are defined for clvmd: ++ ++.EX ++.B clvmd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -5858,10 +6911,10 @@ index 0000000..c70b415 +selinux(8), clvmd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cmirrord_selinux.8 b/man/man8/cmirrord_selinux.8 new file mode 100644 -index 0000000..a50b3c6 +index 0000000..16a4bc5 --- /dev/null +++ b/man/man8/cmirrord_selinux.8 -@@ -0,0 +1,75 @@ +@@ -0,0 +1,95 @@ +.TH "cmirrord_selinux" "8" "cmirrord" "dwalsh@redhat.com" "cmirrord SELinux Policy documentation" +.SH "NAME" +cmirrord_selinux \- Security Enhanced Linux Policy for the cmirrord processes @@ -5882,32 +6935,23 @@ index 0000000..a50b3c6 + + +.EX ++.PP +.B cmirrord_exec_t +.EE + +- Set files with the cmirrord_exec_t type, if you want to transition an executable to the cmirrord_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cmirrord_initrc_exec_t +.EE + +- Set files with the cmirrord_initrc_exec_t type, if you want to transition an executable to the cmirrord_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cmirrord_tmpfs_t +.EE + @@ -5915,18 +6959,47 @@ index 0000000..a50b3c6 + + +.EX ++.PP +.B cmirrord_var_run_t +.EE + +- Set files with the cmirrord_var_run_t type, if you want to store the cmirrord files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cmirrord policy is very flexible allowing users to setup their cmirrord processes in as secure a method as possible. ++.PP ++The following process types are defined for cmirrord: ++ ++.EX ++.B cmirrord_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -5939,10 +7012,10 @@ index 0000000..a50b3c6 +selinux(8), cmirrord(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cobblerd_selinux.8 b/man/man8/cobblerd_selinux.8 new file mode 100644 -index 0000000..b5598a3 +index 0000000..ef22905 --- /dev/null +++ b/man/man8/cobblerd_selinux.8 -@@ -0,0 +1,141 @@ +@@ -0,0 +1,167 @@ +.TH "cobblerd_selinux" "8" "cobblerd" "dwalsh@redhat.com" "cobblerd SELinux Policy documentation" +.SH "NAME" +cobblerd_selinux \- Security Enhanced Linux Policy for the cobblerd processes @@ -5990,18 +7063,16 @@ index 0000000..b5598a3 +.PP +.B +semanage fcontext -a -t public_content_t "/var/cobblerd(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/cobblerd ++.br ++.B restorecon -F -R -v /var/cobblerd +.pp +.TP +Allow cobblerd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_cobblerdd_anon_write boolean to be set. +.PP +.B +semanage fcontext -a -t public_content_rw_t "/var/cobblerd/incoming(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/cobblerd/incoming ++.br ++.B restorecon -F -R -v /var/cobblerd/incoming + + +.PP @@ -6023,24 +7094,22 @@ index 0000000..b5598a3 + + +.EX ++.PP +.B cobblerd_exec_t +.EE + +- Set files with the cobblerd_exec_t type, if you want to transition an executable to the cobblerd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cobblerd_initrc_exec_t +.EE + +- Set files with the cobblerd_initrc_exec_t type, if you want to transition an executable to the cobblerd_initrc_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -6059,17 +7128,47 @@ index 0000000..b5598a3 +SELinux cobblerd policy is very flexible allowing users to setup their cobblerd processes in as secure a method as possible. +.PP +The following port types are defined for cobblerd: -+.EX + ++.EX ++.TP 5 +.B cobbler_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cobblerd policy is very flexible allowing users to setup their cobblerd processes in as secure a method as possible. ++.PP ++The following process types are defined for cobblerd: + -+.B tcp 25151 ++.EX ++.B cobblerd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -6087,10 +7186,10 @@ index 0000000..b5598a3 \ No newline at end of file diff --git a/man/man8/collectd_selinux.8 b/man/man8/collectd_selinux.8 new file mode 100644 -index 0000000..5aa1ebe +index 0000000..f75feed --- /dev/null +++ b/man/man8/collectd_selinux.8 -@@ -0,0 +1,96 @@ +@@ -0,0 +1,110 @@ +.TH "collectd_selinux" "8" "collectd" "dwalsh@redhat.com" "collectd SELinux Policy documentation" +.SH "NAME" +collectd_selinux \- Security Enhanced Linux Policy for the collectd processes @@ -6122,57 +7221,71 @@ index 0000000..5aa1ebe + + +.EX ++.PP +.B collectd_exec_t +.EE + +- Set files with the collectd_exec_t type, if you want to transition an executable to the collectd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B collectd_initrc_exec_t +.EE + +- Set files with the collectd_initrc_exec_t type, if you want to transition an executable to the collectd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B collectd_var_lib_t +.EE + +- Set files with the collectd_var_lib_t type, if you want to store the collectd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B collectd_var_run_t +.EE + +- Set files with the collectd_var_run_t type, if you want to store the collectd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux collectd policy is very flexible allowing users to setup their collectd processes in as secure a method as possible. ++.PP ++The following process types are defined for collectd: ++ ++.EX ++.B collectd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -6190,10 +7303,10 @@ index 0000000..5aa1ebe \ No newline at end of file diff --git a/man/man8/colord_selinux.8 b/man/man8/colord_selinux.8 new file mode 100644 -index 0000000..1196b13 +index 0000000..b08b592 --- /dev/null +++ b/man/man8/colord_selinux.8 -@@ -0,0 +1,72 @@ +@@ -0,0 +1,99 @@ +.TH "colord_selinux" "8" "colord" "dwalsh@redhat.com" "colord SELinux Policy documentation" +.SH "NAME" +colord_selinux \- Security Enhanced Linux Policy for the colord processes @@ -6214,19 +7327,15 @@ index 0000000..1196b13 + + +.EX ++.PP +.B colord_exec_t +.EE + +- Set files with the colord_exec_t type, if you want to transition an executable to the colord_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B colord_tmp_t +.EE + @@ -6234,6 +7343,7 @@ index 0000000..1196b13 + + +.EX ++.PP +.B colord_tmpfs_t +.EE + @@ -6241,21 +7351,51 @@ index 0000000..1196b13 + + +.EX ++.PP +.B colord_var_lib_t +.EE + +- Set files with the colord_var_lib_t type, if you want to store the colord files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/color(/.*)?, /var/lib/colord(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux colord policy is very flexible allowing users to setup their colord processes in as secure a method as possible. ++.PP ++The following process types are defined for colord: ++ ++.EX ++.B colord_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -6268,10 +7408,10 @@ index 0000000..1196b13 +selinux(8), colord(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/comsat_selinux.8 b/man/man8/comsat_selinux.8 new file mode 100644 -index 0000000..34a36d9 +index 0000000..bef7da9 --- /dev/null +++ b/man/man8/comsat_selinux.8 -@@ -0,0 +1,78 @@ +@@ -0,0 +1,113 @@ +.TH "comsat_selinux" "8" "comsat" "dwalsh@redhat.com" "comsat SELinux Policy documentation" +.SH "NAME" +comsat_selinux \- Security Enhanced Linux Policy for the comsat processes @@ -6292,19 +7432,15 @@ index 0000000..34a36d9 + + +.EX ++.PP +.B comsat_exec_t +.EE + +- Set files with the comsat_exec_t type, if you want to transition an executable to the comsat_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B comsat_tmp_t +.EE + @@ -6312,11 +7448,20 @@ index 0000000..34a36d9 + + +.EX ++.PP +.B comsat_var_run_t +.EE + +- Set files with the comsat_var_run_t type, if you want to store the comsat files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -6329,17 +7474,47 @@ index 0000000..34a36d9 +SELinux comsat policy is very flexible allowing users to setup their comsat processes in as secure a method as possible. +.PP +The following port types are defined for comsat: -+.EX + ++.EX ++.TP 5 +.B comsat_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux comsat policy is very flexible allowing users to setup their comsat processes in as secure a method as possible. ++.PP ++The following process types are defined for comsat: + -+.B udp 512 ++.EX ++.B comsat_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -6352,10 +7527,10 @@ index 0000000..34a36d9 +selinux(8), comsat(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/consolekit_selinux.8 b/man/man8/consolekit_selinux.8 new file mode 100644 -index 0000000..5edf403 +index 0000000..a19f983 --- /dev/null +++ b/man/man8/consolekit_selinux.8 -@@ -0,0 +1,78 @@ +@@ -0,0 +1,99 @@ +.TH "consolekit_selinux" "8" "consolekit" "dwalsh@redhat.com" "consolekit SELinux Policy documentation" +.SH "NAME" +consolekit_selinux \- Security Enhanced Linux Policy for the consolekit processes @@ -6376,32 +7551,23 @@ index 0000000..5edf403 + + +.EX ++.PP +.B consolekit_exec_t +.EE + +- Set files with the consolekit_exec_t type, if you want to transition an executable to the consolekit_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B consolekit_log_t +.EE + +- Set files with the consolekit_log_t type, if you want to treat the data as consolekit log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B consolekit_tmpfs_t +.EE + @@ -6409,21 +7575,51 @@ index 0000000..5edf403 + + +.EX ++.PP +.B consolekit_var_run_t +.EE + +- Set files with the consolekit_var_run_t type, if you want to store the consolekit files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/console-kit-daemon\.pid, /var/run/ConsoleKit(/.*)?, /var/run/consolekit\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux consolekit policy is very flexible allowing users to setup their consolekit processes in as secure a method as possible. ++.PP ++The following process types are defined for consolekit: ++ ++.EX ++.B consolekit_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -6436,10 +7632,10 @@ index 0000000..5edf403 +selinux(8), consolekit(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/consoletype_selinux.8 b/man/man8/consoletype_selinux.8 new file mode 100644 -index 0000000..1c06750 +index 0000000..51bc584 --- /dev/null +++ b/man/man8/consoletype_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "consoletype_selinux" "8" "consoletype" "dwalsh@redhat.com" "consoletype SELinux Policy documentation" +.SH "NAME" +consoletype_selinux \- Security Enhanced Linux Policy for the consoletype processes @@ -6460,21 +7656,51 @@ index 0000000..1c06750 + + +.EX ++.PP +.B consoletype_exec_t +.EE + +- Set files with the consoletype_exec_t type, if you want to transition an executable to the consoletype_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/consoletype, /sbin/consoletype ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux consoletype policy is very flexible allowing users to setup their consoletype processes in as secure a method as possible. ++.PP ++The following process types are defined for consoletype: ++ ++.EX ++.B consoletype_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -6487,10 +7713,10 @@ index 0000000..1c06750 +selinux(8), consoletype(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/corosync_selinux.8 b/man/man8/corosync_selinux.8 new file mode 100644 -index 0000000..1377dd8 +index 0000000..13790e2 --- /dev/null +++ b/man/man8/corosync_selinux.8 -@@ -0,0 +1,120 @@ +@@ -0,0 +1,135 @@ +.TH "corosync_selinux" "8" "corosync" "dwalsh@redhat.com" "corosync SELinux Policy documentation" +.SH "NAME" +corosync_selinux \- Security Enhanced Linux Policy for the corosync processes @@ -6511,38 +7737,31 @@ index 0000000..1377dd8 + + +.EX ++.PP +.B corosync_exec_t +.EE + +- Set files with the corosync_exec_t type, if you want to transition an executable to the corosync_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/ccs_tool, /usr/sbin/corosync, /usr/sbin/corosync-notifyd, /usr/lib(64)?/heartbeat/heartbeat, /usr/sbin/cman_tool -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B corosync_initrc_exec_t +.EE + +- Set files with the corosync_initrc_exec_t type, if you want to transition an executable to the corosync_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/heartbeat, /etc/rc\.d/init\.d/corosync -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B corosync_tmp_t +.EE + @@ -6550,6 +7769,7 @@ index 0000000..1377dd8 + + +.EX ++.PP +.B corosync_tmpfs_t +.EE + @@ -6557,50 +7777,71 @@ index 0000000..1377dd8 + + +.EX ++.PP +.B corosync_var_lib_t +.EE + +- Set files with the corosync_var_lib_t type, if you want to store the corosync files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/corosync(/.*)?, /usr/lib(64)?/heartbeat(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B corosync_var_log_t +.EE + +- Set files with the corosync_var_log_t type, if you want to treat the data as corosync var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B corosync_var_run_t +.EE + +- Set files with the corosync_var_run_t type, if you want to store the corosync files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/hearbeat(/.*)?, /var/run/corosync\.pid, /var/run/cman_.* ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux corosync policy is very flexible allowing users to setup their corosync processes in as secure a method as possible. ++.PP ++The following process types are defined for corosync: ++ ++.EX ++.B corosync_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -6613,10 +7854,10 @@ index 0000000..1377dd8 +selinux(8), corosync(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/courier_selinux.8 b/man/man8/courier_selinux.8 new file mode 100644 -index 0000000..636e64b +index 0000000..e9accfd --- /dev/null +++ b/man/man8/courier_selinux.8 -@@ -0,0 +1,165 @@ +@@ -0,0 +1,159 @@ +.TH "courier_selinux" "8" "courier" "dwalsh@redhat.com" "courier SELinux Policy documentation" +.SH "NAME" +courier_selinux \- Security Enhanced Linux Policy for the courier processes @@ -6637,96 +7878,71 @@ index 0000000..636e64b + + +.EX ++.PP +.B courier_authdaemon_exec_t +.EE + +- Set files with the courier_authdaemon_exec_t type, if you want to transition an executable to the courier_authdaemon_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B courier_etc_t +.EE + +- Set files with the courier_etc_t type, if you want to store courier files in the /etc directories. + +.br ++.TP 5 +Paths: +/usr/lib/courier/rootcerts(/.*)?, /etc/courier(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B courier_exec_t +.EE + +- Set files with the courier_exec_t type, if you want to transition an executable to the courier_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/courierlogger, /usr/lib/courier/courier/.*, /usr/sbin/courierldapaliasd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B courier_pcp_exec_t +.EE + +- Set files with the courier_pcp_exec_t type, if you want to transition an executable to the courier_pcp_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B courier_pop_exec_t +.EE + +- Set files with the courier_pop_exec_t type, if you want to transition an executable to the courier_pop_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/courier/imapd, /usr/lib/courier/courier/courierpop.*, /usr/lib/courier/pop3d, /usr/lib/courier/courier/imaplogin, /usr/bin/imapd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B courier_spool_t +.EE + +- Set files with the courier_spool_t type, if you want to store the courier files under the /var/spool directory. + +.br ++.TP 5 +Paths: +/var/spool/authdaemon(/.*)?, /var/spool/courier(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B courier_sqwebmail_exec_t +.EE + @@ -6734,44 +7950,63 @@ index 0000000..636e64b + + +.EX ++.PP +.B courier_tcpd_exec_t +.EE + +- Set files with the courier_tcpd_exec_t type, if you want to transition an executable to the courier_tcpd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B courier_var_lib_t +.EE + +- Set files with the courier_var_lib_t type, if you want to store the courier files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B courier_var_run_t +.EE + +- Set files with the courier_var_run_t type, if you want to store the courier files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux courier policy is very flexible allowing users to setup their courier processes in as secure a method as possible. ++.PP ++The following process types are defined for courier: ++ ++.EX ++.B courier_sqwebmail_t, courier_tcpd_t, courier_authdaemon_t, courier_pcp_t, courier_pop_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -6784,10 +8019,10 @@ index 0000000..636e64b +selinux(8), courier(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cpucontrol_selinux.8 b/man/man8/cpucontrol_selinux.8 new file mode 100644 -index 0000000..8069d50 +index 0000000..4f810f7 --- /dev/null +++ b/man/man8/cpucontrol_selinux.8 -@@ -0,0 +1,58 @@ +@@ -0,0 +1,83 @@ +.TH "cpucontrol_selinux" "8" "cpucontrol" "dwalsh@redhat.com" "cpucontrol SELinux Policy documentation" +.SH "NAME" +cpucontrol_selinux \- Security Enhanced Linux Policy for the cpucontrol processes @@ -6808,34 +8043,59 @@ index 0000000..8069d50 + + +.EX ++.PP +.B cpucontrol_conf_t +.EE + +- Set files with the cpucontrol_conf_t type, if you want to treat the files as cpucontrol configuration data, usually stored under the /etc directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cpucontrol_exec_t +.EE + +- Set files with the cpucontrol_exec_t type, if you want to transition an executable to the cpucontrol_t domain. + +.br ++.TP 5 +Paths: +/sbin/microcode_ctl, /usr/sbin/microcode_ctl ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cpucontrol policy is very flexible allowing users to setup their cpucontrol processes in as secure a method as possible. ++.PP ++The following process types are defined for cpucontrol: ++ ++.EX ++.B cpucontrol_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -6848,10 +8108,10 @@ index 0000000..8069d50 +selinux(8), cpucontrol(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cpufreqselector_selinux.8 b/man/man8/cpufreqselector_selinux.8 new file mode 100644 -index 0000000..5e5c336 +index 0000000..4f04063 --- /dev/null +++ b/man/man8/cpufreqselector_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "cpufreqselector_selinux" "8" "cpufreqselector" "dwalsh@redhat.com" "cpufreqselector SELinux Policy documentation" +.SH "NAME" +cpufreqselector_selinux \- Security Enhanced Linux Policy for the cpufreqselector processes @@ -6872,18 +8132,47 @@ index 0000000..5e5c336 + + +.EX ++.PP +.B cpufreqselector_exec_t +.EE + +- Set files with the cpufreqselector_exec_t type, if you want to transition an executable to the cpufreqselector_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cpufreqselector policy is very flexible allowing users to setup their cpufreqselector processes in as secure a method as possible. ++.PP ++The following process types are defined for cpufreqselector: ++ ++.EX ++.B cpufreqselector_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -6896,10 +8185,10 @@ index 0000000..5e5c336 +selinux(8), cpufreqselector(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cpuspeed_selinux.8 b/man/man8/cpuspeed_selinux.8 new file mode 100644 -index 0000000..a50b5d7 +index 0000000..c644972 --- /dev/null +++ b/man/man8/cpuspeed_selinux.8 -@@ -0,0 +1,58 @@ +@@ -0,0 +1,83 @@ +.TH "cpuspeed_selinux" "8" "cpuspeed" "dwalsh@redhat.com" "cpuspeed SELinux Policy documentation" +.SH "NAME" +cpuspeed_selinux \- Security Enhanced Linux Policy for the cpuspeed processes @@ -6920,34 +8209,59 @@ index 0000000..a50b5d7 + + +.EX ++.PP +.B cpuspeed_exec_t +.EE + +- Set files with the cpuspeed_exec_t type, if you want to transition an executable to the cpuspeed_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/cpuspeed, /usr/sbin/powernowd, /usr/sbin/cpufreqd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cpuspeed_var_run_t +.EE + +- Set files with the cpuspeed_var_run_t type, if you want to store the cpuspeed files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cpuspeed policy is very flexible allowing users to setup their cpuspeed processes in as secure a method as possible. ++.PP ++The following process types are defined for cpuspeed: ++ ++.EX ++.B cpuspeed_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -6960,10 +8274,10 @@ index 0000000..a50b5d7 +selinux(8), cpuspeed(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/crack_selinux.8 b/man/man8/crack_selinux.8 new file mode 100644 -index 0000000..c9284c7 +index 0000000..25dca61 --- /dev/null +++ b/man/man8/crack_selinux.8 -@@ -0,0 +1,68 @@ +@@ -0,0 +1,95 @@ +.TH "crack_selinux" "8" "crack" "dwalsh@redhat.com" "crack SELinux Policy documentation" +.SH "NAME" +crack_selinux \- Security Enhanced Linux Policy for the crack processes @@ -6984,44 +8298,71 @@ index 0000000..c9284c7 + + +.EX ++.PP +.B crack_db_t +.EE + +- Set files with the crack_db_t type, if you want to treat the files as crack database content. + +.br ++.TP 5 +Paths: +/var/cache/cracklib(/.*)?, /usr/share/cracklib(/.*)?, /usr/lib/cracklib_dict.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B crack_exec_t +.EE + +- Set files with the crack_exec_t type, if you want to transition an executable to the crack_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/cracklib-[a-z]*, /usr/sbin/crack_[a-z]* ++ ++.EX ++.PP ++.B crack_tmp_t ++.EE ++ ++- Set files with the crack_tmp_t type, if you want to store crack temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux crack policy is very flexible allowing users to setup their crack processes in as secure a method as possible. ++.PP ++The following process types are defined for crack: + +.EX -+.B crack_tmp_t ++.B crack_t +.EE -+ -+- Set files with the crack_tmp_t type, if you want to store crack temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -7034,10 +8375,10 @@ index 0000000..c9284c7 +selinux(8), crack(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/crond_selinux.8 b/man/man8/crond_selinux.8 new file mode 100644 -index 0000000..d44d0d9 +index 0000000..7485af4 --- /dev/null +++ b/man/man8/crond_selinux.8 -@@ -0,0 +1,119 @@ +@@ -0,0 +1,137 @@ +.TH "crond_selinux" "8" "crond" "dwalsh@redhat.com" "crond SELinux Policy documentation" +.SH "NAME" +crond_selinux \- Security Enhanced Linux Policy for the crond processes @@ -7076,35 +8417,27 @@ index 0000000..d44d0d9 + + +.EX ++.PP +.B crond_exec_t +.EE + +- Set files with the crond_exec_t type, if you want to transition an executable to the crond_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/atd, /usr/sbin/fcron, /usr/sbin/cron(d)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B crond_initrc_exec_t +.EE + +- Set files with the crond_initrc_exec_t type, if you want to transition an executable to the crond_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B crond_tmp_t +.EE + @@ -7112,37 +8445,63 @@ index 0000000..d44d0d9 + + +.EX ++.PP +.B crond_unit_file_t +.EE + +- Set files with the crond_unit_file_t type, if you want to treat the files as crond unit content. + +.br ++.TP 5 +Paths: +/usr/lib/systemd/system/crond\.service, /lib/systemd/system/crond\.service -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B crond_var_run_t +.EE + +- Set files with the crond_var_run_t type, if you want to store the crond files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/crond?\.pid, /var/run/.*cron.*, /var/run/fcron\.pid, /var/run/crond?\.reboot, /var/run/fcron\.fifo, /var/run/atd\.pid, /var/run/anacron\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux crond policy is very flexible allowing users to setup their crond processes in as secure a method as possible. ++.PP ++The following process types are defined for crond: ++ ++.EX ++.B crond_t, cronjob_t, crontab_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -7160,10 +8519,10 @@ index 0000000..d44d0d9 \ No newline at end of file diff --git a/man/man8/crontab_selinux.8 b/man/man8/crontab_selinux.8 new file mode 100644 -index 0000000..680fae0 +index 0000000..e4713c6 --- /dev/null +++ b/man/man8/crontab_selinux.8 -@@ -0,0 +1,52 @@ +@@ -0,0 +1,83 @@ +.TH "crontab_selinux" "8" "crontab" "dwalsh@redhat.com" "crontab SELinux Policy documentation" +.SH "NAME" +crontab_selinux \- Security Enhanced Linux Policy for the crontab processes @@ -7184,28 +8543,59 @@ index 0000000..680fae0 + + +.EX ++.PP +.B crontab_exec_t +.EE + +- Set files with the crontab_exec_t type, if you want to transition an executable to the crontab_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/(f)?crontab, /usr/bin/at ++ ++.EX ++.PP ++.B crontab_tmp_t ++.EE ++ ++- Set files with the crontab_tmp_t type, if you want to store crontab temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux crontab policy is very flexible allowing users to setup their crontab processes in as secure a method as possible. ++.PP ++The following process types are defined for crontab: + +.EX -+.B crontab_tmp_t ++.B crontab_t +.EE -+ -+- Set files with the crontab_tmp_t type, if you want to store crontab temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -7218,10 +8608,10 @@ index 0000000..680fae0 +selinux(8), crontab(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ctdbd_selinux.8 b/man/man8/ctdbd_selinux.8 new file mode 100644 -index 0000000..38e1b17 +index 0000000..362d29c --- /dev/null +++ b/man/man8/ctdbd_selinux.8 -@@ -0,0 +1,141 @@ +@@ -0,0 +1,149 @@ +.TH "ctdbd_selinux" "8" "ctdbd" "dwalsh@redhat.com" "ctdbd SELinux Policy documentation" +.SH "NAME" +ctdbd_selinux \- Security Enhanced Linux Policy for the ctdbd processes @@ -7242,58 +8632,39 @@ index 0000000..38e1b17 + + +.EX ++.PP +.B ctdbd_exec_t +.EE + +- Set files with the ctdbd_exec_t type, if you want to transition an executable to the ctdbd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ctdbd_initrc_exec_t +.EE + +- Set files with the ctdbd_initrc_exec_t type, if you want to transition an executable to the ctdbd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ctdbd_log_t +.EE + +- Set files with the ctdbd_log_t type, if you want to treat the data as ctdbd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ctdbd_spool_t +.EE + +- Set files with the ctdbd_spool_t type, if you want to store the ctdbd files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ctdbd_tmp_t +.EE + @@ -7301,27 +8672,26 @@ index 0000000..38e1b17 + + +.EX ++.PP +.B ctdbd_var_lib_t +.EE + +- Set files with the ctdbd_var_lib_t type, if you want to store the ctdbd files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/ctdb(/.*)?, /var/lib/ctdbd(/.*)?, /etc/ctdb(/.*)?, /var/ctdbd(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ctdbd_var_run_t +.EE + +- Set files with the ctdbd_var_run_t type, if you want to store the ctdbd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -7340,19 +8710,47 @@ index 0000000..38e1b17 +SELinux ctdbd policy is very flexible allowing users to setup their ctdbd processes in as secure a method as possible. +.PP +The following port types are defined for ctdbd: -+.EX + ++.EX ++.TP 5 +.B ctdb_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 4379 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 4379 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ctdbd policy is very flexible allowing users to setup their ctdbd processes in as secure a method as possible. ++.PP ++The following process types are defined for ctdbd: ++ ++.EX ++.B ctdbd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -7365,10 +8763,10 @@ index 0000000..38e1b17 +selinux(8), ctdbd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cups_selinux.8 b/man/man8/cups_selinux.8 new file mode 100644 -index 0000000..c2d5cbd +index 0000000..d58434b --- /dev/null +++ b/man/man8/cups_selinux.8 -@@ -0,0 +1,222 @@ +@@ -0,0 +1,211 @@ +.TH "cups_selinux" "8" "cups" "dwalsh@redhat.com" "cups SELinux Policy documentation" +.SH "NAME" +cups_selinux \- Security Enhanced Linux Policy for the cups processes @@ -7389,19 +8787,15 @@ index 0000000..c2d5cbd + + +.EX ++.PP +.B cups_pdf_exec_t +.EE + +- Set files with the cups_pdf_exec_t type, if you want to transition an executable to the cups_pdf_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cups_pdf_tmp_t +.EE + @@ -7409,90 +8803,63 @@ index 0000000..c2d5cbd + + +.EX ++.PP +.B cupsd_config_exec_t +.EE + +- Set files with the cupsd_config_exec_t type, if you want to transition an executable to the cupsd_config_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/printconf-backend, /usr/sbin/hal_lpadmin, /usr/lib/udev/udev-configure-printer, /usr/libexec/cups-pk-helper-mechanism, /usr/libexec/hal_lpadmin, /lib/udev/udev-configure-printer, /usr/bin/cups-config-daemon -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_config_var_run_t +.EE + +- Set files with the cupsd_config_var_run_t type, if you want to store the cupsd config files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_etc_t +.EE + +- Set files with the cupsd_etc_t type, if you want to store cupsd files in the /etc directories. + +.br ++.TP 5 +Paths: +/usr/share/cups(/.*)?, /etc/cups(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_exec_t +.EE + +- Set files with the cupsd_exec_t type, if you want to transition an executable to the cupsd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_initrc_exec_t +.EE + +- Set files with the cupsd_initrc_exec_t type, if you want to transition an executable to the cupsd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_interface_t +.EE + +- Set files with the cupsd_interface_t type, if you want to treat the files as cupsd interface data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_lock_t +.EE + @@ -7500,35 +8867,27 @@ index 0000000..c2d5cbd + + +.EX ++.PP +.B cupsd_log_t +.EE + +- Set files with the cupsd_log_t type, if you want to treat the data as cupsd log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/cups(/.*)?, /usr/local/Brother/fax/.*\.log, /var/log/turboprint.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_lpd_exec_t +.EE + +- Set files with the cupsd_lpd_exec_t type, if you want to transition an executable to the cupsd_lpd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_lpd_tmp_t +.EE + @@ -7536,6 +8895,7 @@ index 0000000..c2d5cbd + + +.EX ++.PP +.B cupsd_lpd_var_run_t +.EE + @@ -7543,22 +8903,19 @@ index 0000000..c2d5cbd + + +.EX ++.PP +.B cupsd_rw_etc_t +.EE + +- Set files with the cupsd_rw_etc_t type, if you want to store cupsd rw files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/cups/lpoptions.*, /usr/local/linuxprinter/ppd(/.*)?, /etc/cups/subscriptions.*, /usr/local/Brother/(.*/)?inf(/.*)?, /etc/cups/classes\.conf.*, /usr/lib/bjlib(/.*)?, /etc/cups/ppd(/.*)?, /opt/gutenprint/ppds(/.*)?, /etc/printcap.*, /etc/alchemist/namespace/printconf(/.*)?, /usr/local/Printer/(.*/)?inf(/.*)?, /var/lib/cups/certs, /etc/cups/ppds\.dat, /etc/cups/certs, /etc/cups/certs/.*, /etc/cups/printers\.conf.*, /var/lib/cups/certs/.*, /var/cache/foomatic(/.*)?, /var/cache/alchemist/printconf.*, /etc/cups/cupsd\.conf.*, /var/cache/cups(/.*)?, /usr/share/foomatic/db/oldprinterids -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_tmp_t +.EE + @@ -7566,21 +8923,51 @@ index 0000000..c2d5cbd + + +.EX ++.PP +.B cupsd_var_run_t +.EE + +- Set files with the cupsd_var_run_t type, if you want to store the cupsd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/ccpd(/.*)?, /var/ekpd(/.*)?, /var/turboprint(/.*)?, /var/run/cups(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cups policy is very flexible allowing users to setup their cups processes in as secure a method as possible. ++.PP ++The following process types are defined for cups: ++ ++.EX ++.B cupsd_t, cupsd_config_t, cupsd_lpd_t, cups_pdf_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -7593,10 +8980,10 @@ index 0000000..c2d5cbd +selinux(8), cups(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cupsd_selinux.8 b/man/man8/cupsd_selinux.8 new file mode 100644 -index 0000000..7f88c77 +index 0000000..a35b643 --- /dev/null +++ b/man/man8/cupsd_selinux.8 -@@ -0,0 +1,202 @@ +@@ -0,0 +1,195 @@ +.TH "cupsd_selinux" "8" "cupsd" "dwalsh@redhat.com" "cupsd SELinux Policy documentation" +.SH "NAME" +cupsd_selinux \- Security Enhanced Linux Policy for the cupsd processes @@ -7617,90 +9004,63 @@ index 0000000..7f88c77 + + +.EX ++.PP +.B cupsd_config_exec_t +.EE + +- Set files with the cupsd_config_exec_t type, if you want to transition an executable to the cupsd_config_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/printconf-backend, /usr/sbin/hal_lpadmin, /usr/lib/udev/udev-configure-printer, /usr/libexec/cups-pk-helper-mechanism, /usr/libexec/hal_lpadmin, /lib/udev/udev-configure-printer, /usr/bin/cups-config-daemon -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_config_var_run_t +.EE + +- Set files with the cupsd_config_var_run_t type, if you want to store the cupsd config files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_etc_t +.EE + +- Set files with the cupsd_etc_t type, if you want to store cupsd files in the /etc directories. + +.br ++.TP 5 +Paths: +/usr/share/cups(/.*)?, /etc/cups(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_exec_t +.EE + +- Set files with the cupsd_exec_t type, if you want to transition an executable to the cupsd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_initrc_exec_t +.EE + +- Set files with the cupsd_initrc_exec_t type, if you want to transition an executable to the cupsd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_interface_t +.EE + +- Set files with the cupsd_interface_t type, if you want to treat the files as cupsd interface data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_lock_t +.EE + @@ -7708,35 +9068,27 @@ index 0000000..7f88c77 + + +.EX ++.PP +.B cupsd_log_t +.EE + +- Set files with the cupsd_log_t type, if you want to treat the data as cupsd log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/cups(/.*)?, /usr/local/Brother/fax/.*\.log, /var/log/turboprint.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_lpd_exec_t +.EE + +- Set files with the cupsd_lpd_exec_t type, if you want to transition an executable to the cupsd_lpd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_lpd_tmp_t +.EE + @@ -7744,6 +9096,7 @@ index 0000000..7f88c77 + + +.EX ++.PP +.B cupsd_lpd_var_run_t +.EE + @@ -7751,22 +9104,19 @@ index 0000000..7f88c77 + + +.EX ++.PP +.B cupsd_rw_etc_t +.EE + +- Set files with the cupsd_rw_etc_t type, if you want to store cupsd rw files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/cups/lpoptions.*, /usr/local/linuxprinter/ppd(/.*)?, /etc/cups/subscriptions.*, /usr/local/Brother/(.*/)?inf(/.*)?, /etc/cups/classes\.conf.*, /usr/lib/bjlib(/.*)?, /etc/cups/ppd(/.*)?, /opt/gutenprint/ppds(/.*)?, /etc/printcap.*, /etc/alchemist/namespace/printconf(/.*)?, /usr/local/Printer/(.*/)?inf(/.*)?, /var/lib/cups/certs, /etc/cups/ppds\.dat, /etc/cups/certs, /etc/cups/certs/.*, /etc/cups/printers\.conf.*, /var/lib/cups/certs/.*, /var/cache/foomatic(/.*)?, /var/cache/alchemist/printconf.*, /etc/cups/cupsd\.conf.*, /var/cache/cups(/.*)?, /usr/share/foomatic/db/oldprinterids -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cupsd_tmp_t +.EE + @@ -7774,21 +9124,51 @@ index 0000000..7f88c77 + + +.EX ++.PP +.B cupsd_var_run_t +.EE + +- Set files with the cupsd_var_run_t type, if you want to store the cupsd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/ccpd(/.*)?, /var/ekpd(/.*)?, /var/turboprint(/.*)?, /var/run/cups(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cupsd policy is very flexible allowing users to setup their cupsd processes in as secure a method as possible. ++.PP ++The following process types are defined for cupsd: ++ ++.EX ++.B cupsd_t, cupsd_config_t, cupsd_lpd_t, cups_pdf_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -7801,10 +9181,10 @@ index 0000000..7f88c77 +selinux(8), cupsd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cvs_selinux.8 b/man/man8/cvs_selinux.8 new file mode 100644 -index 0000000..ff16e2b +index 0000000..d66a0fd --- /dev/null +++ b/man/man8/cvs_selinux.8 -@@ -0,0 +1,125 @@ +@@ -0,0 +1,156 @@ +.TH "cvs_selinux" "8" "cvs" "dwalsh@redhat.com" "cvs SELinux Policy documentation" +.SH "NAME" +cvs_selinux \- Security Enhanced Linux Policy for the cvs processes @@ -7836,35 +9216,27 @@ index 0000000..ff16e2b + + +.EX ++.PP +.B cvs_data_t +.EE + +- Set files with the cvs_data_t type, if you want to treat the files as cvs content. + +.br ++.TP 5 +Paths: +/opt/cvs(/.*)?, /var/cvs(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cvs_exec_t +.EE + +- Set files with the cvs_exec_t type, if you want to transition an executable to the cvs_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cvs_initrc_exec_t +.EE + @@ -7872,6 +9244,7 @@ index 0000000..ff16e2b + + +.EX ++.PP +.B cvs_keytab_t +.EE + @@ -7879,6 +9252,7 @@ index 0000000..ff16e2b + + +.EX ++.PP +.B cvs_tmp_t +.EE + @@ -7886,11 +9260,20 @@ index 0000000..ff16e2b + + +.EX ++.PP +.B cvs_var_run_t +.EE + +- Set files with the cvs_var_run_t type, if you want to store the cvs files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -7903,19 +9286,47 @@ index 0000000..ff16e2b +SELinux cvs policy is very flexible allowing users to setup their cvs processes in as secure a method as possible. +.PP +The following port types are defined for cvs: -+.EX + ++.EX ++.TP 5 +.B cvs_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 2401 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 2401 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cvs policy is very flexible allowing users to setup their cvs processes in as secure a method as possible. ++.PP ++The following process types are defined for cvs: ++ ++.EX ++.B cvs_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -7933,10 +9344,10 @@ index 0000000..ff16e2b \ No newline at end of file diff --git a/man/man8/cyphesis_selinux.8 b/man/man8/cyphesis_selinux.8 new file mode 100644 -index 0000000..3fcc210 +index 0000000..cd1450d --- /dev/null +++ b/man/man8/cyphesis_selinux.8 -@@ -0,0 +1,99 @@ +@@ -0,0 +1,121 @@ +.TH "cyphesis_selinux" "8" "cyphesis" "dwalsh@redhat.com" "cyphesis SELinux Policy documentation" +.SH "NAME" +cyphesis_selinux \- Security Enhanced Linux Policy for the cyphesis processes @@ -7957,32 +9368,23 @@ index 0000000..3fcc210 + + +.EX ++.PP +.B cyphesis_exec_t +.EE + +- Set files with the cyphesis_exec_t type, if you want to transition an executable to the cyphesis_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cyphesis_log_t +.EE + +- Set files with the cyphesis_log_t type, if you want to treat the data as cyphesis log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cyphesis_tmp_t +.EE + @@ -7990,11 +9392,14 @@ index 0000000..3fcc210 + + +.EX ++.PP +.B cyphesis_var_run_t +.EE + +- Set files with the cyphesis_var_run_t type, if you want to store the cyphesis files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -8013,19 +9418,47 @@ index 0000000..3fcc210 +SELinux cyphesis policy is very flexible allowing users to setup their cyphesis processes in as secure a method as possible. +.PP +The following port types are defined for cyphesis: -+.EX + ++.EX ++.TP 5 +.B cyphesis_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 6767,6769,6780-6799 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 32771 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cyphesis policy is very flexible allowing users to setup their cyphesis processes in as secure a method as possible. ++.PP ++The following process types are defined for cyphesis: ++ ++.EX ++.B cyphesis_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -8038,10 +9471,10 @@ index 0000000..3fcc210 +selinux(8), cyphesis(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/cyrus_selinux.8 b/man/man8/cyrus_selinux.8 new file mode 100644 -index 0000000..31fd311 +index 0000000..99c3aa8 --- /dev/null +++ b/man/man8/cyrus_selinux.8 -@@ -0,0 +1,95 @@ +@@ -0,0 +1,119 @@ +.TH "cyrus_selinux" "8" "cyrus" "dwalsh@redhat.com" "cyrus SELinux Policy documentation" +.SH "NAME" +cyrus_selinux \- Security Enhanced Linux Policy for the cyrus processes @@ -8062,35 +9495,27 @@ index 0000000..31fd311 + + +.EX ++.PP +.B cyrus_exec_t +.EE + +- Set files with the cyrus_exec_t type, if you want to transition an executable to the cyrus_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/cyrus-imapd/cyrus-master, /usr/lib/cyrus/master -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cyrus_initrc_exec_t +.EE + +- Set files with the cyrus_initrc_exec_t type, if you want to transition an executable to the cyrus_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B cyrus_keytab_t +.EE + @@ -8098,6 +9523,7 @@ index 0000000..31fd311 + + +.EX ++.PP +.B cyrus_tmp_t +.EE + @@ -8105,28 +9531,59 @@ index 0000000..31fd311 + + +.EX ++.PP +.B cyrus_var_lib_t +.EE + +- Set files with the cyrus_var_lib_t type, if you want to store the cyrus files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/imap(/.*)?, /var/lib/imap(/.*)? ++ ++.EX ++.PP ++.B cyrus_var_run_t ++.EE ++ ++- Set files with the cyrus_var_run_t type, if you want to store the cyrus files under the /run directory. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux cyrus policy is very flexible allowing users to setup their cyrus processes in as secure a method as possible. ++.PP ++The following process types are defined for cyrus: + +.EX -+.B cyrus_var_run_t ++.B cyrus_t +.EE -+ -+- Set files with the cyrus_var_run_t type, if you want to store the cyrus files under the /run directory. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -8139,10 +9596,10 @@ index 0000000..31fd311 +selinux(8), cyrus(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dbskkd_selinux.8 b/man/man8/dbskkd_selinux.8 new file mode 100644 -index 0000000..b6662a5 +index 0000000..68af698 --- /dev/null +++ b/man/man8/dbskkd_selinux.8 -@@ -0,0 +1,78 @@ +@@ -0,0 +1,113 @@ +.TH "dbskkd_selinux" "8" "dbskkd" "dwalsh@redhat.com" "dbskkd SELinux Policy documentation" +.SH "NAME" +dbskkd_selinux \- Security Enhanced Linux Policy for the dbskkd processes @@ -8163,19 +9620,15 @@ index 0000000..b6662a5 + + +.EX ++.PP +.B dbskkd_exec_t +.EE + +- Set files with the dbskkd_exec_t type, if you want to transition an executable to the dbskkd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dbskkd_tmp_t +.EE + @@ -8183,11 +9636,20 @@ index 0000000..b6662a5 + + +.EX ++.PP +.B dbskkd_var_run_t +.EE + +- Set files with the dbskkd_var_run_t type, if you want to store the dbskkd files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -8200,17 +9662,47 @@ index 0000000..b6662a5 +SELinux dbskkd policy is very flexible allowing users to setup their dbskkd processes in as secure a method as possible. +.PP +The following port types are defined for dbskkd: -+.EX + ++.EX ++.TP 5 +.B dbskkd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dbskkd policy is very flexible allowing users to setup their dbskkd processes in as secure a method as possible. ++.PP ++The following process types are defined for dbskkd: + -+.B tcp 1178 ++.EX ++.B dbskkd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -8223,10 +9715,10 @@ index 0000000..b6662a5 +selinux(8), dbskkd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dcc_selinux.8 b/man/man8/dcc_selinux.8 new file mode 100644 -index 0000000..856752d +index 0000000..fcfbcb6 --- /dev/null +++ b/man/man8/dcc_selinux.8 -@@ -0,0 +1,238 @@ +@@ -0,0 +1,240 @@ +.TH "dcc_selinux" "8" "dcc" "dwalsh@redhat.com" "dcc SELinux Policy documentation" +.SH "NAME" +dcc_selinux \- Security Enhanced Linux Policy for the dcc processes @@ -8247,35 +9739,27 @@ index 0000000..856752d + + +.EX ++.PP +.B dcc_client_exec_t +.EE + +- Set files with the dcc_client_exec_t type, if you want to transition an executable to the dcc_client_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dcc_client_map_t +.EE + +- Set files with the dcc_client_map_t type, if you want to treat the files as dcc client map data. + +.br ++.TP 5 +Paths: +/var/lib/dcc/map, /etc/dcc/map, /var/dcc/map, /var/run/dcc/map -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dcc_client_tmp_t +.EE + @@ -8283,19 +9767,15 @@ index 0000000..856752d + + +.EX ++.PP +.B dcc_dbclean_exec_t +.EE + +- Set files with the dcc_dbclean_exec_t type, if you want to transition an executable to the dcc_dbclean_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dcc_dbclean_tmp_t +.EE + @@ -8303,48 +9783,35 @@ index 0000000..856752d + + +.EX ++.PP +.B dcc_var_run_t +.EE + +- Set files with the dcc_var_run_t type, if you want to store the dcc files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dcc_var_t +.EE + +- Set files with the dcc_var_t type, if you want to store the files under the /var directory. + +.br ++.TP 5 +Paths: +/etc/dcc(/.*)?, /var/dcc(/.*)?, /var/lib/dcc(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dccd_exec_t +.EE + +- Set files with the dccd_exec_t type, if you want to transition an executable to the dccd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dccd_tmp_t +.EE + @@ -8352,6 +9819,7 @@ index 0000000..856752d + + +.EX ++.PP +.B dccd_var_run_t +.EE + @@ -8359,19 +9827,15 @@ index 0000000..856752d + + +.EX ++.PP +.B dccifd_exec_t +.EE + +- Set files with the dccifd_exec_t type, if you want to transition an executable to the dccifd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dccifd_tmp_t +.EE + @@ -8379,35 +9843,27 @@ index 0000000..856752d + + +.EX ++.PP +.B dccifd_var_run_t +.EE + +- Set files with the dccifd_var_run_t type, if you want to store the dccifd files under the /run directory. + +.br ++.TP 5 +Paths: +/etc/dcc/dccifd, /var/run/dcc/dccifd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dccm_exec_t +.EE + +- Set files with the dccm_exec_t type, if you want to transition an executable to the dccm_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dccm_tmp_t +.EE + @@ -8415,11 +9871,20 @@ index 0000000..856752d + + +.EX ++.PP +.B dccm_var_run_t +.EE + +- Set files with the dccm_var_run_t type, if you want to store the dccm files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -8432,29 +9897,58 @@ index 0000000..856752d +SELinux dcc policy is very flexible allowing users to setup their dcc processes in as secure a method as possible. +.PP +The following port types are defined for dcc: -+.EX + ++.EX ++.TP 5 +.B dcc_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B udp 6276,6277 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B dccm_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 5679 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 5679 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dcc policy is very flexible allowing users to setup their dcc processes in as secure a method as possible. ++.PP ++The following process types are defined for dcc: ++ ++.EX ++.B dccm_t, dcc_client_t, dcc_dbclean_t, dccifd_t, dccd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -8467,10 +9961,10 @@ index 0000000..856752d +selinux(8), dcc(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dccd_selinux.8 b/man/man8/dccd_selinux.8 new file mode 100644 -index 0000000..c4a8a2b +index 0000000..1df477a --- /dev/null +++ b/man/man8/dccd_selinux.8 -@@ -0,0 +1,90 @@ +@@ -0,0 +1,124 @@ +.TH "dccd_selinux" "8" "dccd" "dwalsh@redhat.com" "dccd SELinux Policy documentation" +.SH "NAME" +dccd_selinux \- Security Enhanced Linux Policy for the dccd processes @@ -8491,19 +9985,15 @@ index 0000000..c4a8a2b + + +.EX ++.PP +.B dccd_exec_t +.EE + +- Set files with the dccd_exec_t type, if you want to transition an executable to the dccd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dccd_tmp_t +.EE + @@ -8511,11 +10001,20 @@ index 0000000..c4a8a2b + + +.EX ++.PP +.B dccd_var_run_t +.EE + +- Set files with the dccd_var_run_t type, if you want to store the dccd files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -8528,29 +10027,58 @@ index 0000000..c4a8a2b +SELinux dccd policy is very flexible allowing users to setup their dccd processes in as secure a method as possible. +.PP +The following port types are defined for dccd: -+.EX + ++.EX ++.TP 5 +.B dcc_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B udp 6276,6277 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B dccm_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 5679 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 5679 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dccd policy is very flexible allowing users to setup their dccd processes in as secure a method as possible. ++.PP ++The following process types are defined for dccd: ++ ++.EX ++.B dccm_t, dcc_client_t, dcc_dbclean_t, dccifd_t, dccd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -8563,10 +10091,10 @@ index 0000000..c4a8a2b +selinux(8), dccd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dccifd_selinux.8 b/man/man8/dccifd_selinux.8 new file mode 100644 -index 0000000..dd94bb1 +index 0000000..e1abdd2 --- /dev/null +++ b/man/man8/dccifd_selinux.8 -@@ -0,0 +1,65 @@ +@@ -0,0 +1,91 @@ +.TH "dccifd_selinux" "8" "dccifd" "dwalsh@redhat.com" "dccifd SELinux Policy documentation" +.SH "NAME" +dccifd_selinux \- Security Enhanced Linux Policy for the dccifd processes @@ -8587,19 +10115,15 @@ index 0000000..dd94bb1 + + +.EX ++.PP +.B dccifd_exec_t +.EE + +- Set files with the dccifd_exec_t type, if you want to transition an executable to the dccifd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dccifd_tmp_t +.EE + @@ -8607,21 +10131,51 @@ index 0000000..dd94bb1 + + +.EX ++.PP +.B dccifd_var_run_t +.EE + +- Set files with the dccifd_var_run_t type, if you want to store the dccifd files under the /run directory. + +.br ++.TP 5 +Paths: +/etc/dcc/dccifd, /var/run/dcc/dccifd ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dccifd policy is very flexible allowing users to setup their dccifd processes in as secure a method as possible. ++.PP ++The following process types are defined for dccifd: ++ ++.EX ++.B dccifd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -8634,10 +10188,10 @@ index 0000000..dd94bb1 +selinux(8), dccifd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dccm_selinux.8 b/man/man8/dccm_selinux.8 new file mode 100644 -index 0000000..a2eea09 +index 0000000..41c0206 --- /dev/null +++ b/man/man8/dccm_selinux.8 -@@ -0,0 +1,80 @@ +@@ -0,0 +1,113 @@ +.TH "dccm_selinux" "8" "dccm" "dwalsh@redhat.com" "dccm SELinux Policy documentation" +.SH "NAME" +dccm_selinux \- Security Enhanced Linux Policy for the dccm processes @@ -8658,19 +10212,15 @@ index 0000000..a2eea09 + + +.EX ++.PP +.B dccm_exec_t +.EE + +- Set files with the dccm_exec_t type, if you want to transition an executable to the dccm_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dccm_tmp_t +.EE + @@ -8678,11 +10228,20 @@ index 0000000..a2eea09 + + +.EX ++.PP +.B dccm_var_run_t +.EE + +- Set files with the dccm_var_run_t type, if you want to store the dccm files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -8695,19 +10254,47 @@ index 0000000..a2eea09 +SELinux dccm policy is very flexible allowing users to setup their dccm processes in as secure a method as possible. +.PP +The following port types are defined for dccm: -+.EX + ++.EX ++.TP 5 +.B dccm_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 5679 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 5679 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dccm policy is very flexible allowing users to setup their dccm processes in as secure a method as possible. ++.PP ++The following process types are defined for dccm: ++ ++.EX ++.B dccm_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -8720,10 +10307,10 @@ index 0000000..a2eea09 +selinux(8), dccm(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dcerpcd_selinux.8 b/man/man8/dcerpcd_selinux.8 new file mode 100644 -index 0000000..e5ba3b6 +index 0000000..b8aec60 --- /dev/null +++ b/man/man8/dcerpcd_selinux.8 -@@ -0,0 +1,75 @@ +@@ -0,0 +1,95 @@ +.TH "dcerpcd_selinux" "8" "dcerpcd" "dwalsh@redhat.com" "dcerpcd SELinux Policy documentation" +.SH "NAME" +dcerpcd_selinux \- Security Enhanced Linux Policy for the dcerpcd processes @@ -8744,32 +10331,23 @@ index 0000000..e5ba3b6 + + +.EX ++.PP +.B dcerpcd_exec_t +.EE + +- Set files with the dcerpcd_exec_t type, if you want to transition an executable to the dcerpcd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dcerpcd_var_lib_t +.EE + +- Set files with the dcerpcd_var_lib_t type, if you want to store the dcerpcd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dcerpcd_var_run_t +.EE + @@ -8777,18 +10355,47 @@ index 0000000..e5ba3b6 + + +.EX ++.PP +.B dcerpcd_var_socket_t +.EE + +- Set files with the dcerpcd_var_socket_t type, if you want to treat the files as dcerpcd var socket data. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dcerpcd policy is very flexible allowing users to setup their dcerpcd processes in as secure a method as possible. ++.PP ++The following process types are defined for dcerpcd: ++ ++.EX ++.B dcerpcd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -8801,10 +10408,10 @@ index 0000000..e5ba3b6 +selinux(8), dcerpcd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ddclient_selinux.8 b/man/man8/ddclient_selinux.8 new file mode 100644 -index 0000000..0e13a3b +index 0000000..6fcda2e --- /dev/null +++ b/man/man8/ddclient_selinux.8 -@@ -0,0 +1,136 @@ +@@ -0,0 +1,139 @@ +.TH "ddclient_selinux" "8" "ddclient" "dwalsh@redhat.com" "ddclient SELinux Policy documentation" +.SH "NAME" +ddclient_selinux \- Security Enhanced Linux Policy for the ddclient processes @@ -8825,64 +10432,47 @@ index 0000000..0e13a3b + + +.EX ++.PP +.B ddclient_etc_t +.EE + +- Set files with the ddclient_etc_t type, if you want to store ddclient files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/ddclient\.conf, /etc/ddtcd\.conf -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ddclient_exec_t +.EE + +- Set files with the ddclient_exec_t type, if you want to transition an executable to the ddclient_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/ddclient, /usr/sbin/ddtcd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ddclient_initrc_exec_t +.EE + +- Set files with the ddclient_initrc_exec_t type, if you want to transition an executable to the ddclient_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ddclient_log_t +.EE + +- Set files with the ddclient_log_t type, if you want to treat the data as ddclient log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ddclient_tmp_t +.EE + @@ -8890,47 +10480,67 @@ index 0000000..0e13a3b + + +.EX ++.PP +.B ddclient_var_lib_t +.EE + +- Set files with the ddclient_var_lib_t type, if you want to store the ddclient files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ddclient_var_run_t +.EE + +- Set files with the ddclient_var_run_t type, if you want to store the ddclient files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/ddtcd\.pid, /var/run/ddclient\.pid -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ddclient_var_t +.EE + +- Set files with the ddclient_var_t type, if you want to store the ddcl files under the /var directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ddclient policy is very flexible allowing users to setup their ddclient processes in as secure a method as possible. ++.PP ++The following process types are defined for ddclient: ++ ++.EX ++.B ddclient_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -8943,10 +10553,10 @@ index 0000000..0e13a3b +selinux(8), ddclient(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/deltacloudd_selinux.8 b/man/man8/deltacloudd_selinux.8 new file mode 100644 -index 0000000..6ea7276 +index 0000000..b9a2e34 --- /dev/null +++ b/man/man8/deltacloudd_selinux.8 -@@ -0,0 +1,69 @@ +@@ -0,0 +1,95 @@ +.TH "deltacloudd_selinux" "8" "deltacloudd" "dwalsh@redhat.com" "deltacloudd SELinux Policy documentation" +.SH "NAME" +deltacloudd_selinux \- Security Enhanced Linux Policy for the deltacloudd processes @@ -8967,32 +10577,23 @@ index 0000000..6ea7276 + + +.EX ++.PP +.B deltacloudd_exec_t +.EE + +- Set files with the deltacloudd_exec_t type, if you want to transition an executable to the deltacloudd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B deltacloudd_log_t +.EE + +- Set files with the deltacloudd_log_t type, if you want to treat the data as deltacloudd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B deltacloudd_tmp_t +.EE + @@ -9000,12 +10601,47 @@ index 0000000..6ea7276 + + +.EX ++.PP +.B deltacloudd_var_run_t +.EE + +- Set files with the deltacloudd_var_run_t type, if you want to store the deltacloudd files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux deltacloudd policy is very flexible allowing users to setup their deltacloudd processes in as secure a method as possible. ++.PP ++The following process types are defined for deltacloudd: ++ ++.EX ++.B deltacloudd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -9018,10 +10654,10 @@ index 0000000..6ea7276 +selinux(8), deltacloudd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/denyhosts_selinux.8 b/man/man8/denyhosts_selinux.8 new file mode 100644 -index 0000000..34eff60 +index 0000000..ffef242 --- /dev/null +++ b/man/man8/denyhosts_selinux.8 -@@ -0,0 +1,94 @@ +@@ -0,0 +1,103 @@ +.TH "denyhosts_selinux" "8" "denyhosts" "dwalsh@redhat.com" "denyhosts SELinux Policy documentation" +.SH "NAME" +denyhosts_selinux \- Security Enhanced Linux Policy for the denyhosts processes @@ -9042,86 +10678,95 @@ index 0000000..34eff60 + + +.EX ++.PP +.B denyhosts_exec_t +.EE + +- Set files with the denyhosts_exec_t type, if you want to transition an executable to the denyhosts_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B denyhosts_initrc_exec_t +.EE + +- Set files with the denyhosts_initrc_exec_t type, if you want to transition an executable to the denyhosts_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B denyhosts_var_lib_t +.EE + +- Set files with the denyhosts_var_lib_t type, if you want to store the denyhosts files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B denyhosts_var_lock_t +.EE + +- Set files with the denyhosts_var_lock_t type, if you want to treat the files as denyhosts var lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B denyhosts_var_log_t +.EE + +- Set files with the denyhosts_var_log_t type, if you want to treat the data as denyhosts var log data, usually stored under the /var/log directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + -+.SH "COMMANDS" -+ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system +.PP -+.B system-config-selinux -+is a GUI tool available to customize SELinux policy settings. ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux denyhosts policy is very flexible allowing users to setup their denyhosts processes in as secure a method as possible. ++.PP ++The following process types are defined for denyhosts: + -+.SH AUTHOR ++.EX ++.B denyhosts_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ ++.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.PP ++.B system-config-selinux ++is a GUI tool available to customize SELinux policy settings. ++ ++.SH AUTHOR +This manual page was autogenerated by genman.py. + +.SH "SEE ALSO" +selinux(8), denyhosts(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/depmod_selinux.8 b/man/man8/depmod_selinux.8 new file mode 100644 -index 0000000..093fe78 +index 0000000..bbc580a --- /dev/null +++ b/man/man8/depmod_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "depmod_selinux" "8" "depmod" "dwalsh@redhat.com" "depmod SELinux Policy documentation" +.SH "NAME" +depmod_selinux \- Security Enhanced Linux Policy for the depmod processes @@ -9142,21 +10787,51 @@ index 0000000..093fe78 + + +.EX ++.PP +.B depmod_exec_t +.EE + +- Set files with the depmod_exec_t type, if you want to transition an executable to the depmod_t domain. + +.br ++.TP 5 +Paths: +/sbin/depmod.*, /usr/sbin/depmod.* ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux depmod policy is very flexible allowing users to setup their depmod processes in as secure a method as possible. ++.PP ++The following process types are defined for depmod: ++ ++.EX ++.B depmod_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -9169,10 +10844,10 @@ index 0000000..093fe78 +selinux(8), depmod(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/devicekit_selinux.8 b/man/man8/devicekit_selinux.8 new file mode 100644 -index 0000000..499a501 +index 0000000..c74c260 --- /dev/null +++ b/man/man8/devicekit_selinux.8 -@@ -0,0 +1,129 @@ +@@ -0,0 +1,139 @@ +.TH "devicekit_selinux" "8" "devicekit" "dwalsh@redhat.com" "devicekit SELinux Policy documentation" +.SH "NAME" +devicekit_selinux \- Security Enhanced Linux Policy for the devicekit processes @@ -9193,51 +10868,39 @@ index 0000000..499a501 + + +.EX ++.PP +.B devicekit_disk_exec_t +.EE + +- Set files with the devicekit_disk_exec_t type, if you want to transition an executable to the devicekit_disk_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/udev/udisks-part-id, /lib/udisks2/udisksd, /usr/lib/udisks2/udisksd, /lib/udev/udisks-part-id, /usr/libexec/devkit-disks-daemon, /usr/libexec/udisks-daemon -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B devicekit_exec_t +.EE + +- Set files with the devicekit_exec_t type, if you want to transition an executable to the devicekit_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B devicekit_power_exec_t +.EE + +- Set files with the devicekit_power_exec_t type, if you want to transition an executable to the devicekit_power_t domain. + +.br ++.TP 5 +Paths: +/usr/libexec/upowerd, /usr/libexec/devkit-power-daemon -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B devicekit_tmp_t +.EE + @@ -9245,53 +10908,75 @@ index 0000000..499a501 + + +.EX ++.PP +.B devicekit_var_lib_t +.EE + +- Set files with the devicekit_var_lib_t type, if you want to store the devicekit files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/udisks.*, /var/lib/DeviceKit-.*, /var/lib/upower(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B devicekit_var_log_t +.EE + +- Set files with the devicekit_var_log_t type, if you want to treat the data as devicekit var log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/pm-suspend\.log, /var/log/pm-powersave\.log -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B devicekit_var_run_t +.EE + +- Set files with the devicekit_var_run_t type, if you want to store the devicekit files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/upower(/.*)?, /var/run/udisks.*, /var/run/devkit(/.*)?, /var/run/DeviceKit-disks(/.*)?, /var/run/pm-utils(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux devicekit policy is very flexible allowing users to setup their devicekit processes in as secure a method as possible. ++.PP ++The following process types are defined for devicekit: ++ ++.EX ++.B devicekit_power_t, devicekit_disk_t, devicekit_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -9304,10 +10989,10 @@ index 0000000..499a501 +selinux(8), devicekit(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dhcpc_selinux.8 b/man/man8/dhcpc_selinux.8 new file mode 100644 -index 0000000..d6f79fb +index 0000000..ee40a96 --- /dev/null +++ b/man/man8/dhcpc_selinux.8 -@@ -0,0 +1,133 @@ +@@ -0,0 +1,152 @@ +.TH "dhcpc_selinux" "8" "dhcpc" "dwalsh@redhat.com" "dhcpc SELinux Policy documentation" +.SH "NAME" +dhcpc_selinux \- Security Enhanced Linux Policy for the dhcpc processes @@ -9339,51 +11024,39 @@ index 0000000..d6f79fb + + +.EX ++.PP +.B dhcpc_exec_t +.EE + +- Set files with the dhcpc_exec_t type, if you want to transition an executable to the dhcpc_t domain. + +.br ++.TP 5 +Paths: +/sbin/dhcpcd, /usr/sbin/pump, /sbin/dhclient.*, /usr/sbin/dhcpcd, /sbin/pump, /usr/sbin/dhclient.*, /usr/sbin/dhcdbd, /sbin/dhcdbd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dhcpc_helper_exec_t +.EE + +- Set files with the dhcpc_helper_exec_t type, if you want to transition an executable to the dhcpc_helper_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dhcpc_state_t +.EE + +- Set files with the dhcpc_state_t type, if you want to treat the files as dhcpc state data. + +.br ++.TP 5 +Paths: +/var/lib/dhclient(/.*)?, /var/lib/dhcp3?/dhclient.*, /var/lib/wifiroamd(/.*)?, /var/lib/dhcpcd(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dhcpc_tmp_t +.EE + @@ -9391,11 +11064,14 @@ index 0000000..d6f79fb + + +.EX ++.PP +.B dhcpc_var_run_t +.EE + +- Set files with the dhcpc_var_run_t type, if you want to store the dhcpc files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -9414,19 +11090,47 @@ index 0000000..d6f79fb +SELinux dhcpc policy is very flexible allowing users to setup their dhcpc processes in as secure a method as possible. +.PP +The following port types are defined for dhcpc: -+.EX + ++.EX ++.TP 5 +.B dhcpc_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 68,546 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 68,546 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dhcpc policy is very flexible allowing users to setup their dhcpc processes in as secure a method as possible. ++.PP ++The following process types are defined for dhcpc: ++ ++.EX ++.B dhcpc_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -9444,10 +11148,10 @@ index 0000000..d6f79fb \ No newline at end of file diff --git a/man/man8/dhcpd_selinux.8 b/man/man8/dhcpd_selinux.8 new file mode 100644 -index 0000000..9ff0cbd +index 0000000..40c16dd --- /dev/null +++ b/man/man8/dhcpd_selinux.8 -@@ -0,0 +1,158 @@ +@@ -0,0 +1,171 @@ +.TH "dhcpd_selinux" "8" "dhcpd" "dwalsh@redhat.com" "dhcpd SELinux Policy documentation" +.SH "NAME" +dhcpd_selinux \- Security Enhanced Linux Policy for the dhcpd processes @@ -9479,48 +11183,35 @@ index 0000000..9ff0cbd + + +.EX ++.PP +.B dhcpd_exec_t +.EE + +- Set files with the dhcpd_exec_t type, if you want to transition an executable to the dhcpd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dhcpd_initrc_exec_t +.EE + +- Set files with the dhcpd_initrc_exec_t type, if you want to transition an executable to the dhcpd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dhcpd_state_t +.EE + +- Set files with the dhcpd_state_t type, if you want to treat the files as dhcpd state data. + +.br ++.TP 5 +Paths: +/var/lib/dhcp(3)?/dhcpd\.leases.*, /var/lib/dhcpd(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dhcpd_tmp_t +.EE + @@ -9528,27 +11219,26 @@ index 0000000..9ff0cbd + + +.EX ++.PP +.B dhcpd_unit_file_t +.EE + +- Set files with the dhcpd_unit_file_t type, if you want to treat the files as dhcpd unit content. + +.br ++.TP 5 +Paths: +/usr/lib/systemd/system/dhcpcd.*, /lib/systemd/system/dhcpcd.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dhcpd_var_run_t +.EE + +- Set files with the dhcpd_var_run_t type, if you want to store the dhcpd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -9567,31 +11257,58 @@ index 0000000..9ff0cbd +SELinux dhcpd policy is very flexible allowing users to setup their dhcpd processes in as secure a method as possible. +.PP +The following port types are defined for dhcpd: -+.EX + ++.EX ++.TP 5 +.B dhcpc_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 68,546 -+.EE -+.B udp 68,546 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B dhcpd_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 547,548,647,847,7911 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 67,547,548,647,847 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dhcpd policy is very flexible allowing users to setup their dhcpd processes in as secure a method as possible. ++.PP ++The following process types are defined for dhcpd: ++ ++.EX ++.B dhcpc_t, dhcpd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -9609,10 +11326,10 @@ index 0000000..9ff0cbd \ No newline at end of file diff --git a/man/man8/dictd_selinux.8 b/man/man8/dictd_selinux.8 new file mode 100644 -index 0000000..318e58b +index 0000000..4757d13 --- /dev/null +++ b/man/man8/dictd_selinux.8 -@@ -0,0 +1,116 @@ +@@ -0,0 +1,129 @@ +.TH "dictd_selinux" "8" "dictd" "dwalsh@redhat.com" "dictd SELinux Policy documentation" +.SH "NAME" +dictd_selinux \- Security Enhanced Linux Policy for the dictd processes @@ -9633,63 +11350,46 @@ index 0000000..318e58b + + +.EX ++.PP +.B dictd_etc_t +.EE + +- Set files with the dictd_etc_t type, if you want to store dictd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dictd_exec_t +.EE + +- Set files with the dictd_exec_t type, if you want to transition an executable to the dictd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dictd_initrc_exec_t +.EE + +- Set files with the dictd_initrc_exec_t type, if you want to transition an executable to the dictd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dictd_var_lib_t +.EE + +- Set files with the dictd_var_lib_t type, if you want to store the dictd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dictd_var_run_t +.EE + +- Set files with the dictd_var_run_t type, if you want to store the dictd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -9708,17 +11408,47 @@ index 0000000..318e58b +SELinux dictd policy is very flexible allowing users to setup their dictd processes in as secure a method as possible. +.PP +The following port types are defined for dictd: -+.EX + ++.EX ++.TP 5 +.B dict_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dictd policy is very flexible allowing users to setup their dictd processes in as secure a method as possible. ++.PP ++The following process types are defined for dictd: + -+.B tcp 2628 ++.EX ++.B dictd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -9731,10 +11461,10 @@ index 0000000..318e58b +selinux(8), dictd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dirsrv_selinux.8 b/man/man8/dirsrv_selinux.8 new file mode 100644 -index 0000000..e7cfd03 +index 0000000..478cdc5 --- /dev/null +++ b/man/man8/dirsrv_selinux.8 -@@ -0,0 +1,241 @@ +@@ -0,0 +1,211 @@ +.TH "dirsrv_selinux" "8" "dirsrv" "dwalsh@redhat.com" "dirsrv SELinux Policy documentation" +.SH "NAME" +dirsrv_selinux \- Security Enhanced Linux Policy for the dirsrv processes @@ -9755,84 +11485,55 @@ index 0000000..e7cfd03 + + +.EX ++.PP +.B dirsrv_config_t +.EE + +- Set files with the dirsrv_config_t type, if you want to treat the files as dirsrv configuration data, usually stored under the /etc directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrv_exec_t +.EE + +- Set files with the dirsrv_exec_t type, if you want to transition an executable to the dirsrv_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrv_share_t +.EE + +- Set files with the dirsrv_share_t type, if you want to treat the files as dirsrv share data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrv_snmp_exec_t +.EE + +- Set files with the dirsrv_snmp_exec_t type, if you want to transition an executable to the dirsrv_snmp_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrv_snmp_var_log_t +.EE + +- Set files with the dirsrv_snmp_var_log_t type, if you want to treat the data as dirsrv snmp var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrv_snmp_var_run_t +.EE + +- Set files with the dirsrv_snmp_var_run_t type, if you want to store the dirsrv snmp files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrv_tmp_t +.EE + @@ -9840,6 +11541,7 @@ index 0000000..e7cfd03 + + +.EX ++.PP +.B dirsrv_tmpfs_t +.EE + @@ -9847,103 +11549,71 @@ index 0000000..e7cfd03 + + +.EX ++.PP +.B dirsrv_var_lib_t +.EE + +- Set files with the dirsrv_var_lib_t type, if you want to store the dirsrv files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrv_var_lock_t +.EE + +- Set files with the dirsrv_var_lock_t type, if you want to treat the files as dirsrv var lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrv_var_log_t +.EE + +- Set files with the dirsrv_var_log_t type, if you want to treat the data as dirsrv var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrv_var_run_t +.EE + +- Set files with the dirsrv_var_run_t type, if you want to store the dirsrv files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrvadmin_config_t +.EE + +- Set files with the dirsrvadmin_config_t type, if you want to treat the files as dirsrvadmin configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/etc/dirsrv/admin-serv(/.*)?, /etc/dirsrv/dsgw(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrvadmin_exec_t +.EE + +- Set files with the dirsrvadmin_exec_t type, if you want to transition an executable to the dirsrvadmin_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/start-ds-admin, /usr/sbin/stop-ds-admin, /usr/sbin/restart-ds-admin -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrvadmin_lock_t +.EE + +- Set files with the dirsrvadmin_lock_t type, if you want to treat the files as dirsrvadmin lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrvadmin_tmp_t +.EE + @@ -9951,21 +11621,51 @@ index 0000000..e7cfd03 + + +.EX ++.PP +.B dirsrvadmin_unconfined_script_exec_t +.EE + +- Set files with the dirsrvadmin_unconfined_script_exec_t type, if you want to transition an executable to the dirsrvadmin_unconfined_script_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dirsrv policy is very flexible allowing users to setup their dirsrv processes in as secure a method as possible. ++.PP ++The following process types are defined for dirsrv: ++ ++.EX ++.B dirsrvadmin_unconfined_script_t, dirsrv_snmp_t, dirsrvadmin_t, dirsrv_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -9978,10 +11678,10 @@ index 0000000..e7cfd03 +selinux(8), dirsrv(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dirsrvadmin_selinux.8 b/man/man8/dirsrvadmin_selinux.8 new file mode 100644 -index 0000000..2c3c3f3 +index 0000000..de1c2f1 --- /dev/null +++ b/man/man8/dirsrvadmin_selinux.8 -@@ -0,0 +1,97 @@ +@@ -0,0 +1,115 @@ +.TH "dirsrvadmin_selinux" "8" "dirsrvadmin" "dwalsh@redhat.com" "dirsrvadmin SELinux Policy documentation" +.SH "NAME" +dirsrvadmin_selinux \- Security Enhanced Linux Policy for the dirsrvadmin processes @@ -10002,51 +11702,39 @@ index 0000000..2c3c3f3 + + +.EX ++.PP +.B dirsrvadmin_config_t +.EE + +- Set files with the dirsrvadmin_config_t type, if you want to treat the files as dirsrvadmin configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/etc/dirsrv/admin-serv(/.*)?, /etc/dirsrv/dsgw(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrvadmin_exec_t +.EE + +- Set files with the dirsrvadmin_exec_t type, if you want to transition an executable to the dirsrvadmin_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/start-ds-admin, /usr/sbin/stop-ds-admin, /usr/sbin/restart-ds-admin -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrvadmin_lock_t +.EE + +- Set files with the dirsrvadmin_lock_t type, if you want to treat the files as dirsrvadmin lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dirsrvadmin_tmp_t +.EE + @@ -10054,21 +11742,51 @@ index 0000000..2c3c3f3 + + +.EX ++.PP +.B dirsrvadmin_unconfined_script_exec_t +.EE + +- Set files with the dirsrvadmin_unconfined_script_exec_t type, if you want to transition an executable to the dirsrvadmin_unconfined_script_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/dirsrv/cgi-bin/ds_remove, /usr/lib/dirsrv/cgi-bin/ds_create ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dirsrvadmin policy is very flexible allowing users to setup their dirsrvadmin processes in as secure a method as possible. ++.PP ++The following process types are defined for dirsrvadmin: ++ ++.EX ++.B dirsrvadmin_unconfined_script_t, dirsrvadmin_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -10081,10 +11799,10 @@ index 0000000..2c3c3f3 +selinux(8), dirsrvadmin(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/disk_selinux.8 b/man/man8/disk_selinux.8 new file mode 100644 -index 0000000..c9de7a8 +index 0000000..e5d5383 --- /dev/null +++ b/man/man8/disk_selinux.8 -@@ -0,0 +1,52 @@ +@@ -0,0 +1,83 @@ +.TH "disk_selinux" "8" "disk" "dwalsh@redhat.com" "disk SELinux Policy documentation" +.SH "NAME" +disk_selinux \- Security Enhanced Linux Policy for the disk processes @@ -10105,28 +11823,59 @@ index 0000000..c9de7a8 + + +.EX ++.PP +.B disk_munin_plugin_exec_t +.EE + +- Set files with the disk_munin_plugin_exec_t type, if you want to transition an executable to the disk_munin_plugin_t domain. + +.br ++.TP 5 +Paths: +/usr/share/munin/plugins/smart_.*, /usr/share/munin/plugins/diskstat.*, /usr/share/munin/plugins/hddtemp.*, /usr/share/munin/plugins/df.* ++ ++.EX ++.PP ++.B disk_munin_plugin_tmp_t ++.EE ++ ++- Set files with the disk_munin_plugin_tmp_t type, if you want to store disk munin plugin temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux disk policy is very flexible allowing users to setup their disk processes in as secure a method as possible. ++.PP ++The following process types are defined for disk: + +.EX -+.B disk_munin_plugin_tmp_t ++.B disk_munin_plugin_t +.EE -+ -+- Set files with the disk_munin_plugin_tmp_t type, if you want to store disk munin plugin temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -10139,10 +11888,10 @@ index 0000000..c9de7a8 +selinux(8), disk(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dkim_selinux.8 b/man/man8/dkim_selinux.8 new file mode 100644 -index 0000000..af15e0f +index 0000000..e459eeb --- /dev/null +++ b/man/man8/dkim_selinux.8 -@@ -0,0 +1,71 @@ +@@ -0,0 +1,91 @@ +.TH "dkim_selinux" "8" "dkim" "dwalsh@redhat.com" "dkim SELinux Policy documentation" +.SH "NAME" +dkim_selinux \- Security Enhanced Linux Policy for the dkim processes @@ -10163,47 +11912,67 @@ index 0000000..af15e0f + + +.EX ++.PP +.B dkim_milter_data_t +.EE + +- Set files with the dkim_milter_data_t type, if you want to treat the files as dkim milter content. + +.br ++.TP 5 +Paths: +/var/lib/dkim-milter(/.*)?, /var/run/dkim-milter(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dkim_milter_exec_t +.EE + +- Set files with the dkim_milter_exec_t type, if you want to transition an executable to the dkim_milter_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dkim_milter_private_key_t +.EE + +- Set files with the dkim_milter_private_key_t type, if you want to treat the files as dkim milter private key data. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dkim policy is very flexible allowing users to setup their dkim processes in as secure a method as possible. ++.PP ++The following process types are defined for dkim: ++ ++.EX ++.B dkim_milter_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -10216,10 +11985,10 @@ index 0000000..af15e0f +selinux(8), dkim(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dlm_selinux.8 b/man/man8/dlm_selinux.8 new file mode 100644 -index 0000000..adf4e4d +index 0000000..010c321 --- /dev/null +++ b/man/man8/dlm_selinux.8 -@@ -0,0 +1,75 @@ +@@ -0,0 +1,95 @@ +.TH "dlm_selinux" "8" "dlm" "dwalsh@redhat.com" "dlm SELinux Policy documentation" +.SH "NAME" +dlm_selinux \- Security Enhanced Linux Policy for the dlm processes @@ -10240,19 +12009,15 @@ index 0000000..adf4e4d + + +.EX ++.PP +.B dlm_controld_exec_t +.EE + +- Set files with the dlm_controld_exec_t type, if you want to transition an executable to the dlm_controld_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dlm_controld_tmpfs_t +.EE + @@ -10260,31 +12025,55 @@ index 0000000..adf4e4d + + +.EX ++.PP +.B dlm_controld_var_log_t +.EE + +- Set files with the dlm_controld_var_log_t type, if you want to treat the data as dlm controld var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dlm_controld_var_run_t +.EE + +- Set files with the dlm_controld_var_run_t type, if you want to store the dlm controld files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dlm policy is very flexible allowing users to setup their dlm processes in as secure a method as possible. ++.PP ++The following process types are defined for dlm: ++ ++.EX ++.B dlm_controld_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -10297,10 +12086,10 @@ index 0000000..adf4e4d +selinux(8), dlm(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dmesg_selinux.8 b/man/man8/dmesg_selinux.8 new file mode 100644 -index 0000000..91a1551 +index 0000000..50f7819 --- /dev/null +++ b/man/man8/dmesg_selinux.8 -@@ -0,0 +1,60 @@ +@@ -0,0 +1,90 @@ +.TH "dmesg_selinux" "8" "dmesg" "dwalsh@redhat.com" "dmesg SELinux Policy documentation" +.SH "NAME" +dmesg_selinux \- Security Enhanced Linux Policy for the dmesg processes @@ -10332,21 +12121,51 @@ index 0000000..91a1551 + + +.EX ++.PP +.B dmesg_exec_t +.EE + +- Set files with the dmesg_exec_t type, if you want to transition an executable to the dmesg_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/dmesg, /bin/dmesg ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dmesg policy is very flexible allowing users to setup their dmesg processes in as secure a method as possible. ++.PP ++The following process types are defined for dmesg: ++ ++.EX ++.B dmesg_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -10364,10 +12183,10 @@ index 0000000..91a1551 \ No newline at end of file diff --git a/man/man8/dmidecode_selinux.8 b/man/man8/dmidecode_selinux.8 new file mode 100644 -index 0000000..62ede54 +index 0000000..b40b5c4 --- /dev/null +++ b/man/man8/dmidecode_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "dmidecode_selinux" "8" "dmidecode" "dwalsh@redhat.com" "dmidecode SELinux Policy documentation" +.SH "NAME" +dmidecode_selinux \- Security Enhanced Linux Policy for the dmidecode processes @@ -10388,21 +12207,51 @@ index 0000000..62ede54 + + +.EX ++.PP +.B dmidecode_exec_t +.EE + +- Set files with the dmidecode_exec_t type, if you want to transition an executable to the dmidecode_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/ownership, /usr/sbin/dmidecode, /usr/sbin/vpddecode ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dmidecode policy is very flexible allowing users to setup their dmidecode processes in as secure a method as possible. ++.PP ++The following process types are defined for dmidecode: ++ ++.EX ++.B dmidecode_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -10415,10 +12264,10 @@ index 0000000..62ede54 +selinux(8), dmidecode(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dnsmasq_selinux.8 b/man/man8/dnsmasq_selinux.8 new file mode 100644 -index 0000000..9b65b06 +index 0000000..e523ad2 --- /dev/null +++ b/man/man8/dnsmasq_selinux.8 -@@ -0,0 +1,129 @@ +@@ -0,0 +1,131 @@ +.TH "dnsmasq_selinux" "8" "dnsmasq" "dwalsh@redhat.com" "dnsmasq SELinux Policy documentation" +.SH "NAME" +dnsmasq_selinux \- Security Enhanced Linux Policy for the dnsmasq processes @@ -10439,105 +12288,107 @@ index 0000000..9b65b06 + + +.EX ++.PP +.B dnsmasq_etc_t +.EE + +- Set files with the dnsmasq_etc_t type, if you want to store dnsmasq files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dnsmasq_exec_t +.EE + +- Set files with the dnsmasq_exec_t type, if you want to transition an executable to the dnsmasq_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dnsmasq_initrc_exec_t +.EE + +- Set files with the dnsmasq_initrc_exec_t type, if you want to transition an executable to the dnsmasq_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dnsmasq_lease_t +.EE + +- Set files with the dnsmasq_lease_t type, if you want to treat the files as dnsmasq lease data. + +.br ++.TP 5 +Paths: +/var/lib/dnsmasq(/.*)?, /var/lib/misc/dnsmasq\.leases -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dnsmasq_unit_file_t +.EE + +- Set files with the dnsmasq_unit_file_t type, if you want to treat the files as dnsmasq unit content. + +.br ++.TP 5 +Paths: +/usr/lib/systemd/system/dnsmasq.*, /lib/systemd/system/dnsmasq.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dnsmasq_var_log_t +.EE + +- Set files with the dnsmasq_var_log_t type, if you want to treat the data as dnsmasq var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dnsmasq_var_run_t +.EE + +- Set files with the dnsmasq_var_run_t type, if you want to store the dnsmasq files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/dnsmasq\.pid, /var/run/libvirt/network(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dnsmasq policy is very flexible allowing users to setup their dnsmasq processes in as secure a method as possible. ++.PP ++The following process types are defined for dnsmasq: ++ ++.EX ++.B dnsmasq_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -10550,10 +12401,10 @@ index 0000000..9b65b06 +selinux(8), dnsmasq(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dnssec_selinux.8 b/man/man8/dnssec_selinux.8 new file mode 100644 -index 0000000..3989605 +index 0000000..1d079a9 --- /dev/null +++ b/man/man8/dnssec_selinux.8 -@@ -0,0 +1,93 @@ +@@ -0,0 +1,117 @@ +.TH "dnssec_selinux" "8" "dnssec" "dwalsh@redhat.com" "dnssec SELinux Policy documentation" +.SH "NAME" +dnssec_selinux \- Security Enhanced Linux Policy for the dnssec processes @@ -10574,40 +12425,34 @@ index 0000000..3989605 + + +.EX ++.PP +.B dnssec_t +.EE + +- Set files with the dnssec_t type, if you want to treat the files as dnssec data. + +.br ++.TP 5 +Paths: +/etc/unbound/.*\.key, /var/named/chroot/etc/rndc\.key, /etc/dnssec-trigger/dnssec_trigger_server\.key, /etc/rndc\.key -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dnssec_trigger_exec_t +.EE + +- Set files with the dnssec_trigger_exec_t type, if you want to transition an executable to the dnssec_trigger_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dnssec_trigger_var_run_t +.EE + +- Set files with the dnssec_trigger_var_run_t type, if you want to store the dnssec trigger files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -10626,17 +12471,47 @@ index 0000000..3989605 +SELinux dnssec policy is very flexible allowing users to setup their dnssec processes in as secure a method as possible. +.PP +The following port types are defined for dnssec: -+.EX + ++.EX ++.TP 5 +.B dnssec_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dnssec policy is very flexible allowing users to setup their dnssec processes in as secure a method as possible. ++.PP ++The following process types are defined for dnssec: + -+.B tcp 8955 ++.EX ++.B dnssec_trigger_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -10649,10 +12524,10 @@ index 0000000..3989605 +selinux(8), dnssec(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dovecot_selinux.8 b/man/man8/dovecot_selinux.8 new file mode 100644 -index 0000000..ab84990 +index 0000000..cced024 --- /dev/null +++ b/man/man8/dovecot_selinux.8 -@@ -0,0 +1,218 @@ +@@ -0,0 +1,207 @@ +.TH "dovecot_selinux" "8" "dovecot" "dwalsh@redhat.com" "dovecot SELinux Policy documentation" +.SH "NAME" +dovecot_selinux \- Security Enhanced Linux Policy for the dovecot processes @@ -10673,22 +12548,19 @@ index 0000000..ab84990 + + +.EX ++.PP +.B dovecot_auth_exec_t +.EE + +- Set files with the dovecot_auth_exec_t type, if you want to transition an executable to the dovecot_auth_t domain. + +.br ++.TP 5 +Paths: +/usr/libexec/dovecot/auth, /usr/libexec/dovecot/dovecot-auth -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dovecot_auth_tmp_t +.EE + @@ -10696,38 +12568,31 @@ index 0000000..ab84990 + + +.EX ++.PP +.B dovecot_cert_t +.EE + +- Set files with the dovecot_cert_t type, if you want to treat the files as dovecot certificate data. + +.br ++.TP 5 +Paths: +/usr/share/ssl/private/dovecot\.pem, /etc/pki/dovecot(/.*)?, /usr/share/ssl/certs/dovecot\.pem -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dovecot_deliver_exec_t +.EE + +- Set files with the dovecot_deliver_exec_t type, if you want to transition an executable to the dovecot_deliver_t domain. + +.br ++.TP 5 +Paths: +/usr/libexec/dovecot/dovecot-lda, /usr/libexec/dovecot/deliver -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dovecot_deliver_tmp_t +.EE + @@ -10735,48 +12600,35 @@ index 0000000..ab84990 + + +.EX ++.PP +.B dovecot_etc_t +.EE + +- Set files with the dovecot_etc_t type, if you want to store dovecot files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/dovecot(/.*)?*, /etc/dovecot\.conf.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dovecot_exec_t +.EE + +- Set files with the dovecot_exec_t type, if you want to transition an executable to the dovecot_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dovecot_initrc_exec_t +.EE + +- Set files with the dovecot_initrc_exec_t type, if you want to transition an executable to the dovecot_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dovecot_keytab_t +.EE + @@ -10784,32 +12636,23 @@ index 0000000..ab84990 + + +.EX ++.PP +.B dovecot_passwd_t +.EE + +- Set files with the dovecot_passwd_t type, if you want to treat the files as dovecot passwd data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dovecot_spool_t +.EE + +- Set files with the dovecot_spool_t type, if you want to store the dovecot files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dovecot_tmp_t +.EE + @@ -10817,50 +12660,71 @@ index 0000000..ab84990 + + +.EX ++.PP +.B dovecot_var_lib_t +.EE + +- Set files with the dovecot_var_lib_t type, if you want to store the dovecot files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/run/dovecot/login/ssl-parameters.dat, /var/lib/dovecot(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dovecot_var_log_t +.EE + +- Set files with the dovecot_var_log_t type, if you want to treat the data as dovecot var log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/dovecot\.log.*, /var/log/dovecot(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dovecot_var_run_t +.EE + +- Set files with the dovecot_var_run_t type, if you want to store the dovecot files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dovecot policy is very flexible allowing users to setup their dovecot processes in as secure a method as possible. ++.PP ++The following process types are defined for dovecot: ++ ++.EX ++.B dovecot_deliver_t, dovecot_auth_t, dovecot_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -10873,10 +12737,10 @@ index 0000000..ab84990 +selinux(8), dovecot(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/drbd_selinux.8 b/man/man8/drbd_selinux.8 new file mode 100644 -index 0000000..a219fd2 +index 0000000..a2744fc --- /dev/null +++ b/man/man8/drbd_selinux.8 -@@ -0,0 +1,65 @@ +@@ -0,0 +1,91 @@ +.TH "drbd_selinux" "8" "drbd" "dwalsh@redhat.com" "drbd SELinux Policy documentation" +.SH "NAME" +drbd_selinux \- Security Enhanced Linux Policy for the drbd processes @@ -10897,22 +12761,19 @@ index 0000000..a219fd2 + + +.EX ++.PP +.B drbd_exec_t +.EE + +- Set files with the drbd_exec_t type, if you want to transition an executable to the drbd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/drbdadm, /sbin/drbdadm, /usr/lib/ocf/resource.\d/linbit/drbd, /usr/sbin/drbdsetup, /sbin/drbdsetup -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B drbd_lock_t +.EE + @@ -10920,18 +12781,47 @@ index 0000000..a219fd2 + + +.EX ++.PP +.B drbd_var_lib_t +.EE + +- Set files with the drbd_var_lib_t type, if you want to store the drbd files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux drbd policy is very flexible allowing users to setup their drbd processes in as secure a method as possible. ++.PP ++The following process types are defined for drbd: ++ ++.EX ++.B drbd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -10944,10 +12834,10 @@ index 0000000..a219fd2 +selinux(8), drbd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/dspam_selinux.8 b/man/man8/dspam_selinux.8 new file mode 100644 -index 0000000..d46873c +index 0000000..6b6fd41 --- /dev/null +++ b/man/man8/dspam_selinux.8 -@@ -0,0 +1,101 @@ +@@ -0,0 +1,111 @@ +.TH "dspam_selinux" "8" "dspam" "dwalsh@redhat.com" "dspam SELinux Policy documentation" +.SH "NAME" +dspam_selinux \- Security Enhanced Linux Policy for the dspam processes @@ -10968,45 +12858,31 @@ index 0000000..d46873c + + +.EX ++.PP +.B dspam_exec_t +.EE + +- Set files with the dspam_exec_t type, if you want to transition an executable to the dspam_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dspam_initrc_exec_t +.EE + +- Set files with the dspam_initrc_exec_t type, if you want to transition an executable to the dspam_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dspam_log_t +.EE + +- Set files with the dspam_log_t type, if you want to treat the data as dspam log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dspam_tmp_t +.EE + @@ -11014,31 +12890,55 @@ index 0000000..d46873c + + +.EX ++.PP +.B dspam_var_lib_t +.EE + +- Set files with the dspam_var_lib_t type, if you want to store the dspam files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B dspam_var_run_t +.EE + +- Set files with the dspam_var_run_t type, if you want to store the dspam files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux dspam policy is very flexible allowing users to setup their dspam processes in as secure a method as possible. ++.PP ++The following process types are defined for dspam: ++ ++.EX ++.B dspam_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -11051,10 +12951,10 @@ index 0000000..d46873c +selinux(8), dspam(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/entropyd_selinux.8 b/man/man8/entropyd_selinux.8 new file mode 100644 -index 0000000..53a20b7 +index 0000000..419a6be --- /dev/null +++ b/man/man8/entropyd_selinux.8 -@@ -0,0 +1,76 @@ +@@ -0,0 +1,102 @@ +.TH "entropyd_selinux" "8" "entropyd" "dwalsh@redhat.com" "entropyd SELinux Policy documentation" +.SH "NAME" +entropyd_selinux \- Security Enhanced Linux Policy for the entropyd processes @@ -11086,37 +12986,63 @@ index 0000000..53a20b7 + + +.EX ++.PP +.B entropyd_exec_t +.EE + +- Set files with the entropyd_exec_t type, if you want to transition an executable to the entropyd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/audio-entropyd, /usr/sbin/haveged -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B entropyd_var_run_t +.EE + +- Set files with the entropyd_var_run_t type, if you want to store the entropyd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/audio-entropyd\.pid, /var/run/haveged\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux entropyd policy is very flexible allowing users to setup their entropyd processes in as secure a method as possible. ++.PP ++The following process types are defined for entropyd: ++ ++.EX ++.B entropyd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -11134,10 +13060,10 @@ index 0000000..53a20b7 \ No newline at end of file diff --git a/man/man8/eventlogd_selinux.8 b/man/man8/eventlogd_selinux.8 new file mode 100644 -index 0000000..3f86b3f +index 0000000..43deee9 --- /dev/null +++ b/man/man8/eventlogd_selinux.8 -@@ -0,0 +1,81 @@ +@@ -0,0 +1,95 @@ +.TH "eventlogd_selinux" "8" "eventlogd" "dwalsh@redhat.com" "eventlogd SELinux Policy documentation" +.SH "NAME" +eventlogd_selinux \- Security Enhanced Linux Policy for the eventlogd processes @@ -11158,57 +13084,71 @@ index 0000000..3f86b3f + + +.EX ++.PP +.B eventlogd_exec_t +.EE + +- Set files with the eventlogd_exec_t type, if you want to transition an executable to the eventlogd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B eventlogd_var_lib_t +.EE + +- Set files with the eventlogd_var_lib_t type, if you want to store the eventlogd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B eventlogd_var_run_t +.EE + +- Set files with the eventlogd_var_run_t type, if you want to store the eventlogd files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B eventlogd_var_socket_t +.EE + +- Set files with the eventlogd_var_socket_t type, if you want to treat the files as eventlogd var socket data. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux eventlogd policy is very flexible allowing users to setup their eventlogd processes in as secure a method as possible. ++.PP ++The following process types are defined for eventlogd: ++ ++.EX ++.B eventlogd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -11221,10 +13161,10 @@ index 0000000..3f86b3f +selinux(8), eventlogd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/evtchnd_selinux.8 b/man/man8/evtchnd_selinux.8 new file mode 100644 -index 0000000..046aafa +index 0000000..3e5d5f3 --- /dev/null +++ b/man/man8/evtchnd_selinux.8 -@@ -0,0 +1,71 @@ +@@ -0,0 +1,91 @@ +.TH "evtchnd_selinux" "8" "evtchnd" "dwalsh@redhat.com" "evtchnd SELinux Policy documentation" +.SH "NAME" +evtchnd_selinux \- Security Enhanced Linux Policy for the evtchnd processes @@ -11245,47 +13185,67 @@ index 0000000..046aafa + + +.EX ++.PP +.B evtchnd_exec_t +.EE + +- Set files with the evtchnd_exec_t type, if you want to transition an executable to the evtchnd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B evtchnd_var_log_t +.EE + +- Set files with the evtchnd_var_log_t type, if you want to treat the data as evtchnd var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B evtchnd_var_run_t +.EE + +- Set files with the evtchnd_var_run_t type, if you want to store the evtchnd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/evtchnd, /var/run/evtchnd\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux evtchnd policy is very flexible allowing users to setup their evtchnd processes in as secure a method as possible. ++.PP ++The following process types are defined for evtchnd: ++ ++.EX ++.B evtchnd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -11298,10 +13258,10 @@ index 0000000..046aafa +selinux(8), evtchnd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/exim_selinux.8 b/man/man8/exim_selinux.8 new file mode 100644 -index 0000000..58b0e01 +index 0000000..bb091f8 --- /dev/null +++ b/man/man8/exim_selinux.8 -@@ -0,0 +1,140 @@ +@@ -0,0 +1,152 @@ +.TH "exim_selinux" "8" "exim" "dwalsh@redhat.com" "exim SELinux Policy documentation" +.SH "NAME" +exim_selinux \- Security Enhanced Linux Policy for the exim processes @@ -11347,35 +13307,27 @@ index 0000000..58b0e01 + + +.EX ++.PP +.B exim_exec_t +.EE + +- Set files with the exim_exec_t type, if you want to transition an executable to the exim_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/exim[0-9]?, /usr/sbin/exim_tidydb -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B exim_initrc_exec_t +.EE + +- Set files with the exim_initrc_exec_t type, if you want to transition an executable to the exim_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B exim_keytab_t +.EE + @@ -11383,32 +13335,23 @@ index 0000000..58b0e01 + + +.EX ++.PP +.B exim_log_t +.EE + +- Set files with the exim_log_t type, if you want to treat the data as exim log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B exim_spool_t +.EE + +- Set files with the exim_spool_t type, if you want to store the exim files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B exim_tmp_t +.EE + @@ -11416,18 +13359,47 @@ index 0000000..58b0e01 + + +.EX ++.PP +.B exim_var_run_t +.EE + +- Set files with the exim_var_run_t type, if you want to store the exim files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux exim policy is very flexible allowing users to setup their exim processes in as secure a method as possible. ++.PP ++The following process types are defined for exim: ++ ++.EX ++.B exim_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -11445,10 +13417,10 @@ index 0000000..58b0e01 \ No newline at end of file diff --git a/man/man8/fail2ban_selinux.8 b/man/man8/fail2ban_selinux.8 new file mode 100644 -index 0000000..aaaed89 +index 0000000..86a2df3 --- /dev/null +++ b/man/man8/fail2ban_selinux.8 -@@ -0,0 +1,117 @@ +@@ -0,0 +1,123 @@ +.TH "fail2ban_selinux" "8" "fail2ban" "dwalsh@redhat.com" "fail2ban SELinux Policy documentation" +.SH "NAME" +fail2ban_selinux \- Security Enhanced Linux Policy for the fail2ban processes @@ -11469,61 +13441,43 @@ index 0000000..aaaed89 + + +.EX ++.PP +.B fail2ban_client_exec_t +.EE + +- Set files with the fail2ban_client_exec_t type, if you want to transition an executable to the fail2ban_client_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fail2ban_exec_t +.EE + +- Set files with the fail2ban_exec_t type, if you want to transition an executable to the fail2ban_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/fail2ban-server, /usr/bin/fail2ban -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fail2ban_initrc_exec_t +.EE + +- Set files with the fail2ban_initrc_exec_t type, if you want to transition an executable to the fail2ban_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fail2ban_log_t +.EE + +- Set files with the fail2ban_log_t type, if you want to treat the data as fail2ban log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fail2ban_tmp_t +.EE + @@ -11531,31 +13485,55 @@ index 0000000..aaaed89 + + +.EX ++.PP +.B fail2ban_var_lib_t +.EE + +- Set files with the fail2ban_var_lib_t type, if you want to store the fail2ban files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fail2ban_var_run_t +.EE + +- Set files with the fail2ban_var_run_t type, if you want to store the fail2ban files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux fail2ban policy is very flexible allowing users to setup their fail2ban processes in as secure a method as possible. ++.PP ++The following process types are defined for fail2ban: ++ ++.EX ++.B fail2ban_client_t, fail2ban_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -11568,10 +13546,10 @@ index 0000000..aaaed89 +selinux(8), fail2ban(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/fcoemon_selinux.8 b/man/man8/fcoemon_selinux.8 new file mode 100644 -index 0000000..8a42d05 +index 0000000..db55a67 --- /dev/null +++ b/man/man8/fcoemon_selinux.8 -@@ -0,0 +1,58 @@ +@@ -0,0 +1,83 @@ +.TH "fcoemon_selinux" "8" "fcoemon" "dwalsh@redhat.com" "fcoemon SELinux Policy documentation" +.SH "NAME" +fcoemon_selinux \- Security Enhanced Linux Policy for the fcoemon processes @@ -11592,34 +13570,59 @@ index 0000000..8a42d05 + + +.EX ++.PP +.B fcoemon_exec_t +.EE + +- Set files with the fcoemon_exec_t type, if you want to transition an executable to the fcoemon_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fcoemon_var_run_t +.EE + +- Set files with the fcoemon_var_run_t type, if you want to store the fcoemon files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/fcm(/.*)?, /var/run/fcoemon\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux fcoemon policy is very flexible allowing users to setup their fcoemon processes in as secure a method as possible. ++.PP ++The following process types are defined for fcoemon: ++ ++.EX ++.B fcoemon_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -11632,10 +13635,10 @@ index 0000000..8a42d05 +selinux(8), fcoemon(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/fenced_selinux.8 b/man/man8/fenced_selinux.8 new file mode 100644 -index 0000000..1a0b26a +index 0000000..c9b8fe3 --- /dev/null +++ b/man/man8/fenced_selinux.8 -@@ -0,0 +1,123 @@ +@@ -0,0 +1,141 @@ +.TH "fenced_selinux" "8" "fenced" "dwalsh@redhat.com" "fenced SELinux Policy documentation" +.SH "NAME" +fenced_selinux \- Security Enhanced Linux Policy for the fenced processes @@ -11674,35 +13677,27 @@ index 0000000..1a0b26a + + +.EX ++.PP +.B fenced_exec_t +.EE + +- Set files with the fenced_exec_t type, if you want to transition an executable to the fenced_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/fence_node, /usr/sbin/fence_tool, /usr/sbin/fenced -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fenced_lock_t +.EE + +- Set files with the fenced_lock_t type, if you want to treat the files as fenced lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fenced_tmp_t +.EE + @@ -11710,6 +13705,7 @@ index 0000000..1a0b26a + + +.EX ++.PP +.B fenced_tmpfs_t +.EE + @@ -11717,34 +13713,59 @@ index 0000000..1a0b26a + + +.EX ++.PP +.B fenced_var_log_t +.EE + +- Set files with the fenced_var_log_t type, if you want to treat the data as fenced var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fenced_var_run_t +.EE + +- Set files with the fenced_var_run_t type, if you want to store the fenced files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/cluster/fenced_override, /var/run/cluster/fence_scsi.*, /var/run/fenced\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux fenced policy is very flexible allowing users to setup their fenced processes in as secure a method as possible. ++.PP ++The following process types are defined for fenced: ++ ++.EX ++.B fenced_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -11762,10 +13783,10 @@ index 0000000..1a0b26a \ No newline at end of file diff --git a/man/man8/fetchmail_selinux.8 b/man/man8/fetchmail_selinux.8 new file mode 100644 -index 0000000..7e04501 +index 0000000..fe83b20 --- /dev/null +++ b/man/man8/fetchmail_selinux.8 -@@ -0,0 +1,94 @@ +@@ -0,0 +1,103 @@ +.TH "fetchmail_selinux" "8" "fetchmail" "dwalsh@redhat.com" "fetchmail SELinux Policy documentation" +.SH "NAME" +fetchmail_selinux \- Security Enhanced Linux Policy for the fetchmail processes @@ -11786,70 +13807,79 @@ index 0000000..7e04501 + + +.EX ++.PP +.B fetchmail_etc_t +.EE + +- Set files with the fetchmail_etc_t type, if you want to store fetchmail files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fetchmail_exec_t +.EE + +- Set files with the fetchmail_exec_t type, if you want to transition an executable to the fetchmail_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fetchmail_home_t +.EE + +- Set files with the fetchmail_home_t type, if you want to store fetchmail files in the users home directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fetchmail_uidl_cache_t +.EE + +- Set files with the fetchmail_uidl_cache_t type, if you want to store the files under the /var/cache directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fetchmail_var_run_t +.EE + +- Set files with the fetchmail_var_run_t type, if you want to store the fetchmail files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux fetchmail policy is very flexible allowing users to setup their fetchmail processes in as secure a method as possible. ++.PP ++The following process types are defined for fetchmail: ++ ++.EX ++.B fetchmail_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -11862,10 +13892,10 @@ index 0000000..7e04501 +selinux(8), fetchmail(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/fingerd_selinux.8 b/man/man8/fingerd_selinux.8 new file mode 100644 -index 0000000..b92eb17 +index 0000000..3b9906e --- /dev/null +++ b/man/man8/fingerd_selinux.8 -@@ -0,0 +1,100 @@ +@@ -0,0 +1,125 @@ +.TH "fingerd_selinux" "8" "fingerd" "dwalsh@redhat.com" "fingerd SELinux Policy documentation" +.SH "NAME" +fingerd_selinux \- Security Enhanced Linux Policy for the fingerd processes @@ -11886,53 +13916,48 @@ index 0000000..b92eb17 + + +.EX ++.PP +.B fingerd_etc_t +.EE + +- Set files with the fingerd_etc_t type, if you want to store fingerd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fingerd_exec_t +.EE + +- Set files with the fingerd_exec_t type, if you want to transition an executable to the fingerd_t domain. + +.br ++.TP 5 +Paths: +/etc/cron\.weekly/(c)?fingerd, /usr/sbin/[cef]fingerd, /usr/sbin/in\.fingerd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fingerd_log_t +.EE + +- Set files with the fingerd_log_t type, if you want to treat the data as fingerd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fingerd_var_run_t +.EE + +- Set files with the fingerd_var_run_t type, if you want to store the fingerd files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -11945,17 +13970,47 @@ index 0000000..b92eb17 +SELinux fingerd policy is very flexible allowing users to setup their fingerd processes in as secure a method as possible. +.PP +The following port types are defined for fingerd: -+.EX + ++.EX ++.TP 5 +.B fingerd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux fingerd policy is very flexible allowing users to setup their fingerd processes in as secure a method as possible. ++.PP ++The following process types are defined for fingerd: + -+.B tcp 79 ++.EX ++.B fingerd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -11968,10 +14023,10 @@ index 0000000..b92eb17 +selinux(8), fingerd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/firewalld_selinux.8 b/man/man8/firewalld_selinux.8 new file mode 100644 -index 0000000..95ca384 +index 0000000..2cc5aaa --- /dev/null +++ b/man/man8/firewalld_selinux.8 -@@ -0,0 +1,84 @@ +@@ -0,0 +1,99 @@ +.TH "firewalld_selinux" "8" "firewalld" "dwalsh@redhat.com" "firewalld SELinux Policy documentation" +.SH "NAME" +firewalld_selinux \- Security Enhanced Linux Policy for the firewalld processes @@ -11992,60 +14047,75 @@ index 0000000..95ca384 + + +.EX ++.PP +.B firewalld_exec_t +.EE + +- Set files with the firewalld_exec_t type, if you want to transition an executable to the firewalld_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B firewalld_initrc_exec_t +.EE + +- Set files with the firewalld_initrc_exec_t type, if you want to transition an executable to the firewalld_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B firewalld_var_log_t +.EE + +- Set files with the firewalld_var_log_t type, if you want to treat the data as firewalld var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B firewalld_var_run_t +.EE + +- Set files with the firewalld_var_run_t type, if you want to store the firewalld files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/firewalld(/.*)?, /var/run/firewalld\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux firewalld policy is very flexible allowing users to setup their firewalld processes in as secure a method as possible. ++.PP ++The following process types are defined for firewalld: ++ ++.EX ++.B firewallgui_t, firewalld_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -12058,10 +14128,10 @@ index 0000000..95ca384 +selinux(8), firewalld(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/firewallgui_selinux.8 b/man/man8/firewallgui_selinux.8 new file mode 100644 -index 0000000..32cfddb +index 0000000..02aeaf5 --- /dev/null +++ b/man/man8/firewallgui_selinux.8 -@@ -0,0 +1,49 @@ +@@ -0,0 +1,79 @@ +.TH "firewallgui_selinux" "8" "firewallgui" "dwalsh@redhat.com" "firewallgui SELinux Policy documentation" +.SH "NAME" +firewallgui_selinux \- Security Enhanced Linux Policy for the firewallgui processes @@ -12082,25 +14152,55 @@ index 0000000..32cfddb + + +.EX ++.PP +.B firewallgui_exec_t +.EE + +- Set files with the firewallgui_exec_t type, if you want to transition an executable to the firewallgui_t domain. + ++ ++.EX ++.PP ++.B firewallgui_tmp_t ++.EE ++ ++- Set files with the firewallgui_tmp_t type, if you want to store firewallgui temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux firewallgui policy is very flexible allowing users to setup their firewallgui processes in as secure a method as possible. ++.PP ++The following process types are defined for firewallgui: + +.EX -+.B firewallgui_tmp_t ++.B firewallgui_t +.EE -+ -+- Set files with the firewallgui_tmp_t type, if you want to store firewallgui temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -12113,10 +14213,10 @@ index 0000000..32cfddb +selinux(8), firewallgui(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/firstboot_selinux.8 b/man/man8/firstboot_selinux.8 new file mode 100644 -index 0000000..de5eff3 +index 0000000..b016058 --- /dev/null +++ b/man/man8/firstboot_selinux.8 -@@ -0,0 +1,59 @@ +@@ -0,0 +1,91 @@ +.TH "firstboot_selinux" "8" "firstboot" "dwalsh@redhat.com" "firstboot SELinux Policy documentation" +.SH "NAME" +firstboot_selinux \- Security Enhanced Linux Policy for the firstboot processes @@ -12137,6 +14237,7 @@ index 0000000..de5eff3 + + +.EX ++.PP +.B firstboot_etc_t +.EE + @@ -12144,28 +14245,59 @@ index 0000000..de5eff3 + + +.EX ++.PP +.B firstboot_exec_t +.EE + +- Set files with the firstboot_exec_t type, if you want to transition an executable to the firstboot_t domain. + +.br ++.TP 5 +Paths: +/usr/share/firstboot/firstboot\.py, /usr/sbin/firstboot ++ ++.EX ++.PP ++.B firstboot_tmp_t ++.EE ++ ++- Set files with the firstboot_tmp_t type, if you want to store firstboot temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux firstboot policy is very flexible allowing users to setup their firstboot processes in as secure a method as possible. ++.PP ++The following process types are defined for firstboot: + +.EX -+.B firstboot_tmp_t ++.B firstboot_t +.EE -+ -+- Set files with the firstboot_tmp_t type, if you want to store firstboot temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -12178,10 +14310,10 @@ index 0000000..de5eff3 +selinux(8), firstboot(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/foghorn_selinux.8 b/man/man8/foghorn_selinux.8 new file mode 100644 -index 0000000..551cd1f +index 0000000..602a0a5 --- /dev/null +++ b/man/man8/foghorn_selinux.8 -@@ -0,0 +1,63 @@ +@@ -0,0 +1,95 @@ +.TH "foghorn_selinux" "8" "foghorn" "dwalsh@redhat.com" "foghorn SELinux Policy documentation" +.SH "NAME" +foghorn_selinux \- Security Enhanced Linux Policy for the foghorn processes @@ -12202,19 +14334,15 @@ index 0000000..551cd1f + + +.EX ++.PP +.B foghorn_exec_t +.EE + +- Set files with the foghorn_exec_t type, if you want to transition an executable to the foghorn_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B foghorn_tmpfs_t +.EE + @@ -12222,6 +14350,7 @@ index 0000000..551cd1f + + +.EX ++.PP +.B foghorn_var_log_t +.EE + @@ -12229,12 +14358,47 @@ index 0000000..551cd1f + + +.EX ++.PP +.B foghorn_var_run_t +.EE + +- Set files with the foghorn_var_run_t type, if you want to store the foghorn files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux foghorn policy is very flexible allowing users to setup their foghorn processes in as secure a method as possible. ++.PP ++The following process types are defined for foghorn: ++ ++.EX ++.B foghorn_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -12247,10 +14411,10 @@ index 0000000..551cd1f +selinux(8), foghorn(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/fprintd_selinux.8 b/man/man8/fprintd_selinux.8 new file mode 100644 -index 0000000..7e279b3 +index 0000000..68781fc --- /dev/null +++ b/man/man8/fprintd_selinux.8 -@@ -0,0 +1,55 @@ +@@ -0,0 +1,79 @@ +.TH "fprintd_selinux" "8" "fprintd" "dwalsh@redhat.com" "fprintd SELinux Policy documentation" +.SH "NAME" +fprintd_selinux \- Security Enhanced Linux Policy for the fprintd processes @@ -12271,31 +14435,55 @@ index 0000000..7e279b3 + + +.EX ++.PP +.B fprintd_exec_t +.EE + +- Set files with the fprintd_exec_t type, if you want to transition an executable to the fprintd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fprintd_var_lib_t +.EE + +- Set files with the fprintd_var_lib_t type, if you want to store the fprintd files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux fprintd policy is very flexible allowing users to setup their fprintd processes in as secure a method as possible. ++.PP ++The following process types are defined for fprintd: ++ ++.EX ++.B fprintd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -12308,10 +14496,10 @@ index 0000000..7e279b3 +selinux(8), fprintd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/freshclam_selinux.8 b/man/man8/freshclam_selinux.8 new file mode 100644 -index 0000000..b7924e5 +index 0000000..5325cb1 --- /dev/null +++ b/man/man8/freshclam_selinux.8 -@@ -0,0 +1,58 @@ +@@ -0,0 +1,83 @@ +.TH "freshclam_selinux" "8" "freshclam" "dwalsh@redhat.com" "freshclam SELinux Policy documentation" +.SH "NAME" +freshclam_selinux \- Security Enhanced Linux Policy for the freshclam processes @@ -12332,34 +14520,59 @@ index 0000000..b7924e5 + + +.EX ++.PP +.B freshclam_exec_t +.EE + +- Set files with the freshclam_exec_t type, if you want to transition an executable to the freshclam_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B freshclam_var_log_t +.EE + +- Set files with the freshclam_var_log_t type, if you want to treat the data as freshclam var log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/clamav/freshclam.*, /var/log/freshclam.* ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux freshclam policy is very flexible allowing users to setup their freshclam processes in as secure a method as possible. ++.PP ++The following process types are defined for freshclam: ++ ++.EX ++.B freshclam_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -12372,10 +14585,10 @@ index 0000000..b7924e5 +selinux(8), freshclam(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/fsadm_selinux.8 b/man/man8/fsadm_selinux.8 new file mode 100644 -index 0000000..10df929 +index 0000000..1251e93 --- /dev/null +++ b/man/man8/fsadm_selinux.8 -@@ -0,0 +1,65 @@ +@@ -0,0 +1,91 @@ +.TH "fsadm_selinux" "8" "fsadm" "dwalsh@redhat.com" "fsadm SELinux Policy documentation" +.SH "NAME" +fsadm_selinux \- Security Enhanced Linux Policy for the fsadm processes @@ -12396,46 +14609,72 @@ index 0000000..10df929 + + +.EX ++.PP +.B fsadm_exec_t +.EE + +- Set files with the fsadm_exec_t type, if you want to transition an executable to the fsadm_t domain. + +.br ++.TP 5 +Paths: +/sbin/partx, /usr/sbin/fdisk, /sbin/mkfs.*, /sbin/blockdev, /usr/sbin/sfdisk, /sbin/dumpe2fs, /sbin/mkdosfs, /sbin/mke2fs, /sbin/e4fsck, /usr/sbin/dosfsck, /usr/sbin/blockdev, /usr/sbin/lsraid, /usr/bin/partition_uuid, /sbin/raidautorun, /usr/sbin/findfs, /usr/sbin/scsi_info, /usr/sbin/raidstart, /sbin/mkreiserfs, /sbin/hdparm, /sbin/sfdisk, /usr/sbin/raidautorun, /usr/sbin/make_reiser4, /usr/sbin/partx, /usr/sbin/resize.*fs, /sbin/tune2fs, /usr/sbin/fsck.*, /usr/sbin/dumpe2fs, /usr/sbin/mkdosfs, /sbin/blkid, /usr/sbin/hdparm, /sbin/make_reiser4, /sbin/dump, /sbin/swapon.*, /usr/sbin/jfs_.*, /usr/bin/scsi_unique_id, /sbin/findfs, /usr/sbin/smartctl, /usr/bin/syslinux, /usr/sbin/blkid, /usr/sbin/mke2fs, /sbin/losetup.*, /sbin/resize.*fs, /usr/sbin/tune2fs, /usr/lib/systemd/systemd-fsck, /sbin/parted, /sbin/partprobe, /sbin/dosfsck, /usr/sbin/mkfs.*, /sbin/e2label, /lib/systemd/systemd-fsck, /usr/sbin/reiserfs(ck|tune), /sbin/mkraid, /sbin/install-mbr, /sbin/scsi_info, /sbin/e2fsck, /sbin/fsck.*, /usr/sbin/install-mbr, /usr/sbin/clubufflush, /sbin/jfs_.*, /sbin/raidstart, /sbin/lsraid, /usr/sbin/losetup.*, /usr/sbin/mkreiserfs, /usr/sbin/swapon.*, /usr/sbin/e2fsck, /sbin/reiserfs(ck|tune), /usr/sbin/e4fsck, /usr/sbin/dump, /usr/sbin/partprobe, /sbin/fdisk, /usr/sbin/e2label, /usr/sbin/parted, /usr/bin/raw, /sbin/mke4fs, /usr/sbin/cfdisk, /usr/sbin/mke4fs, /sbin/cfdisk, /usr/sbin/mkraid -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fsadm_log_t +.EE + +- Set files with the fsadm_log_t type, if you want to treat the data as fsadm log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fsadm_tmp_t +.EE + +- Set files with the fsadm_tmp_t type, if you want to store fsadm temporary files in the /tmp directories. + -+.SH "COMMANDS" + +.PP -+.B system-config-selinux -+is a GUI tool available to customize SELinux policy settings. -+ ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux fsadm policy is very flexible allowing users to setup their fsadm processes in as secure a method as possible. ++.PP ++The following process types are defined for fsadm: ++ ++.EX ++.B fsadm_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ ++.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.PP ++.B system-config-selinux ++is a GUI tool available to customize SELinux policy settings. ++ +.SH AUTHOR +This manual page was autogenerated by genman.py. + @@ -12443,10 +14682,10 @@ index 0000000..10df929 +selinux(8), fsadm(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/fsdaemon_selinux.8 b/man/man8/fsdaemon_selinux.8 new file mode 100644 -index 0000000..10c135e +index 0000000..19cc5d1 --- /dev/null +++ b/man/man8/fsdaemon_selinux.8 -@@ -0,0 +1,75 @@ +@@ -0,0 +1,95 @@ +.TH "fsdaemon_selinux" "8" "fsdaemon" "dwalsh@redhat.com" "fsdaemon SELinux Policy documentation" +.SH "NAME" +fsdaemon_selinux \- Security Enhanced Linux Policy for the fsdaemon processes @@ -12467,32 +14706,23 @@ index 0000000..10c135e + + +.EX ++.PP +.B fsdaemon_exec_t +.EE + +- Set files with the fsdaemon_exec_t type, if you want to transition an executable to the fsdaemon_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fsdaemon_initrc_exec_t +.EE + +- Set files with the fsdaemon_initrc_exec_t type, if you want to transition an executable to the fsdaemon_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B fsdaemon_tmp_t +.EE + @@ -12500,18 +14730,47 @@ index 0000000..10c135e + + +.EX ++.PP +.B fsdaemon_var_run_t +.EE + +- Set files with the fsdaemon_var_run_t type, if you want to store the fsdaemon files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux fsdaemon policy is very flexible allowing users to setup their fsdaemon processes in as secure a method as possible. ++.PP ++The following process types are defined for fsdaemon: ++ ++.EX ++.B fsdaemon_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -12523,10 +14782,10 @@ index 0000000..10c135e +.SH "SEE ALSO" +selinux(8), fsdaemon(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ftpd_selinux.8 b/man/man8/ftpd_selinux.8 -index 5bebd82..6711037 100644 +index 5bebd82..bbe8e0d 100644 --- a/man/man8/ftpd_selinux.8 +++ b/man/man8/ftpd_selinux.8 -@@ -1,65 +1,303 @@ +@@ -1,65 +1,321 @@ -.TH "ftpd_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "ftpd SELinux policy documentation" +.TH "ftpd_selinux" "8" "ftpd" "dwalsh@redhat.com" "ftpd SELinux Policy documentation" .SH "NAME" @@ -12542,35 +14801,56 @@ index 5bebd82..6711037 100644 +SELinux policy is customizable based on least access required. ftpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run ftpd with the tightest access possible. + + -+.PP + .PP +-Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control. +-.SH FILE_CONTEXTS +If you want to allow ftp to read and write files in the user home directorie, you must turn on the ftp_home_dir boolean. + +.EX +.B setsebool -P ftp_home_dir 1 +.EE + -+.PP + .PP +-SELinux requires files to have a file type. File types may be specified with semanage and are restored with restorecon. Policy governs the access that daemons have to files. +-.TP +-Allow ftp servers to read the /var/ftp directory by adding the public_content_t file type to the directory and by restoring the file type. +If you want to allow ftp servers to login to local users and read/write all files on the system, governed by DAC, you must turn on the allow_ftpd_full_access boolean. + +.EX +.B setsebool -P allow_ftpd_full_access 1 +.EE + -+.PP + .PP +-.B +-semanage fcontext -a -t public_content_t "/var/ftp(/.*)?" +-.TP +-.B +-restorecon -F -R -v /var/ftp +-.TP +-Allow ftp servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_ftpd_anon_write boolean to be set. +If you want to allow ftp servers to connect to mysql database port, you must turn on the ftpd_connect_db boolean. + +.EX +.B setsebool -P ftpd_connect_db 1 +.EE + -+.PP + .PP +-.B +-semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?" +-.TP +-.B +-restorecon -F -R -v /var/ftp/incoming +If you want to allow ftp servers to use cifs used for public file transfer services, you must turn on the allow_ftpd_use_cifs boolean. + +.EX +.B setsebool -P allow_ftpd_use_cifs 1 +.EE -+ -+.PP + +-.SH BOOLEANS + .PP +-SELinux policy is based on least privilege required and may also be customizable by setting a boolean with setsebool. +-.TP +-Allow ftp servers to read and write files with the public_content_rw_t file type. +If you want to allow ftp servers to use nfs used for public file transfer services, you must turn on the allow_ftpd_use_nfs boolean. + +.EX @@ -12578,8 +14858,10 @@ index 5bebd82..6711037 100644 +.EE + .PP --Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control. --.SH FILE_CONTEXTS +-.B +-setsebool -P allow_ftpd_anon_write on +-.TP +-Allow ftp servers to read or write files in the user home directories. +If you want to allow sftp-internal to read and write files in the user home directorie, you must turn on the sftpd_enable_homedirs boolean. + +.EX @@ -12587,14 +14869,19 @@ index 5bebd82..6711037 100644 +.EE + .PP --SELinux requires files to have a file type. File types may be specified with semanage and are restored with restorecon. Policy governs the access that daemons have to files. +-.B +-setsebool -P ftp_home_dir on +-.TP +-Allow ftp servers to read or write all files on the system. +If you want to allow httpd to act as a FTP client connecting to the ftp port and ephemeral port, you must turn on the httpd_can_connect_ftp boolean. + +.EX +.B setsebool -P httpd_can_connect_ftp 1 +.EE + -+.PP + .PP +-.B +-setsebool -P allow_ftpd_full_access on +If you want to allow sftp-internal to login to local users and read/write all files on the system, governed by DAC, you must turn on the sftpd_full_access boolean. + +.EX @@ -12625,57 +14912,46 @@ index 5bebd82..6711037 100644 +.SH SHARING FILES +If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. .TP --Allow ftp servers to read the /var/ftp directory by adding the public_content_t file type to the directory and by restoring the file type. +-Allow ftp servers to use cifs for public file transfer services. +Allow ftpd servers to read the /var/ftpd directory by adding the public_content_t file type to the directory and by restoring the file type. .PP .B --semanage fcontext -a -t public_content_t "/var/ftp(/.*)?" +-setsebool -P allow_ftpd_use_cifs on +semanage fcontext -a -t public_content_t "/var/ftpd(/.*)?" - .TP - .B --restorecon -F -R -v /var/ftp -+restorecon -F -R -v /var/ftpd ++.br ++.B restorecon -F -R -v /var/ftpd +.pp .TP --Allow ftp servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_ftpd_anon_write boolean to be set. +-Allow ftp servers to use nfs for public file transfer services. +Allow ftpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_ftpdd_anon_write boolean to be set. .PP .B --semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?" +-setsebool -P allow_ftpd_use_nfs on +-.TP +-system-config-selinux is a GUI tool available to customize SELinux policy settings. +-.SH AUTHOR +semanage fcontext -a -t public_content_rw_t "/var/ftpd/incoming(/.*)?" - .TP - .B --restorecon -F -R -v /var/ftp/incoming -+restorecon -F -R -v /var/ftpd/incoming ++.br ++.B restorecon -F -R -v /var/ftpd/incoming ++ + - --.SH BOOLEANS .PP --SELinux policy is based on least privilege required and may also be customizable by setting a boolean with setsebool. --.TP --Allow ftp servers to read and write files with the public_content_rw_t file type. +-This manual page was written by Dan Walsh . +If you want to allow tftp to modify public files used for public file transfer services., you must turn on the tftp_anon_write boolean. -+ + +-.SH "SEE ALSO" +.EX +.B setsebool -P tftp_anon_write 1 +.EE + - .PP --.B --setsebool -P allow_ftpd_anon_write on --.TP --Allow ftp servers to read or write files in the user home directories. ++.PP +If you want to allow ftp servers to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t., you must turn on the allow_ftpd_anon_write boolean. + +.EX +.B setsebool -P allow_ftpd_anon_write 1 +.EE + - .PP --.B --setsebool -P ftp_home_dir on --.TP --Allow ftp servers to read or write all files on the system. ++.PP +If you want to allow anon internal-sftp to upload files, used for public file transfer services, directories must be labeled public_content_rw_t., you must turn on the sftpd_anon_write boolean. + +.EX @@ -12684,17 +14960,9 @@ index 5bebd82..6711037 100644 + +.SH FILE CONTEXTS +SELinux requires files to have an extended attribute to define the file type. - .PP --.B --setsebool -P allow_ftpd_full_access on --.TP --Allow ftp servers to use cifs for public file transfer services. ++.PP +You can see the context of a file using the \fB\-Z\fP option to \fBls\bP - .PP --.B --setsebool -P allow_ftpd_use_cifs on --.TP --Allow ftp servers to use nfs for public file transfer services. ++.PP +Policy governs the access confined processes have to these files. +SELinux ftpd policy is very flexible allowing users to setup their ftpd processes in as secure a method as possible. +.PP @@ -12702,51 +14970,40 @@ index 5bebd82..6711037 100644 + + +.EX ++.PP +.B ftpd_etc_t +.EE + +- Set files with the ftpd_etc_t type, if you want to store ftpd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX + .PP +.B ftpd_exec_t +.EE -+ + +-selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8) +- Set files with the ftpd_exec_t type, if you want to transition an executable to the ftpd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/ftpwho, /etc/cron\.monthly/proftpd, /usr/sbin/in\.ftpd, /usr/sbin/proftpd, /usr/kerberos/sbin/ftpd, /usr/sbin/muddleftpd, /usr/sbin/vsftpd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ftpd_initrc_exec_t +.EE + +- Set files with the ftpd_initrc_exec_t type, if you want to transition an executable to the ftpd_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/proftpd, /etc/rc\.d/init\.d/vsftpd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ftpd_keytab_t +.EE + @@ -12754,6 +15011,7 @@ index 5bebd82..6711037 100644 + + +.EX ++.PP +.B ftpd_lock_t +.EE + @@ -12761,6 +15019,7 @@ index 5bebd82..6711037 100644 + + +.EX ++.PP +.B ftpd_tmp_t +.EE + @@ -12768,6 +15027,7 @@ index 5bebd82..6711037 100644 + + +.EX ++.PP +.B ftpd_tmpfs_t +.EE + @@ -12775,6 +15035,7 @@ index 5bebd82..6711037 100644 + + +.EX ++.PP +.B ftpd_unit_file_t +.EE + @@ -12782,88 +15043,108 @@ index 5bebd82..6711037 100644 + + +.EX ++.PP +.B ftpd_var_run_t +.EE + +- Set files with the ftpd_var_run_t type, if you want to store the ftpd files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ftpdctl_exec_t +.EE + +- Set files with the ftpdctl_exec_t type, if you want to transition an executable to the ftpdctl_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ftpdctl_tmp_t +.EE + +- Set files with the ftpdctl_tmp_t type, if you want to store ftpdctl temporary files in the /tmp directories. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. - .PP --.B --setsebool -P allow_ftpd_use_nfs on --.TP --system-config-selinux is a GUI tool available to customize SELinux policy settings. --.SH AUTHOR ++.PP +You can see the types associated with a port by using the following command: + +.B semanage port -l + - .PP --This manual page was written by Dan Walsh . ++.PP +Policy governs the access confined processes have to these ports. +SELinux ftpd policy is very flexible allowing users to setup their ftpd processes in as secure a method as possible. +.PP +The following port types are defined for ftpd: -+.EX + ++.EX ++.TP 5 +.B ftp_data_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 20 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B ftp_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 21,990 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 990 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ftpd policy is very flexible allowing users to setup their ftpd processes in as secure a method as possible. ++.PP ++The following process types are defined for ftpd: ++ ++.EX ++.B ftpd_t, ftpdctl_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans - --.SH "SEE ALSO" - .PP ++ ++.PP +.B system-config-selinux +is a GUI tool available to customize SELinux policy settings. - --selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8) ++ +.SH AUTHOR +This manual page was autogenerated by genman.py. + @@ -12873,10 +15154,10 @@ index 5bebd82..6711037 100644 \ No newline at end of file diff --git a/man/man8/ftpdctl_selinux.8 b/man/man8/ftpdctl_selinux.8 new file mode 100644 -index 0000000..cf50716 +index 0000000..00dde44 --- /dev/null +++ b/man/man8/ftpdctl_selinux.8 -@@ -0,0 +1,49 @@ +@@ -0,0 +1,79 @@ +.TH "ftpdctl_selinux" "8" "ftpdctl" "dwalsh@redhat.com" "ftpdctl SELinux Policy documentation" +.SH "NAME" +ftpdctl_selinux \- Security Enhanced Linux Policy for the ftpdctl processes @@ -12897,25 +15178,55 @@ index 0000000..cf50716 + + +.EX ++.PP +.B ftpdctl_exec_t +.EE + +- Set files with the ftpdctl_exec_t type, if you want to transition an executable to the ftpdctl_t domain. + ++ ++.EX ++.PP ++.B ftpdctl_tmp_t ++.EE ++ ++- Set files with the ftpdctl_tmp_t type, if you want to store ftpdctl temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ftpdctl policy is very flexible allowing users to setup their ftpdctl processes in as secure a method as possible. ++.PP ++The following process types are defined for ftpdctl: + +.EX -+.B ftpdctl_tmp_t ++.B ftpdctl_t +.EE -+ -+- Set files with the ftpdctl_tmp_t type, if you want to store ftpdctl temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -12928,10 +15239,10 @@ index 0000000..cf50716 +selinux(8), ftpdctl(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/games_selinux.8 b/man/man8/games_selinux.8 new file mode 100644 -index 0000000..60f5a41 +index 0000000..9c810df --- /dev/null +++ b/man/man8/games_selinux.8 -@@ -0,0 +1,82 @@ +@@ -0,0 +1,111 @@ +.TH "games_selinux" "8" "games" "dwalsh@redhat.com" "games SELinux Policy documentation" +.SH "NAME" +games_selinux \- Security Enhanced Linux Policy for the games processes @@ -12952,38 +15263,31 @@ index 0000000..60f5a41 + + +.EX ++.PP +.B games_data_t +.EE + +- Set files with the games_data_t type, if you want to treat the files as games content. + +.br ++.TP 5 +Paths: +/var/games(/.*)?, /var/lib/games(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B games_exec_t +.EE + +- Set files with the games_exec_t type, if you want to transition an executable to the games_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/sol, /usr/bin/blackjack, /usr/bin/micq, /usr/bin/gnome-stones, /usr/bin/kshisen, /usr/bin/klickety, /usr/bin/lskat, /usr/bin/atlantik, /usr/bin/ksame, /usr/bin/kgoldrunner, /usr/bin/lskatproc, /usr/bin/gataxx, /usr/bin/katomic, /usr/bin/Maelstrom, /usr/bin/ksmiletris, /usr/bin/gnect, /usr/bin/gnotravex, /usr/bin/ksirtet, /usr/bin/ktuberling, /usr/bin/kbounce, /usr/bin/kenolaba, /usr/bin/kmahjongg, /usr/bin/ksnake, /usr/bin/kbackgammon, /usr/games/.*, /usr/bin/gnobots2, /usr/bin/civserver.*, /usr/bin/civclient.*, /usr/bin/kwin4, /usr/bin/mahjongg, /usr/bin/kblackbox, /usr/bin/kjumpingcube, /usr/bin/gnotski, /usr/bin/gnomine, /usr/bin/kbattleship, /usr/bin/same-gnome, /usr/bin/kasteroids, /usr/bin/kolf, /usr/bin/konquest, /usr/bin/kreversi, /usr/bin/ksokoban, /usr/bin/kpoker, /usr/lib/games(/.*)?, /usr/bin/glines, /usr/bin/kfouleggs, /usr/bin/ktron, /usr/bin/kmines, /usr/bin/gnibbles, /usr/bin/kspaceduel, /usr/bin/kpat, /usr/bin/iagno, /usr/bin/gtali, /usr/bin/klines, /usr/bin/kwin4proc -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B games_srv_var_run_t +.EE + @@ -12991,6 +15295,7 @@ index 0000000..60f5a41 + + +.EX ++.PP +.B games_tmp_t +.EE + @@ -12998,12 +15303,47 @@ index 0000000..60f5a41 + + +.EX ++.PP +.B games_tmpfs_t +.EE + +- Set files with the games_tmpfs_t type, if you want to store games files on a tmpfs file system. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux games policy is very flexible allowing users to setup their games processes in as secure a method as possible. ++.PP ++The following process types are defined for games: ++ ++.EX ++.B games_t, games_srv_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -13016,10 +15356,10 @@ index 0000000..60f5a41 +selinux(8), games(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/gconfd_selinux.8 b/man/man8/gconfd_selinux.8 new file mode 100644 -index 0000000..f78f208 +index 0000000..27f5552 --- /dev/null +++ b/man/man8/gconfd_selinux.8 -@@ -0,0 +1,49 @@ +@@ -0,0 +1,79 @@ +.TH "gconfd_selinux" "8" "gconfd" "dwalsh@redhat.com" "gconfd SELinux Policy documentation" +.SH "NAME" +gconfd_selinux \- Security Enhanced Linux Policy for the gconfd processes @@ -13040,6 +15380,7 @@ index 0000000..f78f208 + + +.EX ++.PP +.B gconfd_exec_t +.EE + @@ -13047,18 +15388,47 @@ index 0000000..f78f208 + + +.EX ++.PP +.B gconfdefaultsm_exec_t +.EE + +- Set files with the gconfdefaultsm_exec_t type, if you want to transition an executable to the gconfdefaultsm_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux gconfd policy is very flexible allowing users to setup their gconfd processes in as secure a method as possible. ++.PP ++The following process types are defined for gconfd: ++ ++.EX ++.B gconfdefaultsm_t, gconfd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -13071,10 +15441,10 @@ index 0000000..f78f208 +selinux(8), gconfd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/gconfdefaultsm_selinux.8 b/man/man8/gconfdefaultsm_selinux.8 new file mode 100644 -index 0000000..92404fc +index 0000000..b0fda25 --- /dev/null +++ b/man/man8/gconfdefaultsm_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "gconfdefaultsm_selinux" "8" "gconfdefaultsm" "dwalsh@redhat.com" "gconfdefaultsm SELinux Policy documentation" +.SH "NAME" +gconfdefaultsm_selinux \- Security Enhanced Linux Policy for the gconfdefaultsm processes @@ -13095,18 +15465,47 @@ index 0000000..92404fc + + +.EX ++.PP +.B gconfdefaultsm_exec_t +.EE + +- Set files with the gconfdefaultsm_exec_t type, if you want to transition an executable to the gconfdefaultsm_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux gconfdefaultsm policy is very flexible allowing users to setup their gconfdefaultsm processes in as secure a method as possible. ++.PP ++The following process types are defined for gconfdefaultsm: ++ ++.EX ++.B gconfdefaultsm_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -13119,10 +15518,10 @@ index 0000000..92404fc +selinux(8), gconfdefaultsm(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/getty_selinux.8 b/man/man8/getty_selinux.8 new file mode 100644 -index 0000000..b745247 +index 0000000..e0bf143 --- /dev/null +++ b/man/man8/getty_selinux.8 -@@ -0,0 +1,104 @@ +@@ -0,0 +1,123 @@ +.TH "getty_selinux" "8" "getty" "dwalsh@redhat.com" "getty SELinux Policy documentation" +.SH "NAME" +getty_selinux \- Security Enhanced Linux Policy for the getty processes @@ -13143,35 +15542,27 @@ index 0000000..b745247 + + +.EX ++.PP +.B getty_etc_t +.EE + +- Set files with the getty_etc_t type, if you want to store getty files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B getty_exec_t +.EE + +- Set files with the getty_exec_t type, if you want to transition an executable to the getty_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/.*getty, /sbin/.*getty -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B getty_lock_t +.EE + @@ -13179,22 +15570,19 @@ index 0000000..b745247 + + +.EX ++.PP +.B getty_log_t +.EE + +- Set files with the getty_log_t type, if you want to treat the data as getty log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/mgetty\.log.*, /var/log/vgetty\.log\..* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B getty_tmp_t +.EE + @@ -13202,21 +15590,51 @@ index 0000000..b745247 + + +.EX ++.PP +.B getty_var_run_t +.EE + +- Set files with the getty_var_run_t type, if you want to store the getty files under the /run directory. + +.br ++.TP 5 +Paths: +/var/spool/voice(/.*)?, /var/spool/fax(/.*)?, /var/run/mgetty\.pid.* ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux getty policy is very flexible allowing users to setup their getty processes in as secure a method as possible. ++.PP ++The following process types are defined for getty: ++ ++.EX ++.B getty_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -13229,10 +15647,10 @@ index 0000000..b745247 +selinux(8), getty(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/gfs_selinux.8 b/man/man8/gfs_selinux.8 new file mode 100644 -index 0000000..b9a7bed +index 0000000..7b747d5 --- /dev/null +++ b/man/man8/gfs_selinux.8 -@@ -0,0 +1,75 @@ +@@ -0,0 +1,95 @@ +.TH "gfs_selinux" "8" "gfs" "dwalsh@redhat.com" "gfs SELinux Policy documentation" +.SH "NAME" +gfs_selinux \- Security Enhanced Linux Policy for the gfs processes @@ -13253,19 +15671,15 @@ index 0000000..b9a7bed + + +.EX ++.PP +.B gfs_controld_exec_t +.EE + +- Set files with the gfs_controld_exec_t type, if you want to transition an executable to the gfs_controld_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B gfs_controld_tmpfs_t +.EE + @@ -13273,31 +15687,55 @@ index 0000000..b9a7bed + + +.EX ++.PP +.B gfs_controld_var_log_t +.EE + +- Set files with the gfs_controld_var_log_t type, if you want to treat the data as gfs controld var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B gfs_controld_var_run_t +.EE + +- Set files with the gfs_controld_var_run_t type, if you want to store the gfs controld files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux gfs policy is very flexible allowing users to setup their gfs processes in as secure a method as possible. ++.PP ++The following process types are defined for gfs: ++ ++.EX ++.B gfs_controld_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -13310,10 +15748,10 @@ index 0000000..b9a7bed +selinux(8), gfs(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/gitosis_selinux.8 b/man/man8/gitosis_selinux.8 new file mode 100644 -index 0000000..dc8242b +index 0000000..6330704 --- /dev/null +++ b/man/man8/gitosis_selinux.8 -@@ -0,0 +1,76 @@ +@@ -0,0 +1,102 @@ +.TH "gitosis_selinux" "8" "gitosis" "dwalsh@redhat.com" "gitosis SELinux Policy documentation" +.SH "NAME" +gitosis_selinux \- Security Enhanced Linux Policy for the gitosis processes @@ -13345,37 +15783,63 @@ index 0000000..dc8242b + + +.EX ++.PP +.B gitosis_exec_t +.EE + +- Set files with the gitosis_exec_t type, if you want to transition an executable to the gitosis_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/gitosis-serve, /usr/bin/gl-auth-command -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B gitosis_var_lib_t +.EE + +- Set files with the gitosis_var_lib_t type, if you want to store the gitosis files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/gitolite(/.*)?, /var/lib/gitosis(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux gitosis policy is very flexible allowing users to setup their gitosis processes in as secure a method as possible. ++.PP ++The following process types are defined for gitosis: ++ ++.EX ++.B gitosis_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -13393,10 +15857,10 @@ index 0000000..dc8242b \ No newline at end of file diff --git a/man/man8/glance_selinux.8 b/man/man8/glance_selinux.8 new file mode 100644 -index 0000000..9de4704 +index 0000000..54d06b3 --- /dev/null +++ b/man/man8/glance_selinux.8 -@@ -0,0 +1,158 @@ +@@ -0,0 +1,161 @@ +.TH "glance_selinux" "8" "glance" "dwalsh@redhat.com" "glance SELinux Policy documentation" +.SH "NAME" +glance_selinux \- Security Enhanced Linux Policy for the glance processes @@ -13417,71 +15881,47 @@ index 0000000..9de4704 + + +.EX ++.PP +.B glance_api_exec_t +.EE + +- Set files with the glance_api_exec_t type, if you want to transition an executable to the glance_api_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B glance_api_initrc_exec_t +.EE + +- Set files with the glance_api_initrc_exec_t type, if you want to transition an executable to the glance_api_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B glance_log_t +.EE + +- Set files with the glance_log_t type, if you want to treat the data as glance log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B glance_registry_exec_t +.EE + +- Set files with the glance_registry_exec_t type, if you want to transition an executable to the glance_registry_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B glance_registry_initrc_exec_t +.EE + +- Set files with the glance_registry_initrc_exec_t type, if you want to transition an executable to the glance_registry_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B glance_registry_tmp_t +.EE + @@ -13489,6 +15929,7 @@ index 0000000..9de4704 + + +.EX ++.PP +.B glance_tmp_t +.EE + @@ -13496,24 +15937,22 @@ index 0000000..9de4704 + + +.EX ++.PP +.B glance_var_lib_t +.EE + +- Set files with the glance_var_lib_t type, if you want to store the glance files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B glance_var_run_t +.EE + +- Set files with the glance_var_run_t type, if you want to store the glance files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -13532,19 +15971,47 @@ index 0000000..9de4704 +SELinux glance policy is very flexible allowing users to setup their glance processes in as secure a method as possible. +.PP +The following port types are defined for glance: -+.EX + ++.EX ++.TP 5 +.B glance_registry_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 9191 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 9191 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux glance policy is very flexible allowing users to setup their glance processes in as secure a method as possible. ++.PP ++The following process types are defined for glance: ++ ++.EX ++.B glance_registry_t, glance_api_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -13557,10 +16024,10 @@ index 0000000..9de4704 +selinux(8), glance(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/gnomeclock_selinux.8 b/man/man8/gnomeclock_selinux.8 new file mode 100644 -index 0000000..2b5c0aa +index 0000000..befa734 --- /dev/null +++ b/man/man8/gnomeclock_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "gnomeclock_selinux" "8" "gnomeclock" "dwalsh@redhat.com" "gnomeclock SELinux Policy documentation" +.SH "NAME" +gnomeclock_selinux \- Security Enhanced Linux Policy for the gnomeclock processes @@ -13581,21 +16048,51 @@ index 0000000..2b5c0aa + + +.EX ++.PP +.B gnomeclock_exec_t +.EE + +- Set files with the gnomeclock_exec_t type, if you want to transition an executable to the gnomeclock_t domain. + +.br ++.TP 5 +Paths: +/usr/libexec/gsd-datetime-mechanism, /usr/libexec/kde(3|4)/kcmdatetimehelper, /usr/libexec/gnome-clock-applet-mechanism ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux gnomeclock policy is very flexible allowing users to setup their gnomeclock processes in as secure a method as possible. ++.PP ++The following process types are defined for gnomeclock: ++ ++.EX ++.B gnomeclock_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -13608,10 +16105,10 @@ index 0000000..2b5c0aa +selinux(8), gnomeclock(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/gnomesystemmm_selinux.8 b/man/man8/gnomesystemmm_selinux.8 new file mode 100644 -index 0000000..db15562 +index 0000000..871dff2 --- /dev/null +++ b/man/man8/gnomesystemmm_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "gnomesystemmm_selinux" "8" "gnomesystemmm" "dwalsh@redhat.com" "gnomesystemmm SELinux Policy documentation" +.SH "NAME" +gnomesystemmm_selinux \- Security Enhanced Linux Policy for the gnomesystemmm processes @@ -13632,21 +16129,51 @@ index 0000000..db15562 + + +.EX ++.PP +.B gnomesystemmm_exec_t +.EE + +- Set files with the gnomesystemmm_exec_t type, if you want to transition an executable to the gnomesystemmm_t domain. + +.br ++.TP 5 +Paths: +/usr/libexec/kde(3|4)/ksysguardprocesslist_helper, /usr/libexec/gnome-system-monitor-mechanism ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux gnomesystemmm policy is very flexible allowing users to setup their gnomesystemmm processes in as secure a method as possible. ++.PP ++The following process types are defined for gnomesystemmm: ++ ++.EX ++.B gnomesystemmm_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -13659,10 +16186,10 @@ index 0000000..db15562 +selinux(8), gnomesystemmm(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/gpg_selinux.8 b/man/man8/gpg_selinux.8 new file mode 100644 -index 0000000..913fc89 +index 0000000..00db011 --- /dev/null +++ b/man/man8/gpg_selinux.8 -@@ -0,0 +1,155 @@ +@@ -0,0 +1,171 @@ +.TH "gpg_selinux" "8" "gpg" "dwalsh@redhat.com" "gpg SELinux Policy documentation" +.SH "NAME" +gpg_selinux \- Security Enhanced Linux Policy for the gpg processes @@ -13696,18 +16223,16 @@ index 0000000..913fc89 +.PP +.B +semanage fcontext -a -t public_content_t "/var/gpg(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/gpg ++.br ++.B restorecon -F -R -v /var/gpg +.pp +.TP +Allow gpg servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_gpgd_anon_write boolean to be set. +.PP +.B +semanage fcontext -a -t public_content_rw_t "/var/gpg/incoming(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/gpg/incoming ++.br ++.B restorecon -F -R -v /var/gpg/incoming + + +.PP @@ -13729,19 +16254,15 @@ index 0000000..913fc89 + + +.EX ++.PP +.B gpg_agent_exec_t +.EE + +- Set files with the gpg_agent_exec_t type, if you want to transition an executable to the gpg_agent_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B gpg_agent_tmp_t +.EE + @@ -13749,35 +16270,27 @@ index 0000000..913fc89 + + +.EX ++.PP +.B gpg_exec_t +.EE + +- Set files with the gpg_exec_t type, if you want to transition an executable to the gpg_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/gpg(2)?, /usr/bin/kgpg, /usr/lib/gnupg/.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B gpg_helper_exec_t +.EE + +- Set files with the gpg_helper_exec_t type, if you want to transition an executable to the gpg_helper_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B gpg_pinentry_tmp_t +.EE + @@ -13785,6 +16298,7 @@ index 0000000..913fc89 + + +.EX ++.PP +.B gpg_pinentry_tmpfs_t +.EE + @@ -13792,18 +16306,47 @@ index 0000000..913fc89 + + +.EX ++.PP +.B gpg_secret_t +.EE + +- Set files with the gpg_secret_t type, if you want to treat the files as gpg se secret data. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux gpg policy is very flexible allowing users to setup their gpg processes in as secure a method as possible. ++.PP ++The following process types are defined for gpg: ++ ++.EX ++.B gpg_t, gpg_pinentry_t, gpg_helper_t, gpg_web_t, gpg_agent_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -13821,10 +16364,10 @@ index 0000000..913fc89 \ No newline at end of file diff --git a/man/man8/gpm_selinux.8 b/man/man8/gpm_selinux.8 new file mode 100644 -index 0000000..d80a2f1 +index 0000000..9cbaad7 --- /dev/null +++ b/man/man8/gpm_selinux.8 -@@ -0,0 +1,85 @@ +@@ -0,0 +1,107 @@ +.TH "gpm_selinux" "8" "gpm" "dwalsh@redhat.com" "gpm SELinux Policy documentation" +.SH "NAME" +gpm_selinux \- Security Enhanced Linux Policy for the gpm processes @@ -13845,32 +16388,23 @@ index 0000000..d80a2f1 + + +.EX ++.PP +.B gpm_conf_t +.EE + +- Set files with the gpm_conf_t type, if you want to treat the files as gpm configuration data, usually stored under the /etc directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B gpm_exec_t +.EE + +- Set files with the gpm_exec_t type, if you want to transition an executable to the gpm_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B gpm_tmp_t +.EE + @@ -13878,6 +16412,7 @@ index 0000000..d80a2f1 + + +.EX ++.PP +.B gpm_var_run_t +.EE + @@ -13885,21 +16420,51 @@ index 0000000..d80a2f1 + + +.EX ++.PP +.B gpmctl_t +.EE + +- Set files with the gpmctl_t type, if you want to treat the files as gpmctl data. + +.br ++.TP 5 +Paths: +/dev/gpmctl, /dev/gpmdata ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux gpm policy is very flexible allowing users to setup their gpm processes in as secure a method as possible. ++.PP ++The following process types are defined for gpm: ++ ++.EX ++.B gpm_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -13912,10 +16477,10 @@ index 0000000..d80a2f1 +selinux(8), gpm(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/gpsd_selinux.8 b/man/man8/gpsd_selinux.8 new file mode 100644 -index 0000000..e457c65 +index 0000000..44a67f2 --- /dev/null +++ b/man/man8/gpsd_selinux.8 -@@ -0,0 +1,100 @@ +@@ -0,0 +1,125 @@ +.TH "gpsd_selinux" "8" "gpsd" "dwalsh@redhat.com" "gpsd SELinux Policy documentation" +.SH "NAME" +gpsd_selinux \- Security Enhanced Linux Policy for the gpsd processes @@ -13936,32 +16501,23 @@ index 0000000..e457c65 + + +.EX ++.PP +.B gpsd_exec_t +.EE + +- Set files with the gpsd_exec_t type, if you want to transition an executable to the gpsd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B gpsd_initrc_exec_t +.EE + +- Set files with the gpsd_initrc_exec_t type, if you want to transition an executable to the gpsd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B gpsd_tmpfs_t +.EE + @@ -13969,14 +16525,18 @@ index 0000000..e457c65 + + +.EX ++.PP +.B gpsd_var_run_t +.EE + +- Set files with the gpsd_var_run_t type, if you want to store the gpsd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/gpsd\.sock, /var/run/gpsd\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -13995,17 +16555,47 @@ index 0000000..e457c65 +SELinux gpsd policy is very flexible allowing users to setup their gpsd processes in as secure a method as possible. +.PP +The following port types are defined for gpsd: -+.EX + ++.EX ++.TP 5 +.B gpsd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux gpsd policy is very flexible allowing users to setup their gpsd processes in as secure a method as possible. ++.PP ++The following process types are defined for gpsd: + -+.B tcp 2947 ++.EX ++.B gpsd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -14018,10 +16608,10 @@ index 0000000..e457c65 +selinux(8), gpsd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/greylist_selinux.8 b/man/man8/greylist_selinux.8 new file mode 100644 -index 0000000..b921c44 +index 0000000..e549305 --- /dev/null +++ b/man/man8/greylist_selinux.8 -@@ -0,0 +1,58 @@ +@@ -0,0 +1,83 @@ +.TH "greylist_selinux" "8" "greylist" "dwalsh@redhat.com" "greylist SELinux Policy documentation" +.SH "NAME" +greylist_selinux \- Security Enhanced Linux Policy for the greylist processes @@ -14042,34 +16632,59 @@ index 0000000..b921c44 + + +.EX ++.PP +.B greylist_milter_data_t +.EE + +- Set files with the greylist_milter_data_t type, if you want to treat the files as greylist milter content. + +.br ++.TP 5 +Paths: +/var/run/milter-greylist\.pid, /var/run/milter-greylist(/.*)?, /var/lib/milter-greylist(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B greylist_milter_exec_t +.EE + +- Set files with the greylist_milter_exec_t type, if you want to transition an executable to the greylist_milter_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux greylist policy is very flexible allowing users to setup their greylist processes in as secure a method as possible. ++.PP ++The following process types are defined for greylist: ++ ++.EX ++.B greylist_milter_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -14082,10 +16697,10 @@ index 0000000..b921c44 +selinux(8), greylist(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/groupadd_selinux.8 b/man/man8/groupadd_selinux.8 new file mode 100644 -index 0000000..480965a +index 0000000..2cca129 --- /dev/null +++ b/man/man8/groupadd_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "groupadd_selinux" "8" "groupadd" "dwalsh@redhat.com" "groupadd SELinux Policy documentation" +.SH "NAME" +groupadd_selinux \- Security Enhanced Linux Policy for the groupadd processes @@ -14106,21 +16721,51 @@ index 0000000..480965a + + +.EX ++.PP +.B groupadd_exec_t +.EE + +- Set files with the groupadd_exec_t type, if you want to transition an executable to the groupadd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/gpasswd, /usr/bin/gpasswd, /usr/sbin/groupdel, /usr/sbin/groupadd, /usr/sbin/groupmod ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux groupadd policy is very flexible allowing users to setup their groupadd processes in as secure a method as possible. ++.PP ++The following process types are defined for groupadd: ++ ++.EX ++.B groupadd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -14133,10 +16778,10 @@ index 0000000..480965a +selinux(8), groupadd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/groupd_selinux.8 b/man/man8/groupd_selinux.8 new file mode 100644 -index 0000000..f0fa471 +index 0000000..7d9f0d1 --- /dev/null +++ b/man/man8/groupd_selinux.8 -@@ -0,0 +1,69 @@ +@@ -0,0 +1,95 @@ +.TH "groupd_selinux" "8" "groupd" "dwalsh@redhat.com" "groupd SELinux Policy documentation" +.SH "NAME" +groupd_selinux \- Security Enhanced Linux Policy for the groupd processes @@ -14157,19 +16802,15 @@ index 0000000..f0fa471 + + +.EX ++.PP +.B groupd_exec_t +.EE + +- Set files with the groupd_exec_t type, if you want to transition an executable to the groupd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B groupd_tmpfs_t +.EE + @@ -14177,6 +16818,7 @@ index 0000000..f0fa471 + + +.EX ++.PP +.B groupd_var_log_t +.EE + @@ -14184,18 +16826,47 @@ index 0000000..f0fa471 + + +.EX ++.PP +.B groupd_var_run_t +.EE + +- Set files with the groupd_var_run_t type, if you want to store the groupd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux groupd policy is very flexible allowing users to setup their groupd processes in as secure a method as possible. ++.PP ++The following process types are defined for groupd: ++ ++.EX ++.B groupadd_t, groupd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -14208,10 +16879,10 @@ index 0000000..f0fa471 +selinux(8), groupd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/gssd_selinux.8 b/man/man8/gssd_selinux.8 new file mode 100644 -index 0000000..abc443b +index 0000000..ab14eb8 --- /dev/null +++ b/man/man8/gssd_selinux.8 -@@ -0,0 +1,80 @@ +@@ -0,0 +1,106 @@ +.TH "gssd_selinux" "8" "gssd" "dwalsh@redhat.com" "gssd SELinux Policy documentation" +.SH "NAME" +gssd_selinux \- Security Enhanced Linux Policy for the gssd processes @@ -14243,22 +16914,19 @@ index 0000000..abc443b + + +.EX ++.PP +.B gssd_exec_t +.EE + +- Set files with the gssd_exec_t type, if you want to transition an executable to the gssd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/rpc\.gssd, /usr/sbin/rpc\.svcgssd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B gssd_keytab_t +.EE + @@ -14266,18 +16934,47 @@ index 0000000..abc443b + + +.EX ++.PP +.B gssd_tmp_t +.EE + +- Set files with the gssd_tmp_t type, if you want to store gssd temporary files in the /tmp directories. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux gssd policy is very flexible allowing users to setup their gssd processes in as secure a method as possible. ++.PP ++The following process types are defined for gssd: ++ ++.EX ++.B gssd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -14295,10 +16992,10 @@ index 0000000..abc443b \ No newline at end of file diff --git a/man/man8/hddtemp_selinux.8 b/man/man8/hddtemp_selinux.8 new file mode 100644 -index 0000000..7fb09a7 +index 0000000..01e72f6 --- /dev/null +++ b/man/man8/hddtemp_selinux.8 -@@ -0,0 +1,90 @@ +@@ -0,0 +1,113 @@ +.TH "hddtemp_selinux" "8" "hddtemp" "dwalsh@redhat.com" "hddtemp SELinux Policy documentation" +.SH "NAME" +hddtemp_selinux \- Security Enhanced Linux Policy for the hddtemp processes @@ -14319,37 +17016,30 @@ index 0000000..7fb09a7 + + +.EX ++.PP +.B hddtemp_etc_t +.EE + +- Set files with the hddtemp_etc_t type, if you want to store hddtemp files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B hddtemp_exec_t +.EE + +- Set files with the hddtemp_exec_t type, if you want to transition an executable to the hddtemp_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B hddtemp_initrc_exec_t +.EE + +- Set files with the hddtemp_initrc_exec_t type, if you want to transition an executable to the hddtemp_initrc_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -14368,17 +17058,47 @@ index 0000000..7fb09a7 +SELinux hddtemp policy is very flexible allowing users to setup their hddtemp processes in as secure a method as possible. +.PP +The following port types are defined for hddtemp: -+.EX + ++.EX ++.TP 5 +.B hddtemp_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux hddtemp policy is very flexible allowing users to setup their hddtemp processes in as secure a method as possible. ++.PP ++The following process types are defined for hddtemp: + -+.B tcp 7634 ++.EX ++.B hddtemp_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -14391,10 +17111,10 @@ index 0000000..7fb09a7 +selinux(8), hddtemp(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/hostname_selinux.8 b/man/man8/hostname_selinux.8 new file mode 100644 -index 0000000..ecc6412 +index 0000000..cb71cf9 --- /dev/null +++ b/man/man8/hostname_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "hostname_selinux" "8" "hostname" "dwalsh@redhat.com" "hostname SELinux Policy documentation" +.SH "NAME" +hostname_selinux \- Security Enhanced Linux Policy for the hostname processes @@ -14415,21 +17135,51 @@ index 0000000..ecc6412 + + +.EX ++.PP +.B hostname_exec_t +.EE + +- Set files with the hostname_exec_t type, if you want to transition an executable to the hostname_t domain. + +.br ++.TP 5 +Paths: +/bin/hostname, /usr/bin/hostname ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux hostname policy is very flexible allowing users to setup their hostname processes in as secure a method as possible. ++.PP ++The following process types are defined for hostname: ++ ++.EX ++.B hostname_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -14442,10 +17192,10 @@ index 0000000..ecc6412 +selinux(8), hostname(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/hplip_selinux.8 b/man/man8/hplip_selinux.8 new file mode 100644 -index 0000000..3142457 +index 0000000..fc05d18 --- /dev/null +++ b/man/man8/hplip_selinux.8 -@@ -0,0 +1,116 @@ +@@ -0,0 +1,137 @@ +.TH "hplip_selinux" "8" "hplip" "dwalsh@redhat.com" "hplip SELinux Policy documentation" +.SH "NAME" +hplip_selinux \- Security Enhanced Linux Policy for the hplip processes @@ -14466,35 +17216,27 @@ index 0000000..3142457 + + +.EX ++.PP +.B hplip_etc_t +.EE + +- Set files with the hplip_etc_t type, if you want to store hplip files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B hplip_exec_t +.EE + +- Set files with the hplip_exec_t type, if you want to transition an executable to the hplip_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/hpijs, /usr/share/hplip/.*\.py, /usr/sbin/hp-[^/]+, /usr/lib/cups/backend/hp.*, /usr/sbin/hpiod -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B hplip_tmp_t +.EE + @@ -14502,27 +17244,26 @@ index 0000000..3142457 + + +.EX ++.PP +.B hplip_var_lib_t +.EE + +- Set files with the hplip_var_lib_t type, if you want to store the hplip files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B hplip_var_run_t +.EE + +- Set files with the hplip_var_run_t type, if you want to store the hplip files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/hp.*\.pid, /var/run/hp.*\.port ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -14541,17 +17282,47 @@ index 0000000..3142457 +SELinux hplip policy is very flexible allowing users to setup their hplip processes in as secure a method as possible. +.PP +The following port types are defined for hplip: -+.EX + ++.EX ++.TP 5 +.B hplip_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux hplip policy is very flexible allowing users to setup their hplip processes in as secure a method as possible. ++.PP ++The following process types are defined for hplip: + -+.B tcp 1782,2207,2208,8290,50000,50002,8292,9100,9101,9102,9220,9221,9222,9280,9281,9282,9290,9291,9292 ++.EX ++.B hplip_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -14563,10 +17334,10 @@ index 0000000..3142457 +.SH "SEE ALSO" +selinux(8), hplip(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/httpd_selinux.8 b/man/man8/httpd_selinux.8 -index 16e8b13..9b60826 100644 +index 16e8b13..2e65351 100644 --- a/man/man8/httpd_selinux.8 +++ b/man/man8/httpd_selinux.8 -@@ -1,120 +1,1610 @@ +@@ -1,120 +1,1508 @@ -.TH "httpd_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "httpd Selinux Policy documentation" -.de EX -.nf @@ -14586,11 +17357,6 @@ index 16e8b13..9b60826 100644 +Security-Enhanced Linux secures the httpd processes via flexible mandatory access control. -.SH FILE_CONTEXTS --SELinux requires files to have an extended attribute to define the file type. --Policy governs the access daemons have to these files. --SELinux httpd policy is very flexible allowing users to setup their web services in as secure a method as possible. --.PP --The following file contexts types are defined for httpd: + +.SH BOOLEANS +SELinux policy is customizable based on least access required. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible. @@ -14599,76 +17365,56 @@ index 16e8b13..9b60826 100644 +.PP +If you want to allow httpd to act as a rela, you must turn on the httpd_can_network_relay boolean. + - .EX --httpd_sys_content_t --.EE --- Set files with httpd_sys_content_t if you want httpd_sys_script_exec_t scripts and the daemon to read the file, and disallow other non sys scripts from access. ++.EX +.B setsebool -P httpd_can_network_relay 1 +.EE + +.PP +If you want to allow HTTPD scripts and modules to connect to databases over the network, you must turn on the httpd_can_network_connect_db boolean. + - .EX --httpd_sys_script_exec_t --.EE --- Set cgi scripts with httpd_sys_script_exec_t to allow them to run with access to all sys types. ++.EX +.B setsebool -P httpd_can_network_connect_db 1 +.EE + +.PP +If you want to allow httpd to run gpg in gpg-web domai, you must turn on the httpd_use_gpg boolean. + - .EX --httpd_sys_content_rw_t ++.EX +.B setsebool -P httpd_use_gpg 1 - .EE --- Set files with httpd_sys_content_rw_t if you want httpd_sys_script_exec_t scripts and the daemon to read/write the data, and disallow other non sys scripts from access. ++.EE + +.PP +If you want to allow httpd to execute cgi script, you must turn on the httpd_enable_cgi boolean. + - .EX --httpd_sys_content_ra_t ++.EX +.B setsebool -P httpd_enable_cgi 1 - .EE --- Set files with httpd_sys_content_ra_t if you want httpd_sys_script_exec_t scripts and the daemon to read/append to the file, and disallow other non sys scripts from access. ++.EE + +.PP +If you want to allow httpd to access cifs file system, you must turn on the httpd_use_cifs boolean. + - .EX --httpd_unconfined_script_exec_t --.EE --- Set cgi scripts with httpd_unconfined_script_exec_t to allow them to run without any SELinux protection. This should only be used for a very complex httpd scripts, after exhausting all other options. It is better to use this script rather than turning off SELinux protection for httpd. ++.EX +.B setsebool -P httpd_use_cifs 1 +.EE + +.PP +If you want to allow Apache to use mod_auth_pa, you must turn on the allow_httpd_mod_auth_pam boolean. - --.SH NOTE --With certain policies you can define additional file contexts based on roles like user or staff. httpd_user_script_exec_t can be defined where it would only have access to "user" contexts. ++ +.EX +.B setsebool -P allow_httpd_mod_auth_pam 1 +.EE - --.SH SHARING FILES --If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for httpd you would execute: ++ +.PP +If you want to allow httpd to read home directorie, you must turn on the httpd_enable_homedirs boolean. - - .EX --setsebool -P allow_httpd_anon_write=1 ++ ++.EX +.B setsebool -P httpd_enable_homedirs 1 - .EE - --or ++.EE ++ +.PP +If you want to allow Apache to communicate with avahi service via dbu, you must turn on the httpd_dbus_avahi boolean. - - .EX --setsebool -P allow_httpd_sys_script_anon_write=1 ++ ++.EX +.B setsebool -P httpd_dbus_avahi 1 +.EE + @@ -14677,81 +17423,58 @@ index 16e8b13..9b60826 100644 + +.EX +.B setsebool -P httpd_unified 1 - .EE - --.SH BOOLEANS --SELinux policy is customizable based on least access required. SELinux can be setup to prevent certain http scripts from working. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible. - .PP --httpd can be setup to allow cgi scripts to be executed, set httpd_enable_cgi to allow this ++.EE ++ ++.PP +If you want to allow HTTPD scripts and modules to connect to the network using any TCP port, you must turn on the httpd_can_network_connect boolean. - - .EX --setsebool -P httpd_enable_cgi 1 ++ ++.EX +.B setsebool -P httpd_can_network_connect 1 - .EE - - .PP --SELinux policy for httpd can be setup to not allowed to access users home directories. If you want to allow access to users home directories you need to set the httpd_enable_homedirs boolean and change the context of the files that you want people to access off the home dir. ++.EE ++ ++.PP +If you want to allow httpd scripts and modules execmem/execstac, you must turn on the httpd_execmem boolean. - - .EX --setsebool -P httpd_enable_homedirs 1 --chcon -R -t httpd_sys_content_t ~user/public_html ++ ++.EX +.B setsebool -P httpd_execmem 1 - .EE - - .PP --SELinux policy for httpd can be setup to not allow access to the controlling terminal. In most cases this is preferred, because an intruder might be able to use the access to the terminal to gain privileges. But in certain situations httpd needs to prompt for a password to open a certificate file, in these cases, terminal access is required. Set the httpd_tty_comm boolean to allow terminal access. ++.EE ++ ++.PP +If you want to allow httpd to connect to the ldap por, you must turn on the httpd_can_connect_ldap boolean. - - .EX --setsebool -P httpd_tty_comm 1 ++ ++.EX +.B setsebool -P httpd_can_connect_ldap 1 - .EE - - .PP --httpd can be configured to not differentiate file controls based on context, i.e. all files labeled as httpd context can be read/write/execute. Setting this boolean to false allows you to setup the security policy such that one httpd service can not interfere with another. ++.EE ++ ++.PP +If you want to allow Apache to use mod_auth_ntlm_winbin, you must turn on the allow_httpd_mod_auth_ntlm_winbind boolean. - - .EX --setsebool -P httpd_unified 0 ++ ++.EX +.B setsebool -P allow_httpd_mod_auth_ntlm_winbind 1 - .EE - - .PP --SELinu policy for httpd can be configured to turn on sending email. This is a security feature, since it would prevent a vulnerabiltiy in http from causing a spam attack. I certain situations, you may want http modules to send mail. You can turn on the httpd_send_mail boolean. ++.EE ++ ++.PP +If you want to unify HTTPD to communicate with the terminal. Needed for entering the passphrase for certificates at the terminal, you must turn on the httpd_tty_comm boolean. - - .EX --setsebool -P httpd_can_sendmail 1 ++ ++.EX +.B setsebool -P httpd_tty_comm 1 +.EE + - .PP --httpd can be configured to turn off internal scripting (PHP). PHP and other --loadable modules run under the same context as httpd. Therefore several policy rules allow httpd greater access to the system then is needed if you only use external cgi scripts. ++.PP +If you want to allow httpd to act as a FTP client connecting to the ftp port and ephemeral port, you must turn on the httpd_can_connect_ftp boolean. - - .EX --setsebool -P httpd_builtin_scripting 0 ++ ++.EX +.B setsebool -P httpd_can_connect_ftp 1 - .EE - - .PP --SELinux policy can be setup such that httpd scripts are not allowed to connect out to the network. --This would prevent a hacker from breaking into you httpd server and attacking --other machines. If you need scripts to be able to connect you can set the httpd_can_network_connect boolean on. ++.EE ++ ++.PP +If you want to allow httpd to read user conten, you must turn on the httpd_read_user_content boolean. - - .EX --setsebool -P httpd_can_network_connect 1 ++ ++.EX +.B setsebool -P httpd_read_user_content 1 - .EE - - .PP --system-config-selinux is a GUI tool available to customize SELinux policy settings. --.SH AUTHOR --This manual page was written by Dan Walsh . ++.EE ++ ++.PP +If you want to allow httpd to access nfs file system, you must turn on the httpd_use_nfs boolean. + +.EX @@ -14849,18 +17572,16 @@ index 16e8b13..9b60826 100644 +.PP +.B +semanage fcontext -a -t public_content_t "/var/httpd(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/httpd ++.br ++.B restorecon -F -R -v /var/httpd +.pp +.TP +Allow httpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_httpdd_anon_write boolean to be set. +.PP +.B +semanage fcontext -a -t public_content_rw_t "/var/httpd/incoming(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/httpd/incoming ++.br ++.B restorecon -F -R -v /var/httpd/incoming + + +.PP @@ -14878,90 +17599,111 @@ index 16e8b13..9b60826 100644 +.EE + +.SH FILE CONTEXTS -+SELinux requires files to have an extended attribute to define the file type. + SELinux requires files to have an extended attribute to define the file type. +-Policy governs the access daemons have to these files. +-SELinux httpd policy is very flexible allowing users to setup their web services in as secure a method as possible. +.PP +You can see the context of a file using the \fB\-Z\fP option to \fBls\bP +.PP +Policy governs the access confined processes have to these files. +SELinux httpd policy is very flexible allowing users to setup their httpd processes in as secure a method as possible. -+.PP + .PP +-The following file contexts types are defined for httpd: +The following file types are defined for httpd: + + -+.EX + .EX +-httpd_sys_content_t +-.EE +-- Set files with httpd_sys_content_t if you want httpd_sys_script_exec_t scripts and the daemon to read the file, and disallow other non sys scripts from access. ++.PP +.B httpd_apcupsd_cgi_content_t +.EE + +- Set files with the httpd_apcupsd_cgi_content_t type, if you want to treat the files as httpd apcupsd cgi content. - --.SH "SEE ALSO" --selinux(8), httpd(8), chcon(1), setsebool(8) - -+.EX ++ ++ + .EX +-httpd_sys_script_exec_t +-.EE +-- Set cgi scripts with httpd_sys_script_exec_t to allow them to run with access to all sys types. ++.PP +.B httpd_apcupsd_cgi_htaccess_t +.EE + +- Set files with the httpd_apcupsd_cgi_htaccess_t type, if you want to treat the file as a httpd apcupsd cgi access file. + + -+.EX + .EX +-httpd_sys_content_rw_t ++.PP +.B httpd_apcupsd_cgi_ra_content_t -+.EE + .EE +-- Set files with httpd_sys_content_rw_t if you want httpd_sys_script_exec_t scripts and the daemon to read/write the data, and disallow other non sys scripts from access. + +- Set files with the httpd_apcupsd_cgi_ra_content_t type, if you want to treat the files as httpd apcupsd cgi read/append content. + + -+.EX + .EX +-httpd_sys_content_ra_t ++.PP +.B httpd_apcupsd_cgi_rw_content_t -+.EE + .EE +-- Set files with httpd_sys_content_ra_t if you want httpd_sys_script_exec_t scripts and the daemon to read/append to the file, and disallow other non sys scripts from access. + +- Set files with the httpd_apcupsd_cgi_rw_content_t type, if you want to treat the files as httpd apcupsd cgi read/write content. + + -+.EX + .EX +-httpd_unconfined_script_exec_t +-.EE +-- Set cgi scripts with httpd_unconfined_script_exec_t to allow them to run without any SELinux protection. This should only be used for a very complex httpd scripts, after exhausting all other options. It is better to use this script rather than turning off SELinux protection for httpd. ++.PP +.B httpd_apcupsd_cgi_script_exec_t +.EE -+ + +-.SH NOTE +-With certain policies you can define additional file contexts based on roles like user or staff. httpd_user_script_exec_t can be defined where it would only have access to "user" contexts. +- Set files with the httpd_apcupsd_cgi_script_exec_t type, if you want to transition an executable to the httpd_apcupsd_cgi_script_t domain. + +.br ++.TP 5 +Paths: +/var/www/apcupsd/upsfstats\.cgi, /var/www/apcupsd/upsstats\.cgi, /var/www/apcupsd/upsimage\.cgi, /var/www/apcupsd/multimon\.cgi, /var/www/cgi-bin/apcgui(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_awstats_content_t +.EE + +- Set files with the httpd_awstats_content_t type, if you want to treat the files as httpd awstats content. -+ -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ -+ -+.EX + +-.SH SHARING FILES +-If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for httpd you would execute: + + .EX +-setsebool -P allow_httpd_anon_write=1 ++.PP +.B httpd_awstats_htaccess_t -+.EE -+ + .EE + +-or +- Set files with the httpd_awstats_htaccess_t type, if you want to treat the file as a httpd awstats access file. + -+ -+.EX + + .EX +-setsebool -P allow_httpd_sys_script_anon_write=1 ++.PP +.B httpd_awstats_ra_content_t -+.EE -+ + .EE + +-.SH BOOLEANS +-SELinux policy is customizable based on least access required. SELinux can be setup to prevent certain http scripts from working. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible. +- Set files with the httpd_awstats_ra_content_t type, if you want to treat the files as httpd awstats read/append content. + + +.EX ++.PP +.B httpd_awstats_rw_content_t +.EE + @@ -14969,143 +17711,146 @@ index 16e8b13..9b60826 100644 + + +.EX + .PP +-httpd can be setup to allow cgi scripts to be executed, set httpd_enable_cgi to allow this +.B httpd_awstats_script_exec_t +.EE + +- Set files with the httpd_awstats_script_exec_t type, if you want to transition an executable to the httpd_awstats_script_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ -+ -+.EX + + .EX +-setsebool -P httpd_enable_cgi 1 ++.PP +.B httpd_bugzilla_content_t -+.EE -+ + .EE + +- Set files with the httpd_bugzilla_content_t type, if you want to treat the files as httpd bugzilla content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX + .PP +-SELinux policy for httpd can be setup to not allowed to access users home directories. If you want to allow access to users home directories you need to set the httpd_enable_homedirs boolean and change the context of the files that you want people to access off the home dir. +.B httpd_bugzilla_htaccess_t +.EE + +- Set files with the httpd_bugzilla_htaccess_t type, if you want to treat the file as a httpd bugzilla access file. + -+ -+.EX + + .EX +-setsebool -P httpd_enable_homedirs 1 +-chcon -R -t httpd_sys_content_t ~user/public_html ++.PP +.B httpd_bugzilla_ra_content_t -+.EE -+ + .EE + +- Set files with the httpd_bugzilla_ra_content_t type, if you want to treat the files as httpd bugzilla read/append content. + + +.EX + .PP +-SELinux policy for httpd can be setup to not allow access to the controlling terminal. In most cases this is preferred, because an intruder might be able to use the access to the terminal to gain privileges. But in certain situations httpd needs to prompt for a password to open a certificate file, in these cases, terminal access is required. Set the httpd_tty_comm boolean to allow terminal access. +.B httpd_bugzilla_rw_content_t +.EE + +- Set files with the httpd_bugzilla_rw_content_t type, if you want to treat the files as httpd bugzilla read/write content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ -+ -+.EX + + .EX +-setsebool -P httpd_tty_comm 1 ++.PP +.B httpd_bugzilla_script_exec_t -+.EE -+ + .EE + +- Set files with the httpd_bugzilla_script_exec_t type, if you want to transition an executable to the httpd_bugzilla_script_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX + .PP +-httpd can be configured to not differentiate file controls based on context, i.e. all files labeled as httpd context can be read/write/execute. Setting this boolean to false allows you to setup the security policy such that one httpd service can not interfere with another. +.B httpd_bugzilla_tmp_t +.EE + +- Set files with the httpd_bugzilla_tmp_t type, if you want to store httpd bugzilla temporary files in the /tmp directories. + -+ -+.EX + + .EX +-setsebool -P httpd_unified 0 ++.PP +.B httpd_cache_t -+.EE -+ + .EE + +- Set files with the httpd_cache_t type, if you want to store the files under the /var/cache directory. + +.br ++.TP 5 +Paths: +/var/cache/php-.*, /var/cache/mediawiki(/.*)?, /var/cache/php-eaccelerator(/.*)?, /var/cache/lighttpd(/.*)?, /var/cache/php-mmcache(/.*)?, /var/cache/mod_gnutls(/.*)?, /var/cache/mod_ssl(/.*)?, /var/cache/jetty(/.*)?, /var/cache/mod_.*, /var/cache/ssl.*\.sem, /var/cache/httpd(/.*)?, /var/cache/rt3(/.*)?, /var/cache/mason(/.*)?, /var/cache/mod_proxy(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX + .PP +-SELinu policy for httpd can be configured to turn on sending email. This is a security feature, since it would prevent a vulnerabiltiy in http from causing a spam attack. I certain situations, you may want http modules to send mail. You can turn on the httpd_send_mail boolean. +.B httpd_cobbler_content_t +.EE + +- Set files with the httpd_cobbler_content_t type, if you want to treat the files as httpd cobbler content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ -+ -+.EX + + .EX +-setsebool -P httpd_can_sendmail 1 + .PP +-httpd can be configured to turn off internal scripting (PHP). PHP and other +-loadable modules run under the same context as httpd. Therefore several policy rules allow httpd greater access to the system then is needed if you only use external cgi scripts. +.B httpd_cobbler_htaccess_t +.EE + +- Set files with the httpd_cobbler_htaccess_t type, if you want to treat the file as a httpd cobbler access file. - + -+.EX + + .EX +-setsebool -P httpd_builtin_scripting 0 ++.PP +.B httpd_cobbler_ra_content_t -+.EE -+ + .EE + +- Set files with the httpd_cobbler_ra_content_t type, if you want to treat the files as httpd cobbler read/append content. + + +.EX + .PP +-SELinux policy can be setup such that httpd scripts are not allowed to connect out to the network. +-This would prevent a hacker from breaking into you httpd server and attacking +-other machines. If you need scripts to be able to connect you can set the httpd_can_network_connect boolean on. +.B httpd_cobbler_rw_content_t +.EE + +- Set files with the httpd_cobbler_rw_content_t type, if you want to treat the files as httpd cobbler read/write content. + -+ -+.EX + + .EX +-setsebool -P httpd_can_network_connect 1 ++.PP +.B httpd_cobbler_script_exec_t -+.EE -+ + .EE + +- Set files with the httpd_cobbler_script_exec_t type, if you want to transition an executable to the httpd_cobbler_script_t domain. + + +.EX + .PP +-system-config-selinux is a GUI tool available to customize SELinux policy settings. +-.SH AUTHOR +-This manual page was written by Dan Walsh . +.B httpd_collectd_content_t +.EE -+ + +-.SH "SEE ALSO" +-selinux(8), httpd(8), chcon(1), setsebool(8) +- Set files with the httpd_collectd_content_t type, if you want to treat the files as httpd collectd content. -+ -+ + + +.EX ++.PP +.B httpd_collectd_htaccess_t +.EE + @@ -15113,6 +17858,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_collectd_ra_content_t +.EE + @@ -15120,6 +17866,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_collectd_rw_content_t +.EE + @@ -15127,35 +17874,27 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_collectd_script_exec_t +.EE + +- Set files with the httpd_collectd_script_exec_t type, if you want to transition an executable to the httpd_collectd_script_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_config_t +.EE + +- Set files with the httpd_config_t type, if you want to treat the files as httpd configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/etc/vhosts, /etc/httpd(/.*)?, /etc/apache(2)?(/.*)?, /etc/apache-ssl(2)?(/.*)?, /etc/lighttpd(/.*)?, /var/lib/libra/.httpd.d(/.*)?, /etc/cherokee(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_cvs_content_t +.EE + @@ -15163,6 +17902,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_cvs_htaccess_t +.EE + @@ -15170,6 +17910,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_cvs_ra_content_t +.EE + @@ -15177,6 +17918,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_cvs_rw_content_t +.EE + @@ -15184,22 +17926,19 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_cvs_script_exec_t +.EE + +- Set files with the httpd_cvs_script_exec_t type, if you want to transition an executable to the httpd_cvs_script_t domain. + +.br ++.TP 5 +Paths: +/usr/share/cvsweb/cvsweb\.cgi, /var/www/cgi-bin/cvsweb\.cgi -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_dirsrvadmin_content_t +.EE + @@ -15207,6 +17946,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_dirsrvadmin_htaccess_t +.EE + @@ -15214,6 +17954,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_dirsrvadmin_ra_content_t +.EE + @@ -15221,6 +17962,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_dirsrvadmin_rw_content_t +.EE + @@ -15228,22 +17970,19 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_dirsrvadmin_script_exec_t +.EE + +- Set files with the httpd_dirsrvadmin_script_exec_t type, if you want to transition an executable to the httpd_dirsrvadmin_script_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/dirsrv/dsgw-cgi-bin(/.*)?, /usr/lib/dirsrv/cgi-bin(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_dspam_content_t +.EE + @@ -15251,6 +17990,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_dspam_htaccess_t +.EE + @@ -15258,6 +17998,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_dspam_ra_content_t +.EE + @@ -15265,6 +18006,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_dspam_rw_content_t +.EE + @@ -15272,48 +18014,35 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_dspam_script_exec_t +.EE + +- Set files with the httpd_dspam_script_exec_t type, if you want to transition an executable to the httpd_dspam_script_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_exec_t +.EE + +- Set files with the httpd_exec_t type, if you want to transition an executable to the httpd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/apache(2)?, /usr/bin/mongrel_rails, /usr/lib/apache-ssl/.+, /usr/sbin/httpd(\.worker)?, /usr/sbin/cherokee, /usr/sbin/apache-ssl(2)?, /usr/sbin/lighttpd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_git_content_t +.EE + +- Set files with the httpd_git_content_t type, if you want to treat the files as httpd git content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_git_htaccess_t +.EE + @@ -15321,6 +18050,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_git_ra_content_t +.EE + @@ -15328,80 +18058,59 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_git_rw_content_t +.EE + +- Set files with the httpd_git_rw_content_t type, if you want to treat the files as httpd git read/write content. + +.br ++.TP 5 +Paths: +/var/cache/gitweb-caching(/.*)?, /var/cache/cgit(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_git_script_exec_t +.EE + +- Set files with the httpd_git_script_exec_t type, if you want to transition an executable to the httpd_git_script_t domain. + +.br ++.TP 5 +Paths: +/var/www/git/gitweb\.cgi, /var/www/gitweb-caching/gitweb\.cgi, /var/www/cgi-bin/cgit -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_helper_exec_t +.EE + +- Set files with the httpd_helper_exec_t type, if you want to transition an executable to the httpd_helper_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_initrc_exec_t +.EE + +- Set files with the httpd_initrc_exec_t type, if you want to transition an executable to the httpd_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/init\.d/cherokee, /etc/rc\.d/init\.d/httpd, /etc/rc\.d/init\.d/lighttpd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_keytab_t +.EE + +- Set files with the httpd_keytab_t type, if you want to treat the files as kerberos keytab files. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_libra_content_t +.EE + @@ -15409,6 +18118,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_libra_htaccess_t +.EE + @@ -15416,6 +18126,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_libra_ra_content_t +.EE + @@ -15423,6 +18134,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_libra_rw_content_t +.EE + @@ -15430,19 +18142,15 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_libra_script_exec_t +.EE + +- Set files with the httpd_libra_script_exec_t type, if you want to transition an executable to the httpd_libra_script_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_lock_t +.EE + @@ -15450,38 +18158,31 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_log_t +.EE + +- Set files with the httpd_log_t type, if you want to treat the data as httpd log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/apache-ssl(2)?(/.*)?, /var/log/httpd(/.*)?, /var/log/apache(2)?(/.*)?, /var/log/cherokee(/.*)?, /var/log/roundcubemail(/.*)?, /var/log/cgiwrap\.log.*, /var/log/lighttpd(/.*)?, /var/log/suphp\.log, /var/log/cacti(/.*)?, /var/log/dirsrv/admin-serv(/.*)?, /etc/httpd/logs, /var/log/jetty(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_mediawiki_content_t +.EE + +- Set files with the httpd_mediawiki_content_t type, if you want to treat the files as httpd mediawiki content. + +.br ++.TP 5 +Paths: +/var/www/wiki/.*\.php, /usr/share/mediawiki(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_mediawiki_htaccess_t +.EE + @@ -15489,6 +18190,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_mediawiki_ra_content_t +.EE + @@ -15496,64 +18198,47 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_mediawiki_rw_content_t +.EE + +- Set files with the httpd_mediawiki_rw_content_t type, if you want to treat the files as httpd mediawiki read/write content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_mediawiki_script_exec_t +.EE + +- Set files with the httpd_mediawiki_script_exec_t type, if you want to transition an executable to the httpd_mediawiki_script_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/mediawiki/math/texvc_tex, /usr/lib/mediawiki/math/texvc, /usr/lib/mediawiki/math/texvc_tes -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_modules_t +.EE + +- Set files with the httpd_modules_t type, if you want to treat the files as httpd modules. + +.br ++.TP 5 +Paths: +/usr/lib/cherokee(/.*)?, /usr/lib/lighttpd(/.*)?, /usr/lib/apache(/.*)?, /etc/httpd/modules, /usr/lib/httpd(/.*)?, /usr/lib/apache2/modules(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_mojomojo_content_t +.EE + +- Set files with the httpd_mojomojo_content_t type, if you want to treat the files as httpd mojomojo content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_mojomojo_htaccess_t +.EE + @@ -15561,6 +18246,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_mojomojo_ra_content_t +.EE + @@ -15568,32 +18254,23 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_mojomojo_rw_content_t +.EE + +- Set files with the httpd_mojomojo_rw_content_t type, if you want to treat the files as httpd mojomojo read/write content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_mojomojo_script_exec_t +.EE + +- Set files with the httpd_mojomojo_script_exec_t type, if you want to transition an executable to the httpd_mojomojo_script_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_mojomojo_tmp_t +.EE + @@ -15601,19 +18278,15 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_munin_content_t +.EE + +- Set files with the httpd_munin_content_t type, if you want to treat the files as httpd munin content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_munin_htaccess_t +.EE + @@ -15621,6 +18294,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_munin_ra_content_t +.EE + @@ -15628,6 +18302,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_munin_rw_content_t +.EE + @@ -15635,19 +18310,15 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_munin_script_exec_t +.EE + +- Set files with the httpd_munin_script_exec_t type, if you want to transition an executable to the httpd_munin_script_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_nagios_content_t +.EE + @@ -15655,6 +18326,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_nagios_htaccess_t +.EE + @@ -15662,6 +18334,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_nagios_ra_content_t +.EE + @@ -15669,6 +18342,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_nagios_rw_content_t +.EE + @@ -15676,22 +18350,19 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_nagios_script_exec_t +.EE + +- Set files with the httpd_nagios_script_exec_t type, if you want to transition an executable to the httpd_nagios_script_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/cgi-bin/nagios(/.+)?, /usr/lib/nagios/cgi-bin(/.*)?, /usr/lib/cgi-bin/netsaint(/.*)?, /usr/lib/nagios/cgi(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_nutups_cgi_content_t +.EE + @@ -15699,6 +18370,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_nutups_cgi_htaccess_t +.EE + @@ -15706,6 +18378,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_nutups_cgi_ra_content_t +.EE + @@ -15713,6 +18386,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_nutups_cgi_rw_content_t +.EE + @@ -15720,35 +18394,27 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_nutups_cgi_script_exec_t +.EE + +- Set files with the httpd_nutups_cgi_script_exec_t type, if you want to transition an executable to the httpd_nutups_cgi_script_t domain. + +.br ++.TP 5 +Paths: +/var/www/nut-cgi-bin/upsstats\.cgi, /var/www/nut-cgi-bin/upsimage\.cgi, /var/www/nut-cgi-bin/upsset\.cgi -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_passwd_exec_t +.EE + +- Set files with the httpd_passwd_exec_t type, if you want to transition an executable to the httpd_passwd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_php_exec_t +.EE + @@ -15756,6 +18422,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_php_tmp_t +.EE + @@ -15763,6 +18430,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_prewikka_content_t +.EE + @@ -15770,6 +18438,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_prewikka_htaccess_t +.EE + @@ -15777,6 +18446,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_prewikka_ra_content_t +.EE + @@ -15784,6 +18454,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_prewikka_rw_content_t +.EE + @@ -15791,32 +18462,23 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_prewikka_script_exec_t +.EE + +- Set files with the httpd_prewikka_script_exec_t type, if you want to transition an executable to the httpd_prewikka_script_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_rotatelogs_exec_t +.EE + +- Set files with the httpd_rotatelogs_exec_t type, if you want to transition an executable to the httpd_rotatelogs_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_smokeping_cgi_content_t +.EE + @@ -15824,6 +18486,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_smokeping_cgi_htaccess_t +.EE + @@ -15831,6 +18494,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_smokeping_cgi_ra_content_t +.EE + @@ -15838,6 +18502,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_smokeping_cgi_rw_content_t +.EE + @@ -15845,19 +18510,15 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_smokeping_cgi_script_exec_t +.EE + +- Set files with the httpd_smokeping_cgi_script_exec_t type, if you want to transition an executable to the httpd_smokeping_cgi_script_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_squid_content_t +.EE + @@ -15865,6 +18526,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_squid_htaccess_t +.EE + @@ -15872,6 +18534,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_squid_ra_content_t +.EE + @@ -15879,6 +18542,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_squid_rw_content_t +.EE + @@ -15886,48 +18550,35 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_squid_script_exec_t +.EE + +- Set files with the httpd_squid_script_exec_t type, if you want to transition an executable to the httpd_squid_script_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_squirrelmail_t +.EE + +- Set files with the httpd_squirrelmail_t type, if you want to treat the files as httpd squirrelmail data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_suexec_exec_t +.EE + +- Set files with the httpd_suexec_exec_t type, if you want to transition an executable to the httpd_suexec_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/apache(2)?/suexec(2)?, /usr/sbin/suexec, /usr/lib/cgi-bin/(nph-)?cgiwrap(d)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_suexec_tmp_t +.EE + @@ -15935,22 +18586,19 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_sys_content_t +.EE + +- Set files with the httpd_sys_content_t type, if you want to treat the files as httpd sys content. + +.br ++.TP 5 +Paths: +/usr/share/icecast(/.*)?, /usr/share/htdig(/.*)?, /etc/htdig(/.*)?, /var/www/svn/conf(/.*)?, /usr/share/doc/ghc/html(/.*)?, /usr/share/mythtv/data(/.*)?, /var/lib/htdig(/.*)?, /srv/gallery2(/.*)?, /srv/([^/]*/)?www(/.*)?, /usr/share/ntop/html(/.*)?, /usr/share/mythweb(/.*)?, /var/lib/cacti/rra(/.*)?, /usr/share/openca/htdocs(/.*)?, /usr/share/selinux-policy[^/]*/html(/.*)?, /usr/share/drupal.*, /var/lib/trac(/.*)?, /var/www(/.*)?, /var/www/icons(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_sys_htaccess_t +.EE + @@ -15958,6 +18606,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_sys_ra_content_t +.EE + @@ -15965,38 +18614,31 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_sys_rw_content_t +.EE + +- Set files with the httpd_sys_rw_content_t type, if you want to treat the files as httpd sys read/write content. + +.br ++.TP 5 +Paths: +/var/spool/viewvc(/.*)?, /etc/WebCalendar(/.*)?, /etc/mock/koji(/.*)?, /var/lib/svn(/.*)?, /var/spool/gosa(/.*)?, /etc/zabbix/web(/.*)?, /var/lib/pootle/po(/.*)?, /etc/drupal.*, /var/www/gallery/albums(/.*)?, /usr/share/wordpress/wp-content/uploads(/.*)?, /var/www/html/configuration\.php, /usr/share/wordpress/wp-content/upgrade(/.*)?, /var/lib/drupal.*, /usr/share/wordpress-mu/wp-content(/.*)?, /var/lib/dokuwiki(/.*)?, /var/www/moodledata(/.*)?, /var/www/svn(/.*)?, /var/www/html/wp-content(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_sys_script_exec_t +.EE + +- Set files with the httpd_sys_script_exec_t type, if you want to transition an executable to the httpd_sys_script_t domain. + +.br ++.TP 5 +Paths: +/var/www/svn/hooks(/.*)?, /usr/share/mythweb/mythweb\.pl, /usr/share/wordpress/.*\.php, /usr/lib/cgi-bin(/.*)?, /var/www/perl(/.*)?, /usr/share/mythtv/mythweather/scripts(/.*)?, /usr/share/wordpress-mu/wp-config\.php, /var/www/html/[^/]*/cgi-bin(/.*)?, /var/www/[^/]*/cgi-bin(/.*)?, /var/www/cgi-bin(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_tmp_t +.EE + @@ -16004,6 +18646,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_tmpfs_t +.EE + @@ -16011,22 +18654,19 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_unit_file_t +.EE + +- Set files with the httpd_unit_file_t type, if you want to treat the files as httpd unit content. + +.br ++.TP 5 +Paths: +/lib/systemd/system/httpd.?\.service, /usr/lib/systemd/system/httpd.?\.service -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_user_content_t +.EE + @@ -16034,6 +18674,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_user_htaccess_t +.EE + @@ -16041,6 +18682,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_user_ra_content_t +.EE + @@ -16048,6 +18690,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_user_rw_content_t +.EE + @@ -16055,6 +18698,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_user_script_exec_t +.EE + @@ -16062,51 +18706,39 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_var_lib_t +.EE + +- Set files with the httpd_var_lib_t type, if you want to store the httpd files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/rt3/data/RT-Shredder(/.*)?, /var/lib/jetty(/.*)?, /var/lib/httpd(/.*)?, /var/lib/cherokee(/.*)?, /var/lib/dav(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_var_run_t +.EE + +- Set files with the httpd_var_run_t type, if you want to store the httpd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/mod_.*, /var/run/wsgi.*, /var/run/apache.*, /var/run/jetty(/.*)?, /var/run/gcache_port, /opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)?, /var/run/httpd.*, /var/run/dirsrv/admin-serv.*, /var/lib/php/session(/.*)?, /var/run/lighttpd(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_w3c_validator_content_t +.EE + +- Set files with the httpd_w3c_validator_content_t type, if you want to treat the files as httpd w3c validator content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_w3c_validator_htaccess_t +.EE + @@ -16114,6 +18746,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_w3c_validator_ra_content_t +.EE + @@ -16121,6 +18754,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_w3c_validator_rw_content_t +.EE + @@ -16128,22 +18762,19 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_w3c_validator_script_exec_t +.EE + +- Set files with the httpd_w3c_validator_script_exec_t type, if you want to transition an executable to the httpd_w3c_validator_script_t domain. + +.br ++.TP 5 +Paths: +/usr/share/w3c-markup-validator/cgi-bin(/.*)?, /usr/lib/cgi-bin/check -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B httpd_w3c_validator_tmp_t +.EE + @@ -16151,6 +18782,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_zoneminder_content_t +.EE + @@ -16158,6 +18790,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_zoneminder_htaccess_t +.EE + @@ -16165,6 +18798,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_zoneminder_ra_content_t +.EE + @@ -16172,6 +18806,7 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_zoneminder_rw_content_t +.EE + @@ -16179,11 +18814,14 @@ index 16e8b13..9b60826 100644 + + +.EX ++.PP +.B httpd_zoneminder_script_exec_t +.EE + +- Set files with the httpd_zoneminder_script_exec_t type, if you want to transition an executable to the httpd_zoneminder_script_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -16202,29 +18840,58 @@ index 16e8b13..9b60826 100644 +SELinux httpd policy is very flexible allowing users to setup their httpd processes in as secure a method as possible. +.PP +The following port types are defined for httpd: -+.EX + ++.EX ++.TP 5 +.B http_cache_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 8080,8118,8123,10001-10010 -+.EE -+.B udp 3130 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B http_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux httpd policy is very flexible allowing users to setup their httpd processes in as secure a method as possible. ++.PP ++The following process types are defined for httpd: + -+.B tcp 80,443,488,8008,8009,8443 ++.EX ++.B httpd_collectd_script_t, httpd_cvs_script_t, httpd_rotatelogs_t, httpd_bugzilla_script_t, httpd_smokeping_cgi_script_t, httpd_nagios_script_t, httpd_dirsrvadmin_script_t, httpd_suexec_t, httpd_mojomojo_script_t, httpd_php_t, httpd_w3c_validator_script_t, httpd_user_script_t, httpd_awstats_script_t, httpd_libra_script_t, httpd_apcupsd_cgi_script_t, httpd_nutups_cgi_script_t, httpd_munin_script_t, httpd_zoneminder_script_t, httpd_sys_script_t, httpd_dspam_script_t, httpd_prewikka_script_t, httpd_git_script_t, httpd_t, httpd_passwd_t, httpd_helper_t, httpd_squid_script_t, httpd_cobbler_script_t, httpd_mediawiki_script_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -16242,10 +18909,10 @@ index 16e8b13..9b60826 100644 \ No newline at end of file diff --git a/man/man8/hwclock_selinux.8 b/man/man8/hwclock_selinux.8 new file mode 100644 -index 0000000..a2c0572 +index 0000000..6aadb66 --- /dev/null +++ b/man/man8/hwclock_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "hwclock_selinux" "8" "hwclock" "dwalsh@redhat.com" "hwclock SELinux Policy documentation" +.SH "NAME" +hwclock_selinux \- Security Enhanced Linux Policy for the hwclock processes @@ -16266,21 +18933,51 @@ index 0000000..a2c0572 + + +.EX ++.PP +.B hwclock_exec_t +.EE + +- Set files with the hwclock_exec_t type, if you want to transition an executable to the hwclock_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/hwclock, /sbin/hwclock ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux hwclock policy is very flexible allowing users to setup their hwclock processes in as secure a method as possible. ++.PP ++The following process types are defined for hwclock: ++ ++.EX ++.B hwclock_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -16293,10 +18990,10 @@ index 0000000..a2c0572 +selinux(8), hwclock(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/iceauth_selinux.8 b/man/man8/iceauth_selinux.8 new file mode 100644 -index 0000000..b00e3a8 +index 0000000..27f0838 --- /dev/null +++ b/man/man8/iceauth_selinux.8 -@@ -0,0 +1,61 @@ +@@ -0,0 +1,87 @@ +.TH "iceauth_selinux" "8" "iceauth" "dwalsh@redhat.com" "iceauth SELinux Policy documentation" +.SH "NAME" +iceauth_selinux \- Security Enhanced Linux Policy for the iceauth processes @@ -16317,37 +19014,63 @@ index 0000000..b00e3a8 + + +.EX ++.PP +.B iceauth_exec_t +.EE + +- Set files with the iceauth_exec_t type, if you want to transition an executable to the iceauth_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/iceauth, /usr/X11R6/bin/iceauth -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B iceauth_home_t +.EE + +- Set files with the iceauth_home_t type, if you want to store iceauth files in the users home directory. + +.br ++.TP 5 +Paths: +/root/\.DCOP.*, /root/\.ICEauthority.* ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux iceauth policy is very flexible allowing users to setup their iceauth processes in as secure a method as possible. ++.PP ++The following process types are defined for iceauth: ++ ++.EX ++.B iceauth_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -16360,10 +19083,10 @@ index 0000000..b00e3a8 +selinux(8), iceauth(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/icecast_selinux.8 b/man/man8/icecast_selinux.8 new file mode 100644 -index 0000000..439d89f +index 0000000..3e2d6b5 --- /dev/null +++ b/man/man8/icecast_selinux.8 -@@ -0,0 +1,96 @@ +@@ -0,0 +1,110 @@ +.TH "icecast_selinux" "8" "icecast" "dwalsh@redhat.com" "icecast SELinux Policy documentation" +.SH "NAME" +icecast_selinux \- Security Enhanced Linux Policy for the icecast processes @@ -16395,57 +19118,71 @@ index 0000000..439d89f + + +.EX ++.PP +.B icecast_exec_t +.EE + +- Set files with the icecast_exec_t type, if you want to transition an executable to the icecast_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B icecast_initrc_exec_t +.EE + +- Set files with the icecast_initrc_exec_t type, if you want to transition an executable to the icecast_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B icecast_log_t +.EE + +- Set files with the icecast_log_t type, if you want to treat the data as icecast log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B icecast_var_run_t +.EE + +- Set files with the icecast_var_run_t type, if you want to store the icecast files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux icecast policy is very flexible allowing users to setup their icecast processes in as secure a method as possible. ++.PP ++The following process types are defined for icecast: ++ ++.EX ++.B icecast_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -16463,10 +19200,10 @@ index 0000000..439d89f \ No newline at end of file diff --git a/man/man8/ifconfig_selinux.8 b/man/man8/ifconfig_selinux.8 new file mode 100644 -index 0000000..6de81a7 +index 0000000..838638b --- /dev/null +++ b/man/man8/ifconfig_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "ifconfig_selinux" "8" "ifconfig" "dwalsh@redhat.com" "ifconfig SELinux Policy documentation" +.SH "NAME" +ifconfig_selinux \- Security Enhanced Linux Policy for the ifconfig processes @@ -16487,21 +19224,51 @@ index 0000000..6de81a7 + + +.EX ++.PP +.B ifconfig_exec_t +.EE + +- Set files with the ifconfig_exec_t type, if you want to transition an executable to the ifconfig_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/ipx_internal_net, /sbin/ipx_configure, /sbin/tc, /usr/sbin/ipx_configure, /usr/sbin/iwconfig, /usr/sbin/ipx_interface, /usr/sbin/mii-tool, /usr/sbin/ethtool, /sbin/ipx_internal_net, /usr/sbin/ifconfig, /bin/ip, /usr/bin/ip, /usr/sbin/tc, /sbin/iwconfig, /sbin/ifconfig, /sbin/mii-tool, /sbin/ethtool, /usr/sbin/ip, /sbin/ipx_interface, /sbin/ip ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ifconfig policy is very flexible allowing users to setup their ifconfig processes in as secure a method as possible. ++.PP ++The following process types are defined for ifconfig: ++ ++.EX ++.B ifconfig_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -16514,10 +19281,10 @@ index 0000000..6de81a7 +selinux(8), ifconfig(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/inetd_selinux.8 b/man/man8/inetd_selinux.8 new file mode 100644 -index 0000000..d220ae1 +index 0000000..d7267d0 --- /dev/null +++ b/man/man8/inetd_selinux.8 -@@ -0,0 +1,132 @@ +@@ -0,0 +1,153 @@ +.TH "inetd_selinux" "8" "inetd" "dwalsh@redhat.com" "inetd SELinux Policy documentation" +.SH "NAME" +inetd_selinux \- Security Enhanced Linux Policy for the inetd processes @@ -16538,22 +19305,19 @@ index 0000000..d220ae1 + + +.EX ++.PP +.B inetd_child_exec_t +.EE + +- Set files with the inetd_child_exec_t type, if you want to transition an executable to the inetd_child_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/identd, /usr/local/lib/pysieved/pysieved.*\.py, /usr/sbin/in\..*d -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B inetd_child_tmp_t +.EE + @@ -16561,6 +19325,7 @@ index 0000000..d220ae1 + + +.EX ++.PP +.B inetd_child_var_run_t +.EE + @@ -16568,35 +19333,27 @@ index 0000000..d220ae1 + + +.EX ++.PP +.B inetd_exec_t +.EE + +- Set files with the inetd_exec_t type, if you want to transition an executable to the inetd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/inetd, /usr/sbin/xinetd, /usr/sbin/rlinetd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B inetd_log_t +.EE + +- Set files with the inetd_log_t type, if you want to treat the data as inetd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B inetd_tmp_t +.EE + @@ -16604,11 +19361,14 @@ index 0000000..d220ae1 + + +.EX ++.PP +.B inetd_var_run_t +.EE + +- Set files with the inetd_var_run_t type, if you want to store the inetd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -16627,19 +19387,47 @@ index 0000000..d220ae1 +SELinux inetd policy is very flexible allowing users to setup their inetd processes in as secure a method as possible. +.PP +The following port types are defined for inetd: -+.EX + ++.EX ++.TP 5 +.B inetd_child_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 1,7,9,13,19,37,512,543,544,891,892,2105,5666 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 1,7,9,13,19,37,891,892 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux inetd policy is very flexible allowing users to setup their inetd processes in as secure a method as possible. ++.PP ++The following process types are defined for inetd: ++ ++.EX ++.B inetd_t, inetd_child_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -16652,10 +19440,10 @@ index 0000000..d220ae1 +selinux(8), inetd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/init_selinux.8 b/man/man8/init_selinux.8 new file mode 100644 -index 0000000..2e03cc3 +index 0000000..3029ce8 --- /dev/null +++ b/man/man8/init_selinux.8 -@@ -0,0 +1,146 @@ +@@ -0,0 +1,161 @@ +.TH "init_selinux" "8" "init" "dwalsh@redhat.com" "init SELinux Policy documentation" +.SH "NAME" +init_selinux \- Security Enhanced Linux Policy for the init processes @@ -16694,48 +19482,35 @@ index 0000000..2e03cc3 + + +.EX ++.PP +.B init_exec_t +.EE + +- Set files with the init_exec_t type, if you want to transition an executable to the init_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/init(ng)?, /lib/systemd/[^/]*, /sbin/init(ng)?, /bin/systemd, /usr/lib/systemd/system-generators/[^/]*, /usr/bin/systemd, /lib/systemd/system-generators/[^/]*, /sbin/upstart, /usr/sbin/upstart, /usr/lib/systemd/[^/]* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B init_var_run_t +.EE + +- Set files with the init_var_run_t type, if you want to store the init files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B initctl_t +.EE + +- Set files with the initctl_t type, if you want to treat the files as initctl data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B initrc_devpts_t +.EE + @@ -16743,22 +19518,19 @@ index 0000000..2e03cc3 + + +.EX ++.PP +.B initrc_exec_t +.EE + +- Set files with the initrc_exec_t type, if you want to transition an executable to the initrc_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/startx, /etc/rc\.d/rc, /usr/libexec/dcc/stop-.*, /etc/sysconfig/network-scripts/ifup-ipsec, /usr/lib/systemd/fedora[^/]*, /lib/systemd/fedora[^/]*, /usr/sbin/start-dirsrv, /usr/sbin/open_init_pty, /usr/sbin/ldap-agent, /etc/X11/prefdm, /usr/share/system-config-services/system-config-services-mechanism\.py, /etc/rc\.d/rc\.[^/]+, /etc/rc\.d/init\.d/.*, /opt/nfast/sbin/init.d-ncipher, /usr/libexec/dcc/start-.*, /opt/nfast/scripts/init.d/(.*), /usr/sbin/apachectl, /usr/sbin/restart-dirsrv, /etc/init\.d/.*, /usr/bin/sepg_ctl -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B initrc_state_t +.EE + @@ -16766,6 +19538,7 @@ index 0000000..2e03cc3 + + +.EX ++.PP +.B initrc_tmp_t +.EE + @@ -16773,21 +19546,51 @@ index 0000000..2e03cc3 + + +.EX ++.PP +.B initrc_var_run_t +.EE + +- Set files with the initrc_var_run_t type, if you want to store the initrc files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/setmixer_flag, /var/run/runlevel\.dir, /var/run/random-seed, /var/run/utmp ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux init policy is very flexible allowing users to setup their init processes in as secure a method as possible. ++.PP ++The following process types are defined for init: ++ ++.EX ++.B initrc_t, init_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -16805,10 +19608,10 @@ index 0000000..2e03cc3 \ No newline at end of file diff --git a/man/man8/initrc_selinux.8 b/man/man8/initrc_selinux.8 new file mode 100644 -index 0000000..a47d638 +index 0000000..e74b9b0 --- /dev/null +++ b/man/man8/initrc_selinux.8 -@@ -0,0 +1,82 @@ +@@ -0,0 +1,111 @@ +.TH "initrc_selinux" "8" "initrc" "dwalsh@redhat.com" "initrc SELinux Policy documentation" +.SH "NAME" +initrc_selinux \- Security Enhanced Linux Policy for the initrc processes @@ -16829,6 +19632,7 @@ index 0000000..a47d638 + + +.EX ++.PP +.B initrc_devpts_t +.EE + @@ -16836,22 +19640,19 @@ index 0000000..a47d638 + + +.EX ++.PP +.B initrc_exec_t +.EE + +- Set files with the initrc_exec_t type, if you want to transition an executable to the initrc_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/startx, /etc/rc\.d/rc, /usr/libexec/dcc/stop-.*, /etc/sysconfig/network-scripts/ifup-ipsec, /usr/lib/systemd/fedora[^/]*, /lib/systemd/fedora[^/]*, /usr/sbin/start-dirsrv, /usr/sbin/open_init_pty, /usr/sbin/ldap-agent, /etc/X11/prefdm, /usr/share/system-config-services/system-config-services-mechanism\.py, /etc/rc\.d/rc\.[^/]+, /etc/rc\.d/init\.d/.*, /opt/nfast/sbin/init.d-ncipher, /usr/libexec/dcc/start-.*, /opt/nfast/scripts/init.d/(.*), /usr/sbin/apachectl, /usr/sbin/restart-dirsrv, /etc/init\.d/.*, /usr/bin/sepg_ctl -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B initrc_state_t +.EE + @@ -16859,6 +19660,7 @@ index 0000000..a47d638 + + +.EX ++.PP +.B initrc_tmp_t +.EE + @@ -16866,21 +19668,51 @@ index 0000000..a47d638 + + +.EX ++.PP +.B initrc_var_run_t +.EE + +- Set files with the initrc_var_run_t type, if you want to store the initrc files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/setmixer_flag, /var/run/runlevel\.dir, /var/run/random-seed, /var/run/utmp ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux initrc policy is very flexible allowing users to setup their initrc processes in as secure a method as possible. ++.PP ++The following process types are defined for initrc: ++ ++.EX ++.B initrc_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -16893,10 +19725,10 @@ index 0000000..a47d638 +selinux(8), initrc(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/innd_selinux.8 b/man/man8/innd_selinux.8 new file mode 100644 -index 0000000..53dc461 +index 0000000..efe59c3 --- /dev/null +++ b/man/man8/innd_selinux.8 -@@ -0,0 +1,135 @@ +@@ -0,0 +1,145 @@ +.TH "innd_selinux" "8" "innd" "dwalsh@redhat.com" "innd SELinux Policy documentation" +.SH "NAME" +innd_selinux \- Security Enhanced Linux Policy for the innd processes @@ -16917,82 +19749,62 @@ index 0000000..53dc461 + + +.EX ++.PP +.B innd_etc_t +.EE + +- Set files with the innd_etc_t type, if you want to store innd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B innd_exec_t +.EE + +- Set files with the innd_exec_t type, if you want to transition an executable to the innd_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/suck, /usr/lib/news/bin/convdate, /usr/lib/news/bin/filechan, /usr/lib/news/bin/nntpget, /usr/sbin/in\.nnrpd, /usr/lib/news/bin/innfeed, /usr/lib/news/bin/shlock, /usr/lib/news/bin/archive, /usr/lib/news/bin/innconfval, /usr/lib/news/bin/makedbz, /usr/lib/news/bin/innd, /usr/lib/news/bin/actsync, /usr/lib/news/bin/innxbatch, /usr/bin/inews, /usr/lib/news/bin/batcher, /usr/sbin/innd.*, /usr/lib/news/bin/expire, /usr/lib/news/bin/nnrpd, /usr/lib/news/bin/inndstart, /usr/lib/news/bin/ctlinnd, /usr/bin/rpost, /usr/lib/news/bin/buffchan, /etc/news/boot, /usr/lib/news/bin/ovdb_recover, /usr/lib/news/bin/startinnfeed, /usr/lib/news/bin/makehistory, /usr/lib/news/bin/newsrequeue, /usr/bin/rnews, /usr/lib/news/bin/innxmit, /usr/lib/news/bin/fastrm, /usr/lib/news/bin/getlist, /usr/lib/news/bin/sm, /usr/lib/news/bin/grephistory, /usr/lib/news/bin/rnews, /usr/lib/news/bin/overchan, /usr/lib/news/bin/cvtbatch, /usr/lib/news/bin/prunehistory, /usr/lib/news/bin/inews, /usr/lib/news/bin/shrinkfile, /usr/lib/news/bin/expireover, /usr/lib/news/bin/inndf -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B innd_initrc_exec_t +.EE + +- Set files with the innd_initrc_exec_t type, if you want to transition an executable to the innd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B innd_log_t +.EE + +- Set files with the innd_log_t type, if you want to treat the data as innd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B innd_var_lib_t +.EE + +- Set files with the innd_var_lib_t type, if you want to store the innd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B innd_var_run_t +.EE + +- Set files with the innd_var_run_t type, if you want to store the innd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/innd(/.*)?, /var/run/news(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -17011,17 +19823,47 @@ index 0000000..53dc461 +SELinux innd policy is very flexible allowing users to setup their innd processes in as secure a method as possible. +.PP +The following port types are defined for innd: -+.EX + ++.EX ++.TP 5 +.B innd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux innd policy is very flexible allowing users to setup their innd processes in as secure a method as possible. ++.PP ++The following process types are defined for innd: + -+.B tcp 119 ++.EX ++.B innd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -17034,10 +19876,10 @@ index 0000000..53dc461 +selinux(8), innd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/insmod_selinux.8 b/man/man8/insmod_selinux.8 new file mode 100644 -index 0000000..1922142 +index 0000000..6e3f598 --- /dev/null +++ b/man/man8/insmod_selinux.8 -@@ -0,0 +1,74 @@ +@@ -0,0 +1,105 @@ +.TH "insmod_selinux" "8" "insmod" "dwalsh@redhat.com" "insmod SELinux Policy documentation" +.SH "NAME" +insmod_selinux \- Security Enhanced Linux Policy for the insmod processes @@ -17076,28 +19918,59 @@ index 0000000..1922142 + + +.EX ++.PP +.B insmod_exec_t +.EE + +- Set files with the insmod_exec_t type, if you want to transition an executable to the insmod_t domain. + +.br ++.TP 5 +Paths: +/sbin/modprobe.*, /sbin/rmmod.*, /sbin/insmod.*, /usr/sbin/modprobe.*, /usr/bin/kmod, /usr/sbin/insmod.*, /usr/sbin/rmmod.* ++ ++.EX ++.PP ++.B insmod_tmpfs_t ++.EE ++ ++- Set files with the insmod_tmpfs_t type, if you want to store insmod files on a tmpfs file system. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux insmod policy is very flexible allowing users to setup their insmod processes in as secure a method as possible. ++.PP ++The following process types are defined for insmod: + +.EX -+.B insmod_tmpfs_t ++.B insmod_t +.EE -+ -+- Set files with the insmod_tmpfs_t type, if you want to store insmod files on a tmpfs file system. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -17115,10 +19988,10 @@ index 0000000..1922142 \ No newline at end of file diff --git a/man/man8/ipsec_selinux.8 b/man/man8/ipsec_selinux.8 new file mode 100644 -index 0000000..38d90ab +index 0000000..3a0bcd9 --- /dev/null +++ b/man/man8/ipsec_selinux.8 -@@ -0,0 +1,189 @@ +@@ -0,0 +1,193 @@ +.TH "ipsec_selinux" "8" "ipsec" "dwalsh@redhat.com" "ipsec SELinux Policy documentation" +.SH "NAME" +ipsec_selinux \- Security Enhanced Linux Policy for the ipsec processes @@ -17139,112 +20012,83 @@ index 0000000..38d90ab + + +.EX ++.PP +.B ipsec_conf_file_t +.EE + +- Set files with the ipsec_conf_file_t type, if you want to treat the files as ipsec conf content. + +.br ++.TP 5 +Paths: +/etc/ipsec\.conf, /etc/racoon(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ipsec_exec_t +.EE + +- Set files with the ipsec_exec_t type, if you want to transition an executable to the ipsec_t domain. + +.br ++.TP 5 +Paths: +/usr/local/lib/ipsec/eroute, /usr/lib/ipsec/pluto, /usr/local/lib/ipsec/pluto, /usr/lib/ipsec/klipsdebug, /usr/libexec/ipsec/eroute, /usr/libexec/ipsec/pluto, /usr/lib/ipsec/spi, /usr/lib/ipsec/eroute, /usr/local/lib/ipsec/klipsdebug, /usr/local/lib/ipsec/spi, /usr/libexec/ipsec/spi, /usr/libexec/ipsec/klipsdebug -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ipsec_initrc_exec_t +.EE + +- Set files with the ipsec_initrc_exec_t type, if you want to transition an executable to the ipsec_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/racoon, /etc/rc\.d/init\.d/ipsec -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ipsec_key_file_t +.EE + +- Set files with the ipsec_key_file_t type, if you want to treat the files as ipsec key content. + +.br ++.TP 5 +Paths: +/etc/ipsec\.secrets, /etc/racoon/psk\.txt, /etc/racoon/certs(/.*)?, /etc/ipsec\.d(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ipsec_log_t +.EE + +- Set files with the ipsec_log_t type, if you want to treat the data as ipsec log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ipsec_mgmt_exec_t +.EE + +- Set files with the ipsec_mgmt_exec_t type, if you want to transition an executable to the ipsec_mgmt_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/ipsec/_plutorun, /usr/libexec/ipsec/_plutoload, /usr/libexec/nm-openswan-service, /usr/lib/ipsec/_plutoload, /usr/sbin/ipsec, /usr/libexec/ipsec/_plutorun -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ipsec_mgmt_lock_t +.EE + +- Set files with the ipsec_mgmt_lock_t type, if you want to treat the files as ipsec mgmt lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ipsec_mgmt_var_run_t +.EE + @@ -17252,6 +20096,7 @@ index 0000000..38d90ab + + +.EX ++.PP +.B ipsec_tmp_t +.EE + @@ -17259,14 +20104,18 @@ index 0000000..38d90ab + + +.EX ++.PP +.B ipsec_var_run_t +.EE + +- Set files with the ipsec_var_run_t type, if you want to store the ipsec files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/racoon\.pid, /var/run/pluto(/.*)?, /var/racoon(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -17285,19 +20134,47 @@ index 0000000..38d90ab +SELinux ipsec policy is very flexible allowing users to setup their ipsec processes in as secure a method as possible. +.PP +The following port types are defined for ipsec: -+.EX + ++.EX ++.TP 5 +.B ipsecnat_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 4500 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 4500 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ipsec policy is very flexible allowing users to setup their ipsec processes in as secure a method as possible. ++.PP ++The following process types are defined for ipsec: ++ ++.EX ++.B ipsec_t, ipsec_mgmt_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -17310,10 +20187,10 @@ index 0000000..38d90ab +selinux(8), ipsec(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/iptables_selinux.8 b/man/man8/iptables_selinux.8 new file mode 100644 -index 0000000..a2b41cd +index 0000000..2eecf00 --- /dev/null +++ b/man/man8/iptables_selinux.8 -@@ -0,0 +1,106 @@ +@@ -0,0 +1,130 @@ +.TH "iptables_selinux" "8" "iptables" "dwalsh@redhat.com" "iptables SELinux Policy documentation" +.SH "NAME" +iptables_selinux \- Security Enhanced Linux Policy for the iptables processes @@ -17345,38 +20222,31 @@ index 0000000..a2b41cd + + +.EX ++.PP +.B iptables_exec_t +.EE + +- Set files with the iptables_exec_t type, if you want to transition an executable to the iptables_t domain. + +.br ++.TP 5 +Paths: +/sbin/ebtables-restore, /usr/sbin/ipchains.*, /usr/sbin/ip6?tables, /sbin/ebtables, /usr/sbin/ip6?tables-restore, /usr/sbin/xtables-multi, /sbin/ipchains.*, /sbin/ip6?tables, /usr/sbin/ebtables-restore, /usr/sbin/ebtables, /sbin/ipvsadm, /usr/sbin/ipvsadm-save, /sbin/xtables-multi, /sbin/ipvsadm-restore, /usr/sbin/ipvsadm-restore, /usr/sbin/ip6?tables-multi, /sbin/ip6?tables-multi, /usr/sbin/ipvsadm, /sbin/ipvsadm-save, /sbin/ip6?tables-restore -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B iptables_initrc_exec_t +.EE + +- Set files with the iptables_initrc_exec_t type, if you want to transition an executable to the iptables_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/ebtables, /etc/rc\.d/init\.d/ip6?tables -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B iptables_tmp_t +.EE + @@ -17384,28 +20254,59 @@ index 0000000..a2b41cd + + +.EX ++.PP +.B iptables_unit_file_t +.EE + +- Set files with the iptables_unit_file_t type, if you want to treat the files as iptables unit content. + +.br ++.TP 5 +Paths: +/lib/systemd/system/vsftpd.*, /usr/lib/systemd/system/iptables6?.service, /lib/systemd/system/iptables6?.service, /lib/systemd/system/slapd.*, /usr/lib/systemd/system/proftpd.*, /usr/lib/systemd/system/vsftpd.*, /lib/systemd/system/ppp.*, /usr/lib/systemd/system/kdump.service, /usr/lib/systemd/system/slapd.*, /usr/lib/systemd/system/ppp.*, /lib/systemd/system/kdump.service, /lib/systemd/system/proftpd.* ++ ++.EX ++.PP ++.B iptables_var_run_t ++.EE ++ ++- Set files with the iptables_var_run_t type, if you want to store the iptables files under the /run directory. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux iptables policy is very flexible allowing users to setup their iptables processes in as secure a method as possible. ++.PP ++The following process types are defined for iptables: + +.EX -+.B iptables_var_run_t ++.B iptables_t +.EE -+ -+- Set files with the iptables_var_run_t type, if you want to store the iptables files under the /run directory. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -17423,10 +20324,10 @@ index 0000000..a2b41cd \ No newline at end of file diff --git a/man/man8/irc_selinux.8 b/man/man8/irc_selinux.8 new file mode 100644 -index 0000000..019c6e3 +index 0000000..2452ce7 --- /dev/null +++ b/man/man8/irc_selinux.8 -@@ -0,0 +1,81 @@ +@@ -0,0 +1,117 @@ +.TH "irc_selinux" "8" "irc" "dwalsh@redhat.com" "irc SELinux Policy documentation" +.SH "NAME" +irc_selinux \- Security Enhanced Linux Policy for the irc processes @@ -17447,22 +20348,19 @@ index 0000000..019c6e3 + + +.EX ++.PP +.B irc_exec_t +.EE + +- Set files with the irc_exec_t type, if you want to transition an executable to the irc_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/ircII, /usr/bin/tinyirc, /usr/bin/[st]irc -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B irc_home_t +.EE + @@ -17470,11 +20368,20 @@ index 0000000..019c6e3 + + +.EX ++.PP +.B irc_tmp_t +.EE + +- Set files with the irc_tmp_t type, if you want to store irc temporary files in the /tmp directories. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -17487,17 +20394,47 @@ index 0000000..019c6e3 +SELinux irc policy is very flexible allowing users to setup their irc processes in as secure a method as possible. +.PP +The following port types are defined for irc: -+.EX + ++.EX ++.TP 5 +.B ircd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux irc policy is very flexible allowing users to setup their irc processes in as secure a method as possible. ++.PP ++The following process types are defined for irc: + -+.B tcp 6667 ++.EX ++.B irc_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -17510,10 +20447,10 @@ index 0000000..019c6e3 +selinux(8), irc(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/irqbalance_selinux.8 b/man/man8/irqbalance_selinux.8 new file mode 100644 -index 0000000..2707f13 +index 0000000..ffdb49d --- /dev/null +++ b/man/man8/irqbalance_selinux.8 -@@ -0,0 +1,49 @@ +@@ -0,0 +1,79 @@ +.TH "irqbalance_selinux" "8" "irqbalance" "dwalsh@redhat.com" "irqbalance SELinux Policy documentation" +.SH "NAME" +irqbalance_selinux \- Security Enhanced Linux Policy for the irqbalance processes @@ -17534,25 +20471,55 @@ index 0000000..2707f13 + + +.EX ++.PP +.B irqbalance_exec_t +.EE + +- Set files with the irqbalance_exec_t type, if you want to transition an executable to the irqbalance_t domain. + ++ ++.EX ++.PP ++.B irqbalance_var_run_t ++.EE ++ ++- Set files with the irqbalance_var_run_t type, if you want to store the irqbalance files under the /run directory. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux irqbalance policy is very flexible allowing users to setup their irqbalance processes in as secure a method as possible. ++.PP ++The following process types are defined for irqbalance: + +.EX -+.B irqbalance_var_run_t ++.B irqbalance_t +.EE -+ -+- Set files with the irqbalance_var_run_t type, if you want to store the irqbalance files under the /run directory. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -17565,10 +20532,10 @@ index 0000000..2707f13 +selinux(8), irqbalance(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/irssi_selinux.8 b/man/man8/irssi_selinux.8 new file mode 100644 -index 0000000..4d5aa5a +index 0000000..c50713e --- /dev/null +++ b/man/man8/irssi_selinux.8 -@@ -0,0 +1,77 @@ +@@ -0,0 +1,102 @@ +.TH "irssi_selinux" "8" "irssi" "dwalsh@redhat.com" "irssi SELinux Policy documentation" +.SH "NAME" +irssi_selinux \- Security Enhanced Linux Policy for the irssi processes @@ -17600,38 +20567,63 @@ index 0000000..4d5aa5a + + +.EX ++.PP +.B irssi_etc_t +.EE + +- Set files with the irssi_etc_t type, if you want to store irssi files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B irssi_exec_t +.EE + +- Set files with the irssi_exec_t type, if you want to transition an executable to the irssi_t domain. + ++ ++.EX ++.PP ++.B irssi_home_t ++.EE ++ ++- Set files with the irssi_home_t type, if you want to store irssi files in the users home directory. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux irssi policy is very flexible allowing users to setup their irssi processes in as secure a method as possible. ++.PP ++The following process types are defined for irssi: + +.EX -+.B irssi_home_t ++.B irssi_t +.EE -+ -+- Set files with the irssi_home_t type, if you want to store irssi files in the users home directory. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -17649,10 +20641,10 @@ index 0000000..4d5aa5a \ No newline at end of file diff --git a/man/man8/iscsid_selinux.8 b/man/man8/iscsid_selinux.8 new file mode 100644 -index 0000000..d71f9d8 +index 0000000..f2ab88d --- /dev/null +++ b/man/man8/iscsid_selinux.8 -@@ -0,0 +1,67 @@ +@@ -0,0 +1,101 @@ +.TH "iscsid_selinux" "8" "iscsid" "dwalsh@redhat.com" "iscsid SELinux Policy documentation" +.SH "NAME" +iscsid_selinux \- Security Enhanced Linux Policy for the iscsid processes @@ -17673,14 +20665,18 @@ index 0000000..d71f9d8 + + +.EX ++.PP +.B iscsid_exec_t +.EE + +- Set files with the iscsid_exec_t type, if you want to transition an executable to the iscsid_t domain. + +.br ++.TP 5 +Paths: +/sbin/brcm_iscsiuio, /sbin/iscsiuio, /usr/sbin/iscsiuio, /usr/sbin/iscsid, /usr/sbin/brcm_iscsiuio, /sbin/iscsid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -17699,17 +20695,47 @@ index 0000000..d71f9d8 +SELinux iscsid policy is very flexible allowing users to setup their iscsid processes in as secure a method as possible. +.PP +The following port types are defined for iscsid: -+.EX + ++.EX ++.TP 5 +.B iscsi_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux iscsid policy is very flexible allowing users to setup their iscsid processes in as secure a method as possible. ++.PP ++The following process types are defined for iscsid: + -+.B tcp 3260 ++.EX ++.B iscsid_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -17722,10 +20748,10 @@ index 0000000..d71f9d8 +selinux(8), iscsid(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/iwhd_selinux.8 b/man/man8/iwhd_selinux.8 new file mode 100644 -index 0000000..22bd3df +index 0000000..766e5af --- /dev/null +++ b/man/man8/iwhd_selinux.8 -@@ -0,0 +1,94 @@ +@@ -0,0 +1,103 @@ +.TH "iwhd_selinux" "8" "iwhd" "dwalsh@redhat.com" "iwhd SELinux Policy documentation" +.SH "NAME" +iwhd_selinux \- Security Enhanced Linux Policy for the iwhd processes @@ -17746,70 +20772,79 @@ index 0000000..22bd3df + + +.EX ++.PP +.B iwhd_exec_t +.EE + +- Set files with the iwhd_exec_t type, if you want to transition an executable to the iwhd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B iwhd_initrc_exec_t +.EE + +- Set files with the iwhd_initrc_exec_t type, if you want to transition an executable to the iwhd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B iwhd_log_t +.EE + +- Set files with the iwhd_log_t type, if you want to treat the data as iwhd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B iwhd_var_lib_t +.EE + +- Set files with the iwhd_var_lib_t type, if you want to store the iwhd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B iwhd_var_run_t +.EE + +- Set files with the iwhd_var_run_t type, if you want to store the iwhd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux iwhd policy is very flexible allowing users to setup their iwhd processes in as secure a method as possible. ++.PP ++The following process types are defined for iwhd: ++ ++.EX ++.B iwhd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -17822,10 +20857,10 @@ index 0000000..22bd3df +selinux(8), iwhd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/jabberd_selinux.8 b/man/man8/jabberd_selinux.8 new file mode 100644 -index 0000000..7e79fcb +index 0000000..b5a997c --- /dev/null +++ b/man/man8/jabberd_selinux.8 -@@ -0,0 +1,129 @@ +@@ -0,0 +1,151 @@ +.TH "jabberd_selinux" "8" "jabberd" "dwalsh@redhat.com" "jabberd SELinux Policy documentation" +.SH "NAME" +jabberd_selinux \- Security Enhanced Linux Policy for the jabberd processes @@ -17846,56 +20881,46 @@ index 0000000..7e79fcb + + +.EX ++.PP +.B jabberd_exec_t +.EE + +- Set files with the jabberd_exec_t type, if you want to transition an executable to the jabberd_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/s2s, /usr/bin/sm -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B jabberd_initrc_exec_t +.EE + +- Set files with the jabberd_initrc_exec_t type, if you want to transition an executable to the jabberd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B jabberd_router_exec_t +.EE + +- Set files with the jabberd_router_exec_t type, if you want to transition an executable to the jabberd_router_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/c2s, /usr/bin/router -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B jabberd_var_lib_t +.EE + +- Set files with the jabberd_var_lib_t type, if you want to store the jabberd files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -17914,37 +20939,69 @@ index 0000000..7e79fcb +SELinux jabberd policy is very flexible allowing users to setup their jabberd processes in as secure a method as possible. +.PP +The following port types are defined for jabberd: -+.EX + ++.EX ++.TP 5 +.B jabber_client_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 5222,5223 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B jabber_interserver_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 5269 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B jabber_router_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux jabberd policy is very flexible allowing users to setup their jabberd processes in as secure a method as possible. ++.PP ++The following process types are defined for jabberd: + -+.B tcp 5347 ++.EX ++.B jabberd_router_t, jabberd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -17957,10 +21014,10 @@ index 0000000..7e79fcb +selinux(8), jabberd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/kadmind_selinux.8 b/man/man8/kadmind_selinux.8 new file mode 100644 -index 0000000..e8bbbd6 +index 0000000..00cc2c6 --- /dev/null +++ b/man/man8/kadmind_selinux.8 -@@ -0,0 +1,72 @@ +@@ -0,0 +1,99 @@ +.TH "kadmind_selinux" "8" "kadmind" "dwalsh@redhat.com" "kadmind SELinux Policy documentation" +.SH "NAME" +kadmind_selinux \- Security Enhanced Linux Policy for the kadmind processes @@ -17981,35 +21038,27 @@ index 0000000..e8bbbd6 + + +.EX ++.PP +.B kadmind_exec_t +.EE + +- Set files with the kadmind_exec_t type, if you want to transition an executable to the kadmind_t domain. + +.br ++.TP 5 +Paths: +/usr/(local/)?(kerberos/)?sbin/kadmind, /usr/kerberos/sbin/kadmin\.local -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B kadmind_log_t +.EE + +- Set files with the kadmind_log_t type, if you want to treat the data as kadmind log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B kadmind_tmp_t +.EE + @@ -18017,12 +21066,47 @@ index 0000000..e8bbbd6 + + +.EX ++.PP +.B kadmind_var_run_t +.EE + +- Set files with the kadmind_var_run_t type, if you want to store the kadmind files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux kadmind policy is very flexible allowing users to setup their kadmind processes in as secure a method as possible. ++.PP ++The following process types are defined for kadmind: ++ ++.EX ++.B kadmind_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -18035,10 +21119,10 @@ index 0000000..e8bbbd6 +selinux(8), kadmind(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/kdump_selinux.8 b/man/man8/kdump_selinux.8 new file mode 100644 -index 0000000..24e135c +index 0000000..4364216 --- /dev/null +++ b/man/man8/kdump_selinux.8 -@@ -0,0 +1,98 @@ +@@ -0,0 +1,115 @@ +.TH "kdump_selinux" "8" "kdump" "dwalsh@redhat.com" "kdump SELinux Policy documentation" +.SH "NAME" +kdump_selinux \- Security Enhanced Linux Policy for the kdump processes @@ -18059,48 +21143,35 @@ index 0000000..24e135c + + +.EX ++.PP +.B kdump_etc_t +.EE + +- Set files with the kdump_etc_t type, if you want to store kdump files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B kdump_exec_t +.EE + +- Set files with the kdump_exec_t type, if you want to transition an executable to the kdump_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/kdump, /usr/sbin/kexec, /sbin/kdump, /sbin/kexec -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B kdump_initrc_exec_t +.EE + +- Set files with the kdump_initrc_exec_t type, if you want to transition an executable to the kdump_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B kdump_unit_file_t +.EE + @@ -18108,25 +21179,55 @@ index 0000000..24e135c + + +.EX ++.PP +.B kdumpgui_exec_t +.EE + -+- Set files with the kdumpgui_exec_t type, if you want to transition an executable to the kdumpgui_t domain. ++- Set files with the kdumpgui_exec_t type, if you want to transition an executable to the kdumpgui_t domain. ++ ++ ++.EX ++.PP ++.B kdumpgui_tmp_t ++.EE ++ ++- Set files with the kdumpgui_tmp_t type, if you want to store kdumpgui temporary files in the /tmp directories. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux kdump policy is very flexible allowing users to setup their kdump processes in as secure a method as possible. ++.PP ++The following process types are defined for kdump: + +.EX -+.B kdumpgui_tmp_t ++.B kdumpgui_t, kdump_t +.EE -+ -+- Set files with the kdumpgui_tmp_t type, if you want to store kdumpgui temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -18139,10 +21240,10 @@ index 0000000..24e135c +selinux(8), kdump(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/kdumpgui_selinux.8 b/man/man8/kdumpgui_selinux.8 new file mode 100644 -index 0000000..c1bfc54 +index 0000000..ad3bde6 --- /dev/null +++ b/man/man8/kdumpgui_selinux.8 -@@ -0,0 +1,49 @@ +@@ -0,0 +1,79 @@ +.TH "kdumpgui_selinux" "8" "kdumpgui" "dwalsh@redhat.com" "kdumpgui SELinux Policy documentation" +.SH "NAME" +kdumpgui_selinux \- Security Enhanced Linux Policy for the kdumpgui processes @@ -18163,25 +21264,55 @@ index 0000000..c1bfc54 + + +.EX ++.PP +.B kdumpgui_exec_t +.EE + +- Set files with the kdumpgui_exec_t type, if you want to transition an executable to the kdumpgui_t domain. + ++ ++.EX ++.PP ++.B kdumpgui_tmp_t ++.EE ++ ++- Set files with the kdumpgui_tmp_t type, if you want to store kdumpgui temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux kdumpgui policy is very flexible allowing users to setup their kdumpgui processes in as secure a method as possible. ++.PP ++The following process types are defined for kdumpgui: + +.EX -+.B kdumpgui_tmp_t ++.B kdumpgui_t +.EE -+ -+- Set files with the kdumpgui_tmp_t type, if you want to store kdumpgui temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -18194,10 +21325,10 @@ index 0000000..c1bfc54 +selinux(8), kdumpgui(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/keyboardd_selinux.8 b/man/man8/keyboardd_selinux.8 new file mode 100644 -index 0000000..666443c +index 0000000..ab69c3b --- /dev/null +++ b/man/man8/keyboardd_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "keyboardd_selinux" "8" "keyboardd" "dwalsh@redhat.com" "keyboardd SELinux Policy documentation" +.SH "NAME" +keyboardd_selinux \- Security Enhanced Linux Policy for the keyboardd processes @@ -18218,18 +21349,47 @@ index 0000000..666443c + + +.EX ++.PP +.B keyboardd_exec_t +.EE + +- Set files with the keyboardd_exec_t type, if you want to transition an executable to the keyboardd_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux keyboardd policy is very flexible allowing users to setup their keyboardd processes in as secure a method as possible. ++.PP ++The following process types are defined for keyboardd: ++ ++.EX ++.B keyboardd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -18242,10 +21402,10 @@ index 0000000..666443c +selinux(8), keyboardd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/kismet_selinux.8 b/man/man8/kismet_selinux.8 new file mode 100644 -index 0000000..48d6ade +index 0000000..e1f3b32 --- /dev/null +++ b/man/man8/kismet_selinux.8 -@@ -0,0 +1,124 @@ +@@ -0,0 +1,145 @@ +.TH "kismet_selinux" "8" "kismet" "dwalsh@redhat.com" "kismet SELinux Policy documentation" +.SH "NAME" +kismet_selinux \- Security Enhanced Linux Policy for the kismet processes @@ -18266,19 +21426,15 @@ index 0000000..48d6ade + + +.EX ++.PP +.B kismet_exec_t +.EE + +- Set files with the kismet_exec_t type, if you want to transition an executable to the kismet_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B kismet_home_t +.EE + @@ -18286,19 +21442,15 @@ index 0000000..48d6ade + + +.EX ++.PP +.B kismet_log_t +.EE + +- Set files with the kismet_log_t type, if you want to treat the data as kismet log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B kismet_tmp_t +.EE + @@ -18306,6 +21458,7 @@ index 0000000..48d6ade + + +.EX ++.PP +.B kismet_tmpfs_t +.EE + @@ -18313,24 +21466,22 @@ index 0000000..48d6ade + + +.EX ++.PP +.B kismet_var_lib_t +.EE + +- Set files with the kismet_var_lib_t type, if you want to store the kismet files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B kismet_var_run_t +.EE + +- Set files with the kismet_var_run_t type, if you want to store the kismet files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -18349,17 +21500,47 @@ index 0000000..48d6ade +SELinux kismet policy is very flexible allowing users to setup their kismet processes in as secure a method as possible. +.PP +The following port types are defined for kismet: -+.EX + ++.EX ++.TP 5 +.B kismet_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux kismet policy is very flexible allowing users to setup their kismet processes in as secure a method as possible. ++.PP ++The following process types are defined for kismet: + -+.B tcp 2501 ++.EX ++.B kismet_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -18372,10 +21553,10 @@ index 0000000..48d6ade +selinux(8), kismet(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/klogd_selinux.8 b/man/man8/klogd_selinux.8 new file mode 100644 -index 0000000..0aea3e6 +index 0000000..f2ee399 --- /dev/null +++ b/man/man8/klogd_selinux.8 -@@ -0,0 +1,65 @@ +@@ -0,0 +1,91 @@ +.TH "klogd_selinux" "8" "klogd" "dwalsh@redhat.com" "klogd SELinux Policy documentation" +.SH "NAME" +klogd_selinux \- Security Enhanced Linux Policy for the klogd processes @@ -18396,22 +21577,19 @@ index 0000000..0aea3e6 + + +.EX ++.PP +.B klogd_exec_t +.EE + +- Set files with the klogd_exec_t type, if you want to transition an executable to the klogd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/rklogd, /sbin/klogd, /sbin/rklogd, /usr/sbin/klogd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B klogd_tmp_t +.EE + @@ -18419,18 +21597,47 @@ index 0000000..0aea3e6 + + +.EX ++.PP +.B klogd_var_run_t +.EE + +- Set files with the klogd_var_run_t type, if you want to store the klogd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux klogd policy is very flexible allowing users to setup their klogd processes in as secure a method as possible. ++.PP ++The following process types are defined for klogd: ++ ++.EX ++.B klogd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -18443,10 +21650,10 @@ index 0000000..0aea3e6 +selinux(8), klogd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/kpropd_selinux.8 b/man/man8/kpropd_selinux.8 new file mode 100644 -index 0000000..695d165 +index 0000000..8de9916 --- /dev/null +++ b/man/man8/kpropd_selinux.8 -@@ -0,0 +1,64 @@ +@@ -0,0 +1,97 @@ +.TH "kpropd_selinux" "8" "kpropd" "dwalsh@redhat.com" "kpropd SELinux Policy documentation" +.SH "NAME" +kpropd_selinux \- Security Enhanced Linux Policy for the kpropd processes @@ -18467,11 +21674,14 @@ index 0000000..695d165 + + +.EX ++.PP +.B kpropd_exec_t +.EE + +- Set files with the kpropd_exec_t type, if you want to transition an executable to the kpropd_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -18490,17 +21700,47 @@ index 0000000..695d165 +SELinux kpropd policy is very flexible allowing users to setup their kpropd processes in as secure a method as possible. +.PP +The following port types are defined for kpropd: -+.EX + ++.EX ++.TP 5 +.B kprop_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux kpropd policy is very flexible allowing users to setup their kpropd processes in as secure a method as possible. ++.PP ++The following process types are defined for kpropd: + -+.B tcp 754 ++.EX ++.B kpropd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -18513,10 +21753,10 @@ index 0000000..695d165 +selinux(8), kpropd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/krb5kdc_selinux.8 b/man/man8/krb5kdc_selinux.8 new file mode 100644 -index 0000000..22ce8ba +index 0000000..bc8517e --- /dev/null +++ b/man/man8/krb5kdc_selinux.8 -@@ -0,0 +1,117 @@ +@@ -0,0 +1,131 @@ +.TH "krb5kdc_selinux" "8" "krb5kdc" "dwalsh@redhat.com" "krb5kdc SELinux Policy documentation" +.SH "NAME" +krb5kdc_selinux \- Security Enhanced Linux Policy for the krb5kdc processes @@ -18537,80 +21777,59 @@ index 0000000..22ce8ba + + +.EX ++.PP +.B krb5kdc_conf_t +.EE + +- Set files with the krb5kdc_conf_t type, if you want to treat the files as krb5kdc configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/var/kerberos/krb5kdc(/.*)?, /etc/krb5kdc(/.*)?, /usr/local/var/krb5kdc(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B krb5kdc_exec_t +.EE + +- Set files with the krb5kdc_exec_t type, if you want to transition an executable to the krb5kdc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B krb5kdc_lock_t +.EE + +- Set files with the krb5kdc_lock_t type, if you want to treat the files as krb5kdc lock data, stored under the /var/lock directory + +.br ++.TP 5 +Paths: +/var/kerberos/krb5kdc/principal.*\.ok, /var/kerberos/krb5kdc/from_master.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B krb5kdc_log_t +.EE + +- Set files with the krb5kdc_log_t type, if you want to treat the data as krb5kdc log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B krb5kdc_principal_t +.EE + +- Set files with the krb5kdc_principal_t type, if you want to treat the files as krb5kdc principal data. + +.br ++.TP 5 +Paths: +/usr/local/var/krb5kdc/principal.*, /etc/krb5kdc/principal.*, /var/kerberos/krb5kdc/principal.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B krb5kdc_tmp_t +.EE + @@ -18618,12 +21837,47 @@ index 0000000..22ce8ba + + +.EX ++.PP +.B krb5kdc_var_run_t +.EE + +- Set files with the krb5kdc_var_run_t type, if you want to store the krb5kdc files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux krb5kdc policy is very flexible allowing users to setup their krb5kdc processes in as secure a method as possible. ++.PP ++The following process types are defined for krb5kdc: ++ ++.EX ++.B krb5kdc_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -18636,10 +21890,10 @@ index 0000000..22ce8ba +selinux(8), krb5kdc(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ksmtuned_selinux.8 b/man/man8/ksmtuned_selinux.8 new file mode 100644 -index 0000000..d1f5751 +index 0000000..0741744 --- /dev/null +++ b/man/man8/ksmtuned_selinux.8 -@@ -0,0 +1,81 @@ +@@ -0,0 +1,95 @@ +.TH "ksmtuned_selinux" "8" "ksmtuned" "dwalsh@redhat.com" "ksmtuned SELinux Policy documentation" +.SH "NAME" +ksmtuned_selinux \- Security Enhanced Linux Policy for the ksmtuned processes @@ -18660,57 +21914,71 @@ index 0000000..d1f5751 + + +.EX ++.PP +.B ksmtuned_exec_t +.EE + +- Set files with the ksmtuned_exec_t type, if you want to transition an executable to the ksmtuned_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ksmtuned_initrc_exec_t +.EE + +- Set files with the ksmtuned_initrc_exec_t type, if you want to transition an executable to the ksmtuned_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ksmtuned_log_t +.EE + +- Set files with the ksmtuned_log_t type, if you want to treat the data as ksmtuned log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ksmtuned_var_run_t +.EE + +- Set files with the ksmtuned_var_run_t type, if you want to store the ksmtuned files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ksmtuned policy is very flexible allowing users to setup their ksmtuned processes in as secure a method as possible. ++.PP ++The following process types are defined for ksmtuned: ++ ++.EX ++.B ksmtuned_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -18723,10 +21991,10 @@ index 0000000..d1f5751 +selinux(8), ksmtuned(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ktalkd_selinux.8 b/man/man8/ktalkd_selinux.8 new file mode 100644 -index 0000000..3a87044 +index 0000000..324869b --- /dev/null +++ b/man/man8/ktalkd_selinux.8 -@@ -0,0 +1,94 @@ +@@ -0,0 +1,125 @@ +.TH "ktalkd_selinux" "8" "ktalkd" "dwalsh@redhat.com" "ktalkd SELinux Policy documentation" +.SH "NAME" +ktalkd_selinux \- Security Enhanced Linux Policy for the ktalkd processes @@ -18747,35 +22015,27 @@ index 0000000..3a87044 + + +.EX ++.PP +.B ktalkd_exec_t +.EE + +- Set files with the ktalkd_exec_t type, if you want to transition an executable to the ktalkd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/in\.talkd, /usr/bin/ktalkd, /usr/sbin/in\.ntalkd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ktalkd_log_t +.EE + +- Set files with the ktalkd_log_t type, if you want to treat the data as ktalkd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ktalkd_tmp_t +.EE + @@ -18783,11 +22043,20 @@ index 0000000..3a87044 + + +.EX ++.PP +.B ktalkd_var_run_t +.EE + +- Set files with the ktalkd_var_run_t type, if you want to store the ktalkd files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -18800,17 +22069,47 @@ index 0000000..3a87044 +SELinux ktalkd policy is very flexible allowing users to setup their ktalkd processes in as secure a method as possible. +.PP +The following port types are defined for ktalkd: -+.EX + ++.EX ++.TP 5 +.B ktalkd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ktalkd policy is very flexible allowing users to setup their ktalkd processes in as secure a method as possible. ++.PP ++The following process types are defined for ktalkd: + -+.B udp 517,518 ++.EX ++.B ktalkd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -18823,10 +22122,10 @@ index 0000000..3a87044 +selinux(8), ktalkd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/l2tpd_selinux.8 b/man/man8/l2tpd_selinux.8 new file mode 100644 -index 0000000..4d98499 +index 0000000..deb4542 --- /dev/null +++ b/man/man8/l2tpd_selinux.8 -@@ -0,0 +1,84 @@ +@@ -0,0 +1,107 @@ +.TH "l2tpd_selinux" "8" "l2tpd" "dwalsh@redhat.com" "l2tpd SELinux Policy documentation" +.SH "NAME" +l2tpd_selinux \- Security Enhanced Linux Policy for the l2tpd processes @@ -18847,38 +22146,31 @@ index 0000000..4d98499 + + +.EX ++.PP +.B l2tpd_exec_t +.EE + +- Set files with the l2tpd_exec_t type, if you want to transition an executable to the l2tpd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/xl2tpd, /usr/sbin/openl2tpd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B l2tpd_initrc_exec_t +.EE + +- Set files with the l2tpd_initrc_exec_t type, if you want to transition an executable to the l2tpd_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/xl2tpd, /etc/rc\.d/init\.d/openl2tpd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B l2tpd_tmp_t +.EE + @@ -18886,21 +22178,51 @@ index 0000000..4d98499 + + +.EX ++.PP +.B l2tpd_var_run_t +.EE + +- Set files with the l2tpd_var_run_t type, if you want to store the l2tpd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/xl2tpd(/.*)?, /var/run/xl2tpd\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux l2tpd policy is very flexible allowing users to setup their l2tpd processes in as secure a method as possible. ++.PP ++The following process types are defined for l2tpd: ++ ++.EX ++.B l2tpd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -18913,10 +22235,10 @@ index 0000000..4d98499 +selinux(8), l2tpd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ldconfig_selinux.8 b/man/man8/ldconfig_selinux.8 new file mode 100644 -index 0000000..379dd3e +index 0000000..671bb09 --- /dev/null +++ b/man/man8/ldconfig_selinux.8 -@@ -0,0 +1,65 @@ +@@ -0,0 +1,91 @@ +.TH "ldconfig_selinux" "8" "ldconfig" "dwalsh@redhat.com" "ldconfig SELinux Policy documentation" +.SH "NAME" +ldconfig_selinux \- Security Enhanced Linux Policy for the ldconfig processes @@ -18937,41 +22259,67 @@ index 0000000..379dd3e + + +.EX ++.PP +.B ldconfig_cache_t +.EE + +- Set files with the ldconfig_cache_t type, if you want to store the files under the /var/cache directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ldconfig_exec_t +.EE + +- Set files with the ldconfig_exec_t type, if you want to transition an executable to the ldconfig_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/ldconfig, /sbin/ldconfig ++ ++.EX ++.PP ++.B ldconfig_tmp_t ++.EE ++ ++- Set files with the ldconfig_tmp_t type, if you want to store ldconfig temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ldconfig policy is very flexible allowing users to setup their ldconfig processes in as secure a method as possible. ++.PP ++The following process types are defined for ldconfig: + +.EX -+.B ldconfig_tmp_t ++.B ldconfig_t +.EE -+ -+- Set files with the ldconfig_tmp_t type, if you want to store ldconfig temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -18984,10 +22332,10 @@ index 0000000..379dd3e +selinux(8), ldconfig(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/libra_selinux.8 b/man/man8/libra_selinux.8 new file mode 100644 -index 0000000..c949f12 +index 0000000..98838a9 --- /dev/null +++ b/man/man8/libra_selinux.8 -@@ -0,0 +1,167 @@ +@@ -0,0 +1,173 @@ +.TH "libra_selinux" "8" "libra" "dwalsh@redhat.com" "libra SELinux Policy documentation" +.SH "NAME" +libra_selinux \- Security Enhanced Linux Policy for the libra processes @@ -19008,35 +22356,27 @@ index 0000000..c949f12 + + +.EX ++.PP +.B libra_cgroup_read_exec_t +.EE + +- Set files with the libra_cgroup_read_exec_t type, if you want to transition an executable to the libra_cgroup_read_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B libra_initrc_exec_t +.EE + +- Set files with the libra_initrc_exec_t type, if you want to transition an executable to the libra_initrc_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/rhc-restorer, /etc/rc\.d/init\.d/mcollective, /etc/rc\.d/init\.d/libra -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B libra_initrc_tmp_t +.EE + @@ -19044,19 +22384,15 @@ index 0000000..c949f12 + + +.EX ++.PP +.B libra_log_t +.EE + +- Set files with the libra_log_t type, if you want to treat the data as libra log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B libra_mail_tmp_t +.EE + @@ -19064,63 +22400,46 @@ index 0000000..c949f12 + + +.EX ++.PP +.B libra_private_file_t +.EE + +- Set files with the libra_private_file_t type, if you want to treat the files as libra private content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B libra_rw_file_t +.EE + +- Set files with the libra_rw_file_t type, if you want to treat the files as libra rw content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B libra_tmp_t +.EE + +- Set files with the libra_tmp_t type, if you want to store libra temporary files in the /tmp directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B libra_var_lib_t +.EE + +- Set files with the libra_var_lib_t type, if you want to store the libra files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B libra_var_run_t +.EE + +- Set files with the libra_var_run_t type, if you want to store the libra files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -19139,12 +22458,47 @@ index 0000000..c949f12 +SELinux libra policy is very flexible allowing users to setup their libra processes in as secure a method as possible. +.PP +The following port types are defined for libra: -+.EX + ++.EX ++.TP 5 +.B libra_port_t ++.TP 10 ++.EE ++ ++ ++Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux libra policy is very flexible allowing users to setup their libra processes in as secure a method as possible. ++.PP ++The following process types are defined for libra: ++ ++.EX ++.B libra_t, libra_initrc_t, libra_mail_t, libra_net_app_t, libra_min_app_t, libra_app_t, libra_min_t, libra_net_t, libra_cgroup_read_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -19157,10 +22511,10 @@ index 0000000..c949f12 +selinux(8), libra(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/lircd_selinux.8 b/man/man8/lircd_selinux.8 new file mode 100644 -index 0000000..962b809 +index 0000000..42bf721 --- /dev/null +++ b/man/man8/lircd_selinux.8 -@@ -0,0 +1,109 @@ +@@ -0,0 +1,129 @@ +.TH "lircd_selinux" "8" "lircd" "dwalsh@redhat.com" "lircd SELinux Policy documentation" +.SH "NAME" +lircd_selinux \- Security Enhanced Linux Policy for the lircd processes @@ -19181,56 +22535,46 @@ index 0000000..962b809 + + +.EX ++.PP +.B lircd_etc_t +.EE + +- Set files with the lircd_etc_t type, if you want to store lircd files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/lircd\.conf, /etc/lirc(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lircd_exec_t +.EE + +- Set files with the lircd_exec_t type, if you want to transition an executable to the lircd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lircd_initrc_exec_t +.EE + +- Set files with the lircd_initrc_exec_t type, if you want to transition an executable to the lircd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lircd_var_run_t +.EE + +- Set files with the lircd_var_run_t type, if you want to store the lircd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/lirc(/.*)?, /var/run/lircd(/.*)?, /var/run/lircd\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -19249,17 +22593,47 @@ index 0000000..962b809 +SELinux lircd policy is very flexible allowing users to setup their lircd processes in as secure a method as possible. +.PP +The following port types are defined for lircd: -+.EX + ++.EX ++.TP 5 +.B lirc_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux lircd policy is very flexible allowing users to setup their lircd processes in as secure a method as possible. ++.PP ++The following process types are defined for lircd: + -+.B tcp 8765 ++.EX ++.B lircd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -19272,10 +22646,10 @@ index 0000000..962b809 +selinux(8), lircd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/livecd_selinux.8 b/man/man8/livecd_selinux.8 new file mode 100644 -index 0000000..1d027b3 +index 0000000..deddf24 --- /dev/null +++ b/man/man8/livecd_selinux.8 -@@ -0,0 +1,49 @@ +@@ -0,0 +1,79 @@ +.TH "livecd_selinux" "8" "livecd" "dwalsh@redhat.com" "livecd SELinux Policy documentation" +.SH "NAME" +livecd_selinux \- Security Enhanced Linux Policy for the livecd processes @@ -19296,25 +22670,55 @@ index 0000000..1d027b3 + + +.EX ++.PP +.B livecd_exec_t +.EE + +- Set files with the livecd_exec_t type, if you want to transition an executable to the livecd_t domain. + ++ ++.EX ++.PP ++.B livecd_tmp_t ++.EE ++ ++- Set files with the livecd_tmp_t type, if you want to store livecd temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux livecd policy is very flexible allowing users to setup their livecd processes in as secure a method as possible. ++.PP ++The following process types are defined for livecd: + +.EX -+.B livecd_tmp_t ++.B livecd_t +.EE -+ -+- Set files with the livecd_tmp_t type, if you want to store livecd temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -19327,10 +22731,10 @@ index 0000000..1d027b3 +selinux(8), livecd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/lldpad_selinux.8 b/man/man8/lldpad_selinux.8 new file mode 100644 -index 0000000..8a0d0e0 +index 0000000..b83dbe6 --- /dev/null +++ b/man/man8/lldpad_selinux.8 -@@ -0,0 +1,88 @@ +@@ -0,0 +1,103 @@ +.TH "lldpad_selinux" "8" "lldpad" "dwalsh@redhat.com" "lldpad SELinux Policy documentation" +.SH "NAME" +lldpad_selinux \- Security Enhanced Linux Policy for the lldpad processes @@ -19351,32 +22755,23 @@ index 0000000..8a0d0e0 + + +.EX ++.PP +.B lldpad_exec_t +.EE + +- Set files with the lldpad_exec_t type, if you want to transition an executable to the lldpad_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lldpad_initrc_exec_t +.EE + +- Set files with the lldpad_initrc_exec_t type, if you want to transition an executable to the lldpad_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lldpad_tmpfs_t +.EE + @@ -19384,31 +22779,55 @@ index 0000000..8a0d0e0 + + +.EX ++.PP +.B lldpad_var_lib_t +.EE + +- Set files with the lldpad_var_lib_t type, if you want to store the lldpad files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lldpad_var_run_t +.EE + +- Set files with the lldpad_var_run_t type, if you want to store the lldpad files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux lldpad policy is very flexible allowing users to setup their lldpad processes in as secure a method as possible. ++.PP ++The following process types are defined for lldpad: ++ ++.EX ++.B lldpad_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -19421,10 +22840,10 @@ index 0000000..8a0d0e0 +selinux(8), lldpad(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/load_selinux.8 b/man/man8/load_selinux.8 new file mode 100644 -index 0000000..5fc3c08 +index 0000000..bf48263 --- /dev/null +++ b/man/man8/load_selinux.8 -@@ -0,0 +1,90 @@ +@@ -0,0 +1,116 @@ +.TH "load_selinux" "8" "load" "dwalsh@redhat.com" "load SELinux Policy documentation" +.SH "NAME" +load_selinux \- Security Enhanced Linux Policy for the load processes @@ -19470,37 +22889,63 @@ index 0000000..5fc3c08 + + +.EX ++.PP +.B load_policy_exec_t +.EE + +- Set files with the load_policy_exec_t type, if you want to transition an executable to the load_policy_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/load_policy, /sbin/load_policy -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B loadkeys_exec_t +.EE + +- Set files with the loadkeys_exec_t type, if you want to transition an executable to the loadkeys_t domain. + +.br ++.TP 5 +Paths: +/bin/unikeys, /usr/bin/unikeys, /bin/loadkeys, /usr/bin/loadkeys ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux load policy is very flexible allowing users to setup their load processes in as secure a method as possible. ++.PP ++The following process types are defined for load: ++ ++.EX ++.B loadkeys_t, load_policy_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -19518,10 +22963,10 @@ index 0000000..5fc3c08 \ No newline at end of file diff --git a/man/man8/loadkeys_selinux.8 b/man/man8/loadkeys_selinux.8 new file mode 100644 -index 0000000..4340334 +index 0000000..d6b82cd --- /dev/null +++ b/man/man8/loadkeys_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "loadkeys_selinux" "8" "loadkeys" "dwalsh@redhat.com" "loadkeys SELinux Policy documentation" +.SH "NAME" +loadkeys_selinux \- Security Enhanced Linux Policy for the loadkeys processes @@ -19542,21 +22987,51 @@ index 0000000..4340334 + + +.EX ++.PP +.B loadkeys_exec_t +.EE + +- Set files with the loadkeys_exec_t type, if you want to transition an executable to the loadkeys_t domain. + +.br ++.TP 5 +Paths: +/bin/unikeys, /usr/bin/unikeys, /bin/loadkeys, /usr/bin/loadkeys ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux loadkeys policy is very flexible allowing users to setup their loadkeys processes in as secure a method as possible. ++.PP ++The following process types are defined for loadkeys: ++ ++.EX ++.B loadkeys_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -19569,10 +23044,10 @@ index 0000000..4340334 +selinux(8), loadkeys(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/locate_selinux.8 b/man/man8/locate_selinux.8 new file mode 100644 -index 0000000..3a5c2ac +index 0000000..7c3d369 --- /dev/null +++ b/man/man8/locate_selinux.8 -@@ -0,0 +1,62 @@ +@@ -0,0 +1,87 @@ +.TH "locate_selinux" "8" "locate" "dwalsh@redhat.com" "locate SELinux Policy documentation" +.SH "NAME" +locate_selinux \- Security Enhanced Linux Policy for the locate processes @@ -19593,19 +23068,15 @@ index 0000000..3a5c2ac + + +.EX ++.PP +.B locate_exec_t +.EE + +- Set files with the locate_exec_t type, if you want to transition an executable to the locate_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B locate_log_t +.EE + @@ -19613,18 +23084,47 @@ index 0000000..3a5c2ac + + +.EX ++.PP +.B locate_var_lib_t +.EE + +- Set files with the locate_var_lib_t type, if you want to store the locate files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux locate policy is very flexible allowing users to setup their locate processes in as secure a method as possible. ++.PP ++The following process types are defined for locate: ++ ++.EX ++.B locate_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -19637,10 +23137,10 @@ index 0000000..3a5c2ac +selinux(8), locate(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/lockdev_selinux.8 b/man/man8/lockdev_selinux.8 new file mode 100644 -index 0000000..cacfa1a +index 0000000..0996a05 --- /dev/null +++ b/man/man8/lockdev_selinux.8 -@@ -0,0 +1,49 @@ +@@ -0,0 +1,79 @@ +.TH "lockdev_selinux" "8" "lockdev" "dwalsh@redhat.com" "lockdev SELinux Policy documentation" +.SH "NAME" +lockdev_selinux \- Security Enhanced Linux Policy for the lockdev processes @@ -19661,25 +23161,55 @@ index 0000000..cacfa1a + + +.EX ++.PP +.B lockdev_exec_t +.EE + +- Set files with the lockdev_exec_t type, if you want to transition an executable to the lockdev_t domain. + ++ ++.EX ++.PP ++.B lockdev_lock_t ++.EE ++ ++- Set files with the lockdev_lock_t type, if you want to treat the files as lockdev lock data, stored under the /var/lock directory ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux lockdev policy is very flexible allowing users to setup their lockdev processes in as secure a method as possible. ++.PP ++The following process types are defined for lockdev: + +.EX -+.B lockdev_lock_t ++.B lockdev_t +.EE -+ -+- Set files with the lockdev_lock_t type, if you want to treat the files as lockdev lock data, stored under the /var/lock directory ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -19692,10 +23222,10 @@ index 0000000..cacfa1a +selinux(8), lockdev(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/logrotate_selinux.8 b/man/man8/logrotate_selinux.8 new file mode 100644 -index 0000000..c9da9b4 +index 0000000..d1175ed --- /dev/null +++ b/man/man8/logrotate_selinux.8 -@@ -0,0 +1,79 @@ +@@ -0,0 +1,107 @@ +.TH "logrotate_selinux" "8" "logrotate" "dwalsh@redhat.com" "logrotate SELinux Policy documentation" +.SH "NAME" +logrotate_selinux \- Security Enhanced Linux Policy for the logrotate processes @@ -19716,22 +23246,19 @@ index 0000000..c9da9b4 + + +.EX ++.PP +.B logrotate_exec_t +.EE + +- Set files with the logrotate_exec_t type, if you want to transition an executable to the logrotate_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/logrotate, /etc/cron\.(daily|weekly)/sysklogd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B logrotate_lock_t +.EE + @@ -19739,6 +23266,7 @@ index 0000000..c9da9b4 + + +.EX ++.PP +.B logrotate_mail_tmp_t +.EE + @@ -19746,6 +23274,7 @@ index 0000000..c9da9b4 + + +.EX ++.PP +.B logrotate_tmp_t +.EE + @@ -19753,18 +23282,47 @@ index 0000000..c9da9b4 + + +.EX ++.PP +.B logrotate_var_lib_t +.EE + +- Set files with the logrotate_var_lib_t type, if you want to store the logrotate files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux logrotate policy is very flexible allowing users to setup their logrotate processes in as secure a method as possible. ++.PP ++The following process types are defined for logrotate: ++ ++.EX ++.B logrotate_t, logrotate_mail_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -19777,10 +23335,10 @@ index 0000000..c9da9b4 +selinux(8), logrotate(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/logwatch_selinux.8 b/man/man8/logwatch_selinux.8 new file mode 100644 -index 0000000..53a1d58 +index 0000000..1b28304 --- /dev/null +++ b/man/man8/logwatch_selinux.8 -@@ -0,0 +1,101 @@ +@@ -0,0 +1,119 @@ +.TH "logwatch_selinux" "8" "logwatch" "dwalsh@redhat.com" "logwatch SELinux Policy documentation" +.SH "NAME" +logwatch_selinux \- Security Enhanced Linux Policy for the logwatch processes @@ -19801,51 +23359,39 @@ index 0000000..53a1d58 + + +.EX ++.PP +.B logwatch_cache_t +.EE + +- Set files with the logwatch_cache_t type, if you want to store the files under the /var/cache directory. + +.br ++.TP 5 +Paths: +/var/lib/epylog(/.*)?, /var/cache/logwatch(/.*)?, /var/lib/logcheck(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B logwatch_exec_t +.EE + +- Set files with the logwatch_exec_t type, if you want to transition an executable to the logwatch_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/logcheck, /usr/sbin/epylog, /usr/share/logwatch/scripts/logwatch\.pl -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B logwatch_lock_t +.EE + +- Set files with the logwatch_lock_t type, if you want to treat the files as logwatch lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B logwatch_mail_tmp_t +.EE + @@ -19853,6 +23399,7 @@ index 0000000..53a1d58 + + +.EX ++.PP +.B logwatch_tmp_t +.EE + @@ -19860,18 +23407,47 @@ index 0000000..53a1d58 + + +.EX ++.PP +.B logwatch_var_run_t +.EE + +- Set files with the logwatch_var_run_t type, if you want to store the logwatch files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux logwatch policy is very flexible allowing users to setup their logwatch processes in as secure a method as possible. ++.PP ++The following process types are defined for logwatch: ++ ++.EX ++.B logwatch_t, logwatch_mail_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -19884,10 +23460,10 @@ index 0000000..53a1d58 +selinux(8), logwatch(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/lpd_selinux.8 b/man/man8/lpd_selinux.8 new file mode 100644 -index 0000000..3f0884b +index 0000000..b3cc89a --- /dev/null +++ b/man/man8/lpd_selinux.8 -@@ -0,0 +1,80 @@ +@@ -0,0 +1,106 @@ +.TH "lpd_selinux" "8" "lpd" "dwalsh@redhat.com" "lpd SELinux Policy documentation" +.SH "NAME" +lpd_selinux \- Security Enhanced Linux Policy for the lpd processes @@ -19919,19 +23495,15 @@ index 0000000..3f0884b + + +.EX ++.PP +.B lpd_exec_t +.EE + +- Set files with the lpd_exec_t type, if you want to transition an executable to the lpd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lpd_tmp_t +.EE + @@ -19939,21 +23511,51 @@ index 0000000..3f0884b + + +.EX ++.PP +.B lpd_var_run_t +.EE + +- Set files with the lpd_var_run_t type, if you want to store the lpd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/lprng(/.*)?, /var/spool/turboprint(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux lpd policy is very flexible allowing users to setup their lpd processes in as secure a method as possible. ++.PP ++The following process types are defined for lpd: ++ ++.EX ++.B lpd_t, lpr_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -19971,10 +23573,10 @@ index 0000000..3f0884b \ No newline at end of file diff --git a/man/man8/lpr_selinux.8 b/man/man8/lpr_selinux.8 new file mode 100644 -index 0000000..962eeab +index 0000000..5365989 --- /dev/null +++ b/man/man8/lpr_selinux.8 -@@ -0,0 +1,52 @@ +@@ -0,0 +1,83 @@ +.TH "lpr_selinux" "8" "lpr" "dwalsh@redhat.com" "lpr SELinux Policy documentation" +.SH "NAME" +lpr_selinux \- Security Enhanced Linux Policy for the lpr processes @@ -19995,28 +23597,59 @@ index 0000000..962eeab + + +.EX ++.PP +.B lpr_exec_t +.EE + +- Set files with the lpr_exec_t type, if you want to transition an executable to the lpr_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/accept, /opt/gutenprint/s?bin(/.*)?, /usr/bin/cancel(\.cups)?, /usr/bin/lp(\.cups)?, /usr/bin/lpstat(\.cups)?, /usr/sbin/lpc(\.cups)?, /usr/local/linuxprinter/bin/l?lpr, /usr/bin/lpoptions, /usr/bin/lpq(\.cups)?, /usr/sbin/lpadmin, /usr/sbin/lpinfo, /usr/bin/lpr(\.cups)?, /usr/sbin/lpmove, /usr/bin/lprm(\.cups)? ++ ++.EX ++.PP ++.B lpr_tmp_t ++.EE ++ ++- Set files with the lpr_tmp_t type, if you want to store lpr temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux lpr policy is very flexible allowing users to setup their lpr processes in as secure a method as possible. ++.PP ++The following process types are defined for lpr: + +.EX -+.B lpr_tmp_t ++.B lpr_t +.EE -+ -+- Set files with the lpr_tmp_t type, if you want to store lpr temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -20029,10 +23662,10 @@ index 0000000..962eeab +selinux(8), lpr(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/lsassd_selinux.8 b/man/man8/lsassd_selinux.8 new file mode 100644 -index 0000000..855c18d +index 0000000..0f54934 --- /dev/null +++ b/man/man8/lsassd_selinux.8 -@@ -0,0 +1,94 @@ +@@ -0,0 +1,111 @@ +.TH "lsassd_selinux" "8" "lsassd" "dwalsh@redhat.com" "lsassd SELinux Policy documentation" +.SH "NAME" +lsassd_selinux \- Security Enhanced Linux Policy for the lsassd processes @@ -20053,19 +23686,15 @@ index 0000000..855c18d + + +.EX ++.PP +.B lsassd_exec_t +.EE + +- Set files with the lsassd_exec_t type, if you want to transition an executable to the lsassd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lsassd_tmp_t +.EE + @@ -20073,50 +23702,71 @@ index 0000000..855c18d + + +.EX ++.PP +.B lsassd_var_lib_t +.EE + +- Set files with the lsassd_var_lib_t type, if you want to store the lsassd files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/likewise-open/krb5ccr_lsass, /var/lib/likewise-open/db/lsass-adstate\.filedb, /var/lib/likewise-open/lsasd\.err, /var/lib/likewise-open/db/lsass-adcache\.db, /var/lib/likewise-open/db/sam\.db -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lsassd_var_run_t +.EE + +- Set files with the lsassd_var_run_t type, if you want to store the lsassd files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lsassd_var_socket_t +.EE + +- Set files with the lsassd_var_socket_t type, if you want to treat the files as lsassd var socket data. + +.br ++.TP 5 +Paths: +/var/lib/likewise-open/rpc/lsass, /var/lib/likewise-open/\.lsassd, /var/lib/likewise-open/\.ntlmd ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux lsassd policy is very flexible allowing users to setup their lsassd processes in as secure a method as possible. ++.PP ++The following process types are defined for lsassd: ++ ++.EX ++.B lsassd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -20129,10 +23779,10 @@ index 0000000..855c18d +selinux(8), lsassd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/lvm_selinux.8 b/man/man8/lvm_selinux.8 new file mode 100644 -index 0000000..3cef9b9 +index 0000000..3f8682b --- /dev/null +++ b/man/man8/lvm_selinux.8 -@@ -0,0 +1,126 @@ +@@ -0,0 +1,135 @@ +.TH "lvm_selinux" "8" "lvm" "dwalsh@redhat.com" "lvm SELinux Policy documentation" +.SH "NAME" +lvm_selinux \- Security Enhanced Linux Policy for the lvm processes @@ -20153,67 +23803,51 @@ index 0000000..3cef9b9 + + +.EX ++.PP +.B lvm_etc_t +.EE + +- Set files with the lvm_etc_t type, if you want to store lvm files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lvm_exec_t +.EE + +- Set files with the lvm_exec_t type, if you want to transition an executable to the lvm_t domain. + +.br ++.TP 5 +Paths: +/sbin/dmsetup, /usr/sbin/dmsetup, /usr/sbin/pvchange, /sbin/dmraid, /sbin/pvremove, /sbin/vgextend, /sbin/vgmerge, /sbin/vgscan\.static, /usr/sbin/pvdisplay, /sbin/vgrename, /usr/sbin/vgck, /sbin/lvdisplay, /sbin/multipath\.static, /usr/sbin/vgremove, /usr/sbin/vgmknodes, /usr/lib/lvm-10/.*, /sbin/pvs, /usr/sbin/vgwrapper, /sbin/lvmdiskscan, /sbin/lvresize, /sbin/vgmknodes, /usr/sbin/lvdisplay, /usr/sbin/mount\.crypt, /usr/sbin/vgsplit, /usr/lib/systemd/systemd-cryptsetup, /sbin/pvmove, /usr/sbin/pvcreate, /usr/sbin/lvmdiskscan, /usr/sbin/vgcfgbackup, /usr/sbin/vgimport, /sbin/vgck, /sbin/pvcreate, /usr/sbin/lvmchange, /sbin/lvreduce, /sbin/vgscan, /sbin/lvremove, /sbin/pvscan, /lib/lvm-200/.*, /usr/sbin/lvremove, /usr/sbin/lvrename, /usr/sbin/lvmsadc, /usr/sbin/lvm, /usr/lib/lvm-200/.*, /usr/sbin/pvdata, /sbin/vgchange, /usr/sbin/multipath\.static, /sbin/lvm\.static, /sbin/vgcfgbackup, /sbin/e2fsadm, /sbin/lvm, /sbin/pvdata, /usr/sbin/lvmiopversion, /usr/sbin/vgextend, /sbin/lvextend, /usr/lib/udev/udisks-lvm-pv-export, /sbin/vgcfgrestore, /usr/sbin/vgscan, /sbin/vgs, /sbin/lvmchange, /sbin/vgimport, /usr/sbin/lvscan, /usr/sbin/pvscan, /usr/sbin/vgreduce, /usr/sbin/dmsetup\.static, /usr/sbin/vgchange\.static, /usr/sbin/vgexport, /usr/sbin/lvextend, /usr/sbin/cryptsetup, /usr/sbin/dmraid, /usr/sbin/lvresize, /sbin/dmsetup\.static, /sbin/lvmsar, /usr/sbin/vgs, /usr/sbin/vgrename, /usr/sbin/lvs, /sbin/vgchange\.static, /usr/sbin/pvmove, /sbin/lvmsadc, /sbin/lvmiopversion, /usr/sbin/vgscan\.static, /sbin/pvdisplay, /sbin/vgsplit, /usr/sbin/vgcfgrestore, /usr/sbin/kpartx, /sbin/cryptsetup, /usr/sbin/lvcreate, /lib/udev/udisks-lvm-pv-export, /sbin/vgwrapper, /sbin/lvchange, /sbin/pvchange, /usr/sbin/lvm\.static, /usr/sbin/multipathd, /sbin/mount\.crypt, /sbin/vgcreate, /sbin/vgreduce, /usr/sbin/lvreduce, /sbin/lvrename, /lib/systemd/systemd-cryptsetup, /sbin/multipathd, /usr/sbin/vgcreate, /usr/sbin/vgmerge, /sbin/vgexport, /usr/sbin/lvchange, /sbin/lvs, /usr/sbin/lvmsar, /usr/sbin/vgdisplay, /usr/sbin/vgchange, /sbin/kpartx, /usr/sbin/pvs, /lib/lvm-10/.*, /sbin/lvscan, /sbin/vgremove, /sbin/lvcreate, /sbin/vgdisplay, /usr/sbin/pvremove, /usr/sbin/e2fsadm -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lvm_lock_t +.EE + +- Set files with the lvm_lock_t type, if you want to treat the files as lvm lock data, stored under the /var/lock directory + +.br ++.TP 5 +Paths: +/var/lock/lvm(/.*)?, /etc/lvm/lock(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lvm_metadata_t +.EE + +- Set files with the lvm_metadata_t type, if you want to treat the files as lvm metadata data. + +.br ++.TP 5 +Paths: +/etc/lvm/backup(/.*)?, /var/cache/multipathd(/.*)?, /etc/lvmtab\.d(/.*)?, /etc/lvmtab(/.*)?, /etc/lvm/\.cache, /etc/lvm/archive(/.*)?, /etc/lvm/cache(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lvm_tmp_t +.EE + @@ -20221,34 +23855,59 @@ index 0000000..3cef9b9 + + +.EX ++.PP +.B lvm_var_lib_t +.EE + +- Set files with the lvm_var_lib_t type, if you want to store the lvm files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lvm_var_run_t +.EE + +- Set files with the lvm_var_run_t type, if you want to store the lvm files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/lvm(/.*)?, /var/run/multipathd\.sock, /var/run/dmevent.* ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux lvm policy is very flexible allowing users to setup their lvm processes in as secure a method as possible. ++.PP ++The following process types are defined for lvm: ++ ++.EX ++.B lvm_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -20261,10 +23920,10 @@ index 0000000..3cef9b9 +selinux(8), lvm(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/lwiod_selinux.8 b/man/man8/lwiod_selinux.8 new file mode 100644 -index 0000000..ca42854 +index 0000000..cd80258 --- /dev/null +++ b/man/man8/lwiod_selinux.8 -@@ -0,0 +1,75 @@ +@@ -0,0 +1,95 @@ +.TH "lwiod_selinux" "8" "lwiod" "dwalsh@redhat.com" "lwiod SELinux Policy documentation" +.SH "NAME" +lwiod_selinux \- Security Enhanced Linux Policy for the lwiod processes @@ -20285,19 +23944,15 @@ index 0000000..ca42854 + + +.EX ++.PP +.B lwiod_exec_t +.EE + +- Set files with the lwiod_exec_t type, if you want to transition an executable to the lwiod_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lwiod_var_lib_t +.EE + @@ -20305,31 +23960,55 @@ index 0000000..ca42854 + + +.EX ++.PP +.B lwiod_var_run_t +.EE + +- Set files with the lwiod_var_run_t type, if you want to store the lwiod files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lwiod_var_socket_t +.EE + +- Set files with the lwiod_var_socket_t type, if you want to treat the files as lwiod var socket data. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux lwiod policy is very flexible allowing users to setup their lwiod processes in as secure a method as possible. ++.PP ++The following process types are defined for lwiod: ++ ++.EX ++.B lwiod_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -20342,10 +24021,10 @@ index 0000000..ca42854 +selinux(8), lwiod(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/lwregd_selinux.8 b/man/man8/lwregd_selinux.8 new file mode 100644 -index 0000000..272addb +index 0000000..faa403c --- /dev/null +++ b/man/man8/lwregd_selinux.8 -@@ -0,0 +1,84 @@ +@@ -0,0 +1,99 @@ +.TH "lwregd_selinux" "8" "lwregd" "dwalsh@redhat.com" "lwregd SELinux Policy documentation" +.SH "NAME" +lwregd_selinux \- Security Enhanced Linux Policy for the lwregd processes @@ -20366,60 +24045,75 @@ index 0000000..272addb + + +.EX ++.PP +.B lwregd_exec_t +.EE + +- Set files with the lwregd_exec_t type, if you want to transition an executable to the lwregd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lwregd_var_lib_t +.EE + +- Set files with the lwregd_var_lib_t type, if you want to store the lwregd files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/likewise-open/db/registry\.db, /var/lib/likewise-open/regsd\.err -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lwregd_var_run_t +.EE + +- Set files with the lwregd_var_run_t type, if you want to store the lwregd files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lwregd_var_socket_t +.EE + +- Set files with the lwregd_var_socket_t type, if you want to treat the files as lwregd var socket data. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux lwregd policy is very flexible allowing users to setup their lwregd processes in as secure a method as possible. ++.PP ++The following process types are defined for lwregd: ++ ++.EX ++.B lwregd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -20432,10 +24126,10 @@ index 0000000..272addb +selinux(8), lwregd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/lwsmd_selinux.8 b/man/man8/lwsmd_selinux.8 new file mode 100644 -index 0000000..cd8dd75 +index 0000000..dabf317 --- /dev/null +++ b/man/man8/lwsmd_selinux.8 -@@ -0,0 +1,69 @@ +@@ -0,0 +1,95 @@ +.TH "lwsmd_selinux" "8" "lwsmd" "dwalsh@redhat.com" "lwsmd SELinux Policy documentation" +.SH "NAME" +lwsmd_selinux \- Security Enhanced Linux Policy for the lwsmd processes @@ -20456,19 +24150,15 @@ index 0000000..cd8dd75 + + +.EX ++.PP +.B lwsmd_exec_t +.EE + +- Set files with the lwsmd_exec_t type, if you want to transition an executable to the lwsmd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B lwsmd_var_lib_t +.EE + @@ -20476,6 +24166,7 @@ index 0000000..cd8dd75 + + +.EX ++.PP +.B lwsmd_var_run_t +.EE + @@ -20483,18 +24174,47 @@ index 0000000..cd8dd75 + + +.EX ++.PP +.B lwsmd_var_socket_t +.EE + +- Set files with the lwsmd_var_socket_t type, if you want to treat the files as lwsmd var socket data. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux lwsmd policy is very flexible allowing users to setup their lwsmd processes in as secure a method as possible. ++.PP ++The following process types are defined for lwsmd: ++ ++.EX ++.B lwsmd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -20507,10 +24227,10 @@ index 0000000..cd8dd75 +selinux(8), lwsmd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/mail_selinux.8 b/man/man8/mail_selinux.8 new file mode 100644 -index 0000000..25e692a +index 0000000..98a5752 --- /dev/null +++ b/man/man8/mail_selinux.8 -@@ -0,0 +1,276 @@ +@@ -0,0 +1,269 @@ +.TH "mail_selinux" "8" "mail" "dwalsh@redhat.com" "mail SELinux Policy documentation" +.SH "NAME" +mail_selinux \- Security Enhanced Linux Policy for the mail processes @@ -20563,38 +24283,31 @@ index 0000000..25e692a + + +.EX ++.PP +.B mail_home_t +.EE + +- Set files with the mail_home_t type, if you want to store mail files in the users home directory. + +.br ++.TP 5 +Paths: +/root/\.forward, /root/.mailrc, /root/dead.letter -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mail_munin_plugin_exec_t +.EE + +- Set files with the mail_munin_plugin_exec_t type, if you want to transition an executable to the mail_munin_plugin_t domain. + +.br ++.TP 5 +Paths: +/usr/share/munin/plugins/postfix_mail.*, /usr/share/munin/plugins/mailscanner, /usr/share/munin/plugins/courier_mta_.*, /usr/share/munin/plugins/mailman, /usr/share/munin/plugins/exim_mail.*, /usr/share/munin/plugins/qmail.*, /usr/share/munin/plugins/sendmail_.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mail_munin_plugin_tmp_t +.EE + @@ -20602,48 +24315,35 @@ index 0000000..25e692a + + +.EX ++.PP +.B mail_spool_t +.EE + +- Set files with the mail_spool_t type, if you want to store the mail files under the /var/spool directory. + +.br ++.TP 5 +Paths: +/var/mail(/.*)?, /var/spool/imap(/.*)?, /var/spool/mail(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_archive_t +.EE + +- Set files with the mailman_archive_t type, if you want to treat the files as mailman archive data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_cgi_exec_t +.EE + +- Set files with the mailman_cgi_exec_t type, if you want to transition an executable to the mailman_cgi_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_cgi_tmp_t +.EE + @@ -20651,64 +24351,47 @@ index 0000000..25e692a + + +.EX ++.PP +.B mailman_data_t +.EE + +- Set files with the mailman_data_t type, if you want to treat the files as mailman content. + +.br ++.TP 5 +Paths: +/etc/mailman(/.*)?, /var/spool/mailman(/.*)?, /var/lib/mailman(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_lock_t +.EE + +- Set files with the mailman_lock_t type, if you want to treat the files as mailman lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_log_t +.EE + +- Set files with the mailman_log_t type, if you want to treat the data as mailman log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_mail_exec_t +.EE + +- Set files with the mailman_mail_exec_t type, if you want to transition an executable to the mailman_mail_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/mailman/mail/mailman, /usr/lib/mailman/scripts/mailman, /usr/share/doc/mailman.*/mm-handler.*, /usr/lib/mailman/bin/mm-handler.*, /usr/lib/mailman/bin/mailmanctl -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_mail_tmp_t +.EE + @@ -20716,22 +24399,19 @@ index 0000000..25e692a + + +.EX ++.PP +.B mailman_queue_exec_t +.EE + +- Set files with the mailman_queue_exec_t type, if you want to transition an executable to the mailman_queue_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/mailman/bin/qrunner, /usr/lib/mailman/cron/.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_queue_tmp_t +.EE + @@ -20739,11 +24419,14 @@ index 0000000..25e692a + + +.EX ++.PP +.B mailman_var_run_t +.EE + +- Set files with the mailman_var_run_t type, if you want to store the mailman files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -20762,17 +24445,47 @@ index 0000000..25e692a +SELinux mail policy is very flexible allowing users to setup their mail processes in as secure a method as possible. +.PP +The following port types are defined for mail: -+.EX + ++.EX ++.TP 5 +.B mail_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mail policy is very flexible allowing users to setup their mail processes in as secure a method as possible. ++.PP ++The following process types are defined for mail: + -+.B tcp 2000,3905 ++.EX ++.B mailman_cgi_t, mailman_mail_t, mail_munin_plugin_t, mailman_queue_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -20790,7 +24503,7 @@ index 0000000..25e692a \ No newline at end of file diff --git a/man/man8/mailman_selinux.8 b/man/man8/mailman_selinux.8 new file mode 100644 -index 0000000..9103133 +index 0000000..e2d200a --- /dev/null +++ b/man/man8/mailman_selinux.8 @@ -0,0 +1,163 @@ @@ -20814,32 +24527,23 @@ index 0000000..9103133 + + +.EX ++.PP +.B mailman_archive_t +.EE + +- Set files with the mailman_archive_t type, if you want to treat the files as mailman archive data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_cgi_exec_t +.EE + +- Set files with the mailman_cgi_exec_t type, if you want to transition an executable to the mailman_cgi_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_cgi_tmp_t +.EE + @@ -20847,64 +24551,47 @@ index 0000000..9103133 + + +.EX ++.PP +.B mailman_data_t +.EE + +- Set files with the mailman_data_t type, if you want to treat the files as mailman content. + +.br ++.TP 5 +Paths: +/etc/mailman(/.*)?, /var/spool/mailman(/.*)?, /var/lib/mailman(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_lock_t +.EE + +- Set files with the mailman_lock_t type, if you want to treat the files as mailman lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_log_t +.EE + +- Set files with the mailman_log_t type, if you want to treat the data as mailman log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_mail_exec_t +.EE + +- Set files with the mailman_mail_exec_t type, if you want to transition an executable to the mailman_mail_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/mailman/mail/mailman, /usr/lib/mailman/scripts/mailman, /usr/share/doc/mailman.*/mm-handler.*, /usr/lib/mailman/bin/mm-handler.*, /usr/lib/mailman/bin/mailmanctl -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_mail_tmp_t +.EE + @@ -20912,22 +24599,19 @@ index 0000000..9103133 + + +.EX ++.PP +.B mailman_queue_exec_t +.EE + +- Set files with the mailman_queue_exec_t type, if you want to transition an executable to the mailman_queue_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/mailman/bin/qrunner, /usr/lib/mailman/cron/.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mailman_queue_tmp_t +.EE + @@ -20935,18 +24619,47 @@ index 0000000..9103133 + + +.EX ++.PP +.B mailman_var_run_t +.EE + +- Set files with the mailman_var_run_t type, if you want to store the mailman files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mailman policy is very flexible allowing users to setup their mailman processes in as secure a method as possible. ++.PP ++The following process types are defined for mailman: ++ ++.EX ++.B mailman_cgi_t, mailman_mail_t, mailman_queue_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -20959,10 +24672,10 @@ index 0000000..9103133 +selinux(8), mailman(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/matahari_selinux.8 b/man/man8/matahari_selinux.8 new file mode 100644 -index 0000000..d2e2e39 +index 0000000..751d7de --- /dev/null +++ b/man/man8/matahari_selinux.8 -@@ -0,0 +1,159 @@ +@@ -0,0 +1,165 @@ +.TH "matahari_selinux" "8" "matahari" "dwalsh@redhat.com" "matahari SELinux Policy documentation" +.SH "NAME" +matahari_selinux \- Security Enhanced Linux Policy for the matahari processes @@ -20983,104 +24696,82 @@ index 0000000..d2e2e39 + + +.EX ++.PP +.B matahari_hostd_exec_t +.EE + +- Set files with the matahari_hostd_exec_t type, if you want to transition an executable to the matahari_hostd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/matahari-qmf-hostd, /usr/sbin/matahari-hostd, /usr/sbin/matahari-dbus-hostd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B matahari_initrc_exec_t +.EE + +- Set files with the matahari_initrc_exec_t type, if you want to transition an executable to the matahari_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/matahari-service, /etc/rc\.d/init\.d/matahari-sysconfig, /etc/rc\.d/init\.d/matahari-host, /etc/rc\.d/init\.d/matahari-net -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B matahari_netd_exec_t +.EE + +- Set files with the matahari_netd_exec_t type, if you want to transition an executable to the matahari_netd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/matahari-qmf-networkd, /usr/sbin/matahari-dbus-networkd, /usr/sbin/matahari-netd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B matahari_serviced_exec_t +.EE + +- Set files with the matahari_serviced_exec_t type, if you want to transition an executable to the matahari_serviced_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/matahari-serviced, /usr/sbin/matahari-dbus-serviced, /usr/sbin/matahari-qmf-serviced -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B matahari_sysconfigd_exec_t +.EE + +- Set files with the matahari_sysconfigd_exec_t type, if you want to transition an executable to the matahari_sysconfigd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B matahari_var_lib_t +.EE + +- Set files with the matahari_var_lib_t type, if you want to store the matahari files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B matahari_var_run_t +.EE + +- Set files with the matahari_var_run_t type, if you want to store the matahari files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/matahari(/.*)?, /var/run/matahari\.pid, /var/run/matahari-broker\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -21099,19 +24790,47 @@ index 0000000..d2e2e39 +SELinux matahari policy is very flexible allowing users to setup their matahari processes in as secure a method as possible. +.PP +The following port types are defined for matahari: -+.EX + ++.EX ++.TP 5 +.B matahari_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 49000 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 49000 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux matahari policy is very flexible allowing users to setup their matahari processes in as secure a method as possible. ++.PP ++The following process types are defined for matahari: ++ ++.EX ++.B matahari_serviced_t, matahari_sysconfigd_t, matahari_hostd_t, matahari_netd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -21124,10 +24843,10 @@ index 0000000..d2e2e39 +selinux(8), matahari(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/mcelog_selinux.8 b/man/man8/mcelog_selinux.8 new file mode 100644 -index 0000000..15a710c +index 0000000..3081a08 --- /dev/null +++ b/man/man8/mcelog_selinux.8 -@@ -0,0 +1,68 @@ +@@ -0,0 +1,87 @@ +.TH "mcelog_selinux" "8" "mcelog" "dwalsh@redhat.com" "mcelog SELinux Policy documentation" +.SH "NAME" +mcelog_selinux \- Security Enhanced Linux Policy for the mcelog processes @@ -21148,44 +24867,63 @@ index 0000000..15a710c + + +.EX ++.PP +.B mcelog_exec_t +.EE + +- Set files with the mcelog_exec_t type, if you want to transition an executable to the mcelog_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mcelog_log_t +.EE + +- Set files with the mcelog_log_t type, if you want to treat the data as mcelog log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mcelog_var_run_t +.EE + +- Set files with the mcelog_var_run_t type, if you want to store the mcelog files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mcelog policy is very flexible allowing users to setup their mcelog processes in as secure a method as possible. ++.PP ++The following process types are defined for mcelog: ++ ++.EX ++.B mcelog_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -21198,10 +24936,10 @@ index 0000000..15a710c +selinux(8), mcelog(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/mdadm_selinux.8 b/man/man8/mdadm_selinux.8 new file mode 100644 -index 0000000..55cc471 +index 0000000..6cc1b72 --- /dev/null +++ b/man/man8/mdadm_selinux.8 -@@ -0,0 +1,61 @@ +@@ -0,0 +1,87 @@ +.TH "mdadm_selinux" "8" "mdadm" "dwalsh@redhat.com" "mdadm SELinux Policy documentation" +.SH "NAME" +mdadm_selinux \- Security Enhanced Linux Policy for the mdadm processes @@ -21222,37 +24960,63 @@ index 0000000..55cc471 + + +.EX ++.PP +.B mdadm_exec_t +.EE + +- Set files with the mdadm_exec_t type, if you want to transition an executable to the mdadm_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/raid-check, /sbin/mdmpd, /usr/sbin/iprinit, /usr/sbin/mdadm, /usr/sbin/iprupdate, /sbin/mdadm, /usr/sbin/mdmpd, /usr/sbin/iprdump -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mdadm_var_run_t +.EE + +- Set files with the mdadm_var_run_t type, if you want to store the mdadm files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/mdadm(/.*)?, /dev/md/.*, /dev/.mdadm\.map ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mdadm policy is very flexible allowing users to setup their mdadm processes in as secure a method as possible. ++.PP ++The following process types are defined for mdadm: ++ ++.EX ++.B mdadm_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -21265,10 +25029,10 @@ index 0000000..55cc471 +selinux(8), mdadm(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/memcached_selinux.8 b/man/man8/memcached_selinux.8 new file mode 100644 -index 0000000..7329bd1 +index 0000000..5cb811c --- /dev/null +++ b/man/man8/memcached_selinux.8 -@@ -0,0 +1,110 @@ +@@ -0,0 +1,132 @@ +.TH "memcached_selinux" "8" "memcached" "dwalsh@redhat.com" "memcached SELinux Policy documentation" +.SH "NAME" +memcached_selinux \- Security Enhanced Linux Policy for the memcached processes @@ -21300,40 +25064,34 @@ index 0000000..7329bd1 + + +.EX ++.PP +.B memcached_exec_t +.EE + +- Set files with the memcached_exec_t type, if you want to transition an executable to the memcached_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B memcached_initrc_exec_t +.EE + +- Set files with the memcached_initrc_exec_t type, if you want to transition an executable to the memcached_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B memcached_var_run_t +.EE + +- Set files with the memcached_var_run_t type, if you want to store the memcached files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/ipa_memcached(/.*)?, /var/run/memcached(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -21352,19 +25110,47 @@ index 0000000..7329bd1 +SELinux memcached policy is very flexible allowing users to setup their memcached processes in as secure a method as possible. +.PP +The following port types are defined for memcached: -+.EX + ++.EX ++.TP 5 +.B memcache_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 11211 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 11211 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux memcached policy is very flexible allowing users to setup their memcached processes in as secure a method as possible. ++.PP ++The following process types are defined for memcached: ++ ++.EX ++.B memcached_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -21382,10 +25168,10 @@ index 0000000..7329bd1 \ No newline at end of file diff --git a/man/man8/mencoder_selinux.8 b/man/man8/mencoder_selinux.8 new file mode 100644 -index 0000000..65dc1d3 +index 0000000..d67874c --- /dev/null +++ b/man/man8/mencoder_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "mencoder_selinux" "8" "mencoder" "dwalsh@redhat.com" "mencoder SELinux Policy documentation" +.SH "NAME" +mencoder_selinux \- Security Enhanced Linux Policy for the mencoder processes @@ -21406,18 +25192,47 @@ index 0000000..65dc1d3 + + +.EX ++.PP +.B mencoder_exec_t +.EE + +- Set files with the mencoder_exec_t type, if you want to transition an executable to the mencoder_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mencoder policy is very flexible allowing users to setup their mencoder processes in as secure a method as possible. ++.PP ++The following process types are defined for mencoder: ++ ++.EX ++.B mencoder_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -21430,10 +25245,10 @@ index 0000000..65dc1d3 +selinux(8), mencoder(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/mock_selinux.8 b/man/man8/mock_selinux.8 new file mode 100644 -index 0000000..fab76ac +index 0000000..4dbe413 --- /dev/null +++ b/man/man8/mock_selinux.8 -@@ -0,0 +1,104 @@ +@@ -0,0 +1,126 @@ +.TH "mock_selinux" "8" "mock" "dwalsh@redhat.com" "mock SELinux Policy documentation" +.SH "NAME" +mock_selinux \- Security Enhanced Linux Policy for the mock processes @@ -21465,6 +25280,7 @@ index 0000000..fab76ac + + +.EX ++.PP +.B mock_build_exec_t +.EE + @@ -21472,19 +25288,15 @@ index 0000000..fab76ac + + +.EX ++.PP +.B mock_cache_t +.EE + +- Set files with the mock_cache_t type, if you want to store the files under the /var/cache directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mock_etc_t +.EE + @@ -21492,19 +25304,15 @@ index 0000000..fab76ac + + +.EX ++.PP +.B mock_exec_t +.EE + +- Set files with the mock_exec_t type, if you want to transition an executable to the mock_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mock_tmp_t +.EE + @@ -21512,18 +25320,47 @@ index 0000000..fab76ac + + +.EX ++.PP +.B mock_var_lib_t +.EE + +- Set files with the mock_var_lib_t type, if you want to store the mock files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mock policy is very flexible allowing users to setup their mock processes in as secure a method as possible. ++.PP ++The following process types are defined for mock: ++ ++.EX ++.B mock_t, mock_build_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -21541,10 +25378,10 @@ index 0000000..fab76ac \ No newline at end of file diff --git a/man/man8/modemmanager_selinux.8 b/man/man8/modemmanager_selinux.8 new file mode 100644 -index 0000000..092277b +index 0000000..20f01ce --- /dev/null +++ b/man/man8/modemmanager_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "modemmanager_selinux" "8" "modemmanager" "dwalsh@redhat.com" "modemmanager SELinux Policy documentation" +.SH "NAME" +modemmanager_selinux \- Security Enhanced Linux Policy for the modemmanager processes @@ -21565,18 +25402,47 @@ index 0000000..092277b + + +.EX ++.PP +.B modemmanager_exec_t +.EE + +- Set files with the modemmanager_exec_t type, if you want to transition an executable to the modemmanager_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux modemmanager policy is very flexible allowing users to setup their modemmanager processes in as secure a method as possible. ++.PP ++The following process types are defined for modemmanager: ++ ++.EX ++.B modemmanager_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -21589,10 +25455,10 @@ index 0000000..092277b +selinux(8), modemmanager(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/mongod_selinux.8 b/man/man8/mongod_selinux.8 new file mode 100644 -index 0000000..7c63f44 +index 0000000..4bfbb17 --- /dev/null +++ b/man/man8/mongod_selinux.8 -@@ -0,0 +1,129 @@ +@@ -0,0 +1,145 @@ +.TH "mongod_selinux" "8" "mongod" "dwalsh@redhat.com" "mongod SELinux Policy documentation" +.SH "NAME" +mongod_selinux \- Security Enhanced Linux Policy for the mongod processes @@ -21613,48 +25479,35 @@ index 0000000..7c63f44 + + +.EX ++.PP +.B mongod_exec_t +.EE + +- Set files with the mongod_exec_t type, if you want to transition an executable to the mongod_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/mongod, /usr/share/aeolus-conductor/dbomatic/dbomatic -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mongod_initrc_exec_t +.EE + +- Set files with the mongod_initrc_exec_t type, if you want to transition an executable to the mongod_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mongod_log_t +.EE + +- Set files with the mongod_log_t type, if you want to treat the data as mongod log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mongod_tmp_t +.EE + @@ -21662,27 +25515,26 @@ index 0000000..7c63f44 + + +.EX ++.PP +.B mongod_var_lib_t +.EE + +- Set files with the mongod_var_lib_t type, if you want to store the mongod files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mongod_var_run_t +.EE + +- Set files with the mongod_var_run_t type, if you want to store the mongod files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/mongodb(/.*)?, /var/run/aeolus/dbomatic\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -21701,17 +25553,47 @@ index 0000000..7c63f44 +SELinux mongod policy is very flexible allowing users to setup their mongod processes in as secure a method as possible. +.PP +The following port types are defined for mongod: -+.EX + ++.EX ++.TP 5 +.B mongod_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mongod policy is very flexible allowing users to setup their mongod processes in as secure a method as possible. ++.PP ++The following process types are defined for mongod: + -+.B tcp 27017 ++.EX ++.B mongod_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -21724,10 +25606,10 @@ index 0000000..7c63f44 +selinux(8), mongod(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/mount_selinux.8 b/man/man8/mount_selinux.8 new file mode 100644 -index 0000000..fa001ba +index 0000000..4f40270 --- /dev/null +++ b/man/man8/mount_selinux.8 -@@ -0,0 +1,97 @@ +@@ -0,0 +1,125 @@ +.TH "mount_selinux" "8" "mount" "dwalsh@redhat.com" "mount SELinux Policy documentation" +.SH "NAME" +mount_selinux \- Security Enhanced Linux Policy for the mount processes @@ -21766,22 +25648,19 @@ index 0000000..fa001ba + + +.EX ++.PP +.B mount_exec_t +.EE + +- Set files with the mount_exec_t type, if you want to transition an executable to the mount_t domain. + +.br ++.TP 5 +Paths: +/sbin/mount.*, /sbin/umount.*, /usr/bin/umount.*, /usr/sbin/umount.*, /bin/umount.*, /usr/bin/mount.*, /bin/mount.*, /usr/sbin/mount.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mount_loopback_t +.EE + @@ -21789,6 +25668,7 @@ index 0000000..fa001ba + + +.EX ++.PP +.B mount_tmp_t +.EE + @@ -21796,21 +25676,51 @@ index 0000000..fa001ba + + +.EX ++.PP +.B mount_var_run_t +.EE + +- Set files with the mount_var_run_t type, if you want to store the mount files under the /run directory. + +.br ++.TP 5 +Paths: +/run/mount(/.*)?, /dev/\.mount(/.*)?, /var/run/mount(/.*)?, /var/run/davfs2(/.*)?, /var/cache/davfs2(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mount policy is very flexible allowing users to setup their mount processes in as secure a method as possible. ++.PP ++The following process types are defined for mount: ++ ++.EX ++.B mount_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -21828,10 +25738,10 @@ index 0000000..fa001ba \ No newline at end of file diff --git a/man/man8/mozilla_selinux.8 b/man/man8/mozilla_selinux.8 new file mode 100644 -index 0000000..8fd2961 +index 0000000..5ae82ea --- /dev/null +++ b/man/man8/mozilla_selinux.8 -@@ -0,0 +1,151 @@ +@@ -0,0 +1,173 @@ +.TH "mozilla_selinux" "8" "mozilla" "dwalsh@redhat.com" "mozilla SELinux Policy documentation" +.SH "NAME" +mozilla_selinux \- Security Enhanced Linux Policy for the mozilla processes @@ -21870,6 +25780,7 @@ index 0000000..8fd2961 + + +.EX ++.PP +.B mozilla_conf_t +.EE + @@ -21877,22 +25788,19 @@ index 0000000..8fd2961 + + +.EX ++.PP +.B mozilla_exec_t +.EE + +- Set files with the mozilla_exec_t type, if you want to transition an executable to the mozilla_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/[^/]*firefox[^/]*/firefox, /usr/lib/galeon/galeon, /usr/lib/netscape/.+/communicator/communicator-smotif\.real, /usr/bin/mozilla-bin-[0-9].*, /usr/bin/epiphany-bin, /usr/lib/mozilla[^/]*/reg.+, /usr/lib/netscape/base-4/wrapper, /usr/bin/mozilla-snapshot, /usr/lib/[^/]*firefox[^/]*/firefox-bin, /usr/bin/netscape, /usr/bin/mozilla-[0-9].*, /usr/lib/firefox[^/]*/mozilla-.*, /usr/lib/mozilla[^/]*/mozilla-.*, /usr/bin/mozilla, /usr/bin/epiphany -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mozilla_home_t +.EE + @@ -21900,48 +25808,35 @@ index 0000000..8fd2961 + + +.EX ++.PP +.B mozilla_plugin_config_exec_t +.EE + +- Set files with the mozilla_plugin_config_exec_t type, if you want to transition an executable to the mozilla_plugin_config_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mozilla_plugin_exec_t +.EE + +- Set files with the mozilla_plugin_exec_t type, if you want to transition an executable to the mozilla_plugin_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/nspluginscan, /usr/lib/nspluginwrapper/npviewer.bin, /usr/lib/xulrunner[^/]*/plugin-container, /usr/bin/nspluginviewer -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mozilla_plugin_rw_t +.EE + +- Set files with the mozilla_plugin_rw_t type, if you want to treat the files as mozilla plugin read/write content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mozilla_plugin_tmp_t +.EE + @@ -21949,6 +25844,7 @@ index 0000000..8fd2961 + + +.EX ++.PP +.B mozilla_plugin_tmpfs_t +.EE + @@ -21956,6 +25852,7 @@ index 0000000..8fd2961 + + +.EX ++.PP +.B mozilla_tmp_t +.EE + @@ -21963,12 +25860,47 @@ index 0000000..8fd2961 + + +.EX ++.PP +.B mozilla_tmpfs_t +.EE + +- Set files with the mozilla_tmpfs_t type, if you want to store mozilla files on a tmpfs file system. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mozilla policy is very flexible allowing users to setup their mozilla processes in as secure a method as possible. ++.PP ++The following process types are defined for mozilla: ++ ++.EX ++.B mozilla_t, mozilla_plugin_config_t, mozilla_plugin_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -21986,10 +25918,10 @@ index 0000000..8fd2961 \ No newline at end of file diff --git a/man/man8/mpd_selinux.8 b/man/man8/mpd_selinux.8 new file mode 100644 -index 0000000..b55aedc +index 0000000..4603580 --- /dev/null +++ b/man/man8/mpd_selinux.8 -@@ -0,0 +1,183 @@ +@@ -0,0 +1,200 @@ +.TH "mpd_selinux" "8" "mpd" "dwalsh@redhat.com" "mpd SELinux Policy documentation" +.SH "NAME" +mpd_selinux \- Security Enhanced Linux Policy for the mpd processes @@ -22049,61 +25981,43 @@ index 0000000..b55aedc + + +.EX ++.PP +.B mpd_data_t +.EE + +- Set files with the mpd_data_t type, if you want to treat the files as mpd content. + +.br ++.TP 5 +Paths: +/var/lib/mpd/playlists(/.*)?, /var/lib/mpd/music(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mpd_etc_t +.EE + +- Set files with the mpd_etc_t type, if you want to store mpd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mpd_exec_t +.EE + +- Set files with the mpd_exec_t type, if you want to transition an executable to the mpd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mpd_initrc_exec_t +.EE + +- Set files with the mpd_initrc_exec_t type, if you want to transition an executable to the mpd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mpd_log_t +.EE + @@ -22111,6 +26025,7 @@ index 0000000..b55aedc + + +.EX ++.PP +.B mpd_tmp_t +.EE + @@ -22118,6 +26033,7 @@ index 0000000..b55aedc + + +.EX ++.PP +.B mpd_tmpfs_t +.EE + @@ -22125,11 +26041,14 @@ index 0000000..b55aedc + + +.EX ++.PP +.B mpd_var_lib_t +.EE + +- Set files with the mpd_var_lib_t type, if you want to store the mpd files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -22148,17 +26067,47 @@ index 0000000..b55aedc +SELinux mpd policy is very flexible allowing users to setup their mpd processes in as secure a method as possible. +.PP +The following port types are defined for mpd: -+.EX + ++.EX ++.TP 5 +.B mpd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mpd policy is very flexible allowing users to setup their mpd processes in as secure a method as possible. ++.PP ++The following process types are defined for mpd: + -+.B tcp 6600 ++.EX ++.B mpd_t, mplayer_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -22176,10 +26125,10 @@ index 0000000..b55aedc \ No newline at end of file diff --git a/man/man8/mplayer_selinux.8 b/man/man8/mplayer_selinux.8 new file mode 100644 -index 0000000..cd664e1 +index 0000000..295c459 --- /dev/null +++ b/man/man8/mplayer_selinux.8 -@@ -0,0 +1,94 @@ +@@ -0,0 +1,121 @@ +.TH "mplayer_selinux" "8" "mplayer" "dwalsh@redhat.com" "mplayer SELinux Policy documentation" +.SH "NAME" +mplayer_selinux \- Security Enhanced Linux Policy for the mplayer processes @@ -22218,35 +26167,27 @@ index 0000000..cd664e1 + + +.EX ++.PP +.B mplayer_etc_t +.EE + +- Set files with the mplayer_etc_t type, if you want to store mplayer files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mplayer_exec_t +.EE + +- Set files with the mplayer_exec_t type, if you want to transition an executable to the mplayer_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/vlc, /usr/bin/mplayer, /usr/bin/xine -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mplayer_home_t +.EE + @@ -22254,12 +26195,47 @@ index 0000000..cd664e1 + + +.EX ++.PP +.B mplayer_tmpfs_t +.EE + +- Set files with the mplayer_tmpfs_t type, if you want to store mplayer files on a tmpfs file system. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mplayer policy is very flexible allowing users to setup their mplayer processes in as secure a method as possible. ++.PP ++The following process types are defined for mplayer: ++ ++.EX ++.B mplayer_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -22277,10 +26253,10 @@ index 0000000..cd664e1 \ No newline at end of file diff --git a/man/man8/mrtg_selinux.8 b/man/man8/mrtg_selinux.8 new file mode 100644 -index 0000000..1f7f6f1 +index 0000000..6fc2f14 --- /dev/null +++ b/man/man8/mrtg_selinux.8 -@@ -0,0 +1,110 @@ +@@ -0,0 +1,115 @@ +.TH "mrtg_selinux" "8" "mrtg" "dwalsh@redhat.com" "mrtg SELinux Policy documentation" +.SH "NAME" +mrtg_selinux \- Security Enhanced Linux Policy for the mrtg processes @@ -22301,86 +26277,91 @@ index 0000000..1f7f6f1 + + +.EX ++.PP +.B mrtg_etc_t +.EE + +- Set files with the mrtg_etc_t type, if you want to store mrtg files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mrtg_exec_t +.EE + +- Set files with the mrtg_exec_t type, if you want to transition an executable to the mrtg_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mrtg_lock_t +.EE + +- Set files with the mrtg_lock_t type, if you want to treat the files as mrtg lock data, stored under the /var/lock directory + +.br ++.TP 5 +Paths: +/var/lock/mrtg(/.*)?, /etc/mrtg/mrtg\.ok -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mrtg_log_t +.EE + +- Set files with the mrtg_log_t type, if you want to treat the data as mrtg log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mrtg_var_lib_t +.EE + +- Set files with the mrtg_var_lib_t type, if you want to store the mrtg files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mrtg_var_run_t +.EE + +- Set files with the mrtg_var_run_t type, if you want to store the mrtg files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mrtg policy is very flexible allowing users to setup their mrtg processes in as secure a method as possible. ++.PP ++The following process types are defined for mrtg: ++ ++.EX ++.B mrtg_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -22393,10 +26374,10 @@ index 0000000..1f7f6f1 +selinux(8), mrtg(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/mscan_selinux.8 b/man/man8/mscan_selinux.8 new file mode 100644 -index 0000000..1161c15 +index 0000000..6439622 --- /dev/null +++ b/man/man8/mscan_selinux.8 -@@ -0,0 +1,106 @@ +@@ -0,0 +1,122 @@ +.TH "mscan_selinux" "8" "mscan" "dwalsh@redhat.com" "mscan SELinux Policy documentation" +.SH "NAME" +mscan_selinux \- Security Enhanced Linux Policy for the mscan processes @@ -22428,48 +26409,35 @@ index 0000000..1161c15 + + +.EX ++.PP +.B mscan_etc_t +.EE + +- Set files with the mscan_etc_t type, if you want to store mscan files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/sysconfig/MailScanner, /etc/MailScanner(/.*)?, /etc/sysconfig/update_spamassassin -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mscan_exec_t +.EE + +- Set files with the mscan_exec_t type, if you want to transition an executable to the mscan_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mscan_initrc_exec_t +.EE + +- Set files with the mscan_initrc_exec_t type, if you want to transition an executable to the mscan_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mscan_tmp_t +.EE + @@ -22477,18 +26445,47 @@ index 0000000..1161c15 + + +.EX ++.PP +.B mscan_var_run_t +.EE + +- Set files with the mscan_var_run_t type, if you want to store the mscan files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mscan policy is very flexible allowing users to setup their mscan processes in as secure a method as possible. ++.PP ++The following process types are defined for mscan: ++ ++.EX ++.B mscan_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -22506,10 +26503,10 @@ index 0000000..1161c15 \ No newline at end of file diff --git a/man/man8/munin_selinux.8 b/man/man8/munin_selinux.8 new file mode 100644 -index 0000000..4562b0e +index 0000000..72c70fd --- /dev/null +++ b/man/man8/munin_selinux.8 -@@ -0,0 +1,154 @@ +@@ -0,0 +1,157 @@ +.TH "munin_selinux" "8" "munin" "dwalsh@redhat.com" "munin SELinux Policy documentation" +.SH "NAME" +munin_selinux \- Security Enhanced Linux Policy for the munin processes @@ -22530,74 +26527,51 @@ index 0000000..4562b0e + + +.EX ++.PP +.B munin_etc_t +.EE + +- Set files with the munin_etc_t type, if you want to store munin files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B munin_exec_t +.EE + +- Set files with the munin_exec_t type, if you want to transition an executable to the munin_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/munin-.*, /usr/share/munin/munin-.*, /usr/share/munin/plugins/.*, /usr/bin/munin-.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B munin_initrc_exec_t +.EE + +- Set files with the munin_initrc_exec_t type, if you want to transition an executable to the munin_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B munin_log_t +.EE + +- Set files with the munin_log_t type, if you want to treat the data as munin log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B munin_plugin_state_t +.EE + +- Set files with the munin_plugin_state_t type, if you want to treat the files as munin plugin state data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B munin_tmp_t +.EE + @@ -22605,24 +26579,22 @@ index 0000000..4562b0e + + +.EX ++.PP +.B munin_var_lib_t +.EE + +- Set files with the munin_var_lib_t type, if you want to store the munin files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B munin_var_run_t +.EE + +- Set files with the munin_var_run_t type, if you want to store the munin files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -22641,19 +26613,47 @@ index 0000000..4562b0e +SELinux munin policy is very flexible allowing users to setup their munin processes in as secure a method as possible. +.PP +The following port types are defined for munin: -+.EX + ++.EX ++.TP 5 +.B munin_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 4949 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 4949 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux munin policy is very flexible allowing users to setup their munin processes in as secure a method as possible. ++.PP ++The following process types are defined for munin: ++ ++.EX ++.B munin_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -22666,10 +26666,10 @@ index 0000000..4562b0e +selinux(8), munin(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/mysqld_selinux.8 b/man/man8/mysqld_selinux.8 new file mode 100644 -index 0000000..0871ea4 +index 0000000..f265a3e --- /dev/null +++ b/man/man8/mysqld_selinux.8 -@@ -0,0 +1,216 @@ +@@ -0,0 +1,214 @@ +.TH "mysqld_selinux" "8" "mysqld" "dwalsh@redhat.com" "mysqld SELinux Policy documentation" +.SH "NAME" +mysqld_selinux \- Security Enhanced Linux Policy for the mysqld processes @@ -22708,103 +26708,71 @@ index 0000000..0871ea4 + + +.EX ++.PP +.B mysqld_db_t +.EE + +- Set files with the mysqld_db_t type, if you want to treat the files as mysqld database content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mysqld_etc_t +.EE + +- Set files with the mysqld_etc_t type, if you want to store mysqld files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/my\.cnf, /etc/mysql(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mysqld_exec_t +.EE + +- Set files with the mysqld_exec_t type, if you want to transition an executable to the mysqld_t domain. + +.br ++.TP 5 +Paths: +/usr/libexec/mysqld, /usr/sbin/mysqld(-max)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mysqld_home_t +.EE + +- Set files with the mysqld_home_t type, if you want to store mysqld files in the users home directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mysqld_initrc_exec_t +.EE + +- Set files with the mysqld_initrc_exec_t type, if you want to transition an executable to the mysqld_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mysqld_log_t +.EE + +- Set files with the mysqld_log_t type, if you want to treat the data as mysqld log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mysqld_safe_exec_t +.EE + +- Set files with the mysqld_safe_exec_t type, if you want to transition an executable to the mysqld_safe_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mysqld_tmp_t +.EE + @@ -22812,27 +26780,26 @@ index 0000000..0871ea4 + + +.EX ++.PP +.B mysqld_unit_file_t +.EE + +- Set files with the mysqld_unit_file_t type, if you want to treat the files as mysqld unit content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mysqld_var_run_t +.EE + +- Set files with the mysqld_var_run_t type, if you want to store the mysqld files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/mysqld(/.*)?, /var/lib/mysql/mysql\.sock ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -22851,27 +26818,58 @@ index 0000000..0871ea4 +SELinux mysqld policy is very flexible allowing users to setup their mysqld processes in as secure a method as possible. +.PP +The following port types are defined for mysqld: -+.EX + ++.EX ++.TP 5 +.B mysqld_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 1186,3306,63132-63164 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B mysqlmanagerd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mysqld policy is very flexible allowing users to setup their mysqld processes in as secure a method as possible. ++.PP ++The following process types are defined for mysqld: + -+.B tcp 2273 ++.EX ++.B mysqld_safe_t, mysqlmanagerd_t, mysqld_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -22889,10 +26887,10 @@ index 0000000..0871ea4 \ No newline at end of file diff --git a/man/man8/mysqlmanagerd_selinux.8 b/man/man8/mysqlmanagerd_selinux.8 new file mode 100644 -index 0000000..69d850d +index 0000000..783ac4b --- /dev/null +++ b/man/man8/mysqlmanagerd_selinux.8 -@@ -0,0 +1,90 @@ +@@ -0,0 +1,113 @@ +.TH "mysqlmanagerd_selinux" "8" "mysqlmanagerd" "dwalsh@redhat.com" "mysqlmanagerd SELinux Policy documentation" +.SH "NAME" +mysqlmanagerd_selinux \- Security Enhanced Linux Policy for the mysqlmanagerd processes @@ -22913,37 +26911,30 @@ index 0000000..69d850d + + +.EX ++.PP +.B mysqlmanagerd_exec_t +.EE + +- Set files with the mysqlmanagerd_exec_t type, if you want to transition an executable to the mysqlmanagerd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mysqlmanagerd_initrc_exec_t +.EE + +- Set files with the mysqlmanagerd_initrc_exec_t type, if you want to transition an executable to the mysqlmanagerd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B mysqlmanagerd_var_run_t +.EE + +- Set files with the mysqlmanagerd_var_run_t type, if you want to store the mysqlmanagerd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -22962,17 +26953,47 @@ index 0000000..69d850d +SELinux mysqlmanagerd policy is very flexible allowing users to setup their mysqlmanagerd processes in as secure a method as possible. +.PP +The following port types are defined for mysqlmanagerd: -+.EX + ++.EX ++.TP 5 +.B mysqlmanagerd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux mysqlmanagerd policy is very flexible allowing users to setup their mysqlmanagerd processes in as secure a method as possible. ++.PP ++The following process types are defined for mysqlmanagerd: + -+.B tcp 2273 ++.EX ++.B mysqlmanagerd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -22985,10 +27006,10 @@ index 0000000..69d850d +selinux(8), mysqlmanagerd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/nagios_selinux.8 b/man/man8/nagios_selinux.8 new file mode 100644 -index 0000000..f1775ca +index 0000000..5f5b90d --- /dev/null +++ b/man/man8/nagios_selinux.8 -@@ -0,0 +1,227 @@ +@@ -0,0 +1,203 @@ +.TH "nagios_selinux" "8" "nagios" "dwalsh@redhat.com" "nagios SELinux Policy documentation" +.SH "NAME" +nagios_selinux \- Security Enhanced Linux Policy for the nagios processes @@ -23009,151 +27030,107 @@ index 0000000..f1775ca + + +.EX ++.PP +.B nagios_admin_plugin_exec_t +.EE + +- Set files with the nagios_admin_plugin_exec_t type, if you want to transition an executable to the nagios_admin_plugin_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nagios_checkdisk_plugin_exec_t +.EE + +- Set files with the nagios_checkdisk_plugin_exec_t type, if you want to transition an executable to the nagios_checkdisk_plugin_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/nagios/plugins/check_linux_raid, /usr/lib/nagios/plugins/check_ide_smart, /usr/lib/nagios/plugins/check_disk, /usr/lib/nagios/plugins/check_disk_smb -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nagios_etc_t +.EE + +- Set files with the nagios_etc_t type, if you want to store nagios files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nagios_exec_t +.EE + +- Set files with the nagios_exec_t type, if you want to transition an executable to the nagios_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nagios_initrc_exec_t +.EE + +- Set files with the nagios_initrc_exec_t type, if you want to transition an executable to the nagios_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/nagios, /etc/rc\.d/init\.d/nrpe -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nagios_log_t +.EE + +- Set files with the nagios_log_t type, if you want to treat the data as nagios log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/netsaint(/.*)?, /var/log/nagios(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nagios_mail_plugin_exec_t +.EE + +- Set files with the nagios_mail_plugin_exec_t type, if you want to transition an executable to the nagios_mail_plugin_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nagios_services_plugin_exec_t +.EE + +- Set files with the nagios_services_plugin_exec_t type, if you want to transition an executable to the nagios_services_plugin_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/nagios/plugins/check_time, /usr/lib/nagios/plugins/check_dhcp, /usr/lib/nagios/plugins/check_radius, /usr/lib/nagios/plugins/check_nrpe, /usr/lib/nagios/plugins/check_smtp, /usr/lib/nagios/plugins/check_sip, /usr/lib/nagios/plugins/check_ssh, /usr/lib/nagios/plugins/check_pgsql, /usr/lib/nagios/plugins/check_ntp.*, /usr/lib/nagios/plugins/check_ldap, /usr/lib/nagios/plugins/check_real, /usr/lib/nagios/plugins/check_ping, /usr/lib/nagios/plugins/check_nt, /usr/lib/nagios/plugins/check_game, /usr/lib/nagios/plugins/check_breeze, /usr/lib/nagios/plugins/check_tcp, /usr/lib/nagios/plugins/check_rpc, /usr/lib/nagios/plugins/check_oracle, /usr/lib/nagios/plugins/check_cluster, /usr/lib/nagios/plugins/check_dummy, /usr/lib/nagios/plugins/check_ups, /usr/lib/nagios/plugins/check_ircd, /usr/lib/nagios/plugins/check_dig, /usr/lib/nagios/plugins/check_hpjd, /usr/lib/nagios/plugins/check_mysql, /usr/lib/nagios/plugins/check_icmp, /usr/lib/nagios/plugins/check_http, /usr/lib/nagios/plugins/check_snmp.*, /usr/lib/nagios/plugins/check_fping, /usr/lib/nagios/plugins/check_mysql_query, /usr/lib/nagios/plugins/check_dns -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nagios_spool_t +.EE + +- Set files with the nagios_spool_t type, if you want to store the nagios files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nagios_system_plugin_exec_t +.EE + +- Set files with the nagios_system_plugin_exec_t type, if you want to transition an executable to the nagios_system_plugin_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/nagios/plugins/check_log, /usr/lib/nagios/plugins/check_load, /usr/lib/nagios/plugins/check_flexlm, /usr/lib/nagios/plugins/check_swap, /usr/lib/nagios/plugins/check_users, /usr/lib/nagios/plugins/check_ifstatus, /usr/lib/nagios/plugins/check_ifoperstatus, /usr/lib/nagios/plugins/check_nagios, /usr/lib/nagios/plugins/check_sensors, /usr/lib/nagios/plugins/check_wave, /usr/lib/nagios/plugins/check_mrtgtraf, /usr/lib/nagios/plugins/check_nwstat, /usr/lib/nagios/plugins/check_procs, /usr/lib/nagios/plugins/check_mrtg, /usr/lib/nagios/plugins/check_overcr -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nagios_system_plugin_tmp_t +.EE + @@ -23161,6 +27138,7 @@ index 0000000..f1775ca + + +.EX ++.PP +.B nagios_tmp_t +.EE + @@ -23168,44 +27146,63 @@ index 0000000..f1775ca + + +.EX ++.PP +.B nagios_unconfined_plugin_exec_t +.EE + +- Set files with the nagios_unconfined_plugin_exec_t type, if you want to transition an executable to the nagios_unconfined_plugin_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nagios_var_lib_t +.EE + +- Set files with the nagios_var_lib_t type, if you want to store the nagios files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nagios_var_run_t +.EE + +- Set files with the nagios_var_run_t type, if you want to store the nagios files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux nagios policy is very flexible allowing users to setup their nagios processes in as secure a method as possible. ++.PP ++The following process types are defined for nagios: ++ ++.EX ++.B nagios_t, nagios_mail_plugin_t, nagios_checkdisk_plugin_t, nagios_services_plugin_t, nagios_system_plugin_t, nagios_unconfined_plugin_t, nagios_admin_plugin_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -23217,10 +27214,10 @@ index 0000000..f1775ca +.SH "SEE ALSO" +selinux(8), nagios(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/named_selinux.8 b/man/man8/named_selinux.8 -index fce0b48..ce5e6d9 100644 +index fce0b48..3c01657 100644 --- a/man/man8/named_selinux.8 +++ b/man/man8/named_selinux.8 -@@ -1,30 +1,206 @@ +@@ -1,30 +1,205 @@ -.TH "named_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "named Selinux Policy documentation" -.de EX -.nf @@ -23278,106 +27275,83 @@ index fce0b48..ce5e6d9 100644 + + +.EX ++.PP +.B named_cache_t +.EE + +- Set files with the named_cache_t type, if you want to store the files under the /var/cache directory. + +.br ++.TP 5 +Paths: +/var/named/chroot/var/named/data(/.*)?, /var/named/chroot/var/tmp(/.*)?, /var/named/data(/.*)?, /var/named/chroot/var/named/slaves(/.*)?, /var/named/dynamic(/.*)?, /var/named/slaves(/.*)?, /var/named/chroot/var/named/dynamic(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B named_checkconf_exec_t +.EE + +- Set files with the named_checkconf_exec_t type, if you want to transition an executable to the named_checkconf_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B named_conf_t +.EE + +- Set files with the named_conf_t type, if you want to treat the files as named configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/var/named/chroot/etc/named\.root\.hints, /etc/named\.root\.hints, /var/named/chroot(/.*)?, /var/named/named\.ca, /etc/unbound(/.*)?, /var/named/chroot/etc/named\.caching-nameserver\.conf, /etc/named\.rfc1912.zones, /etc/named\.caching-nameserver\.conf, /etc/named\.conf, /var/named/chroot/var/named/named\.ca, /var/named/chroot/etc/named\.conf, /etc/rndc.*, /var/named/chroot/etc/named\.rfc1912.zones -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B named_exec_t +.EE + +- Set files with the named_exec_t type, if you want to transition an executable to the named_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/lwresd, /usr/sbin/named, /usr/sbin/unbound -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B named_initrc_exec_t +.EE + +- Set files with the named_initrc_exec_t type, if you want to transition an executable to the named_initrc_t domain. - ++ +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/named, /etc/rc\.d/init\.d/unbound -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. - + +.EX ++.PP +.B named_keytab_t +.EE + +- Set files with the named_keytab_t type, if you want to treat the files as kerberos keytab files. -+ -+ + + +.EX ++.PP +.B named_log_t +.EE + +- Set files with the named_log_t type, if you want to treat the data as named log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/named.*, /var/named/chroot/var/log/named.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B named_tmp_t +.EE + @@ -23385,53 +27359,75 @@ index fce0b48..ce5e6d9 100644 + + +.EX ++.PP +.B named_unit_file_t +.EE + +- Set files with the named_unit_file_t type, if you want to treat the files as named unit content. + +.br ++.TP 5 +Paths: +/lib/systemd/system/named.service, /usr/lib/systemd/system/named.service -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B named_var_run_t +.EE + +- Set files with the named_var_run_t type, if you want to store the named files under the /run directory. + +.br ++.TP 5 +Paths: +/var/named/chroot/var/run/named.*, /var/run/ndc, /var/run/bind(/.*)?, /var/run/named(/.*)?, /var/run/unbound(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B named_zone_t +.EE + +- Set files with the named_zone_t type, if you want to treat the files as named zone data. + +.br ++.TP 5 +Paths: +/var/named/chroot/var/named(/.*)?, /var/named(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux named policy is very flexible allowing users to setup their named processes in as secure a method as possible. ++.PP ++The following process types are defined for named: ++ ++.EX ++.B named_t, namespace_init_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -23449,10 +27445,10 @@ index fce0b48..ce5e6d9 100644 \ No newline at end of file diff --git a/man/man8/namespace_selinux.8 b/man/man8/namespace_selinux.8 new file mode 100644 -index 0000000..8ec3656 +index 0000000..829b5d2 --- /dev/null +++ b/man/man8/namespace_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "namespace_selinux" "8" "namespace" "dwalsh@redhat.com" "namespace SELinux Policy documentation" +.SH "NAME" +namespace_selinux \- Security Enhanced Linux Policy for the namespace processes @@ -23473,18 +27469,47 @@ index 0000000..8ec3656 + + +.EX ++.PP +.B namespace_init_exec_t +.EE + +- Set files with the namespace_init_exec_t type, if you want to transition an executable to the namespace_init_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux namespace policy is very flexible allowing users to setup their namespace processes in as secure a method as possible. ++.PP ++The following process types are defined for namespace: ++ ++.EX ++.B namespace_init_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -23497,10 +27522,10 @@ index 0000000..8ec3656 +selinux(8), namespace(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ncftool_selinux.8 b/man/man8/ncftool_selinux.8 new file mode 100644 -index 0000000..c814639 +index 0000000..eefc21d --- /dev/null +++ b/man/man8/ncftool_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "ncftool_selinux" "8" "ncftool" "dwalsh@redhat.com" "ncftool SELinux Policy documentation" +.SH "NAME" +ncftool_selinux \- Security Enhanced Linux Policy for the ncftool processes @@ -23521,18 +27546,47 @@ index 0000000..c814639 + + +.EX ++.PP +.B ncftool_exec_t +.EE + +- Set files with the ncftool_exec_t type, if you want to transition an executable to the ncftool_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ncftool policy is very flexible allowing users to setup their ncftool processes in as secure a method as possible. ++.PP ++The following process types are defined for ncftool: ++ ++.EX ++.B ncftool_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -23545,10 +27599,10 @@ index 0000000..c814639 +selinux(8), ncftool(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ndc_selinux.8 b/man/man8/ndc_selinux.8 new file mode 100644 -index 0000000..6da57d9 +index 0000000..ce455f6 --- /dev/null +++ b/man/man8/ndc_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "ndc_selinux" "8" "ndc" "dwalsh@redhat.com" "ndc SELinux Policy documentation" +.SH "NAME" +ndc_selinux \- Security Enhanced Linux Policy for the ndc processes @@ -23569,18 +27623,47 @@ index 0000000..6da57d9 + + +.EX ++.PP +.B ndc_exec_t +.EE + +- Set files with the ndc_exec_t type, if you want to transition an executable to the ndc_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ndc policy is very flexible allowing users to setup their ndc processes in as secure a method as possible. ++.PP ++The following process types are defined for ndc: ++ ++.EX ++.B ndc_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -23593,10 +27676,10 @@ index 0000000..6da57d9 +selinux(8), ndc(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/netlabel_selinux.8 b/man/man8/netlabel_selinux.8 new file mode 100644 -index 0000000..2300c9c +index 0000000..aa50b50 --- /dev/null +++ b/man/man8/netlabel_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "netlabel_selinux" "8" "netlabel" "dwalsh@redhat.com" "netlabel SELinux Policy documentation" +.SH "NAME" +netlabel_selinux \- Security Enhanced Linux Policy for the netlabel processes @@ -23617,21 +27700,51 @@ index 0000000..2300c9c + + +.EX ++.PP +.B netlabel_mgmt_exec_t +.EE + +- Set files with the netlabel_mgmt_exec_t type, if you want to transition an executable to the netlabel_mgmt_t domain. + +.br ++.TP 5 +Paths: +/sbin/netlabelctl, /usr/sbin/netlabelctl ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux netlabel policy is very flexible allowing users to setup their netlabel processes in as secure a method as possible. ++.PP ++The following process types are defined for netlabel: ++ ++.EX ++.B netlabel_mgmt_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -23644,10 +27757,10 @@ index 0000000..2300c9c +selinux(8), netlabel(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/netlogond_selinux.8 b/man/man8/netlogond_selinux.8 new file mode 100644 -index 0000000..ba8bd64 +index 0000000..b1987b3 --- /dev/null +++ b/man/man8/netlogond_selinux.8 -@@ -0,0 +1,84 @@ +@@ -0,0 +1,99 @@ +.TH "netlogond_selinux" "8" "netlogond" "dwalsh@redhat.com" "netlogond SELinux Policy documentation" +.SH "NAME" +netlogond_selinux \- Security Enhanced Linux Policy for the netlogond processes @@ -23668,60 +27781,75 @@ index 0000000..ba8bd64 + + +.EX ++.PP +.B netlogond_exec_t +.EE + +- Set files with the netlogond_exec_t type, if you want to transition an executable to the netlogond_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B netlogond_var_lib_t +.EE + +- Set files with the netlogond_var_lib_t type, if you want to store the netlogond files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/likewise-open/krb5-affinity.conf, /var/lib/likewise-open/LWNetsd\.err -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B netlogond_var_run_t +.EE + +- Set files with the netlogond_var_run_t type, if you want to store the netlogond files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B netlogond_var_socket_t +.EE + +- Set files with the netlogond_var_socket_t type, if you want to treat the files as netlogond var socket data. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux netlogond policy is very flexible allowing users to setup their netlogond processes in as secure a method as possible. ++.PP ++The following process types are defined for netlogond: ++ ++.EX ++.B netlogond_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -23734,10 +27862,10 @@ index 0000000..ba8bd64 +selinux(8), netlogond(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/netutils_selinux.8 b/man/man8/netutils_selinux.8 new file mode 100644 -index 0000000..66431f9 +index 0000000..f9ac78f --- /dev/null +++ b/man/man8/netutils_selinux.8 -@@ -0,0 +1,52 @@ +@@ -0,0 +1,83 @@ +.TH "netutils_selinux" "8" "netutils" "dwalsh@redhat.com" "netutils SELinux Policy documentation" +.SH "NAME" +netutils_selinux \- Security Enhanced Linux Policy for the netutils processes @@ -23758,28 +27886,59 @@ index 0000000..66431f9 + + +.EX ++.PP +.B netutils_exec_t +.EE + +- Set files with the netutils_exec_t type, if you want to transition an executable to the netutils_t domain. + +.br ++.TP 5 +Paths: +/sbin/arping, /usr/sbin/arping, /usr/sbin/tcpdump ++ ++.EX ++.PP ++.B netutils_tmp_t ++.EE ++ ++- Set files with the netutils_tmp_t type, if you want to store netutils temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux netutils policy is very flexible allowing users to setup their netutils processes in as secure a method as possible. ++.PP ++The following process types are defined for netutils: + +.EX -+.B netutils_tmp_t ++.B netutils_t +.EE -+ -+- Set files with the netutils_tmp_t type, if you want to store netutils temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -23792,10 +27951,10 @@ index 0000000..66431f9 +selinux(8), netutils(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/newrole_selinux.8 b/man/man8/newrole_selinux.8 new file mode 100644 -index 0000000..5b36602 +index 0000000..b3f9ff9 --- /dev/null +++ b/man/man8/newrole_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "newrole_selinux" "8" "newrole" "dwalsh@redhat.com" "newrole SELinux Policy documentation" +.SH "NAME" +newrole_selinux \- Security Enhanced Linux Policy for the newrole processes @@ -23816,18 +27975,47 @@ index 0000000..5b36602 + + +.EX ++.PP +.B newrole_exec_t +.EE + +- Set files with the newrole_exec_t type, if you want to transition an executable to the newrole_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux newrole policy is very flexible allowing users to setup their newrole processes in as secure a method as possible. ++.PP ++The following process types are defined for newrole: ++ ++.EX ++.B newrole_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -23840,10 +28028,10 @@ index 0000000..5b36602 +selinux(8), newrole(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/nfsd_selinux.8 b/man/man8/nfsd_selinux.8 new file mode 100644 -index 0000000..fecca3e +index 0000000..f6172eb --- /dev/null +++ b/man/man8/nfsd_selinux.8 -@@ -0,0 +1,253 @@ +@@ -0,0 +1,276 @@ +.TH "nfsd_selinux" "8" "nfsd" "dwalsh@redhat.com" "nfsd SELinux Policy documentation" +.SH "NAME" +nfsd_selinux \- Security Enhanced Linux Policy for the nfsd processes @@ -23968,18 +28156,16 @@ index 0000000..fecca3e +.PP +.B +semanage fcontext -a -t public_content_t "/var/nfsd(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/nfsd ++.br ++.B restorecon -F -R -v /var/nfsd +.pp +.TP +Allow nfsd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_nfsdd_anon_write boolean to be set. +.PP +.B +semanage fcontext -a -t public_content_rw_t "/var/nfsd/incoming(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/nfsd/incoming ++.br ++.B restorecon -F -R -v /var/nfsd/incoming + + +.PP @@ -24001,35 +28187,27 @@ index 0000000..fecca3e + + +.EX ++.PP +.B nfsd_exec_t +.EE + +- Set files with the nfsd_exec_t type, if you want to transition an executable to the nfsd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/rpc\.mountd, /usr/sbin/rpc\.nfsd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nfsd_initrc_exec_t +.EE + +- Set files with the nfsd_initrc_exec_t type, if you want to transition an executable to the nfsd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nfsd_ro_t +.EE + @@ -24037,6 +28215,7 @@ index 0000000..fecca3e + + +.EX ++.PP +.B nfsd_rw_t +.EE + @@ -24044,14 +28223,18 @@ index 0000000..fecca3e + + +.EX ++.PP +.B nfsd_unit_file_t +.EE + +- Set files with the nfsd_unit_file_t type, if you want to treat the files as nfsd unit content. + +.br ++.TP 5 +Paths: +/lib/systemd/system/nfs.*, /usr/lib/systemd/system/nfs.* ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -24070,19 +28253,47 @@ index 0000000..fecca3e +SELinux nfsd policy is very flexible allowing users to setup their nfsd processes in as secure a method as possible. +.PP +The following port types are defined for nfsd: -+.EX + ++.EX ++.TP 5 +.B nfs_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 2049,20048-20049 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 2049,20048-20049 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux nfsd policy is very flexible allowing users to setup their nfsd processes in as secure a method as possible. ++.PP ++The following process types are defined for nfsd: ++ ++.EX ++.B nfsd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -24100,10 +28311,10 @@ index 0000000..fecca3e \ No newline at end of file diff --git a/man/man8/nginx_selinux.8 b/man/man8/nginx_selinux.8 new file mode 100644 -index 0000000..0170c21 +index 0000000..47d6c9b --- /dev/null +++ b/man/man8/nginx_selinux.8 -@@ -0,0 +1,94 @@ +@@ -0,0 +1,103 @@ +.TH "nginx_selinux" "8" "nginx" "dwalsh@redhat.com" "nginx SELinux Policy documentation" +.SH "NAME" +nginx_selinux \- Security Enhanced Linux Policy for the nginx processes @@ -24124,70 +28335,79 @@ index 0000000..0170c21 + + +.EX ++.PP +.B nginx_exec_t +.EE + +- Set files with the nginx_exec_t type, if you want to transition an executable to the nginx_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nginx_initrc_exec_t +.EE + +- Set files with the nginx_initrc_exec_t type, if you want to transition an executable to the nginx_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nginx_log_t +.EE + +- Set files with the nginx_log_t type, if you want to treat the data as nginx log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nginx_var_lib_t +.EE + +- Set files with the nginx_var_lib_t type, if you want to store the nginx files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nginx_var_run_t +.EE + +- Set files with the nginx_var_run_t type, if you want to store the nginx files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux nginx policy is very flexible allowing users to setup their nginx processes in as secure a method as possible. ++.PP ++The following process types are defined for nginx: ++ ++.EX ++.B nginx_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -24200,10 +28420,10 @@ index 0000000..0170c21 +selinux(8), nginx(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/nmbd_selinux.8 b/man/man8/nmbd_selinux.8 new file mode 100644 -index 0000000..d01fee8 +index 0000000..65e627d --- /dev/null +++ b/man/man8/nmbd_selinux.8 -@@ -0,0 +1,80 @@ +@@ -0,0 +1,109 @@ +.TH "nmbd_selinux" "8" "nmbd" "dwalsh@redhat.com" "nmbd SELinux Policy documentation" +.SH "NAME" +nmbd_selinux \- Security Enhanced Linux Policy for the nmbd processes @@ -24224,27 +28444,26 @@ index 0000000..d01fee8 + + +.EX ++.PP +.B nmbd_exec_t +.EE + +- Set files with the nmbd_exec_t type, if you want to transition an executable to the nmbd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nmbd_var_run_t +.EE + +- Set files with the nmbd_var_run_t type, if you want to store the nmbd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/samba/messages\.tdb, /var/run/samba/namelist\.debug, /var/run/nmbd(/.*)?, /var/run/samba/unexpected\.tdb, /var/run/samba/nmbd\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -24263,17 +28482,47 @@ index 0000000..d01fee8 +SELinux nmbd policy is very flexible allowing users to setup their nmbd processes in as secure a method as possible. +.PP +The following port types are defined for nmbd: -+.EX + ++.EX ++.TP 5 +.B nmbd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux nmbd policy is very flexible allowing users to setup their nmbd processes in as secure a method as possible. ++.PP ++The following process types are defined for nmbd: + -+.B udp 137,138 ++.EX ++.B nmbd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -24286,10 +28535,10 @@ index 0000000..d01fee8 +selinux(8), nmbd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/nova_selinux.8 b/man/man8/nova_selinux.8 new file mode 100644 -index 0000000..56e297e +index 0000000..e9235ad --- /dev/null +++ b/man/man8/nova_selinux.8 -@@ -0,0 +1,242 @@ +@@ -0,0 +1,231 @@ +.TH "nova_selinux" "8" "nova" "dwalsh@redhat.com" "nova SELinux Policy documentation" +.SH "NAME" +nova_selinux \- Security Enhanced Linux Policy for the nova processes @@ -24310,19 +28559,15 @@ index 0000000..56e297e + + +.EX ++.PP +.B nova_ajax_exec_t +.EE + +- Set files with the nova_ajax_exec_t type, if you want to transition an executable to the nova_ajax_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nova_ajax_tmp_t +.EE + @@ -24330,19 +28575,15 @@ index 0000000..56e297e + + +.EX ++.PP +.B nova_api_exec_t +.EE + +- Set files with the nova_api_exec_t type, if you want to transition an executable to the nova_api_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nova_api_tmp_t +.EE + @@ -24350,6 +28591,7 @@ index 0000000..56e297e + + +.EX ++.PP +.B nova_compute_exec_t +.EE + @@ -24357,6 +28599,7 @@ index 0000000..56e297e + + +.EX ++.PP +.B nova_compute_tmp_t +.EE + @@ -24364,19 +28607,15 @@ index 0000000..56e297e + + +.EX ++.PP +.B nova_direct_exec_t +.EE + +- Set files with the nova_direct_exec_t type, if you want to transition an executable to the nova_direct_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nova_direct_tmp_t +.EE + @@ -24384,32 +28623,23 @@ index 0000000..56e297e + + +.EX ++.PP +.B nova_log_t +.EE + +- Set files with the nova_log_t type, if you want to treat the data as nova log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nova_network_exec_t +.EE + +- Set files with the nova_network_exec_t type, if you want to transition an executable to the nova_network_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nova_network_tmp_t +.EE + @@ -24417,19 +28647,15 @@ index 0000000..56e297e + + +.EX ++.PP +.B nova_objectstore_exec_t +.EE + +- Set files with the nova_objectstore_exec_t type, if you want to transition an executable to the nova_objectstore_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nova_objectstore_tmp_t +.EE + @@ -24437,19 +28663,15 @@ index 0000000..56e297e + + +.EX ++.PP +.B nova_scheduler_exec_t +.EE + +- Set files with the nova_scheduler_exec_t type, if you want to transition an executable to the nova_scheduler_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nova_scheduler_tmp_t +.EE + @@ -24457,45 +28679,31 @@ index 0000000..56e297e + + +.EX ++.PP +.B nova_var_lib_t +.EE + +- Set files with the nova_var_lib_t type, if you want to store the nova files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nova_var_run_t +.EE + +- Set files with the nova_var_run_t type, if you want to store the nova files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nova_vncproxy_exec_t +.EE + +- Set files with the nova_vncproxy_exec_t type, if you want to transition an executable to the nova_vncproxy_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nova_vncproxy_tmp_t +.EE + @@ -24503,25 +28711,55 @@ index 0000000..56e297e + + +.EX ++.PP +.B nova_volume_exec_t +.EE + +- Set files with the nova_volume_exec_t type, if you want to transition an executable to the nova_volume_t domain. + ++ ++.EX ++.PP ++.B nova_volume_tmp_t ++.EE ++ ++- Set files with the nova_volume_tmp_t type, if you want to store nova volume temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux nova policy is very flexible allowing users to setup their nova processes in as secure a method as possible. ++.PP ++The following process types are defined for nova: + +.EX -+.B nova_volume_tmp_t ++.B nova_api_t, nova_compute_t, nova_network_t, nova_objectstore_t, nova_vncproxy_t, nova_volume_t, nova_scheduler_t, nova_ajax_t, nova_direct_t +.EE -+ -+- Set files with the nova_volume_tmp_t type, if you want to store nova volume temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -24534,10 +28772,10 @@ index 0000000..56e297e +selinux(8), nova(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/nrpe_selinux.8 b/man/man8/nrpe_selinux.8 new file mode 100644 -index 0000000..c3b81c2 +index 0000000..b337b81 --- /dev/null +++ b/man/man8/nrpe_selinux.8 -@@ -0,0 +1,62 @@ +@@ -0,0 +1,87 @@ +.TH "nrpe_selinux" "8" "nrpe" "dwalsh@redhat.com" "nrpe SELinux Policy documentation" +.SH "NAME" +nrpe_selinux \- Security Enhanced Linux Policy for the nrpe processes @@ -24558,38 +28796,63 @@ index 0000000..c3b81c2 + + +.EX ++.PP +.B nrpe_etc_t +.EE + +- Set files with the nrpe_etc_t type, if you want to store nrpe files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nrpe_exec_t +.EE + +- Set files with the nrpe_exec_t type, if you want to transition an executable to the nrpe_t domain. + ++ ++.EX ++.PP ++.B nrpe_var_run_t ++.EE ++ ++- Set files with the nrpe_var_run_t type, if you want to store the nrpe files under the /run directory. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux nrpe policy is very flexible allowing users to setup their nrpe processes in as secure a method as possible. ++.PP ++The following process types are defined for nrpe: + +.EX -+.B nrpe_var_run_t ++.B nrpe_t +.EE -+ -+- Set files with the nrpe_var_run_t type, if you want to store the nrpe files under the /run directory. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -24602,10 +28865,10 @@ index 0000000..c3b81c2 +selinux(8), nrpe(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/nscd_selinux.8 b/man/man8/nscd_selinux.8 new file mode 100644 -index 0000000..3613949 +index 0000000..13f8c73 --- /dev/null +++ b/man/man8/nscd_selinux.8 -@@ -0,0 +1,106 @@ +@@ -0,0 +1,122 @@ +.TH "nscd_selinux" "8" "nscd" "dwalsh@redhat.com" "nscd SELinux Policy documentation" +.SH "NAME" +nscd_selinux \- Security Enhanced Linux Policy for the nscd processes @@ -24637,45 +28900,31 @@ index 0000000..3613949 + + +.EX ++.PP +.B nscd_exec_t +.EE + +- Set files with the nscd_exec_t type, if you want to transition an executable to the nscd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nscd_initrc_exec_t +.EE + +- Set files with the nscd_initrc_exec_t type, if you want to transition an executable to the nscd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nscd_log_t +.EE + +- Set files with the nscd_log_t type, if you want to treat the data as nscd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nscd_unit_file_t +.EE + @@ -24683,21 +28932,51 @@ index 0000000..3613949 + + +.EX ++.PP +.B nscd_var_run_t +.EE + +- Set files with the nscd_var_run_t type, if you want to store the nscd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/nscd\.pid, /var/run/nscd(/.*)?, /var/db/nscd(/.*)?, /var/run/\.nscd_socket, /var/cache/nscd(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux nscd policy is very flexible allowing users to setup their nscd processes in as secure a method as possible. ++.PP ++The following process types are defined for nscd: ++ ++.EX ++.B nscd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -24715,10 +28994,10 @@ index 0000000..3613949 \ No newline at end of file diff --git a/man/man8/nslcd_selinux.8 b/man/man8/nslcd_selinux.8 new file mode 100644 -index 0000000..dec29c1 +index 0000000..00415da --- /dev/null +++ b/man/man8/nslcd_selinux.8 -@@ -0,0 +1,81 @@ +@@ -0,0 +1,95 @@ +.TH "nslcd_selinux" "8" "nslcd" "dwalsh@redhat.com" "nslcd SELinux Policy documentation" +.SH "NAME" +nslcd_selinux \- Security Enhanced Linux Policy for the nslcd processes @@ -24739,57 +29018,71 @@ index 0000000..dec29c1 + + +.EX ++.PP +.B nslcd_conf_t +.EE + +- Set files with the nslcd_conf_t type, if you want to treat the files as nslcd configuration data, usually stored under the /etc directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nslcd_exec_t +.EE + +- Set files with the nslcd_exec_t type, if you want to transition an executable to the nslcd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nslcd_initrc_exec_t +.EE + +- Set files with the nslcd_initrc_exec_t type, if you want to transition an executable to the nslcd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nslcd_var_run_t +.EE + +- Set files with the nslcd_var_run_t type, if you want to store the nslcd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux nslcd policy is very flexible allowing users to setup their nslcd processes in as secure a method as possible. ++.PP ++The following process types are defined for nslcd: ++ ++.EX ++.B nslcd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -24802,10 +29095,10 @@ index 0000000..dec29c1 +selinux(8), nslcd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ntop_selinux.8 b/man/man8/ntop_selinux.8 new file mode 100644 -index 0000000..c0c6762 +index 0000000..0d7dc6d --- /dev/null +++ b/man/man8/ntop_selinux.8 -@@ -0,0 +1,119 @@ +@@ -0,0 +1,137 @@ +.TH "ntop_selinux" "8" "ntop" "dwalsh@redhat.com" "ntop SELinux Policy documentation" +.SH "NAME" +ntop_selinux \- Security Enhanced Linux Policy for the ntop processes @@ -24826,32 +29119,23 @@ index 0000000..c0c6762 + + +.EX ++.PP +.B ntop_etc_t +.EE + +- Set files with the ntop_etc_t type, if you want to store ntop files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ntop_exec_t +.EE + +- Set files with the ntop_exec_t type, if you want to transition an executable to the ntop_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ntop_initrc_exec_t +.EE + @@ -24859,6 +29143,7 @@ index 0000000..c0c6762 + + +.EX ++.PP +.B ntop_tmp_t +.EE + @@ -24866,24 +29151,22 @@ index 0000000..c0c6762 + + +.EX ++.PP +.B ntop_var_lib_t +.EE + +- Set files with the ntop_var_lib_t type, if you want to store the ntop files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ntop_var_run_t +.EE + +- Set files with the ntop_var_run_t type, if you want to store the ntop files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -24902,19 +29185,47 @@ index 0000000..c0c6762 +SELinux ntop policy is very flexible allowing users to setup their ntop processes in as secure a method as possible. +.PP +The following port types are defined for ntop: -+.EX + ++.EX ++.TP 5 +.B ntop_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 3000-3001 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 3000-3001 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ntop policy is very flexible allowing users to setup their ntop processes in as secure a method as possible. ++.PP ++The following process types are defined for ntop: ++ ++.EX ++.B ntop_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -24927,10 +29238,10 @@ index 0000000..c0c6762 +selinux(8), ntop(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ntpd_selinux.8 b/man/man8/ntpd_selinux.8 new file mode 100644 -index 0000000..87ef54e +index 0000000..53358ad --- /dev/null +++ b/man/man8/ntpd_selinux.8 -@@ -0,0 +1,168 @@ +@@ -0,0 +1,177 @@ +.TH "ntpd_selinux" "8" "ntpd" "dwalsh@redhat.com" "ntpd SELinux Policy documentation" +.SH "NAME" +ntpd_selinux \- Security Enhanced Linux Policy for the ntpd processes @@ -24951,67 +29262,51 @@ index 0000000..87ef54e + + +.EX ++.PP +.B ntpd_exec_t +.EE + +- Set files with the ntpd_exec_t type, if you want to transition an executable to the ntpd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/ntpd, /etc/cron\.(daily|weekly)/ntp-server, /etc/cron\.(daily|weekly)/ntp-simple -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ntpd_initrc_exec_t +.EE + +- Set files with the ntpd_initrc_exec_t type, if you want to transition an executable to the ntpd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ntpd_key_t +.EE + +- Set files with the ntpd_key_t type, if you want to treat the files as ntpd key data. + +.br ++.TP 5 +Paths: +/etc/ntp/crypto(/.*)?, /etc/ntp/keys -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ntpd_log_t +.EE + +- Set files with the ntpd_log_t type, if you want to treat the data as ntpd log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/ntpstats(/.*)?, /var/log/xntpd.*, /var/log/ntp.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ntpd_tmp_t +.EE + @@ -25019,6 +29314,7 @@ index 0000000..87ef54e + + +.EX ++.PP +.B ntpd_tmpfs_t +.EE + @@ -25026,40 +29322,34 @@ index 0000000..87ef54e + + +.EX ++.PP +.B ntpd_unit_file_t +.EE + +- Set files with the ntpd_unit_file_t type, if you want to treat the files as ntpd unit content. + +.br ++.TP 5 +Paths: +/lib/systemd/system/ntpd\.service, /usr/lib/systemd/system/ntpd\.service -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ntpd_var_run_t +.EE + +- Set files with the ntpd_var_run_t type, if you want to store the ntpd files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ntpdate_exec_t +.EE + +- Set files with the ntpdate_exec_t type, if you want to transition an executable to the ntpdate_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -25078,17 +29368,47 @@ index 0000000..87ef54e +SELinux ntpd policy is very flexible allowing users to setup their ntpd processes in as secure a method as possible. +.PP +The following port types are defined for ntpd: -+.EX + ++.EX ++.TP 5 +.B ntp_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ntpd policy is very flexible allowing users to setup their ntpd processes in as secure a method as possible. ++.PP ++The following process types are defined for ntpd: + -+.B udp 123 ++.EX ++.B ntpd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -25101,10 +29421,10 @@ index 0000000..87ef54e +selinux(8), ntpd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/nut_selinux.8 b/man/man8/nut_selinux.8 new file mode 100644 -index 0000000..8d3262f +index 0000000..f9b1c07 --- /dev/null +++ b/man/man8/nut_selinux.8 -@@ -0,0 +1,97 @@ +@@ -0,0 +1,107 @@ +.TH "nut_selinux" "8" "nut" "dwalsh@redhat.com" "nut SELinux Policy documentation" +.SH "NAME" +nut_selinux \- Security Enhanced Linux Policy for the nut processes @@ -25125,73 +29445,83 @@ index 0000000..8d3262f + + +.EX ++.PP +.B nut_conf_t +.EE + +- Set files with the nut_conf_t type, if you want to treat the files as nut configuration data, usually stored under the /etc directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nut_upsd_exec_t +.EE + +- Set files with the nut_upsd_exec_t type, if you want to transition an executable to the nut_upsd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nut_upsdrvctl_exec_t +.EE + +- Set files with the nut_upsdrvctl_exec_t type, if you want to transition an executable to the nut_upsdrvctl_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/upsdrvctl, /sbin/upsdrvctl -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nut_upsmon_exec_t +.EE + +- Set files with the nut_upsmon_exec_t type, if you want to transition an executable to the nut_upsmon_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nut_var_run_t +.EE + +- Set files with the nut_var_run_t type, if you want to store the nut files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux nut policy is very flexible allowing users to setup their nut processes in as secure a method as possible. ++.PP ++The following process types are defined for nut: ++ ++.EX ++.B nut_upsd_t, nut_upsmon_t, nut_upsdrvctl_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -25204,10 +29534,10 @@ index 0000000..8d3262f +selinux(8), nut(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/nx_selinux.8 b/man/man8/nx_selinux.8 new file mode 100644 -index 0000000..99ec7de +index 0000000..6dc7277 --- /dev/null +++ b/man/man8/nx_selinux.8 -@@ -0,0 +1,97 @@ +@@ -0,0 +1,115 @@ +.TH "nx_selinux" "8" "nx" "dwalsh@redhat.com" "nx SELinux Policy documentation" +.SH "NAME" +nx_selinux \- Security Enhanced Linux Policy for the nx processes @@ -25228,38 +29558,31 @@ index 0000000..99ec7de + + +.EX ++.PP +.B nx_server_exec_t +.EE + +- Set files with the nx_server_exec_t type, if you want to transition an executable to the nx_server_t domain. + +.br ++.TP 5 +Paths: +/opt/NX/bin/nxserver, /usr/NX/bin/nxserver, /usr/libexec/nx/nxserver -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nx_server_home_ssh_t +.EE + +- Set files with the nx_server_home_ssh_t type, if you want to treat the files as nx server home ssh data. + +.br ++.TP 5 +Paths: +/opt/NX/home/nx/\.ssh(/.*)?, /usr/NX/home/nx/\.ssh(/.*)?, /var/lib/nxserver/home/.ssh(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nx_server_tmp_t +.EE + @@ -25267,34 +29590,59 @@ index 0000000..99ec7de + + +.EX ++.PP +.B nx_server_var_lib_t +.EE + +- Set files with the nx_server_var_lib_t type, if you want to store the nx server files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/usr/NX/home(/.*)?, /opt/NX/home(/.*)?, /var/lib/nxserver(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B nx_server_var_run_t +.EE + +- Set files with the nx_server_var_run_t type, if you want to store the nx server files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux nx policy is very flexible allowing users to setup their nx processes in as secure a method as possible. ++.PP ++The following process types are defined for nx: ++ ++.EX ++.B nx_server_t, nx_server_ssh_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -25307,10 +29655,10 @@ index 0000000..99ec7de +selinux(8), nx(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/obex_selinux.8 b/man/man8/obex_selinux.8 new file mode 100644 -index 0000000..71ee561 +index 0000000..db0a02e --- /dev/null +++ b/man/man8/obex_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "obex_selinux" "8" "obex" "dwalsh@redhat.com" "obex SELinux Policy documentation" +.SH "NAME" +obex_selinux \- Security Enhanced Linux Policy for the obex processes @@ -25331,18 +29679,47 @@ index 0000000..71ee561 + + +.EX ++.PP +.B obex_exec_t +.EE + +- Set files with the obex_exec_t type, if you want to transition an executable to the obex_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux obex policy is very flexible allowing users to setup their obex processes in as secure a method as possible. ++.PP ++The following process types are defined for obex: ++ ++.EX ++.B obex_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -25355,10 +29732,10 @@ index 0000000..71ee561 +selinux(8), obex(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/oddjob_selinux.8 b/man/man8/oddjob_selinux.8 new file mode 100644 -index 0000000..e23616e +index 0000000..50c8584 --- /dev/null +++ b/man/man8/oddjob_selinux.8 -@@ -0,0 +1,71 @@ +@@ -0,0 +1,91 @@ +.TH "oddjob_selinux" "8" "oddjob" "dwalsh@redhat.com" "oddjob SELinux Policy documentation" +.SH "NAME" +oddjob_selinux \- Security Enhanced Linux Policy for the oddjob processes @@ -25379,47 +29756,67 @@ index 0000000..e23616e + + +.EX ++.PP +.B oddjob_exec_t +.EE + +- Set files with the oddjob_exec_t type, if you want to transition an executable to the oddjob_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B oddjob_mkhomedir_exec_t +.EE + +- Set files with the oddjob_mkhomedir_exec_t type, if you want to transition an executable to the oddjob_mkhomedir_t domain. + +.br ++.TP 5 +Paths: +/usr/libexec/oddjob/mkhomedir, /usr/lib/oddjob/mkhomedir -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B oddjob_var_run_t +.EE + +- Set files with the oddjob_var_run_t type, if you want to store the oddjob files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux oddjob policy is very flexible allowing users to setup their oddjob processes in as secure a method as possible. ++.PP ++The following process types are defined for oddjob: ++ ++.EX ++.B oddjob_mkhomedir_t, oddjob_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -25432,10 +29829,10 @@ index 0000000..e23616e +selinux(8), oddjob(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/openct_selinux.8 b/man/man8/openct_selinux.8 new file mode 100644 -index 0000000..b1fce3c +index 0000000..f3f6824 --- /dev/null +++ b/man/man8/openct_selinux.8 -@@ -0,0 +1,58 @@ +@@ -0,0 +1,83 @@ +.TH "openct_selinux" "8" "openct" "dwalsh@redhat.com" "openct SELinux Policy documentation" +.SH "NAME" +openct_selinux \- Security Enhanced Linux Policy for the openct processes @@ -25456,34 +29853,59 @@ index 0000000..b1fce3c + + +.EX ++.PP +.B openct_exec_t +.EE + +- Set files with the openct_exec_t type, if you want to transition an executable to the openct_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/ifdhandler, /usr/sbin/openct-control -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B openct_var_run_t +.EE + +- Set files with the openct_var_run_t type, if you want to store the openct files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux openct policy is very flexible allowing users to setup their openct processes in as secure a method as possible. ++.PP ++The following process types are defined for openct: ++ ++.EX ++.B openct_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -25496,10 +29918,10 @@ index 0000000..b1fce3c +selinux(8), openct(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/openvpn_selinux.8 b/man/man8/openvpn_selinux.8 new file mode 100644 -index 0000000..5d58675 +index 0000000..e49d678 --- /dev/null +++ b/man/man8/openvpn_selinux.8 -@@ -0,0 +1,153 @@ +@@ -0,0 +1,160 @@ +.TH "openvpn_selinux" "8" "openvpn" "dwalsh@redhat.com" "openvpn SELinux Policy documentation" +.SH "NAME" +openvpn_selinux \- Security Enhanced Linux Policy for the openvpn processes @@ -25531,58 +29953,39 @@ index 0000000..5d58675 + + +.EX ++.PP +.B openvpn_etc_rw_t +.EE + +- Set files with the openvpn_etc_rw_t type, if you want to treat the files as openvpn etc read/write content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B openvpn_etc_t +.EE + +- Set files with the openvpn_etc_t type, if you want to store openvpn files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B openvpn_exec_t +.EE + +- Set files with the openvpn_exec_t type, if you want to transition an executable to the openvpn_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B openvpn_initrc_exec_t +.EE + +- Set files with the openvpn_initrc_exec_t type, if you want to transition an executable to the openvpn_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B openvpn_tmp_t +.EE + @@ -25590,24 +29993,22 @@ index 0000000..5d58675 + + +.EX ++.PP +.B openvpn_var_log_t +.EE + +- Set files with the openvpn_var_log_t type, if you want to treat the data as openvpn var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B openvpn_var_run_t +.EE + +- Set files with the openvpn_var_run_t type, if you want to store the openvpn files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -25626,19 +30027,47 @@ index 0000000..5d58675 +SELinux openvpn policy is very flexible allowing users to setup their openvpn processes in as secure a method as possible. +.PP +The following port types are defined for openvpn: -+.EX + ++.EX ++.TP 5 +.B openvpn_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 1194 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 1194 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux openvpn policy is very flexible allowing users to setup their openvpn processes in as secure a method as possible. ++.PP ++The following process types are defined for openvpn: ++ ++.EX ++.B openvpn_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -25656,10 +30085,10 @@ index 0000000..5d58675 \ No newline at end of file diff --git a/man/man8/pads_selinux.8 b/man/man8/pads_selinux.8 new file mode 100644 -index 0000000..d8d810a +index 0000000..9b82aaa --- /dev/null +++ b/man/man8/pads_selinux.8 -@@ -0,0 +1,84 @@ +@@ -0,0 +1,99 @@ +.TH "pads_selinux" "8" "pads" "dwalsh@redhat.com" "pads SELinux Policy documentation" +.SH "NAME" +pads_selinux \- Security Enhanced Linux Policy for the pads processes @@ -25680,60 +30109,75 @@ index 0000000..d8d810a + + +.EX ++.PP +.B pads_config_t +.EE + +- Set files with the pads_config_t type, if you want to treat the files as pads configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/etc/pads-assets.csv, /etc/pads-ether-codes, /etc/pads\.conf, /etc/pads-signature-list -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pads_exec_t +.EE + +- Set files with the pads_exec_t type, if you want to transition an executable to the pads_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pads_initrc_exec_t +.EE + +- Set files with the pads_initrc_exec_t type, if you want to transition an executable to the pads_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pads_var_run_t +.EE + +- Set files with the pads_var_run_t type, if you want to store the pads files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux pads policy is very flexible allowing users to setup their pads processes in as secure a method as possible. ++.PP ++The following process types are defined for pads: ++ ++.EX ++.B pads_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -25746,10 +30190,10 @@ index 0000000..d8d810a +selinux(8), pads(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/passenger_selinux.8 b/man/man8/passenger_selinux.8 new file mode 100644 -index 0000000..f764511 +index 0000000..17bda61 --- /dev/null +++ b/man/man8/passenger_selinux.8 -@@ -0,0 +1,94 @@ +@@ -0,0 +1,111 @@ +.TH "passenger_selinux" "8" "passenger" "dwalsh@redhat.com" "passenger SELinux Policy documentation" +.SH "NAME" +passenger_selinux \- Security Enhanced Linux Policy for the passenger processes @@ -25770,38 +30214,31 @@ index 0000000..f764511 + + +.EX ++.PP +.B passenger_exec_t +.EE + +- Set files with the passenger_exec_t type, if you want to transition an executable to the passenger_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/ruby/gems/.*/passenger-.*/agents/PassengerLoggingAgent, /usr/lib/ruby/gems/.*/passenger-.*/agents/apache2/PassengerHelperAgent, /usr/lib/ruby/gems/.*/passenger-.*/agents/PassengerWatchdog, /usr/lib/ruby/gems/.*/passenger-.*/ext/apache2/ApplicationPoolServerExecutable -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B passenger_log_t +.EE + +- Set files with the passenger_log_t type, if you want to treat the data as passenger log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/passenger.*, /var/log/passenger(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B passenger_tmp_t +.EE + @@ -25809,31 +30246,55 @@ index 0000000..f764511 + + +.EX ++.PP +.B passenger_var_lib_t +.EE + +- Set files with the passenger_var_lib_t type, if you want to store the passenger files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B passenger_var_run_t +.EE + +- Set files with the passenger_var_run_t type, if you want to store the passenger files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux passenger policy is very flexible allowing users to setup their passenger processes in as secure a method as possible. ++.PP ++The following process types are defined for passenger: ++ ++.EX ++.B passenger_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -25846,10 +30307,10 @@ index 0000000..f764511 +selinux(8), passenger(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/passwd_selinux.8 b/man/man8/passwd_selinux.8 new file mode 100644 -index 0000000..3cf2b1d +index 0000000..af52eaa --- /dev/null +++ b/man/man8/passwd_selinux.8 -@@ -0,0 +1,61 @@ +@@ -0,0 +1,87 @@ +.TH "passwd_selinux" "8" "passwd" "dwalsh@redhat.com" "passwd SELinux Policy documentation" +.SH "NAME" +passwd_selinux \- Security Enhanced Linux Policy for the passwd processes @@ -25870,37 +30331,63 @@ index 0000000..3cf2b1d + + +.EX ++.PP +.B passwd_exec_t +.EE + +- Set files with the passwd_exec_t type, if you want to transition an executable to the passwd_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/passwd, /usr/bin/chage -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B passwd_file_t +.EE + +- Set files with the passwd_file_t type, if you want to treat the files as passwd content. + +.br ++.TP 5 +Paths: +/etc/passwd\.OLD, /etc/ptmptmp, /etc/passwd-?, /etc/group-? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux passwd policy is very flexible allowing users to setup their passwd processes in as secure a method as possible. ++.PP ++The following process types are defined for passwd: ++ ++.EX ++.B passwd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -25913,10 +30400,10 @@ index 0000000..3cf2b1d +selinux(8), passwd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/pcscd_selinux.8 b/man/man8/pcscd_selinux.8 new file mode 100644 -index 0000000..aa0401f +index 0000000..3b6b792 --- /dev/null +++ b/man/man8/pcscd_selinux.8 -@@ -0,0 +1,58 @@ +@@ -0,0 +1,83 @@ +.TH "pcscd_selinux" "8" "pcscd" "dwalsh@redhat.com" "pcscd SELinux Policy documentation" +.SH "NAME" +pcscd_selinux \- Security Enhanced Linux Policy for the pcscd processes @@ -25937,34 +30424,59 @@ index 0000000..aa0401f + + +.EX ++.PP +.B pcscd_exec_t +.EE + +- Set files with the pcscd_exec_t type, if you want to transition an executable to the pcscd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pcscd_var_run_t +.EE + +- Set files with the pcscd_var_run_t type, if you want to store the pcscd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/pcscd\.pid, /var/run/pcscd\.comm, /var/run/pcscd\.pub, /var/run/pcscd\.events(/.*)?, /var/run/pcscd(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux pcscd policy is very flexible allowing users to setup their pcscd processes in as secure a method as possible. ++.PP ++The following process types are defined for pcscd: ++ ++.EX ++.B pcscd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -25977,10 +30489,10 @@ index 0000000..aa0401f +selinux(8), pcscd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/pegasus_selinux.8 b/man/man8/pegasus_selinux.8 new file mode 100644 -index 0000000..a4ab238 +index 0000000..7bb97c4 --- /dev/null +++ b/man/man8/pegasus_selinux.8 -@@ -0,0 +1,139 @@ +@@ -0,0 +1,156 @@ +.TH "pegasus_selinux" "8" "pegasus" "dwalsh@redhat.com" "pegasus SELinux Policy documentation" +.SH "NAME" +pegasus_selinux \- Security Enhanced Linux Policy for the pegasus processes @@ -26001,64 +30513,47 @@ index 0000000..a4ab238 + + +.EX ++.PP +.B pegasus_conf_t +.EE + +- Set files with the pegasus_conf_t type, if you want to treat the files as pegasus configuration data, usually stored under the /etc directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pegasus_data_t +.EE + +- Set files with the pegasus_data_t type, if you want to treat the files as pegasus content. + +.br ++.TP 5 +Paths: +/etc/Pegasus/pegasus_current\.conf, /var/lib/Pegasus(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pegasus_exec_t +.EE + +- Set files with the pegasus_exec_t type, if you want to transition an executable to the pegasus_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/init_repository, /usr/sbin/cimserver -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pegasus_mof_t +.EE + +- Set files with the pegasus_mof_t type, if you want to treat the files as pegasus mof data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pegasus_tmp_t +.EE + @@ -26066,11 +30561,14 @@ index 0000000..a4ab238 + + +.EX ++.PP +.B pegasus_var_run_t +.EE + +- Set files with the pegasus_var_run_t type, if you want to store the pegasus files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -26089,27 +30587,58 @@ index 0000000..a4ab238 +SELinux pegasus policy is very flexible allowing users to setup their pegasus processes in as secure a method as possible. +.PP +The following port types are defined for pegasus: -+.EX + ++.EX ++.TP 5 +.B pegasus_http_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 5988 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B pegasus_https_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux pegasus policy is very flexible allowing users to setup their pegasus processes in as secure a method as possible. ++.PP ++The following process types are defined for pegasus: + -+.B tcp 5989 ++.EX ++.B pegasus_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -26122,10 +30651,10 @@ index 0000000..a4ab238 +selinux(8), pegasus(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ping_selinux.8 b/man/man8/ping_selinux.8 new file mode 100644 -index 0000000..20d03c0 +index 0000000..bcae699 --- /dev/null +++ b/man/man8/ping_selinux.8 -@@ -0,0 +1,134 @@ +@@ -0,0 +1,148 @@ +.TH "ping_selinux" "8" "ping" "dwalsh@redhat.com" "ping SELinux Policy documentation" +.SH "NAME" +ping_selinux \- Security Enhanced Linux Policy for the ping processes @@ -26157,66 +30686,50 @@ index 0000000..20d03c0 + + +.EX ++.PP +.B ping_exec_t +.EE + +- Set files with the ping_exec_t type, if you want to transition an executable to the ping_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/ping.*, /usr/sbin/hping2, /usr/sbin/fping.*, /bin/ping.*, /usr/sbin/send_arp -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pingd_etc_t +.EE + +- Set files with the pingd_etc_t type, if you want to store pingd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pingd_exec_t +.EE + +- Set files with the pingd_exec_t type, if you want to transition an executable to the pingd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pingd_initrc_exec_t +.EE + +- Set files with the pingd_initrc_exec_t type, if you want to transition an executable to the pingd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pingd_modules_t +.EE + +- Set files with the pingd_modules_t type, if you want to treat the files as pingd modules. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -26235,17 +30748,47 @@ index 0000000..20d03c0 +SELinux ping policy is very flexible allowing users to setup their ping processes in as secure a method as possible. +.PP +The following port types are defined for ping: -+.EX + ++.EX ++.TP 5 +.B pingd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ping policy is very flexible allowing users to setup their ping processes in as secure a method as possible. ++.PP ++The following process types are defined for ping: + -+.B tcp 9125 ++.EX ++.B ping_t, pingd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -26263,10 +30806,10 @@ index 0000000..20d03c0 \ No newline at end of file diff --git a/man/man8/pingd_selinux.8 b/man/man8/pingd_selinux.8 new file mode 100644 -index 0000000..453ce85 +index 0000000..5106b00 --- /dev/null +++ b/man/man8/pingd_selinux.8 -@@ -0,0 +1,118 @@ +@@ -0,0 +1,136 @@ +.TH "pingd_selinux" "8" "pingd" "dwalsh@redhat.com" "pingd SELinux Policy documentation" +.SH "NAME" +pingd_selinux \- Security Enhanced Linux Policy for the pingd processes @@ -26298,50 +30841,38 @@ index 0000000..453ce85 + + +.EX ++.PP +.B pingd_etc_t +.EE + +- Set files with the pingd_etc_t type, if you want to store pingd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pingd_exec_t +.EE + +- Set files with the pingd_exec_t type, if you want to transition an executable to the pingd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pingd_initrc_exec_t +.EE + +- Set files with the pingd_initrc_exec_t type, if you want to transition an executable to the pingd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pingd_modules_t +.EE + +- Set files with the pingd_modules_t type, if you want to treat the files as pingd modules. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -26360,17 +30891,47 @@ index 0000000..453ce85 +SELinux pingd policy is very flexible allowing users to setup their pingd processes in as secure a method as possible. +.PP +The following port types are defined for pingd: -+.EX + ++.EX ++.TP 5 +.B pingd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux pingd policy is very flexible allowing users to setup their pingd processes in as secure a method as possible. ++.PP ++The following process types are defined for pingd: + -+.B tcp 9125 ++.EX ++.B ping_t, pingd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -26388,10 +30949,10 @@ index 0000000..453ce85 \ No newline at end of file diff --git a/man/man8/piranha_selinux.8 b/man/man8/piranha_selinux.8 new file mode 100644 -index 0000000..a2e8680 +index 0000000..7551b8a --- /dev/null +++ b/man/man8/piranha_selinux.8 -@@ -0,0 +1,255 @@ +@@ -0,0 +1,232 @@ +.TH "piranha_selinux" "8" "piranha" "dwalsh@redhat.com" "piranha SELinux Policy documentation" +.SH "NAME" +piranha_selinux \- Security Enhanced Linux Policy for the piranha processes @@ -26423,168 +30984,111 @@ index 0000000..a2e8680 + + +.EX ++.PP +.B piranha_etc_rw_t +.EE + +- Set files with the piranha_etc_rw_t type, if you want to treat the files as piranha etc read/write content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B piranha_fos_exec_t +.EE + +- Set files with the piranha_fos_exec_t type, if you want to transition an executable to the piranha_fos_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B piranha_fos_var_run_t +.EE + +- Set files with the piranha_fos_var_run_t type, if you want to store the piranha fos files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B piranha_log_t +.EE + +- Set files with the piranha_log_t type, if you want to treat the data as piranha log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B piranha_lvs_exec_t +.EE + +- Set files with the piranha_lvs_exec_t type, if you want to transition an executable to the piranha_lvs_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B piranha_lvs_var_run_t +.EE + +- Set files with the piranha_lvs_var_run_t type, if you want to store the piranha lvs files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B piranha_pulse_exec_t +.EE + +- Set files with the piranha_pulse_exec_t type, if you want to transition an executable to the piranha_pulse_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B piranha_pulse_initrc_exec_t +.EE + +- Set files with the piranha_pulse_initrc_exec_t type, if you want to transition an executable to the piranha_pulse_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B piranha_pulse_var_run_t +.EE + +- Set files with the piranha_pulse_var_run_t type, if you want to store the piranha pulse files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B piranha_web_conf_t +.EE + +- Set files with the piranha_web_conf_t type, if you want to treat the files as piranha web configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/var/lib/luci/etc(/.*)?, /var/lib/luci/cert(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B piranha_web_data_t +.EE + +- Set files with the piranha_web_data_t type, if you want to treat the files as piranha web content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B piranha_web_exec_t +.EE + +- Set files with the piranha_web_exec_t type, if you want to transition an executable to the piranha_web_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/piranha_gui, /usr/bin/paster -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B piranha_web_tmp_t +.EE + @@ -26592,6 +31096,7 @@ index 0000000..a2e8680 + + +.EX ++.PP +.B piranha_web_tmpfs_t +.EE + @@ -26599,11 +31104,14 @@ index 0000000..a2e8680 + + +.EX ++.PP +.B piranha_web_var_run_t +.EE + +- Set files with the piranha_web_var_run_t type, if you want to store the piranha web files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -26622,17 +31130,47 @@ index 0000000..a2e8680 +SELinux piranha policy is very flexible allowing users to setup their piranha processes in as secure a method as possible. +.PP +The following port types are defined for piranha: -+.EX + ++.EX ++.TP 5 +.B piranha_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux piranha policy is very flexible allowing users to setup their piranha processes in as secure a method as possible. ++.PP ++The following process types are defined for piranha: + -+.B tcp 3636 ++.EX ++.B piranha_pulse_t, piranha_fos_t, piranha_lvs_t, piranha_web_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -26650,10 +31188,10 @@ index 0000000..a2e8680 \ No newline at end of file diff --git a/man/man8/pki_selinux.8 b/man/man8/pki_selinux.8 new file mode 100644 -index 0000000..aff8215 +index 0000000..51c05de --- /dev/null +++ b/man/man8/pki_selinux.8 -@@ -0,0 +1,621 @@ +@@ -0,0 +1,504 @@ +.TH "pki_selinux" "8" "pki" "dwalsh@redhat.com" "pki SELinux Policy documentation" +.SH "NAME" +pki_selinux \- Security Enhanced Linux Policy for the pki processes @@ -26674,326 +31212,219 @@ index 0000000..aff8215 + + +.EX ++.PP +.B pki_ca_etc_rw_t +.EE + +- Set files with the pki_ca_etc_rw_t type, if you want to treat the files as pki ca etc read/write content. + +.br ++.TP 5 +Paths: +/etc/pki-ca(/.*)?, /etc/sysconfig/pki/ca(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ca_exec_t +.EE + +- Set files with the pki_ca_exec_t type, if you want to transition an executable to the pki_ca_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ca_log_t +.EE + +- Set files with the pki_ca_log_t type, if you want to treat the data as pki ca log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ca_tomcat_exec_t +.EE + +- Set files with the pki_ca_tomcat_exec_t type, if you want to transition an executable to the pki_ca_tomcat_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ca_var_lib_t +.EE + +- Set files with the pki_ca_var_lib_t type, if you want to store the pki ca files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ca_var_run_t +.EE + +- Set files with the pki_ca_var_run_t type, if you want to store the pki ca files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/pki-ca.pid, /var/run/pki/ca(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_common_dev_t +.EE + +- Set files with the pki_common_dev_t type, if you want to treat the files as pki common dev data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_common_t +.EE + +- Set files with the pki_common_t type, if you want to treat the files as pki common data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_kra_etc_rw_t +.EE + +- Set files with the pki_kra_etc_rw_t type, if you want to treat the files as pki kra etc read/write content. + +.br ++.TP 5 +Paths: +/etc/pki-kra(/.*)?, /etc/sysconfig/pki/kra(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_kra_exec_t +.EE + +- Set files with the pki_kra_exec_t type, if you want to transition an executable to the pki_kra_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_kra_log_t +.EE + +- Set files with the pki_kra_log_t type, if you want to treat the data as pki kra log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_kra_tomcat_exec_t +.EE + +- Set files with the pki_kra_tomcat_exec_t type, if you want to transition an executable to the pki_kra_tomcat_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_kra_var_lib_t +.EE + +- Set files with the pki_kra_var_lib_t type, if you want to store the pki kra files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_kra_var_run_t +.EE + +- Set files with the pki_kra_var_run_t type, if you want to store the pki kra files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/pki-kra.pid, /var/run/pki/kra(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ocsp_etc_rw_t +.EE + +- Set files with the pki_ocsp_etc_rw_t type, if you want to treat the files as pki ocsp etc read/write content. + +.br ++.TP 5 +Paths: +/etc/pki-ocsp(/.*)?, /etc/sysconfig/pki/ocsp(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ocsp_exec_t +.EE + +- Set files with the pki_ocsp_exec_t type, if you want to transition an executable to the pki_ocsp_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ocsp_log_t +.EE + +- Set files with the pki_ocsp_log_t type, if you want to treat the data as pki ocsp log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ocsp_tomcat_exec_t +.EE + +- Set files with the pki_ocsp_tomcat_exec_t type, if you want to transition an executable to the pki_ocsp_tomcat_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ocsp_var_lib_t +.EE + +- Set files with the pki_ocsp_var_lib_t type, if you want to store the pki ocsp files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ocsp_var_run_t +.EE + +- Set files with the pki_ocsp_var_run_t type, if you want to store the pki ocsp files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/pki-ocsp.pid, /var/run/pki/ocsp(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ra_etc_rw_t +.EE + +- Set files with the pki_ra_etc_rw_t type, if you want to treat the files as pki ra etc read/write content. + +.br ++.TP 5 +Paths: +/etc/sysconfig/pki/ra(/.*)?, /etc/pki-ra(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ra_exec_t +.EE + +- Set files with the pki_ra_exec_t type, if you want to transition an executable to the pki_ra_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ra_log_t +.EE + +- Set files with the pki_ra_log_t type, if you want to treat the data as pki ra log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ra_script_exec_t +.EE + @@ -27001,6 +31432,7 @@ index 0000000..aff8215 + + +.EX ++.PP +.B pki_ra_tomcat_exec_t +.EE + @@ -27008,132 +31440,91 @@ index 0000000..aff8215 + + +.EX ++.PP +.B pki_ra_var_lib_t +.EE + +- Set files with the pki_ra_var_lib_t type, if you want to store the pki ra files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_ra_var_run_t +.EE + +- Set files with the pki_ra_var_run_t type, if you want to store the pki ra files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_tks_etc_rw_t +.EE + +- Set files with the pki_tks_etc_rw_t type, if you want to treat the files as pki tks etc read/write content. + +.br ++.TP 5 +Paths: +/etc/sysconfig/pki/tks(/.*)?, /etc/pki-tks(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_tks_exec_t +.EE + +- Set files with the pki_tks_exec_t type, if you want to transition an executable to the pki_tks_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_tks_log_t +.EE + +- Set files with the pki_tks_log_t type, if you want to treat the data as pki tks log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_tks_tomcat_exec_t +.EE + +- Set files with the pki_tks_tomcat_exec_t type, if you want to transition an executable to the pki_tks_tomcat_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_tks_var_lib_t +.EE + +- Set files with the pki_tks_var_lib_t type, if you want to store the pki tks files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_tks_var_run_t +.EE + +- Set files with the pki_tks_var_run_t type, if you want to store the pki tks files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/pki-tks.pid, /var/run/pki/tks(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_tps_etc_rw_t +.EE + +- Set files with the pki_tps_etc_rw_t type, if you want to treat the files as pki tps etc read/write content. + +.br ++.TP 5 +Paths: +/etc/sysconfig/pki/tps(/.*)?, /etc/pki-tps(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_tps_exec_t +.EE + @@ -27141,19 +31532,15 @@ index 0000000..aff8215 + + +.EX ++.PP +.B pki_tps_log_t +.EE + +- Set files with the pki_tps_log_t type, if you want to treat the data as pki tps log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_tps_script_exec_t +.EE + @@ -27161,6 +31548,7 @@ index 0000000..aff8215 + + +.EX ++.PP +.B pki_tps_tomcat_exec_t +.EE + @@ -27168,24 +31556,22 @@ index 0000000..aff8215 + + +.EX ++.PP +.B pki_tps_var_lib_t +.EE + +- Set files with the pki_tps_var_lib_t type, if you want to store the pki tps files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pki_tps_var_run_t +.EE + +- Set files with the pki_tps_var_run_t type, if you want to store the pki tps files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -27204,67 +31590,102 @@ index 0000000..aff8215 +SELinux pki policy is very flexible allowing users to setup their pki processes in as secure a method as possible. +.PP +The following port types are defined for pki: -+.EX + ++.EX ++.TP 5 +.B pki_ca_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 9180,9701,9443-9447 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B pki_kra_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 10180,10701,10443-10446 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B pki_ocsp_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 11180,11701,11443-11446 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B pki_ra_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 12888-12889 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B pki_tks_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 13180,13701,13443-13446 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B pki_tps_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux pki policy is very flexible allowing users to setup their pki processes in as secure a method as possible. ++.PP ++The following process types are defined for pki: + -+.B tcp 7888-7889 ++.EX ++.B pki_ca_t, pki_ra_t, pki_ca_script_t, pki_ocsp_t, pki_kra_t, pki_tks_t, pki_tps_t, pki_ocsp_script_t, pki_kra_script_t, pki_tks_script_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -27277,10 +31698,10 @@ index 0000000..aff8215 +selinux(8), pki(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/plymouth_selinux.8 b/man/man8/plymouth_selinux.8 new file mode 100644 -index 0000000..adb519a +index 0000000..54b9407 --- /dev/null +++ b/man/man8/plymouth_selinux.8 -@@ -0,0 +1,107 @@ +@@ -0,0 +1,119 @@ +.TH "plymouth_selinux" "8" "plymouth" "dwalsh@redhat.com" "plymouth SELinux Policy documentation" +.SH "NAME" +plymouth_selinux \- Security Enhanced Linux Policy for the plymouth processes @@ -27301,64 +31722,47 @@ index 0000000..adb519a + + +.EX ++.PP +.B plymouth_exec_t +.EE + +- Set files with the plymouth_exec_t type, if you want to transition an executable to the plymouth_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/plymouth, /bin/plymouth -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B plymouthd_exec_t +.EE + +- Set files with the plymouthd_exec_t type, if you want to transition an executable to the plymouthd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/plymouthd, /sbin/plymouthd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B plymouthd_spool_t +.EE + +- Set files with the plymouthd_spool_t type, if you want to store the plymouthd files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B plymouthd_var_lib_t +.EE + +- Set files with the plymouthd_var_lib_t type, if you want to store the plymouthd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B plymouthd_var_log_t +.EE + @@ -27366,18 +31770,47 @@ index 0000000..adb519a + + +.EX ++.PP +.B plymouthd_var_run_t +.EE + +- Set files with the plymouthd_var_run_t type, if you want to store the plymouthd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux plymouth policy is very flexible allowing users to setup their plymouth processes in as secure a method as possible. ++.PP ++The following process types are defined for plymouth: ++ ++.EX ++.B plymouth_t, plymouthd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -27390,10 +31823,10 @@ index 0000000..adb519a +selinux(8), plymouth(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/plymouthd_selinux.8 b/man/man8/plymouthd_selinux.8 new file mode 100644 -index 0000000..937d09d +index 0000000..16ea89e --- /dev/null +++ b/man/man8/plymouthd_selinux.8 -@@ -0,0 +1,91 @@ +@@ -0,0 +1,107 @@ +.TH "plymouthd_selinux" "8" "plymouthd" "dwalsh@redhat.com" "plymouthd SELinux Policy documentation" +.SH "NAME" +plymouthd_selinux \- Security Enhanced Linux Policy for the plymouthd processes @@ -27414,48 +31847,35 @@ index 0000000..937d09d + + +.EX ++.PP +.B plymouthd_exec_t +.EE + +- Set files with the plymouthd_exec_t type, if you want to transition an executable to the plymouthd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/plymouthd, /sbin/plymouthd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B plymouthd_spool_t +.EE + +- Set files with the plymouthd_spool_t type, if you want to store the plymouthd files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B plymouthd_var_lib_t +.EE + +- Set files with the plymouthd_var_lib_t type, if you want to store the plymouthd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B plymouthd_var_log_t +.EE + @@ -27463,18 +31883,47 @@ index 0000000..937d09d + + +.EX ++.PP +.B plymouthd_var_run_t +.EE + +- Set files with the plymouthd_var_run_t type, if you want to store the plymouthd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux plymouthd policy is very flexible allowing users to setup their plymouthd processes in as secure a method as possible. ++.PP ++The following process types are defined for plymouthd: ++ ++.EX ++.B plymouth_t, plymouthd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -27487,10 +31936,10 @@ index 0000000..937d09d +selinux(8), plymouthd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/podsleuth_selinux.8 b/man/man8/podsleuth_selinux.8 new file mode 100644 -index 0000000..5cd77fd +index 0000000..5cbac87 --- /dev/null +++ b/man/man8/podsleuth_selinux.8 -@@ -0,0 +1,72 @@ +@@ -0,0 +1,99 @@ +.TH "podsleuth_selinux" "8" "podsleuth" "dwalsh@redhat.com" "podsleuth SELinux Policy documentation" +.SH "NAME" +podsleuth_selinux \- Security Enhanced Linux Policy for the podsleuth processes @@ -27511,35 +31960,27 @@ index 0000000..5cd77fd + + +.EX ++.PP +.B podsleuth_cache_t +.EE + +- Set files with the podsleuth_cache_t type, if you want to store the files under the /var/cache directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B podsleuth_exec_t +.EE + +- Set files with the podsleuth_exec_t type, if you want to transition an executable to the podsleuth_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/podsleuth, /usr/libexec/hal-podsleuth -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B podsleuth_tmp_t +.EE + @@ -27547,12 +31988,47 @@ index 0000000..5cd77fd + + +.EX ++.PP +.B podsleuth_tmpfs_t +.EE + +- Set files with the podsleuth_tmpfs_t type, if you want to store podsleuth files on a tmpfs file system. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux podsleuth policy is very flexible allowing users to setup their podsleuth processes in as secure a method as possible. ++.PP ++The following process types are defined for podsleuth: ++ ++.EX ++.B podsleuth_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -27565,10 +32041,10 @@ index 0000000..5cd77fd +selinux(8), podsleuth(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/policykit_selinux.8 b/man/man8/policykit_selinux.8 new file mode 100644 -index 0000000..492f57d +index 0000000..1e6a691 --- /dev/null +++ b/man/man8/policykit_selinux.8 -@@ -0,0 +1,142 @@ +@@ -0,0 +1,147 @@ +.TH "policykit_selinux" "8" "policykit" "dwalsh@redhat.com" "policykit SELinux Policy documentation" +.SH "NAME" +policykit_selinux \- Security Enhanced Linux Policy for the policykit processes @@ -27589,83 +32065,63 @@ index 0000000..492f57d + + +.EX ++.PP +.B policykit_auth_exec_t +.EE + +- Set files with the policykit_auth_exec_t type, if you want to transition an executable to the policykit_auth_t domain. + +.br ++.TP 5 +Paths: +/usr/libexec/polkit-read-auth-helper, /usr/lib/policykit/polkit-read-auth-helper, /usr/libexec/polkit-1/polkit-agent-helper-1 -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B policykit_exec_t +.EE + +- Set files with the policykit_exec_t type, if you want to transition an executable to the policykit_t domain. + +.br ++.TP 5 +Paths: +/usr/libexec/polkitd.*, /usr/libexec/polkit-1/polkitd.*, /usr/lib/policykit/polkitd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B policykit_grant_exec_t +.EE + +- Set files with the policykit_grant_exec_t type, if you want to transition an executable to the policykit_grant_t domain. + +.br ++.TP 5 +Paths: +/usr/libexec/polkit-grant-helper.*, /usr/lib/policykit/polkit-grant-helper.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B policykit_reload_t +.EE + +- Set files with the policykit_reload_t type, if you want to treat the files as policykit reload data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B policykit_resolve_exec_t +.EE + +- Set files with the policykit_resolve_exec_t type, if you want to transition an executable to the policykit_resolve_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/policykit/polkit-resolve-exe-helper.*, /usr/libexec/polkit-resolve-exe-helper.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B policykit_tmp_t +.EE + @@ -27673,34 +32129,59 @@ index 0000000..492f57d + + +.EX ++.PP +.B policykit_var_lib_t +.EE + +- Set files with the policykit_var_lib_t type, if you want to store the policykit files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/PolicyKit-public(/.*)?, /var/lib/PolicyKit(/.*)?, /var/lib/polkit-1(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B policykit_var_run_t +.EE + +- Set files with the policykit_var_run_t type, if you want to store the policykit files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux policykit policy is very flexible allowing users to setup their policykit processes in as secure a method as possible. ++.PP ++The following process types are defined for policykit: ++ ++.EX ++.B policykit_grant_t, policykit_auth_t, policykit_t, policykit_resolve_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -27713,10 +32194,10 @@ index 0000000..492f57d +selinux(8), policykit(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/polipo_selinux.8 b/man/man8/polipo_selinux.8 new file mode 100644 -index 0000000..3a02985 +index 0000000..1c514b2 --- /dev/null +++ b/man/man8/polipo_selinux.8 -@@ -0,0 +1,171 @@ +@@ -0,0 +1,177 @@ +.TH "polipo_selinux" "8" "polipo" "dwalsh@redhat.com" "polipo SELinux Policy documentation" +.SH "NAME" +polipo_selinux \- Security Enhanced Linux Policy for the polipo processes @@ -27783,6 +32264,7 @@ index 0000000..3a02985 + + +.EX ++.PP +.B polipo_cache_home_t +.EE + @@ -27790,19 +32272,15 @@ index 0000000..3a02985 + + +.EX ++.PP +.B polipo_cache_t +.EE + +- Set files with the polipo_cache_t type, if you want to store the files under the /var/cache directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B polipo_config_home_t +.EE + @@ -27810,70 +32288,79 @@ index 0000000..3a02985 + + +.EX ++.PP +.B polipo_etc_t +.EE + +- Set files with the polipo_etc_t type, if you want to store polipo files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B polipo_exec_t +.EE + +- Set files with the polipo_exec_t type, if you want to transition an executable to the polipo_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B polipo_initrc_exec_t +.EE + +- Set files with the polipo_initrc_exec_t type, if you want to transition an executable to the polipo_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B polipo_log_t +.EE + +- Set files with the polipo_log_t type, if you want to treat the data as polipo log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B polipo_pid_t +.EE + +- Set files with the polipo_pid_t type, if you want to store the polipo files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux polipo policy is very flexible allowing users to setup their polipo processes in as secure a method as possible. ++.PP ++The following process types are defined for polipo: ++ ++.EX ++.B polipo_t, polipo_session_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -27891,10 +32378,10 @@ index 0000000..3a02985 \ No newline at end of file diff --git a/man/man8/portmap_selinux.8 b/man/man8/portmap_selinux.8 new file mode 100644 -index 0000000..fc5d3d8 +index 0000000..b8ad3f2 --- /dev/null +++ b/man/man8/portmap_selinux.8 -@@ -0,0 +1,105 @@ +@@ -0,0 +1,129 @@ +.TH "portmap_selinux" "8" "portmap" "dwalsh@redhat.com" "portmap SELinux Policy documentation" +.SH "NAME" +portmap_selinux \- Security Enhanced Linux Policy for the portmap processes @@ -27915,38 +32402,31 @@ index 0000000..fc5d3d8 + + +.EX ++.PP +.B portmap_exec_t +.EE + +- Set files with the portmap_exec_t type, if you want to transition an executable to the portmap_t domain. + +.br ++.TP 5 +Paths: +/sbin/portmap, /usr/sbin/portmap -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B portmap_helper_exec_t +.EE + +- Set files with the portmap_helper_exec_t type, if you want to transition an executable to the portmap_helper_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/pmap_set, /usr/sbin/pmap_dump -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B portmap_tmp_t +.EE + @@ -27954,11 +32434,14 @@ index 0000000..fc5d3d8 + + +.EX ++.PP +.B portmap_var_run_t +.EE + +- Set files with the portmap_var_run_t type, if you want to store the portmap files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -27977,19 +32460,47 @@ index 0000000..fc5d3d8 +SELinux portmap policy is very flexible allowing users to setup their portmap processes in as secure a method as possible. +.PP +The following port types are defined for portmap: -+.EX + ++.EX ++.TP 5 +.B portmap_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 111 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 111 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux portmap policy is very flexible allowing users to setup their portmap processes in as secure a method as possible. ++.PP ++The following process types are defined for portmap: ++ ++.EX ++.B portmap_helper_t, portmap_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -28002,10 +32513,10 @@ index 0000000..fc5d3d8 +selinux(8), portmap(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/portreserve_selinux.8 b/man/man8/portreserve_selinux.8 new file mode 100644 -index 0000000..d13aed8 +index 0000000..a527436 --- /dev/null +++ b/man/man8/portreserve_selinux.8 -@@ -0,0 +1,84 @@ +@@ -0,0 +1,99 @@ +.TH "portreserve_selinux" "8" "portreserve" "dwalsh@redhat.com" "portreserve SELinux Policy documentation" +.SH "NAME" +portreserve_selinux \- Security Enhanced Linux Policy for the portreserve processes @@ -28026,60 +32537,75 @@ index 0000000..d13aed8 + + +.EX ++.PP +.B portreserve_etc_t +.EE + +- Set files with the portreserve_etc_t type, if you want to store portreserve files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B portreserve_exec_t +.EE + +- Set files with the portreserve_exec_t type, if you want to transition an executable to the portreserve_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/portreserve, /sbin/portreserve -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B portreserve_initrc_exec_t +.EE + +- Set files with the portreserve_initrc_exec_t type, if you want to transition an executable to the portreserve_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B portreserve_var_run_t +.EE + +- Set files with the portreserve_var_run_t type, if you want to store the portreserve files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux portreserve policy is very flexible allowing users to setup their portreserve processes in as secure a method as possible. ++.PP ++The following process types are defined for portreserve: ++ ++.EX ++.B portreserve_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -28092,10 +32618,10 @@ index 0000000..d13aed8 +selinux(8), portreserve(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/postfix_selinux.8 b/man/man8/postfix_selinux.8 new file mode 100644 -index 0000000..b1efb51 +index 0000000..74d4f01 --- /dev/null +++ b/man/man8/postfix_selinux.8 -@@ -0,0 +1,493 @@ +@@ -0,0 +1,416 @@ +.TH "postfix_selinux" "8" "postfix" "dwalsh@redhat.com" "postfix SELinux Policy documentation" +.SH "NAME" +postfix_selinux \- Security Enhanced Linux Policy for the postfix processes @@ -28127,19 +32653,15 @@ index 0000000..b1efb51 + + +.EX ++.PP +.B postfix_bounce_exec_t +.EE + +- Set files with the postfix_bounce_exec_t type, if you want to transition an executable to the postfix_bounce_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_bounce_tmp_t +.EE + @@ -28147,19 +32669,15 @@ index 0000000..b1efb51 + + +.EX ++.PP +.B postfix_cleanup_exec_t +.EE + +- Set files with the postfix_cleanup_exec_t type, if you want to transition an executable to the postfix_cleanup_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_cleanup_tmp_t +.EE + @@ -28167,61 +32685,43 @@ index 0000000..b1efb51 + + +.EX ++.PP +.B postfix_data_t +.EE + +- Set files with the postfix_data_t type, if you want to treat the files as postfix content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_etc_t +.EE + +- Set files with the postfix_etc_t type, if you want to store postfix files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_exec_t +.EE + +- Set files with the postfix_exec_t type, if you want to transition an executable to the postfix_t domain. + +.br ++.TP 5 +Paths: +/etc/postfix/postfix-script.*, /usr/libexec/postfix/.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_initrc_exec_t +.EE + +- Set files with the postfix_initrc_exec_t type, if you want to transition an executable to the postfix_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_keytab_t +.EE + @@ -28229,19 +32729,15 @@ index 0000000..b1efb51 + + +.EX ++.PP +.B postfix_local_exec_t +.EE + +- Set files with the postfix_local_exec_t type, if you want to transition an executable to the postfix_local_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_local_tmp_t +.EE + @@ -28249,19 +32745,15 @@ index 0000000..b1efb51 + + +.EX ++.PP +.B postfix_map_exec_t +.EE + +- Set files with the postfix_map_exec_t type, if you want to transition an executable to the postfix_map_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_map_tmp_t +.EE + @@ -28269,35 +32761,27 @@ index 0000000..b1efb51 + + +.EX ++.PP +.B postfix_master_exec_t +.EE + +- Set files with the postfix_master_exec_t type, if you want to transition an executable to the postfix_master_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/postcat, /usr/sbin/postfix, /usr/libexec/postfix/master, /usr/sbin/postkick, /usr/sbin/postsuper, /usr/sbin/postalias, /usr/sbin/postlock, /usr/sbin/postlog -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_pickup_exec_t +.EE + +- Set files with the postfix_pickup_exec_t type, if you want to transition an executable to the postfix_pickup_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_pickup_tmp_t +.EE + @@ -28305,19 +32789,15 @@ index 0000000..b1efb51 + + +.EX ++.PP +.B postfix_pipe_exec_t +.EE + +- Set files with the postfix_pipe_exec_t type, if you want to transition an executable to the postfix_pipe_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_pipe_tmp_t +.EE + @@ -28325,84 +32805,55 @@ index 0000000..b1efb51 + + +.EX ++.PP +.B postfix_postdrop_exec_t +.EE + +- Set files with the postfix_postdrop_exec_t type, if you want to transition an executable to the postfix_postdrop_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_postqueue_exec_t +.EE + +- Set files with the postfix_postqueue_exec_t type, if you want to transition an executable to the postfix_postqueue_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_private_t +.EE + +- Set files with the postfix_private_t type, if you want to treat the files as postfix private data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_prng_t +.EE + +- Set files with the postfix_prng_t type, if you want to treat the files as postfix prng data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_public_t +.EE + +- Set files with the postfix_public_t type, if you want to treat the files as postfix public data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_qmgr_exec_t +.EE + +- Set files with the postfix_qmgr_exec_t type, if you want to transition an executable to the postfix_qmgr_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_qmgr_tmp_t +.EE + @@ -28410,35 +32861,27 @@ index 0000000..b1efb51 + + +.EX ++.PP +.B postfix_showq_exec_t +.EE + +- Set files with the postfix_showq_exec_t type, if you want to transition an executable to the postfix_showq_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_smtp_exec_t +.EE + +- Set files with the postfix_smtp_exec_t type, if you want to transition an executable to the postfix_smtp_t domain. + +.br ++.TP 5 +Paths: +/usr/libexec/postfix/smtp, /usr/libexec/postfix/scache, /usr/libexec/postfix/lmtp -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_smtp_tmp_t +.EE + @@ -28446,19 +32889,15 @@ index 0000000..b1efb51 + + +.EX ++.PP +.B postfix_smtpd_exec_t +.EE + +- Set files with the postfix_smtpd_exec_t type, if you want to transition an executable to the postfix_smtpd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_smtpd_tmp_t +.EE + @@ -28466,92 +32905,72 @@ index 0000000..b1efb51 + + +.EX ++.PP +.B postfix_spool_bounce_t +.EE + +- Set files with the postfix_spool_bounce_t type, if you want to treat the files as postfix spool bounce data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_spool_flush_t +.EE + +- Set files with the postfix_spool_flush_t type, if you want to treat the files as postfix spool flush data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_spool_maildrop_t +.EE + +- Set files with the postfix_spool_maildrop_t type, if you want to treat the files as postfix spool maildrop data. + +.br ++.TP 5 +Paths: +/var/spool/postfix/defer(/.*)?, /var/spool/postfix/deferred(/.*)?, /var/spool/postfix/maildrop(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_spool_t +.EE + +- Set files with the postfix_spool_t type, if you want to store the postfix files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_var_run_t +.EE + +- Set files with the postfix_var_run_t type, if you want to store the postfix files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_virtual_exec_t +.EE + +- Set files with the postfix_virtual_exec_t type, if you want to transition an executable to the postfix_virtual_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postfix_virtual_tmp_t +.EE + +- Set files with the postfix_virtual_tmp_t type, if you want to store postfix virtual temporary files in the /tmp directories. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -28564,17 +32983,47 @@ index 0000000..b1efb51 +SELinux postfix policy is very flexible allowing users to setup their postfix processes in as secure a method as possible. +.PP +The following port types are defined for postfix: -+.EX + ++.EX ++.TP 5 +.B postfix_policyd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux postfix policy is very flexible allowing users to setup their postfix processes in as secure a method as possible. ++.PP ++The following process types are defined for postfix: + -+.B tcp 10031 ++.EX ++.B postfix_bounce_t, postfix_cleanup_t, postfix_showq_t, postfix_virtual_t, postfix_postdrop_t, postfix_postqueue_t, postfix_pipe_t, postfix_master_t, postfix_pickup_t, postfix_local_t, postfix_smtpd_t, postfix_qmgr_t, postfix_smtp_t, postfix_map_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -28592,10 +33041,10 @@ index 0000000..b1efb51 \ No newline at end of file diff --git a/man/man8/postgresql_selinux.8 b/man/man8/postgresql_selinux.8 new file mode 100644 -index 0000000..85d559a +index 0000000..dc5aade --- /dev/null +++ b/man/man8/postgresql_selinux.8 -@@ -0,0 +1,173 @@ +@@ -0,0 +1,188 @@ +.TH "postgresql_selinux" "8" "postgresql" "dwalsh@redhat.com" "postgresql SELinux Policy documentation" +.SH "NAME" +postgresql_selinux \- Security Enhanced Linux Policy for the postgresql processes @@ -28627,67 +33076,51 @@ index 0000000..85d559a + + +.EX ++.PP +.B postgresql_db_t +.EE + +- Set files with the postgresql_db_t type, if you want to treat the files as postgresql database content. + +.br ++.TP 5 +Paths: +/var/lib/pgsql/data(/.*)?, /usr/share/jonas/pgsql(/.*)?, /var/lib/postgres(ql)?(/.*)?, /var/lib/sepgsql(/.*)?, /usr/lib/pgsql/test/regress(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postgresql_etc_t +.EE + +- Set files with the postgresql_etc_t type, if you want to store postgresql files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/sysconfig/pgsql(/.*)?, /etc/postgresql(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postgresql_exec_t +.EE + +- Set files with the postgresql_exec_t type, if you want to transition an executable to the postgresql_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/(se)?postgres, /usr/lib/postgresql/bin/.*, /usr/lib/pgsql/test/regress/pg_regress, /usr/bin/initdb(\.sepgsql)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postgresql_initrc_exec_t +.EE + +- Set files with the postgresql_initrc_exec_t type, if you want to transition an executable to the postgresql_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postgresql_lock_t +.EE + @@ -28695,22 +33128,19 @@ index 0000000..85d559a + + +.EX ++.PP +.B postgresql_log_t +.EE + +- Set files with the postgresql_log_t type, if you want to treat the data as postgresql log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/lib/pgsql/logfile(/.*)?, /var/lib/pgsql/pgstartup\.log, /var/log/postgresql(/.*)?, /var/log/postgres\.log.*, /var/lib/sepgsql/pgstartup\.log, /var/log/rhdb/rhdb(/.*)?, /var/log/sepostgresql\.log.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postgresql_tmp_t +.EE + @@ -28718,14 +33148,18 @@ index 0000000..85d559a + + +.EX ++.PP +.B postgresql_var_run_t +.EE + +- Set files with the postgresql_var_run_t type, if you want to store the postgresql files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/postmaster.*, /var/run/postgresql(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -28744,17 +33178,47 @@ index 0000000..85d559a +SELinux postgresql policy is very flexible allowing users to setup their postgresql processes in as secure a method as possible. +.PP +The following port types are defined for postgresql: -+.EX + ++.EX ++.TP 5 +.B postgresql_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux postgresql policy is very flexible allowing users to setup their postgresql processes in as secure a method as possible. ++.PP ++The following process types are defined for postgresql: + -+.B tcp 5432 ++.EX ++.B postgresql_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -28772,10 +33236,10 @@ index 0000000..85d559a \ No newline at end of file diff --git a/man/man8/postgrey_selinux.8 b/man/man8/postgrey_selinux.8 new file mode 100644 -index 0000000..8851fa0 +index 0000000..f1d9fc7 --- /dev/null +++ b/man/man8/postgrey_selinux.8 -@@ -0,0 +1,132 @@ +@@ -0,0 +1,141 @@ +.TH "postgrey_selinux" "8" "postgrey" "dwalsh@redhat.com" "postgrey SELinux Policy documentation" +.SH "NAME" +postgrey_selinux \- Security Enhanced Linux Policy for the postgrey processes @@ -28796,79 +33260,58 @@ index 0000000..8851fa0 + + +.EX ++.PP +.B postgrey_etc_t +.EE + +- Set files with the postgrey_etc_t type, if you want to store postgrey files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postgrey_exec_t +.EE + +- Set files with the postgrey_exec_t type, if you want to transition an executable to the postgrey_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postgrey_initrc_exec_t +.EE + +- Set files with the postgrey_initrc_exec_t type, if you want to transition an executable to the postgrey_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postgrey_spool_t +.EE + +- Set files with the postgrey_spool_t type, if you want to store the postgrey files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postgrey_var_lib_t +.EE + +- Set files with the postgrey_var_lib_t type, if you want to store the postgrey files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B postgrey_var_run_t +.EE + +- Set files with the postgrey_var_run_t type, if you want to store the postgrey files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/postgrey\.pid, /var/run/postgrey(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -28887,17 +33330,47 @@ index 0000000..8851fa0 +SELinux postgrey policy is very flexible allowing users to setup their postgrey processes in as secure a method as possible. +.PP +The following port types are defined for postgrey: -+.EX + ++.EX ++.TP 5 +.B postgrey_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux postgrey policy is very flexible allowing users to setup their postgrey processes in as secure a method as possible. ++.PP ++The following process types are defined for postgrey: + -+.B tcp 60000 ++.EX ++.B postgrey_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -28910,10 +33383,10 @@ index 0000000..8851fa0 +selinux(8), postgrey(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/pppd_selinux.8 b/man/man8/pppd_selinux.8 new file mode 100644 -index 0000000..327bff1 +index 0000000..6e6d3b0 --- /dev/null +++ b/man/man8/pppd_selinux.8 -@@ -0,0 +1,187 @@ +@@ -0,0 +1,189 @@ +.TH "pppd_selinux" "8" "pppd" "dwalsh@redhat.com" "pppd SELinux Policy documentation" +.SH "NAME" +pppd_selinux \- Security Enhanced Linux Policy for the pppd processes @@ -28952,112 +33425,83 @@ index 0000000..327bff1 + + +.EX ++.PP +.B pppd_etc_rw_t +.EE + +- Set files with the pppd_etc_rw_t type, if you want to treat the files as pppd etc read/write content. + +.br ++.TP 5 +Paths: +/etc/ppp(/.*)?, /etc/ppp/peers(/.*)?, /etc/ppp/resolv\.conf -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pppd_etc_t +.EE + +- Set files with the pppd_etc_t type, if you want to store pppd files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/ppp, /root/.ppprc -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pppd_exec_t +.EE + +- Set files with the pppd_exec_t type, if you want to transition an executable to the pppd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/pppd, /usr/sbin/ipppd, /usr/sbin/pppoe-server, /usr/sbin/ppp-watch, /sbin/pppoe-server, /sbin/ppp-watch -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pppd_initrc_exec_t +.EE + +- Set files with the pppd_initrc_exec_t type, if you want to transition an executable to the pppd_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/ppp, /etc/ppp/(auth|ip(v6|x)?)-(up|down) -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pppd_lock_t +.EE + +- Set files with the pppd_lock_t type, if you want to treat the files as pppd lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pppd_log_t +.EE + +- Set files with the pppd_log_t type, if you want to treat the data as pppd log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/ppp(/.*)?, /var/log/ppp-connect-errors.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pppd_secret_t +.EE + +- Set files with the pppd_secret_t type, if you want to treat the files as pppd se secret data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pppd_tmp_t +.EE + @@ -29065,6 +33509,7 @@ index 0000000..327bff1 + + +.EX ++.PP +.B pppd_unit_file_t +.EE + @@ -29072,21 +33517,51 @@ index 0000000..327bff1 + + +.EX ++.PP +.B pppd_var_run_t +.EE + +- Set files with the pppd_var_run_t type, if you want to store the pppd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/pppd[0-9]*\.tdb, /var/run/ppp(/.*)?, /var/run/(i)?ppp.*pid[^/]* ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux pppd policy is very flexible allowing users to setup their pppd processes in as secure a method as possible. ++.PP ++The following process types are defined for pppd: ++ ++.EX ++.B pppd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -29104,10 +33579,10 @@ index 0000000..327bff1 \ No newline at end of file diff --git a/man/man8/pptp_selinux.8 b/man/man8/pptp_selinux.8 new file mode 100644 -index 0000000..a3f7b57 +index 0000000..0139fab --- /dev/null +++ b/man/man8/pptp_selinux.8 -@@ -0,0 +1,86 @@ +@@ -0,0 +1,113 @@ +.TH "pptp_selinux" "8" "pptp" "dwalsh@redhat.com" "pptp SELinux Policy documentation" +.SH "NAME" +pptp_selinux \- Security Enhanced Linux Policy for the pptp processes @@ -29128,19 +33603,15 @@ index 0000000..a3f7b57 + + +.EX ++.PP +.B pptp_exec_t +.EE + +- Set files with the pptp_exec_t type, if you want to transition an executable to the pptp_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pptp_log_t +.EE + @@ -29148,11 +33619,14 @@ index 0000000..a3f7b57 + + +.EX ++.PP +.B pptp_var_run_t +.EE + +- Set files with the pptp_var_run_t type, if you want to store the pptp files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -29171,19 +33645,47 @@ index 0000000..a3f7b57 +SELinux pptp policy is very flexible allowing users to setup their pptp processes in as secure a method as possible. +.PP +The following port types are defined for pptp: -+.EX + ++.EX ++.TP 5 +.B pptp_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 1723 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 1723 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux pptp policy is very flexible allowing users to setup their pptp processes in as secure a method as possible. ++.PP ++The following process types are defined for pptp: ++ ++.EX ++.B pptp_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -29196,10 +33698,10 @@ index 0000000..a3f7b57 +selinux(8), pptp(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/prelink_selinux.8 b/man/man8/prelink_selinux.8 new file mode 100644 -index 0000000..97ba899 +index 0000000..9669e7a --- /dev/null +++ b/man/man8/prelink_selinux.8 -@@ -0,0 +1,114 @@ +@@ -0,0 +1,127 @@ +.TH "prelink_selinux" "8" "prelink" "dwalsh@redhat.com" "prelink SELinux Policy documentation" +.SH "NAME" +prelink_selinux \- Security Enhanced Linux Policy for the prelink processes @@ -29220,61 +33722,43 @@ index 0000000..97ba899 + + +.EX ++.PP +.B prelink_cache_t +.EE + +- Set files with the prelink_cache_t type, if you want to store the files under the /var/cache directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelink_cron_system_exec_t +.EE + +- Set files with the prelink_cron_system_exec_t type, if you want to transition an executable to the prelink_cron_system_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelink_exec_t +.EE + +- Set files with the prelink_exec_t type, if you want to transition an executable to the prelink_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelink_log_t +.EE + +- Set files with the prelink_log_t type, if you want to treat the data as prelink log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/prelink(/.*)?, /var/log/prelink\.log -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelink_tmp_t +.EE + @@ -29282,6 +33766,7 @@ index 0000000..97ba899 + + +.EX ++.PP +.B prelink_tmpfs_t +.EE + @@ -29289,21 +33774,51 @@ index 0000000..97ba899 + + +.EX ++.PP +.B prelink_var_lib_t +.EE + +- Set files with the prelink_var_lib_t type, if you want to store the prelink files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/prelink(/.*)?, /var/lib/misc/prelink.* ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux prelink policy is very flexible allowing users to setup their prelink processes in as secure a method as possible. ++.PP ++The following process types are defined for prelink: ++ ++.EX ++.B prelink_cron_system_t, prelink_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -29316,10 +33831,10 @@ index 0000000..97ba899 +selinux(8), prelink(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/prelude_selinux.8 b/man/man8/prelude_selinux.8 new file mode 100644 -index 0000000..02e384c +index 0000000..c238033 --- /dev/null +++ b/man/man8/prelude_selinux.8 -@@ -0,0 +1,219 @@ +@@ -0,0 +1,205 @@ +.TH "prelude_selinux" "8" "prelude" "dwalsh@redhat.com" "prelude SELinux Policy documentation" +.SH "NAME" +prelude_selinux \- Security Enhanced Linux Policy for the prelude processes @@ -29340,22 +33855,19 @@ index 0000000..02e384c + + +.EX ++.PP +.B prelude_audisp_exec_t +.EE + +- Set files with the prelude_audisp_exec_t type, if you want to transition an executable to the prelude_audisp_t domain. + +.br ++.TP 5 +Paths: +/sbin/audisp-prelude, /usr/sbin/audisp-prelude -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelude_audisp_var_run_t +.EE + @@ -29363,74 +33875,51 @@ index 0000000..02e384c + + +.EX ++.PP +.B prelude_correlator_config_t +.EE + +- Set files with the prelude_correlator_config_t type, if you want to treat the files as prelude correlator configuration data, usually stored under the /etc directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelude_correlator_exec_t +.EE + +- Set files with the prelude_correlator_exec_t type, if you want to transition an executable to the prelude_correlator_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelude_exec_t +.EE + +- Set files with the prelude_exec_t type, if you want to transition an executable to the prelude_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelude_initrc_exec_t +.EE + +- Set files with the prelude_initrc_exec_t type, if you want to transition an executable to the prelude_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/prelude-correlator, /etc/rc\.d/init\.d/prelude-manager, /etc/rc\.d/init\.d/prelude-lml -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelude_lml_exec_t +.EE + +- Set files with the prelude_lml_exec_t type, if you want to transition an executable to the prelude_lml_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelude_lml_tmp_t +.EE + @@ -29438,66 +33927,50 @@ index 0000000..02e384c + + +.EX ++.PP +.B prelude_lml_var_run_t +.EE + +- Set files with the prelude_lml_var_run_t type, if you want to store the prelude lml files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelude_log_t +.EE + +- Set files with the prelude_log_t type, if you want to treat the data as prelude log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelude_spool_t +.EE + +- Set files with the prelude_spool_t type, if you want to store the prelude files under the /var/spool directory. + +.br ++.TP 5 +Paths: +/var/spool/prelude(/.*)?, /var/spool/prelude-manager(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelude_var_lib_t +.EE + +- Set files with the prelude_var_lib_t type, if you want to store the prelude files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B prelude_var_run_t +.EE + +- Set files with the prelude_var_run_t type, if you want to store the prelude files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -29516,19 +33989,47 @@ index 0000000..02e384c +SELinux prelude policy is very flexible allowing users to setup their prelude processes in as secure a method as possible. +.PP +The following port types are defined for prelude: -+.EX + ++.EX ++.TP 5 +.B prelude_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 4690 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 4690 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux prelude policy is very flexible allowing users to setup their prelude processes in as secure a method as possible. ++.PP ++The following process types are defined for prelude: ++ ++.EX ++.B prelude_lml_t, prelude_t, prelude_audisp_t, prelude_correlator_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -29541,10 +34042,10 @@ index 0000000..02e384c +selinux(8), prelude(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/privoxy_selinux.8 b/man/man8/privoxy_selinux.8 new file mode 100644 -index 0000000..5bfa419 +index 0000000..cdfce6e --- /dev/null +++ b/man/man8/privoxy_selinux.8 -@@ -0,0 +1,103 @@ +@@ -0,0 +1,118 @@ +.TH "privoxy_selinux" "8" "privoxy" "dwalsh@redhat.com" "privoxy SELinux Policy documentation" +.SH "NAME" +privoxy_selinux \- Security Enhanced Linux Policy for the privoxy processes @@ -29576,64 +34077,79 @@ index 0000000..5bfa419 + + +.EX ++.PP +.B privoxy_etc_rw_t +.EE + +- Set files with the privoxy_etc_rw_t type, if you want to treat the files as privoxy etc read/write content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B privoxy_exec_t +.EE + +- Set files with the privoxy_exec_t type, if you want to transition an executable to the privoxy_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B privoxy_initrc_exec_t +.EE + +- Set files with the privoxy_initrc_exec_t type, if you want to transition an executable to the privoxy_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B privoxy_log_t +.EE + +- Set files with the privoxy_log_t type, if you want to treat the data as privoxy log data, usually stored under the /var/log directory. + ++ ++.EX ++.PP ++.B privoxy_var_run_t ++.EE ++ ++- Set files with the privoxy_var_run_t type, if you want to store the privoxy files under the /run directory. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux privoxy policy is very flexible allowing users to setup their privoxy processes in as secure a method as possible. ++.PP ++The following process types are defined for privoxy: + +.EX -+.B privoxy_var_run_t ++.B privoxy_t +.EE -+ -+- Set files with the privoxy_var_run_t type, if you want to store the privoxy files under the /run directory. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -29651,10 +34167,10 @@ index 0000000..5bfa419 \ No newline at end of file diff --git a/man/man8/procmail_selinux.8 b/man/man8/procmail_selinux.8 new file mode 100644 -index 0000000..0bb88c4 +index 0000000..d65ec02 --- /dev/null +++ b/man/man8/procmail_selinux.8 -@@ -0,0 +1,78 @@ +@@ -0,0 +1,99 @@ +.TH "procmail_selinux" "8" "procmail" "dwalsh@redhat.com" "procmail SELinux Policy documentation" +.SH "NAME" +procmail_selinux \- Security Enhanced Linux Policy for the procmail processes @@ -29675,54 +34191,75 @@ index 0000000..0bb88c4 + + +.EX ++.PP +.B procmail_exec_t +.EE + +- Set files with the procmail_exec_t type, if you want to transition an executable to the procmail_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B procmail_home_t +.EE + +- Set files with the procmail_home_t type, if you want to store procmail files in the users home directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B procmail_log_t +.EE + +- Set files with the procmail_log_t type, if you want to treat the data as procmail log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/procmail\.log.*, /var/log/procmail(/.*)? ++ ++.EX ++.PP ++.B procmail_tmp_t ++.EE ++ ++- Set files with the procmail_tmp_t type, if you want to store procmail temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux procmail policy is very flexible allowing users to setup their procmail processes in as secure a method as possible. ++.PP ++The following process types are defined for procmail: + +.EX -+.B procmail_tmp_t ++.B procmail_t +.EE -+ -+- Set files with the procmail_tmp_t type, if you want to store procmail temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -29735,10 +34272,10 @@ index 0000000..0bb88c4 +selinux(8), procmail(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/psad_selinux.8 b/man/man8/psad_selinux.8 new file mode 100644 -index 0000000..3ef8b6c +index 0000000..ec9fe83 --- /dev/null +++ b/man/man8/psad_selinux.8 -@@ -0,0 +1,114 @@ +@@ -0,0 +1,119 @@ +.TH "psad_selinux" "8" "psad" "dwalsh@redhat.com" "psad SELinux Policy documentation" +.SH "NAME" +psad_selinux \- Security Enhanced Linux Policy for the psad processes @@ -29759,45 +34296,31 @@ index 0000000..3ef8b6c + + +.EX ++.PP +.B psad_etc_t +.EE + +- Set files with the psad_etc_t type, if you want to store psad files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B psad_exec_t +.EE + +- Set files with the psad_exec_t type, if you want to transition an executable to the psad_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B psad_initrc_exec_t +.EE + +- Set files with the psad_initrc_exec_t type, if you want to transition an executable to the psad_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B psad_tmp_t +.EE + @@ -29805,44 +34328,63 @@ index 0000000..3ef8b6c + + +.EX ++.PP +.B psad_var_lib_t +.EE + +- Set files with the psad_var_lib_t type, if you want to store the psad files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B psad_var_log_t +.EE + +- Set files with the psad_var_log_t type, if you want to treat the data as psad var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B psad_var_run_t +.EE + +- Set files with the psad_var_run_t type, if you want to store the psad files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux psad policy is very flexible allowing users to setup their psad processes in as secure a method as possible. ++.PP ++The following process types are defined for psad: ++ ++.EX ++.B psad_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -29855,10 +34397,10 @@ index 0000000..3ef8b6c +selinux(8), psad(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ptal_selinux.8 b/man/man8/ptal_selinux.8 new file mode 100644 -index 0000000..7f0350c +index 0000000..92799f3 --- /dev/null +++ b/man/man8/ptal_selinux.8 -@@ -0,0 +1,90 @@ +@@ -0,0 +1,121 @@ +.TH "ptal_selinux" "8" "ptal" "dwalsh@redhat.com" "ptal SELinux Policy documentation" +.SH "NAME" +ptal_selinux \- Security Enhanced Linux Policy for the ptal processes @@ -29879,6 +34421,7 @@ index 0000000..7f0350c + + +.EX ++.PP +.B ptal_etc_t +.EE + @@ -29886,30 +34429,30 @@ index 0000000..7f0350c + + +.EX ++.PP +.B ptal_exec_t +.EE + +- Set files with the ptal_exec_t type, if you want to transition an executable to the ptal_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/ptal-photod, /usr/sbin/ptal-mlcd, /usr/sbin/ptal-printd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ptal_var_run_t +.EE + +- Set files with the ptal_var_run_t type, if you want to store the ptal files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/ptal-mlcd(/.*)?, /var/run/ptal-printd(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -29928,17 +34471,47 @@ index 0000000..7f0350c +SELinux ptal policy is very flexible allowing users to setup their ptal processes in as secure a method as possible. +.PP +The following port types are defined for ptal: -+.EX + ++.EX ++.TP 5 +.B ptal_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ptal policy is very flexible allowing users to setup their ptal processes in as secure a method as possible. ++.PP ++The following process types are defined for ptal: + -+.B tcp 5703 ++.EX ++.B ptal_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -29951,10 +34524,10 @@ index 0000000..7f0350c +selinux(8), ptal(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ptchown_selinux.8 b/man/man8/ptchown_selinux.8 new file mode 100644 -index 0000000..ac31e0b +index 0000000..2d12021 --- /dev/null +++ b/man/man8/ptchown_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "ptchown_selinux" "8" "ptchown" "dwalsh@redhat.com" "ptchown SELinux Policy documentation" +.SH "NAME" +ptchown_selinux \- Security Enhanced Linux Policy for the ptchown processes @@ -29975,18 +34548,47 @@ index 0000000..ac31e0b + + +.EX ++.PP +.B ptchown_exec_t +.EE + +- Set files with the ptchown_exec_t type, if you want to transition an executable to the ptchown_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ptchown policy is very flexible allowing users to setup their ptchown processes in as secure a method as possible. ++.PP ++The following process types are defined for ptchown: ++ ++.EX ++.B ptchown_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -29999,10 +34601,10 @@ index 0000000..ac31e0b +selinux(8), ptchown(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/publicfile_selinux.8 b/man/man8/publicfile_selinux.8 new file mode 100644 -index 0000000..5911ca9 +index 0000000..c83994d --- /dev/null +++ b/man/man8/publicfile_selinux.8 -@@ -0,0 +1,52 @@ +@@ -0,0 +1,83 @@ +.TH "publicfile_selinux" "8" "publicfile" "dwalsh@redhat.com" "publicfile SELinux Policy documentation" +.SH "NAME" +publicfile_selinux \- Security Enhanced Linux Policy for the publicfile processes @@ -30023,6 +34625,7 @@ index 0000000..5911ca9 + + +.EX ++.PP +.B publicfile_content_t +.EE + @@ -30030,21 +34633,51 @@ index 0000000..5911ca9 + + +.EX ++.PP +.B publicfile_exec_t +.EE + +- Set files with the publicfile_exec_t type, if you want to transition an executable to the publicfile_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/httpd, /usr/bin/ftpd ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux publicfile policy is very flexible allowing users to setup their publicfile processes in as secure a method as possible. ++.PP ++The following process types are defined for publicfile: ++ ++.EX ++.B publicfile_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -30057,10 +34690,10 @@ index 0000000..5911ca9 +selinux(8), publicfile(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/pulseaudio_selinux.8 b/man/man8/pulseaudio_selinux.8 new file mode 100644 -index 0000000..1ef8130 +index 0000000..8b95e54 --- /dev/null +++ b/man/man8/pulseaudio_selinux.8 -@@ -0,0 +1,113 @@ +@@ -0,0 +1,133 @@ +.TH "pulseaudio_selinux" "8" "pulseaudio" "dwalsh@redhat.com" "pulseaudio SELinux Policy documentation" +.SH "NAME" +pulseaudio_selinux \- Security Enhanced Linux Policy for the pulseaudio processes @@ -30081,35 +34714,27 @@ index 0000000..1ef8130 + + +.EX ++.PP +.B pulseaudio_exec_t +.EE + +- Set files with the pulseaudio_exec_t type, if you want to transition an executable to the pulseaudio_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pulseaudio_home_t +.EE + +- Set files with the pulseaudio_home_t type, if you want to store pulseaudio files in the users home directory. + +.br ++.TP 5 +Paths: +/root/\.pulse-cookie, /root/\.pulse(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pulseaudio_tmpfs_t +.EE + @@ -30117,24 +34742,22 @@ index 0000000..1ef8130 + + +.EX ++.PP +.B pulseaudio_var_lib_t +.EE + +- Set files with the pulseaudio_var_lib_t type, if you want to store the pulseaudio files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pulseaudio_var_run_t +.EE + +- Set files with the pulseaudio_var_run_t type, if you want to store the pulseaudio files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -30153,17 +34776,47 @@ index 0000000..1ef8130 +SELinux pulseaudio policy is very flexible allowing users to setup their pulseaudio processes in as secure a method as possible. +.PP +The following port types are defined for pulseaudio: -+.EX + ++.EX ++.TP 5 +.B pulseaudio_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux pulseaudio policy is very flexible allowing users to setup their pulseaudio processes in as secure a method as possible. ++.PP ++The following process types are defined for pulseaudio: + -+.B tcp 4713 ++.EX ++.B pulseaudio_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -30176,10 +34829,10 @@ index 0000000..1ef8130 +selinux(8), pulseaudio(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/puppet_selinux.8 b/man/man8/puppet_selinux.8 new file mode 100644 -index 0000000..a145196 +index 0000000..fd9b696 --- /dev/null +++ b/man/man8/puppet_selinux.8 -@@ -0,0 +1,204 @@ +@@ -0,0 +1,199 @@ +.TH "puppet_selinux" "8" "puppet" "dwalsh@redhat.com" "puppet SELinux Policy documentation" +.SH "NAME" +puppet_selinux \- Security Enhanced Linux Policy for the puppet processes @@ -30218,58 +34871,39 @@ index 0000000..a145196 + + +.EX ++.PP +.B puppet_etc_t +.EE + +- Set files with the puppet_etc_t type, if you want to store puppet files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B puppet_exec_t +.EE + +- Set files with the puppet_exec_t type, if you want to transition an executable to the puppet_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B puppet_initrc_exec_t +.EE + +- Set files with the puppet_initrc_exec_t type, if you want to transition an executable to the puppet_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B puppet_log_t +.EE + +- Set files with the puppet_log_t type, if you want to treat the data as puppet log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B puppet_tmp_t +.EE + @@ -30277,76 +34911,60 @@ index 0000000..a145196 + + +.EX ++.PP +.B puppet_var_lib_t +.EE + +- Set files with the puppet_var_lib_t type, if you want to store the puppet files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B puppet_var_run_t +.EE + +- Set files with the puppet_var_run_t type, if you want to store the puppet files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B puppetca_exec_t +.EE + +- Set files with the puppetca_exec_t type, if you want to transition an executable to the puppetca_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B puppetmaster_exec_t +.EE + +- Set files with the puppetmaster_exec_t type, if you want to transition an executable to the puppetmaster_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B puppetmaster_initrc_exec_t +.EE + +- Set files with the puppetmaster_initrc_exec_t type, if you want to transition an executable to the puppetmaster_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B puppetmaster_tmp_t +.EE + +- Set files with the puppetmaster_tmp_t type, if you want to store puppetmaster temporary files in the /tmp directories. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -30359,17 +34977,47 @@ index 0000000..a145196 +SELinux puppet policy is very flexible allowing users to setup their puppet processes in as secure a method as possible. +.PP +The following port types are defined for puppet: -+.EX + ++.EX ++.TP 5 +.B puppet_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux puppet policy is very flexible allowing users to setup their puppet processes in as secure a method as possible. ++.PP ++The following process types are defined for puppet: + -+.B tcp 8140 ++.EX ++.B puppet_t, puppetmaster_t, puppetca_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -30387,10 +35035,10 @@ index 0000000..a145196 \ No newline at end of file diff --git a/man/man8/puppetca_selinux.8 b/man/man8/puppetca_selinux.8 new file mode 100644 -index 0000000..a50d57e +index 0000000..dd2e8b0 --- /dev/null +++ b/man/man8/puppetca_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "puppetca_selinux" "8" "puppetca" "dwalsh@redhat.com" "puppetca SELinux Policy documentation" +.SH "NAME" +puppetca_selinux \- Security Enhanced Linux Policy for the puppetca processes @@ -30411,18 +35059,47 @@ index 0000000..a50d57e + + +.EX ++.PP +.B puppetca_exec_t +.EE + +- Set files with the puppetca_exec_t type, if you want to transition an executable to the puppetca_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux puppetca policy is very flexible allowing users to setup their puppetca processes in as secure a method as possible. ++.PP ++The following process types are defined for puppetca: ++ ++.EX ++.B puppetca_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -30435,10 +35112,10 @@ index 0000000..a50d57e +selinux(8), puppetca(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/puppetmaster_selinux.8 b/man/man8/puppetmaster_selinux.8 new file mode 100644 -index 0000000..ebaad9c +index 0000000..9fe2594 --- /dev/null +++ b/man/man8/puppetmaster_selinux.8 -@@ -0,0 +1,77 @@ +@@ -0,0 +1,102 @@ +.TH "puppetmaster_selinux" "8" "puppetmaster" "dwalsh@redhat.com" "puppetmaster SELinux Policy documentation" +.SH "NAME" +puppetmaster_selinux \- Security Enhanced Linux Policy for the puppetmaster processes @@ -30470,38 +35147,63 @@ index 0000000..ebaad9c + + +.EX ++.PP +.B puppetmaster_exec_t +.EE + +- Set files with the puppetmaster_exec_t type, if you want to transition an executable to the puppetmaster_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B puppetmaster_initrc_exec_t +.EE + +- Set files with the puppetmaster_initrc_exec_t type, if you want to transition an executable to the puppetmaster_initrc_t domain. + ++ ++.EX ++.PP ++.B puppetmaster_tmp_t ++.EE ++ ++- Set files with the puppetmaster_tmp_t type, if you want to store puppetmaster temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux puppetmaster policy is very flexible allowing users to setup their puppetmaster processes in as secure a method as possible. ++.PP ++The following process types are defined for puppetmaster: + +.EX -+.B puppetmaster_tmp_t ++.B puppetmaster_t +.EE -+ -+- Set files with the puppetmaster_tmp_t type, if you want to store puppetmaster temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -30519,10 +35221,10 @@ index 0000000..ebaad9c \ No newline at end of file diff --git a/man/man8/pyicqt_selinux.8 b/man/man8/pyicqt_selinux.8 new file mode 100644 -index 0000000..e80863d +index 0000000..5143c5f --- /dev/null +++ b/man/man8/pyicqt_selinux.8 -@@ -0,0 +1,81 @@ +@@ -0,0 +1,95 @@ +.TH "pyicqt_selinux" "8" "pyicqt" "dwalsh@redhat.com" "pyicqt SELinux Policy documentation" +.SH "NAME" +pyicqt_selinux \- Security Enhanced Linux Policy for the pyicqt processes @@ -30543,57 +35245,71 @@ index 0000000..e80863d + + +.EX ++.PP +.B pyicqt_exec_t +.EE + +- Set files with the pyicqt_exec_t type, if you want to transition an executable to the pyicqt_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pyicqt_log_t +.EE + +- Set files with the pyicqt_log_t type, if you want to treat the data as pyicqt log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pyicqt_var_run_t +.EE + +- Set files with the pyicqt_var_run_t type, if you want to store the pyicqt files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B pyicqt_var_spool_t +.EE + +- Set files with the pyicqt_var_spool_t type, if you want to store the pyicqt var files under the /var/spool directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux pyicqt policy is very flexible allowing users to setup their pyicqt processes in as secure a method as possible. ++.PP ++The following process types are defined for pyicqt: ++ ++.EX ++.B pyicqt_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -30606,10 +35322,10 @@ index 0000000..e80863d +selinux(8), pyicqt(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/qdiskd_selinux.8 b/man/man8/qdiskd_selinux.8 new file mode 100644 -index 0000000..d424dcd +index 0000000..928e26d --- /dev/null +++ b/man/man8/qdiskd_selinux.8 -@@ -0,0 +1,88 @@ +@@ -0,0 +1,103 @@ +.TH "qdiskd_selinux" "8" "qdiskd" "dwalsh@redhat.com" "qdiskd SELinux Policy documentation" +.SH "NAME" +qdiskd_selinux \- Security Enhanced Linux Policy for the qdiskd processes @@ -30630,19 +35346,15 @@ index 0000000..d424dcd + + +.EX ++.PP +.B qdiskd_exec_t +.EE + +- Set files with the qdiskd_exec_t type, if you want to transition an executable to the qdiskd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qdiskd_tmpfs_t +.EE + @@ -30650,44 +35362,63 @@ index 0000000..d424dcd + + +.EX ++.PP +.B qdiskd_var_lib_t +.EE + +- Set files with the qdiskd_var_lib_t type, if you want to store the qdiskd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qdiskd_var_log_t +.EE + +- Set files with the qdiskd_var_log_t type, if you want to treat the data as qdiskd var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qdiskd_var_run_t +.EE + +- Set files with the qdiskd_var_run_t type, if you want to store the qdiskd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux qdiskd policy is very flexible allowing users to setup their qdiskd processes in as secure a method as possible. ++.PP ++The following process types are defined for qdiskd: ++ ++.EX ++.B qdiskd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -30700,10 +35431,10 @@ index 0000000..d424dcd +selinux(8), qdiskd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/qemu_selinux.8 b/man/man8/qemu_selinux.8 new file mode 100644 -index 0000000..80fe46e +index 0000000..737e170 --- /dev/null +++ b/man/man8/qemu_selinux.8 -@@ -0,0 +1,118 @@ +@@ -0,0 +1,145 @@ +.TH "qemu_selinux" "8" "qemu" "dwalsh@redhat.com" "qemu SELinux Policy documentation" +.SH "NAME" +qemu_selinux \- Security Enhanced Linux Policy for the qemu processes @@ -30770,6 +35501,7 @@ index 0000000..80fe46e + + +.EX ++.PP +.B qemu_dm_exec_t +.EE + @@ -30777,37 +35509,63 @@ index 0000000..80fe46e + + +.EX ++.PP +.B qemu_exec_t +.EE + +- Set files with the qemu_exec_t type, if you want to transition an executable to the qemu_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/qemu-system-.*, /usr/libexec/qemu.*, /usr/bin/qemu, /usr/bin/qemu-kvm -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qemu_var_run_t +.EE + +- Set files with the qemu_var_run_t type, if you want to store the qemu files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/libvirt/qemu(/.*)?, /var/lib/libvirt/qemu(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux qemu policy is very flexible allowing users to setup their qemu processes in as secure a method as possible. ++.PP ++The following process types are defined for qemu: ++ ++.EX ++.B qemu_dm_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -30825,10 +35583,10 @@ index 0000000..80fe46e \ No newline at end of file diff --git a/man/man8/qmail_selinux.8 b/man/man8/qmail_selinux.8 new file mode 100644 -index 0000000..5a6a9e8 +index 0000000..43bd13e --- /dev/null +++ b/man/man8/qmail_selinux.8 -@@ -0,0 +1,250 @@ +@@ -0,0 +1,207 @@ +.TH "qmail_selinux" "8" "qmail" "dwalsh@redhat.com" "qmail SELinux Policy documentation" +.SH "NAME" +qmail_selinux \- Security Enhanced Linux Policy for the qmail processes @@ -30849,77 +35607,55 @@ index 0000000..5a6a9e8 + + +.EX ++.PP +.B qmail_alias_home_t +.EE + +- Set files with the qmail_alias_home_t type, if you want to store qmail alias files in the users home directory. + +.br ++.TP 5 +Paths: +/var/qmail/alias, /var/qmail/alias(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_clean_exec_t +.EE + +- Set files with the qmail_clean_exec_t type, if you want to transition an executable to the qmail_clean_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_etc_t +.EE + +- Set files with the qmail_etc_t type, if you want to store qmail files in the /etc directories. + +.br ++.TP 5 +Paths: +/var/qmail/owners(/.*)?, /var/qmail/control(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_exec_t +.EE + +- Set files with the qmail_exec_t type, if you want to transition an executable to the qmail_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_inject_exec_t +.EE + +- Set files with the qmail_inject_exec_t type, if you want to transition an executable to the qmail_inject_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_keytab_t +.EE + @@ -30927,148 +35663,127 @@ index 0000000..5a6a9e8 + + +.EX ++.PP +.B qmail_local_exec_t +.EE + +- Set files with the qmail_local_exec_t type, if you want to transition an executable to the qmail_local_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_lspawn_exec_t +.EE + +- Set files with the qmail_lspawn_exec_t type, if you want to transition an executable to the qmail_lspawn_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_queue_exec_t +.EE + +- Set files with the qmail_queue_exec_t type, if you want to transition an executable to the qmail_queue_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_remote_exec_t +.EE + +- Set files with the qmail_remote_exec_t type, if you want to transition an executable to the qmail_remote_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_rspawn_exec_t +.EE + +- Set files with the qmail_rspawn_exec_t type, if you want to transition an executable to the qmail_rspawn_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_send_exec_t +.EE + +- Set files with the qmail_send_exec_t type, if you want to transition an executable to the qmail_send_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_smtpd_exec_t +.EE + +- Set files with the qmail_smtpd_exec_t type, if you want to transition an executable to the qmail_smtpd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_splogger_exec_t +.EE + +- Set files with the qmail_splogger_exec_t type, if you want to transition an executable to the qmail_splogger_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_spool_t +.EE + +- Set files with the qmail_spool_t type, if you want to store the qmail files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_start_exec_t +.EE + +- Set files with the qmail_start_exec_t type, if you want to transition an executable to the qmail_start_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qmail_tcp_env_exec_t +.EE + +- Set files with the qmail_tcp_env_exec_t type, if you want to transition an executable to the qmail_tcp_env_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux qmail policy is very flexible allowing users to setup their qmail processes in as secure a method as possible. ++.PP ++The following process types are defined for qmail: ++ ++.EX ++.B qmail_tcp_env_t, qmail_rspawn_t, qmail_inject_t, qmail_lspawn_t, qmail_clean_t, qmail_local_t, qmail_smtpd_t, qmail_start_t, qmail_send_t, qmail_remote_t, qmail_queue_t, qmail_splogger_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -31081,10 +35796,10 @@ index 0000000..5a6a9e8 +selinux(8), qmail(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/qpidd_selinux.8 b/man/man8/qpidd_selinux.8 new file mode 100644 -index 0000000..2539d86 +index 0000000..d9ba3a8 --- /dev/null +++ b/man/man8/qpidd_selinux.8 -@@ -0,0 +1,91 @@ +@@ -0,0 +1,107 @@ +.TH "qpidd_selinux" "8" "qpidd" "dwalsh@redhat.com" "qpidd SELinux Policy documentation" +.SH "NAME" +qpidd_selinux \- Security Enhanced Linux Policy for the qpidd processes @@ -31105,32 +35820,23 @@ index 0000000..2539d86 + + +.EX ++.PP +.B qpidd_exec_t +.EE + +- Set files with the qpidd_exec_t type, if you want to transition an executable to the qpidd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qpidd_initrc_exec_t +.EE + +- Set files with the qpidd_initrc_exec_t type, if you want to transition an executable to the qpidd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qpidd_tmpfs_t +.EE + @@ -31138,34 +35844,59 @@ index 0000000..2539d86 + + +.EX ++.PP +.B qpidd_var_lib_t +.EE + +- Set files with the qpidd_var_lib_t type, if you want to store the qpidd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B qpidd_var_run_t +.EE + +- Set files with the qpidd_var_run_t type, if you want to store the qpidd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/qpidd(/.*)?, /var/run/qpidd\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux qpidd policy is very flexible allowing users to setup their qpidd processes in as secure a method as possible. ++.PP ++The following process types are defined for qpidd: ++ ++.EX ++.B qpidd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -31178,10 +35909,10 @@ index 0000000..2539d86 +selinux(8), qpidd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/quota_selinux.8 b/man/man8/quota_selinux.8 new file mode 100644 -index 0000000..54e6499 +index 0000000..22ef1f7 --- /dev/null +++ b/man/man8/quota_selinux.8 -@@ -0,0 +1,100 @@ +@@ -0,0 +1,111 @@ +.TH "quota_selinux" "8" "quota" "dwalsh@redhat.com" "quota SELinux Policy documentation" +.SH "NAME" +quota_selinux \- Security Enhanced Linux Policy for the quota processes @@ -31202,76 +35933,87 @@ index 0000000..54e6499 + + +.EX ++.PP +.B quota_db_t +.EE + +- Set files with the quota_db_t type, if you want to treat the files as quota database content. + +.br ++.TP 5 +Paths: +/boot/a?quota\.(user|group), /etc/a?quota\.(user|group), /a?quota\.(user|group), /var/a?quota\.(user|group), /var/lib/libra/a?quota\.(user|group), /var/spool/(.*/)?a?quota\.(user|group) -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B quota_exec_t +.EE + +- Set files with the quota_exec_t type, if you want to transition an executable to the quota_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/convertquota, /usr/sbin/quota(check|on), /sbin/quota(check|on) -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B quota_flag_t +.EE + +- Set files with the quota_flag_t type, if you want to treat the files as quota flag data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B quota_nld_exec_t +.EE + +- Set files with the quota_nld_exec_t type, if you want to transition an executable to the quota_nld_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B quota_nld_var_run_t +.EE + +- Set files with the quota_nld_var_run_t type, if you want to store the quota nld files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux quota policy is very flexible allowing users to setup their quota processes in as secure a method as possible. ++.PP ++The following process types are defined for quota: ++ ++.EX ++.B quota_t, quota_nld_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -31284,10 +36026,10 @@ index 0000000..54e6499 +selinux(8), quota(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/rabbitmq_selinux.8 b/man/man8/rabbitmq_selinux.8 new file mode 100644 -index 0000000..5fcf6ee +index 0000000..bf1ec40 --- /dev/null +++ b/man/man8/rabbitmq_selinux.8 -@@ -0,0 +1,81 @@ +@@ -0,0 +1,95 @@ +.TH "rabbitmq_selinux" "8" "rabbitmq" "dwalsh@redhat.com" "rabbitmq SELinux Policy documentation" +.SH "NAME" +rabbitmq_selinux \- Security Enhanced Linux Policy for the rabbitmq processes @@ -31308,57 +36050,71 @@ index 0000000..5fcf6ee + + +.EX ++.PP +.B rabbitmq_beam_exec_t +.EE + +- Set files with the rabbitmq_beam_exec_t type, if you want to transition an executable to the rabbitmq_beam_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rabbitmq_epmd_exec_t +.EE + +- Set files with the rabbitmq_epmd_exec_t type, if you want to transition an executable to the rabbitmq_epmd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rabbitmq_var_lib_t +.EE + +- Set files with the rabbitmq_var_lib_t type, if you want to store the rabbitmq files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rabbitmq_var_log_t +.EE + +- Set files with the rabbitmq_var_log_t type, if you want to treat the data as rabbitmq var log data, usually stored under the /var/log directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rabbitmq policy is very flexible allowing users to setup their rabbitmq processes in as secure a method as possible. ++.PP ++The following process types are defined for rabbitmq: ++ ++.EX ++.B rabbitmq_beam_t, rabbitmq_epmd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -31371,10 +36127,10 @@ index 0000000..5fcf6ee +selinux(8), rabbitmq(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/racoon_selinux.8 b/man/man8/racoon_selinux.8 new file mode 100644 -index 0000000..eb86137 +index 0000000..b6e30ce --- /dev/null +++ b/man/man8/racoon_selinux.8 -@@ -0,0 +1,64 @@ +@@ -0,0 +1,94 @@ +.TH "racoon_selinux" "8" "racoon" "dwalsh@redhat.com" "racoon SELinux Policy documentation" +.SH "NAME" +racoon_selinux \- Security Enhanced Linux Policy for the racoon processes @@ -31406,25 +36162,55 @@ index 0000000..eb86137 + + +.EX ++.PP +.B racoon_exec_t +.EE + +- Set files with the racoon_exec_t type, if you want to transition an executable to the racoon_t domain. + ++ ++.EX ++.PP ++.B racoon_tmp_t ++.EE ++ ++- Set files with the racoon_tmp_t type, if you want to store racoon temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux racoon policy is very flexible allowing users to setup their racoon processes in as secure a method as possible. ++.PP ++The following process types are defined for racoon: + +.EX -+.B racoon_tmp_t ++.B racoon_t +.EE -+ -+- Set files with the racoon_tmp_t type, if you want to store racoon temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -31442,10 +36228,10 @@ index 0000000..eb86137 \ No newline at end of file diff --git a/man/man8/radiusd_selinux.8 b/man/man8/radiusd_selinux.8 new file mode 100644 -index 0000000..17cba8f +index 0000000..62d5d95 --- /dev/null +++ b/man/man8/radiusd_selinux.8 -@@ -0,0 +1,166 @@ +@@ -0,0 +1,172 @@ +.TH "radiusd_selinux" "8" "radiusd" "dwalsh@redhat.com" "radiusd SELinux Policy documentation" +.SH "NAME" +radiusd_selinux \- Security Enhanced Linux Policy for the radiusd processes @@ -31477,98 +36263,74 @@ index 0000000..17cba8f + + +.EX ++.PP +.B radiusd_etc_rw_t +.EE + +- Set files with the radiusd_etc_rw_t type, if you want to treat the files as radiusd etc read/write content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B radiusd_etc_t +.EE + +- Set files with the radiusd_etc_t type, if you want to store radiusd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B radiusd_exec_t +.EE + +- Set files with the radiusd_exec_t type, if you want to transition an executable to the radiusd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/freeradius, /etc/cron\.(daily|monthly)/radiusd, /usr/sbin/radiusd, /etc/cron\.(daily|weekly|monthly)/freeradius -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B radiusd_initrc_exec_t +.EE + +- Set files with the radiusd_initrc_exec_t type, if you want to transition an executable to the radiusd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B radiusd_log_t +.EE + +- Set files with the radiusd_log_t type, if you want to treat the data as radiusd log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/radacct(/.*)?, /var/log/radiusd-freeradius(/.*)?, /var/log/radius\.log.*, /var/log/radutmp, /var/log/radwtmp.*, /var/log/radius(/.*)?, /var/log/freeradius(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B radiusd_var_lib_t +.EE + +- Set files with the radiusd_var_lib_t type, if you want to store the radiusd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B radiusd_var_run_t +.EE + +- Set files with the radiusd_var_run_t type, if you want to store the radiusd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/radiusd\.pid, /var/run/radiusd(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -31587,17 +36349,47 @@ index 0000000..17cba8f +SELinux radiusd policy is very flexible allowing users to setup their radiusd processes in as secure a method as possible. +.PP +The following port types are defined for radiusd: -+.EX + ++.EX ++.TP 5 +.B radius_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux radiusd policy is very flexible allowing users to setup their radiusd processes in as secure a method as possible. ++.PP ++The following process types are defined for radiusd: + -+.B udp 1645,1812 ++.EX ++.B radiusd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -31615,10 +36407,10 @@ index 0000000..17cba8f \ No newline at end of file diff --git a/man/man8/radvd_selinux.8 b/man/man8/radvd_selinux.8 new file mode 100644 -index 0000000..c3237f2 +index 0000000..d6691fd --- /dev/null +++ b/man/man8/radvd_selinux.8 -@@ -0,0 +1,84 @@ +@@ -0,0 +1,99 @@ +.TH "radvd_selinux" "8" "radvd" "dwalsh@redhat.com" "radvd SELinux Policy documentation" +.SH "NAME" +radvd_selinux \- Security Enhanced Linux Policy for the radvd processes @@ -31639,60 +36431,75 @@ index 0000000..c3237f2 + + +.EX ++.PP +.B radvd_etc_t +.EE + +- Set files with the radvd_etc_t type, if you want to store radvd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B radvd_exec_t +.EE + +- Set files with the radvd_exec_t type, if you want to transition an executable to the radvd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B radvd_initrc_exec_t +.EE + +- Set files with the radvd_initrc_exec_t type, if you want to transition an executable to the radvd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B radvd_var_run_t +.EE + +- Set files with the radvd_var_run_t type, if you want to store the radvd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/radvd(/.*)?, /var/run/radvd\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux radvd policy is very flexible allowing users to setup their radvd processes in as secure a method as possible. ++.PP ++The following process types are defined for radvd: ++ ++.EX ++.B radvd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -31705,10 +36512,10 @@ index 0000000..c3237f2 +selinux(8), radvd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/rdisc_selinux.8 b/man/man8/rdisc_selinux.8 new file mode 100644 -index 0000000..af2072c +index 0000000..264a0bc --- /dev/null +++ b/man/man8/rdisc_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "rdisc_selinux" "8" "rdisc" "dwalsh@redhat.com" "rdisc SELinux Policy documentation" +.SH "NAME" +rdisc_selinux \- Security Enhanced Linux Policy for the rdisc processes @@ -31729,21 +36536,51 @@ index 0000000..af2072c + + +.EX ++.PP +.B rdisc_exec_t +.EE + +- Set files with the rdisc_exec_t type, if you want to transition an executable to the rdisc_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/rdisc, /sbin/rdisc ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rdisc policy is very flexible allowing users to setup their rdisc processes in as secure a method as possible. ++.PP ++The following process types are defined for rdisc: ++ ++.EX ++.B rdisc_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -31756,10 +36593,10 @@ index 0000000..af2072c +selinux(8), rdisc(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/readahead_selinux.8 b/man/man8/readahead_selinux.8 new file mode 100644 -index 0000000..48a98cc +index 0000000..ed57482 --- /dev/null +++ b/man/man8/readahead_selinux.8 -@@ -0,0 +1,74 @@ +@@ -0,0 +1,95 @@ +.TH "readahead_selinux" "8" "readahead" "dwalsh@redhat.com" "readahead SELinux Policy documentation" +.SH "NAME" +readahead_selinux \- Security Enhanced Linux Policy for the readahead processes @@ -31780,50 +36617,71 @@ index 0000000..48a98cc + + +.EX ++.PP +.B readahead_exec_t +.EE + +- Set files with the readahead_exec_t type, if you want to transition an executable to the readahead_t domain. + +.br ++.TP 5 +Paths: +/lib/systemd/systemd-readahead.*, /sbin/readahead.*, /usr/lib/systemd/systemd-readahead.*, /usr/sbin/readahead.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B readahead_var_lib_t +.EE + +- Set files with the readahead_var_lib_t type, if you want to store the readahead files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B readahead_var_run_t +.EE + +- Set files with the readahead_var_run_t type, if you want to store the readahead files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/systemd/readahead(/.*)?, /dev/\.systemd/readahead(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux readahead policy is very flexible allowing users to setup their readahead processes in as secure a method as possible. ++.PP ++The following process types are defined for readahead: ++ ++.EX ++.B readahead_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -31836,10 +36694,10 @@ index 0000000..48a98cc +selinux(8), readahead(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/regex_selinux.8 b/man/man8/regex_selinux.8 new file mode 100644 -index 0000000..2bb1158 +index 0000000..71b2383 --- /dev/null +++ b/man/man8/regex_selinux.8 -@@ -0,0 +1,55 @@ +@@ -0,0 +1,79 @@ +.TH "regex_selinux" "8" "regex" "dwalsh@redhat.com" "regex SELinux Policy documentation" +.SH "NAME" +regex_selinux \- Security Enhanced Linux Policy for the regex processes @@ -31860,31 +36718,55 @@ index 0000000..2bb1158 + + +.EX ++.PP +.B regex_milter_data_t +.EE + +- Set files with the regex_milter_data_t type, if you want to treat the files as regex milter content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B regex_milter_exec_t +.EE + +- Set files with the regex_milter_exec_t type, if you want to transition an executable to the regex_milter_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux regex policy is very flexible allowing users to setup their regex processes in as secure a method as possible. ++.PP ++The following process types are defined for regex: ++ ++.EX ++.B regex_milter_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -31897,10 +36779,10 @@ index 0000000..2bb1158 +selinux(8), regex(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/restorecond_selinux.8 b/man/man8/restorecond_selinux.8 new file mode 100644 -index 0000000..ea5a6a2 +index 0000000..b547ac0 --- /dev/null +++ b/man/man8/restorecond_selinux.8 -@@ -0,0 +1,55 @@ +@@ -0,0 +1,79 @@ +.TH "restorecond_selinux" "8" "restorecond" "dwalsh@redhat.com" "restorecond SELinux Policy documentation" +.SH "NAME" +restorecond_selinux \- Security Enhanced Linux Policy for the restorecond processes @@ -31921,31 +36803,55 @@ index 0000000..ea5a6a2 + + +.EX ++.PP +.B restorecond_exec_t +.EE + +- Set files with the restorecond_exec_t type, if you want to transition an executable to the restorecond_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B restorecond_var_run_t +.EE + +- Set files with the restorecond_var_run_t type, if you want to store the restorecond files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux restorecond policy is very flexible allowing users to setup their restorecond processes in as secure a method as possible. ++.PP ++The following process types are defined for restorecond: ++ ++.EX ++.B restorecond_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -31958,10 +36864,10 @@ index 0000000..ea5a6a2 +selinux(8), restorecond(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/rgmanager_selinux.8 b/man/man8/rgmanager_selinux.8 new file mode 100644 -index 0000000..8d4817b +index 0000000..0c85a7b --- /dev/null +++ b/man/man8/rgmanager_selinux.8 -@@ -0,0 +1,113 @@ +@@ -0,0 +1,130 @@ +.TH "rgmanager_selinux" "8" "rgmanager" "dwalsh@redhat.com" "rgmanager SELinux Policy documentation" +.SH "NAME" +rgmanager_selinux \- Security Enhanced Linux Policy for the rgmanager processes @@ -31993,32 +36899,23 @@ index 0000000..8d4817b + + +.EX ++.PP +.B rgmanager_exec_t +.EE + +- Set files with the rgmanager_exec_t type, if you want to transition an executable to the rgmanager_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rgmanager_initrc_exec_t +.EE + +- Set files with the rgmanager_initrc_exec_t type, if you want to transition an executable to the rgmanager_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rgmanager_tmp_t +.EE + @@ -32026,6 +36923,7 @@ index 0000000..8d4817b + + +.EX ++.PP +.B rgmanager_tmpfs_t +.EE + @@ -32033,34 +36931,59 @@ index 0000000..8d4817b + + +.EX ++.PP +.B rgmanager_var_log_t +.EE + +- Set files with the rgmanager_var_log_t type, if you want to treat the data as rgmanager var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rgmanager_var_run_t +.EE + +- Set files with the rgmanager_var_run_t type, if you want to store the rgmanager files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/rgmanager\.pid, /var/run/cluster/rgmanager\.sk ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rgmanager policy is very flexible allowing users to setup their rgmanager processes in as secure a method as possible. ++.PP ++The following process types are defined for rgmanager: ++ ++.EX ++.B rgmanager_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -32078,10 +37001,10 @@ index 0000000..8d4817b \ No newline at end of file diff --git a/man/man8/rhev_selinux.8 b/man/man8/rhev_selinux.8 new file mode 100644 -index 0000000..596c7f6 +index 0000000..24368e4 --- /dev/null +++ b/man/man8/rhev_selinux.8 -@@ -0,0 +1,94 @@ +@@ -0,0 +1,111 @@ +.TH "rhev_selinux" "8" "rhev" "dwalsh@redhat.com" "rhev SELinux Policy documentation" +.SH "NAME" +rhev_selinux \- Security Enhanced Linux Policy for the rhev processes @@ -32102,35 +37025,27 @@ index 0000000..596c7f6 + + +.EX ++.PP +.B rhev_agentd_exec_t +.EE + +- Set files with the rhev_agentd_exec_t type, if you want to transition an executable to the rhev_agentd_t domain. + +.br ++.TP 5 +Paths: +/usr/share/rhev-agent/rhev-agentd\.py, /usr/share/ovirt-guest-agent -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rhev_agentd_log_t +.EE + +- Set files with the rhev_agentd_log_t type, if you want to treat the data as rhev agentd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rhev_agentd_tmp_t +.EE + @@ -32138,34 +37053,59 @@ index 0000000..596c7f6 + + +.EX ++.PP +.B rhev_agentd_unit_file_t +.EE + +- Set files with the rhev_agentd_unit_file_t type, if you want to treat the files as rhev agentd unit content. + +.br ++.TP 5 +Paths: +/usr/lib/systemd/system/ovirt-guest-agent\.serviceservice, /lib/systemd/system/ovirt-guest-agent\.service -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rhev_agentd_var_run_t +.EE + +- Set files with the rhev_agentd_var_run_t type, if you want to store the rhev agentd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rhev policy is very flexible allowing users to setup their rhev processes in as secure a method as possible. ++.PP ++The following process types are defined for rhev: ++ ++.EX ++.B rhev_agentd_t, rhev_agentd_consolehelper_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -32178,10 +37118,10 @@ index 0000000..596c7f6 +selinux(8), rhev(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/rhgb_selinux.8 b/man/man8/rhgb_selinux.8 new file mode 100644 -index 0000000..c24e654 +index 0000000..9449828 --- /dev/null +++ b/man/man8/rhgb_selinux.8 -@@ -0,0 +1,49 @@ +@@ -0,0 +1,79 @@ +.TH "rhgb_selinux" "8" "rhgb" "dwalsh@redhat.com" "rhgb SELinux Policy documentation" +.SH "NAME" +rhgb_selinux \- Security Enhanced Linux Policy for the rhgb processes @@ -32202,25 +37142,55 @@ index 0000000..c24e654 + + +.EX ++.PP +.B rhgb_exec_t +.EE + +- Set files with the rhgb_exec_t type, if you want to transition an executable to the rhgb_t domain. + ++ ++.EX ++.PP ++.B rhgb_tmpfs_t ++.EE ++ ++- Set files with the rhgb_tmpfs_t type, if you want to store rhgb files on a tmpfs file system. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rhgb policy is very flexible allowing users to setup their rhgb processes in as secure a method as possible. ++.PP ++The following process types are defined for rhgb: + +.EX -+.B rhgb_tmpfs_t ++.B rhgb_t +.EE -+ -+- Set files with the rhgb_tmpfs_t type, if you want to store rhgb files on a tmpfs file system. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -32233,10 +37203,10 @@ index 0000000..c24e654 +selinux(8), rhgb(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/rhsmcertd_selinux.8 b/man/man8/rhsmcertd_selinux.8 new file mode 100644 -index 0000000..c40b659 +index 0000000..9475654 --- /dev/null +++ b/man/man8/rhsmcertd_selinux.8 -@@ -0,0 +1,107 @@ +@@ -0,0 +1,111 @@ +.TH "rhsmcertd_selinux" "8" "rhsmcertd" "dwalsh@redhat.com" "rhsmcertd SELinux Policy documentation" +.SH "NAME" +rhsmcertd_selinux \- Security Enhanced Linux Policy for the rhsmcertd processes @@ -32257,83 +37227,87 @@ index 0000000..c40b659 + + +.EX ++.PP +.B rhsmcertd_exec_t +.EE + +- Set files with the rhsmcertd_exec_t type, if you want to transition an executable to the rhsmcertd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rhsmcertd_initrc_exec_t +.EE + +- Set files with the rhsmcertd_initrc_exec_t type, if you want to transition an executable to the rhsmcertd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rhsmcertd_lock_t +.EE + +- Set files with the rhsmcertd_lock_t type, if you want to treat the files as rhsmcertd lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rhsmcertd_log_t +.EE + +- Set files with the rhsmcertd_log_t type, if you want to treat the data as rhsmcertd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rhsmcertd_var_lib_t +.EE + +- Set files with the rhsmcertd_var_lib_t type, if you want to store the rhsmcertd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rhsmcertd_var_run_t +.EE + +- Set files with the rhsmcertd_var_run_t type, if you want to store the rhsmcertd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rhsmcertd policy is very flexible allowing users to setup their rhsmcertd processes in as secure a method as possible. ++.PP ++The following process types are defined for rhsmcertd: ++ ++.EX ++.B rhsmcertd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -32346,10 +37320,10 @@ index 0000000..c40b659 +selinux(8), rhsmcertd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ricci_selinux.8 b/man/man8/ricci_selinux.8 new file mode 100644 -index 0000000..25c87dd +index 0000000..3535205 --- /dev/null +++ b/man/man8/ricci_selinux.8 -@@ -0,0 +1,259 @@ +@@ -0,0 +1,240 @@ +.TH "ricci_selinux" "8" "ricci" "dwalsh@redhat.com" "ricci SELinux Policy documentation" +.SH "NAME" +ricci_selinux \- Security Enhanced Linux Policy for the ricci processes @@ -32370,45 +37344,31 @@ index 0000000..25c87dd + + +.EX ++.PP +.B ricci_exec_t +.EE + +- Set files with the ricci_exec_t type, if you want to transition an executable to the ricci_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ricci_initrc_exec_t +.EE + +- Set files with the ricci_initrc_exec_t type, if you want to transition an executable to the ricci_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ricci_modcluster_exec_t +.EE + +- Set files with the ricci_modcluster_exec_t type, if you want to transition an executable to the ricci_modcluster_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ricci_modcluster_var_lib_t +.EE + @@ -32416,48 +37376,35 @@ index 0000000..25c87dd + + +.EX ++.PP +.B ricci_modcluster_var_log_t +.EE + +- Set files with the ricci_modcluster_var_log_t type, if you want to treat the data as ricci modcluster var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ricci_modcluster_var_run_t +.EE + +- Set files with the ricci_modcluster_var_run_t type, if you want to store the ricci modcluster files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/modclusterd\.pid, /var/run/clumond\.sock -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ricci_modclusterd_exec_t +.EE + +- Set files with the ricci_modclusterd_exec_t type, if you want to transition an executable to the ricci_modclusterd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ricci_modclusterd_tmpfs_t +.EE + @@ -32465,58 +37412,39 @@ index 0000000..25c87dd + + +.EX ++.PP +.B ricci_modlog_exec_t +.EE + +- Set files with the ricci_modlog_exec_t type, if you want to transition an executable to the ricci_modlog_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ricci_modrpm_exec_t +.EE + +- Set files with the ricci_modrpm_exec_t type, if you want to transition an executable to the ricci_modrpm_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ricci_modservice_exec_t +.EE + +- Set files with the ricci_modservice_exec_t type, if you want to transition an executable to the ricci_modservice_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ricci_modstorage_exec_t +.EE + +- Set files with the ricci_modstorage_exec_t type, if you want to transition an executable to the ricci_modstorage_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ricci_modstorage_lock_t +.EE + @@ -32524,6 +37452,7 @@ index 0000000..25c87dd + + +.EX ++.PP +.B ricci_tmp_t +.EE + @@ -32531,19 +37460,15 @@ index 0000000..25c87dd + + +.EX ++.PP +.B ricci_var_lib_t +.EE + +- Set files with the ricci_var_lib_t type, if you want to store the ricci files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ricci_var_log_t +.EE + @@ -32551,11 +37476,14 @@ index 0000000..25c87dd + + +.EX ++.PP +.B ricci_var_run_t +.EE + +- Set files with the ricci_var_run_t type, if you want to store the ricci files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -32574,31 +37502,58 @@ index 0000000..25c87dd +SELinux ricci policy is very flexible allowing users to setup their ricci processes in as secure a method as possible. +.PP +The following port types are defined for ricci: -+.EX + ++.EX ++.TP 5 +.B ricci_modcluster_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 16851 -+.EE -+.B udp 16851 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B ricci_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 11111 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 11111 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ricci policy is very flexible allowing users to setup their ricci processes in as secure a method as possible. ++.PP ++The following process types are defined for ricci: ++ ++.EX ++.B ricci_t, ricci_modservice_t, ricci_modstorage_t, ricci_modclusterd_t, ricci_modlog_t, ricci_modrpm_t, ricci_modcluster_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -32611,10 +37566,10 @@ index 0000000..25c87dd +selinux(8), ricci(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/rlogind_selinux.8 b/man/man8/rlogind_selinux.8 new file mode 100644 -index 0000000..fa94f5f +index 0000000..f68d8ef --- /dev/null +++ b/man/man8/rlogind_selinux.8 -@@ -0,0 +1,104 @@ +@@ -0,0 +1,137 @@ +.TH "rlogind_selinux" "8" "rlogind" "dwalsh@redhat.com" "rlogind SELinux Policy documentation" +.SH "NAME" +rlogind_selinux \- Security Enhanced Linux Policy for the rlogind processes @@ -32635,38 +37590,31 @@ index 0000000..fa94f5f + + +.EX ++.PP +.B rlogind_exec_t +.EE + +- Set files with the rlogind_exec_t type, if you want to transition an executable to the rlogind_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/telnetlogin, /usr/kerberos/sbin/klogind, /usr/sbin/in\.rlogind -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rlogind_home_t +.EE + +- Set files with the rlogind_home_t type, if you want to store rlogind files in the users home directory. + +.br ++.TP 5 +Paths: +/root/\.rlogin, /root/\.rhosts -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rlogind_keytab_t +.EE + @@ -32674,6 +37622,7 @@ index 0000000..fa94f5f + + +.EX ++.PP +.B rlogind_tmp_t +.EE + @@ -32681,11 +37630,20 @@ index 0000000..fa94f5f + + +.EX ++.PP +.B rlogind_var_run_t +.EE + +- Set files with the rlogind_var_run_t type, if you want to store the rlogind files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -32698,17 +37656,47 @@ index 0000000..fa94f5f +SELinux rlogind policy is very flexible allowing users to setup their rlogind processes in as secure a method as possible. +.PP +The following port types are defined for rlogind: -+.EX + ++.EX ++.TP 5 +.B rlogind_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rlogind policy is very flexible allowing users to setup their rlogind processes in as secure a method as possible. ++.PP ++The following process types are defined for rlogind: + -+.B tcp 513 ++.EX ++.B rlogind_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -32721,10 +37709,10 @@ index 0000000..fa94f5f +selinux(8), rlogind(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/roundup_selinux.8 b/man/man8/roundup_selinux.8 new file mode 100644 -index 0000000..ce62216 +index 0000000..163cf1f --- /dev/null +++ b/man/man8/roundup_selinux.8 -@@ -0,0 +1,75 @@ +@@ -0,0 +1,95 @@ +.TH "roundup_selinux" "8" "roundup" "dwalsh@redhat.com" "roundup SELinux Policy documentation" +.SH "NAME" +roundup_selinux \- Security Enhanced Linux Policy for the roundup processes @@ -32745,51 +37733,71 @@ index 0000000..ce62216 + + +.EX ++.PP +.B roundup_exec_t +.EE + +- Set files with the roundup_exec_t type, if you want to transition an executable to the roundup_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B roundup_initrc_exec_t +.EE + +- Set files with the roundup_initrc_exec_t type, if you want to transition an executable to the roundup_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B roundup_var_lib_t +.EE + +- Set files with the roundup_var_lib_t type, if you want to store the roundup files under the /var/lib directory. + ++ ++.EX ++.PP ++.B roundup_var_run_t ++.EE ++ ++- Set files with the roundup_var_run_t type, if you want to store the roundup files under the /run directory. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux roundup policy is very flexible allowing users to setup their roundup processes in as secure a method as possible. ++.PP ++The following process types are defined for roundup: + +.EX -+.B roundup_var_run_t ++.B roundup_t +.EE -+ -+- Set files with the roundup_var_run_t type, if you want to store the roundup files under the /run directory. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -32802,10 +37810,10 @@ index 0000000..ce62216 +selinux(8), roundup(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/rpcbind_selinux.8 b/man/man8/rpcbind_selinux.8 new file mode 100644 -index 0000000..3d9b753 +index 0000000..3c49300 --- /dev/null +++ b/man/man8/rpcbind_selinux.8 -@@ -0,0 +1,90 @@ +@@ -0,0 +1,107 @@ +.TH "rpcbind_selinux" "8" "rpcbind" "dwalsh@redhat.com" "rpcbind SELinux Policy documentation" +.SH "NAME" +rpcbind_selinux \- Security Enhanced Linux Policy for the rpcbind processes @@ -32826,66 +37834,83 @@ index 0000000..3d9b753 + + +.EX ++.PP +.B rpcbind_exec_t +.EE + +- Set files with the rpcbind_exec_t type, if you want to transition an executable to the rpcbind_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/rpcbind, /sbin/rpcbind -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rpcbind_initrc_exec_t +.EE + +- Set files with the rpcbind_initrc_exec_t type, if you want to transition an executable to the rpcbind_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rpcbind_var_lib_t +.EE + +- Set files with the rpcbind_var_lib_t type, if you want to store the rpcbind files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/rpcbind(/.*)?, /var/cache/rpcbind(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rpcbind_var_run_t +.EE + +- Set files with the rpcbind_var_run_t type, if you want to store the rpcbind files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/rpcbind\.sock, /var/run/rpcbind\.lock, /var/run/rpc.statd\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rpcbind policy is very flexible allowing users to setup their rpcbind processes in as secure a method as possible. ++.PP ++The following process types are defined for rpcbind: ++ ++.EX ++.B rpcbind_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -32898,10 +37923,10 @@ index 0000000..3d9b753 +selinux(8), rpcbind(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/rpcd_selinux.8 b/man/man8/rpcd_selinux.8 new file mode 100644 -index 0000000..c8f5a01 +index 0000000..1897cbf --- /dev/null +++ b/man/man8/rpcd_selinux.8 -@@ -0,0 +1,93 @@ +@@ -0,0 +1,111 @@ +.TH "rpcd_selinux" "8" "rpcd" "dwalsh@redhat.com" "rpcd SELinux Policy documentation" +.SH "NAME" +rpcd_selinux \- Security Enhanced Linux Policy for the rpcd processes @@ -32922,69 +37947,87 @@ index 0000000..c8f5a01 + + +.EX ++.PP +.B rpcd_exec_t +.EE + +- Set files with the rpcd_exec_t type, if you want to transition an executable to the rpcd_t domain. + +.br ++.TP 5 +Paths: +/sbin/sm-notify, /usr/sbin/rpc\..*, /usr/sbin/rpc\.idmapd, /usr/sbin/sm-notify, /usr/sbin/rpc\.rquotad, /sbin/rpc\..* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rpcd_initrc_exec_t +.EE + +- Set files with the rpcd_initrc_exec_t type, if you want to transition an executable to the rpcd_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/nfslock, /etc/rc\.d/init\.d/rpcidmapd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rpcd_unit_file_t +.EE + +- Set files with the rpcd_unit_file_t type, if you want to treat the files as rpcd unit content. + +.br ++.TP 5 +Paths: +/lib/systemd/system/rpc.*, /usr/lib/systemd/system/rpc.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rpcd_var_run_t +.EE + +- Set files with the rpcd_var_run_t type, if you want to store the rpcd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/rpc\.statd(/.*)?, /var/run/rpc\.statd\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rpcd policy is very flexible allowing users to setup their rpcd processes in as secure a method as possible. ++.PP ++The following process types are defined for rpcd: ++ ++.EX ++.B rpcd_t, rpcbind_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -32997,10 +38040,10 @@ index 0000000..c8f5a01 +selinux(8), rpcd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/rpm_selinux.8 b/man/man8/rpm_selinux.8 new file mode 100644 -index 0000000..fbb81da +index 0000000..13dc1c5 --- /dev/null +++ b/man/man8/rpm_selinux.8 -@@ -0,0 +1,151 @@ +@@ -0,0 +1,171 @@ +.TH "rpm_selinux" "8" "rpm" "dwalsh@redhat.com" "rpm SELinux Policy documentation" +.SH "NAME" +rpm_selinux \- Security Enhanced Linux Policy for the rpm processes @@ -33021,22 +38064,19 @@ index 0000000..fbb81da + + +.EX ++.PP +.B rpm_exec_t +.EE + +- Set files with the rpm_exec_t type, if you want to transition an executable to the rpm_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/apt-get, /usr/libexec/yumDBUSBackend.py, /usr/sbin/rhn_check, /usr/bin/rpmdev-rmdevelrpms, /usr/sbin/synaptic, /usr/share/yumex/yumex-yum-backend, /usr/sbin/yum-updatesd, /usr/sbin/pup, /usr/libexec/packagekitd, /usr/bin/apt-shell, /usr/sbin/pirut, /usr/bin/package-cleanup, /usr/bin/fedora-rmdevelrpms, /bin/rpm, /usr/bin/yum, /usr/sbin/system-install-packages, /usr/bin/zif, /usr/bin/rpm, /usr/sbin/yum-complete-transaction, /usr/bin/smart, /usr/sbin/packagekitd, /usr/sbin/rhnreg_ks, /usr/share/yumex/yum_childtask\.py, /usr/sbin/up2date -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rpm_file_t +.EE + @@ -33044,22 +38084,19 @@ index 0000000..fbb81da + + +.EX ++.PP +.B rpm_log_t +.EE + +- Set files with the rpm_log_t type, if you want to treat the data as rpm log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/yum\.log.*, /var/log/rpmpkgs.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rpm_script_exec_t +.EE + @@ -33067,6 +38104,7 @@ index 0000000..fbb81da + + +.EX ++.PP +.B rpm_script_tmp_t +.EE + @@ -33074,6 +38112,7 @@ index 0000000..fbb81da + + +.EX ++.PP +.B rpm_script_tmpfs_t +.EE + @@ -33081,6 +38120,7 @@ index 0000000..fbb81da + + +.EX ++.PP +.B rpm_tmp_t +.EE + @@ -33088,6 +38128,7 @@ index 0000000..fbb81da + + +.EX ++.PP +.B rpm_tmpfs_t +.EE + @@ -33095,53 +38136,75 @@ index 0000000..fbb81da + + +.EX ++.PP +.B rpm_var_cache_t +.EE + +- Set files with the rpm_var_cache_t type, if you want to store the files under the /var/cache directory. + +.br ++.TP 5 +Paths: +/var/cache/PackageKit(/.*)?, /var/cache/yum(/.*)?, /var/spool/up2date(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rpm_var_lib_t +.EE + +- Set files with the rpm_var_lib_t type, if you want to store the rpm files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/yum(/.*)?, /var/lib/rpm(/.*)?, /var/lib/alternatives(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rpm_var_run_t +.EE + +- Set files with the rpm_var_run_t type, if you want to store the rpm files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/PackageKit(/.*)?, /var/run/yum.* ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rpm policy is very flexible allowing users to setup their rpm processes in as secure a method as possible. ++.PP ++The following process types are defined for rpm: ++ ++.EX ++.B rpm_t, rpm_script_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -33154,10 +38217,10 @@ index 0000000..fbb81da +selinux(8), rpm(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/rshd_selinux.8 b/man/man8/rshd_selinux.8 new file mode 100644 -index 0000000..ab205fd +index 0000000..99e4004 --- /dev/null +++ b/man/man8/rshd_selinux.8 -@@ -0,0 +1,74 @@ +@@ -0,0 +1,109 @@ +.TH "rshd_selinux" "8" "rshd" "dwalsh@redhat.com" "rshd SELinux Policy documentation" +.SH "NAME" +rshd_selinux \- Security Enhanced Linux Policy for the rshd processes @@ -33178,27 +38241,32 @@ index 0000000..ab205fd + + +.EX ++.PP +.B rshd_exec_t +.EE + +- Set files with the rshd_exec_t type, if you want to transition an executable to the rshd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/in\.rshd, /usr/kerberos/sbin/kshd, /usr/sbin/in\.rexecd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rshd_keytab_t +.EE + +- Set files with the rshd_keytab_t type, if you want to treat the files as kerberos keytab files. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -33211,17 +38279,47 @@ index 0000000..ab205fd +SELinux rshd policy is very flexible allowing users to setup their rshd processes in as secure a method as possible. +.PP +The following port types are defined for rshd: -+.EX + ++.EX ++.TP 5 +.B rsh_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rshd policy is very flexible allowing users to setup their rshd processes in as secure a method as possible. ++.PP ++The following process types are defined for rshd: + -+.B tcp 514 ++.EX ++.B rshd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -33234,10 +38332,10 @@ index 0000000..ab205fd +selinux(8), rshd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/rssh_selinux.8 b/man/man8/rssh_selinux.8 new file mode 100644 -index 0000000..9d9bf4c +index 0000000..26e94d2 --- /dev/null +++ b/man/man8/rssh_selinux.8 -@@ -0,0 +1,69 @@ +@@ -0,0 +1,95 @@ +.TH "rssh_selinux" "8" "rssh" "dwalsh@redhat.com" "rssh SELinux Policy documentation" +.SH "NAME" +rssh_selinux \- Security Enhanced Linux Policy for the rssh processes @@ -33258,32 +38356,23 @@ index 0000000..9d9bf4c + + +.EX ++.PP +.B rssh_chroot_helper_exec_t +.EE + +- Set files with the rssh_chroot_helper_exec_t type, if you want to transition an executable to the rssh_chroot_helper_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rssh_exec_t +.EE + +- Set files with the rssh_exec_t type, if you want to transition an executable to the rssh_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rssh_ro_t +.EE + @@ -33291,12 +38380,47 @@ index 0000000..9d9bf4c + + +.EX ++.PP +.B rssh_rw_t +.EE + +- Set files with the rssh_rw_t type, if you want to treat the files as rssh read/write content. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rssh policy is very flexible allowing users to setup their rssh processes in as secure a method as possible. ++.PP ++The following process types are defined for rssh: ++ ++.EX ++.B rssh_t, rssh_chroot_helper_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -33308,10 +38432,10 @@ index 0000000..9d9bf4c +.SH "SEE ALSO" +selinux(8), rssh(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/rsync_selinux.8 b/man/man8/rsync_selinux.8 -index ad9ccf5..835654a 100644 +index ad9ccf5..74aa09b 100644 --- a/man/man8/rsync_selinux.8 +++ b/man/man8/rsync_selinux.8 -@@ -1,52 +1,183 @@ +@@ -1,52 +1,199 @@ -.TH "rsync_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "rsync Selinux Policy documentation" -.de EX -.nf @@ -33380,23 +38504,23 @@ index ad9ccf5..835654a 100644 +.PP +.B semanage fcontext -a -t public_content_t "/var/rsync(/.*)?" - .TP --This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local: -+.B -+restorecon -F -R -v /var/rsync ++.br ++.B restorecon -F -R -v /var/rsync +.pp .TP +-This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local: +-.TP -/var/rsync(/.*)? system_u:object_r:publix_content_t:s0 -+Allow rsync servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_rsyncd_anon_write boolean to be set. -+.PP -+.B -+semanage fcontext -a -t public_content_rw_t "/var/rsync/incoming(/.*)?" - .TP +-.TP -Run the restorecon command to apply the changes: -.TP -restorecon -R -v /var/rsync/ ++Allow rsync servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_rsyncd_anon_write boolean to be set. ++.PP +.B -+restorecon -F -R -v /var/rsync/incoming ++semanage fcontext -a -t public_content_rw_t "/var/rsync/incoming(/.*)?" ++.br ++.B restorecon -F -R -v /var/rsync/incoming + + +.PP @@ -33421,6 +38545,7 @@ index ad9ccf5..835654a 100644 .EX -setsebool -P allow_rsync_anon_write=1 ++.PP +.B rsync_data_t .EE @@ -33431,45 +38556,31 @@ index ad9ccf5..835654a 100644 + + +.EX ++.PP +.B rsync_etc_t +.EE + +- Set files with the rsync_etc_t type, if you want to store rsync files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rsync_exec_t +.EE + +- Set files with the rsync_exec_t type, if you want to transition an executable to the rsync_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rsync_log_t +.EE + +- Set files with the rsync_log_t type, if you want to treat the data as rsync log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rsync_tmp_t +.EE + @@ -33477,11 +38588,14 @@ index ad9ccf5..835654a 100644 + + +.EX ++.PP +.B rsync_var_run_t +.EE + +- Set files with the rsync_var_run_t type, if you want to store the rsync files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -33500,19 +38614,47 @@ index ad9ccf5..835654a 100644 +SELinux rsync policy is very flexible allowing users to setup their rsync processes in as secure a method as possible. +.PP +The following port types are defined for rsync: -+.EX + ++.EX ++.TP 5 +.B rsync_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 873 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 873 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rsync policy is very flexible allowing users to setup their rsync processes in as secure a method as possible. ++.PP ++The following process types are defined for rsync: ++ ++.EX ++.B rsync_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -33532,10 +38674,10 @@ index ad9ccf5..835654a 100644 \ No newline at end of file diff --git a/man/man8/rtkit_selinux.8 b/man/man8/rtkit_selinux.8 new file mode 100644 -index 0000000..75036ff +index 0000000..ca5eed7 --- /dev/null +++ b/man/man8/rtkit_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "rtkit_selinux" "8" "rtkit" "dwalsh@redhat.com" "rtkit SELinux Policy documentation" +.SH "NAME" +rtkit_selinux \- Security Enhanced Linux Policy for the rtkit processes @@ -33556,18 +38698,47 @@ index 0000000..75036ff + + +.EX ++.PP +.B rtkit_daemon_exec_t +.EE + +- Set files with the rtkit_daemon_exec_t type, if you want to transition an executable to the rtkit_daemon_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rtkit policy is very flexible allowing users to setup their rtkit processes in as secure a method as possible. ++.PP ++The following process types are defined for rtkit: ++ ++.EX ++.B rtkit_daemon_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -33580,10 +38751,10 @@ index 0000000..75036ff +selinux(8), rtkit(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/run_selinux.8 b/man/man8/run_selinux.8 new file mode 100644 -index 0000000..31068e8 +index 0000000..8894ea9 --- /dev/null +++ b/man/man8/run_selinux.8 -@@ -0,0 +1,71 @@ +@@ -0,0 +1,100 @@ +.TH "run_selinux" "8" "run" "dwalsh@redhat.com" "run SELinux Policy documentation" +.SH "NAME" +run_selinux \- Security Enhanced Linux Policy for the run processes @@ -33629,18 +38800,47 @@ index 0000000..31068e8 + + +.EX ++.PP +.B run_init_exec_t +.EE + +- Set files with the run_init_exec_t type, if you want to transition an executable to the run_init_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux run policy is very flexible allowing users to setup their run processes in as secure a method as possible. ++.PP ++The following process types are defined for run: ++ ++.EX ++.B run_init_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -33658,10 +38858,10 @@ index 0000000..31068e8 \ No newline at end of file diff --git a/man/man8/rwho_selinux.8 b/man/man8/rwho_selinux.8 new file mode 100644 -index 0000000..c5a4b6a +index 0000000..5b7747f --- /dev/null +++ b/man/man8/rwho_selinux.8 -@@ -0,0 +1,103 @@ +@@ -0,0 +1,121 @@ +.TH "rwho_selinux" "8" "rwho" "dwalsh@redhat.com" "rwho SELinux Policy documentation" +.SH "NAME" +rwho_selinux \- Security Enhanced Linux Policy for the rwho processes @@ -33682,50 +38882,38 @@ index 0000000..c5a4b6a + + +.EX ++.PP +.B rwho_exec_t +.EE + +- Set files with the rwho_exec_t type, if you want to transition an executable to the rwho_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rwho_initrc_exec_t +.EE + +- Set files with the rwho_initrc_exec_t type, if you want to transition an executable to the rwho_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rwho_log_t +.EE + +- Set files with the rwho_log_t type, if you want to treat the data as rwho log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B rwho_spool_t +.EE + +- Set files with the rwho_spool_t type, if you want to store the rwho files under the /var/spool directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -33744,17 +38932,47 @@ index 0000000..c5a4b6a +SELinux rwho policy is very flexible allowing users to setup their rwho processes in as secure a method as possible. +.PP +The following port types are defined for rwho: -+.EX + ++.EX ++.TP 5 +.B rwho_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux rwho policy is very flexible allowing users to setup their rwho processes in as secure a method as possible. ++.PP ++The following process types are defined for rwho: + -+.B udp 513 ++.EX ++.B rwho_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -33766,10 +38984,10 @@ index 0000000..c5a4b6a +.SH "SEE ALSO" +selinux(8), rwho(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/samba_selinux.8 b/man/man8/samba_selinux.8 -index ca702c7..613dad5 100644 +index ca702c7..d02c913 100644 --- a/man/man8/samba_selinux.8 +++ b/man/man8/samba_selinux.8 -@@ -1,56 +1,257 @@ +@@ -1,56 +1,252 @@ -.TH "samba_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "Samba Selinux Policy documentation" +.TH "samba_selinux" "8" "samba" "dwalsh@redhat.com" "samba SELinux Policy documentation" .SH "NAME" @@ -33905,61 +39123,43 @@ index ca702c7..613dad5 100644 + + +.EX ++.PP +.B samba_etc_t +.EE + +- Set files with the samba_etc_t type, if you want to store samba files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B samba_initrc_exec_t +.EE + +- Set files with the samba_initrc_exec_t type, if you want to transition an executable to the samba_initrc_t domain. + -+.br + .br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/nmb, /etc/rc\.d/init\.d/smb, /etc/rc\.d/init\.d/winbind -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B samba_log_t +.EE + +- Set files with the samba_log_t type, if you want to treat the data as samba log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B samba_net_exec_t +.EE + +- Set files with the samba_net_exec_t type, if you want to transition an executable to the samba_net_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B samba_net_tmp_t +.EE + @@ -33967,22 +39167,19 @@ index ca702c7..613dad5 100644 + + +.EX ++.PP +.B samba_secrets_t +.EE + +- Set files with the samba_secrets_t type, if you want to treat the files as samba secrets data. + +.br ++.TP 5 +Paths: +/etc/samba/secrets\.tdb, /etc/samba/passdb\.tdb, /etc/samba/MACHINE\.SID, /etc/samba/smbpasswd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B samba_share_t +.EE + @@ -33990,63 +39187,79 @@ index ca702c7..613dad5 100644 + + +.EX ++.PP +.B samba_unconfined_script_exec_t +.EE + +- Set files with the samba_unconfined_script_exec_t type, if you want to transition an executable to the samba_unconfined_script_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B samba_unit_file_t +.EE + +- Set files with the samba_unit_file_t type, if you want to treat the files as samba unit content. + +.br ++.TP 5 +Paths: +/lib/systemd/system/smb.service, /usr/lib/systemd/system/smb.service -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B samba_var_t +.EE + +- Set files with the samba_var_t type, if you want to store the s files under the /var directory. + - .br ++.br ++.TP 5 +Paths: +/var/spool/samba(/.*)?, /var/cache/samba(/.*)?, /var/lib/samba(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sambagui_exec_t +.EE + +- Set files with the sambagui_exec_t type, if you want to transition an executable to the sambagui_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux samba policy is very flexible allowing users to setup their samba processes in as secure a method as possible. ++.PP ++The following process types are defined for samba: ++ ++.EX ++.B samba_net_t, samba_unconfined_script_t, sambagui_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules -setsebool -P samba_enable_home_dirs 1 -.TP @@ -34073,10 +39286,10 @@ index ca702c7..613dad5 100644 \ No newline at end of file diff --git a/man/man8/sambagui_selinux.8 b/man/man8/sambagui_selinux.8 new file mode 100644 -index 0000000..2cbc4bc +index 0000000..ebcadb5 --- /dev/null +++ b/man/man8/sambagui_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "sambagui_selinux" "8" "sambagui" "dwalsh@redhat.com" "sambagui SELinux Policy documentation" +.SH "NAME" +sambagui_selinux \- Security Enhanced Linux Policy for the sambagui processes @@ -34097,18 +39310,47 @@ index 0000000..2cbc4bc + + +.EX ++.PP +.B sambagui_exec_t +.EE + +- Set files with the sambagui_exec_t type, if you want to transition an executable to the sambagui_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux sambagui policy is very flexible allowing users to setup their sambagui processes in as secure a method as possible. ++.PP ++The following process types are defined for sambagui: ++ ++.EX ++.B sambagui_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -34121,10 +39363,10 @@ index 0000000..2cbc4bc +selinux(8), sambagui(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/sandbox_selinux.8 b/man/man8/sandbox_selinux.8 new file mode 100644 -index 0000000..d71121e +index 0000000..e03bd16 --- /dev/null +++ b/man/man8/sandbox_selinux.8 -@@ -0,0 +1,106 @@ +@@ -0,0 +1,142 @@ +.TH "sandbox_selinux" "8" "sandbox" "dwalsh@redhat.com" "sandbox SELinux Policy documentation" +.SH "NAME" +sandbox_selinux \- Security Enhanced Linux Policy for the sandbox processes @@ -34156,6 +39398,7 @@ index 0000000..d71121e + + +.EX ++.PP +.B sandbox_devpts_t +.EE + @@ -34163,19 +39406,15 @@ index 0000000..d71121e + + +.EX ++.PP +.B sandbox_exec_t +.EE + +- Set files with the sandbox_exec_t type, if you want to transition an executable to the sandbox_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sandbox_file_t +.EE + @@ -34183,6 +39422,7 @@ index 0000000..d71121e + + +.EX ++.PP +.B sandbox_min_client_tmpfs_t +.EE + @@ -34190,6 +39430,7 @@ index 0000000..d71121e + + +.EX ++.PP +.B sandbox_net_client_tmpfs_t +.EE + @@ -34197,6 +39438,7 @@ index 0000000..d71121e + + +.EX ++.PP +.B sandbox_web_client_tmpfs_t +.EE + @@ -34204,6 +39446,7 @@ index 0000000..d71121e + + +.EX ++.PP +.B sandbox_x_client_tmpfs_t +.EE + @@ -34211,12 +39454,47 @@ index 0000000..d71121e + + +.EX ++.PP +.B sandbox_xserver_tmpfs_t +.EE + +- Set files with the sandbox_xserver_tmpfs_t type, if you want to store sandbox xserver files on a tmpfs file system. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux sandbox policy is very flexible allowing users to setup their sandbox processes in as secure a method as possible. ++.PP ++The following process types are defined for sandbox: ++ ++.EX ++.B sandbox_x_client_t, sandbox_net_client_t, sandbox_xserver_t, sandbox_x_t, sandbox_web_client_t, sandbox_min_t, sandbox_net_t, sandbox_web_t, sandbox_min_client_t, sandbox_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -34234,10 +39512,10 @@ index 0000000..d71121e \ No newline at end of file diff --git a/man/man8/sanlock_selinux.8 b/man/man8/sanlock_selinux.8 new file mode 100644 -index 0000000..1a2393d +index 0000000..035db8a --- /dev/null +++ b/man/man8/sanlock_selinux.8 -@@ -0,0 +1,110 @@ +@@ -0,0 +1,124 @@ +.TH "sanlock_selinux" "8" "sanlock" "dwalsh@redhat.com" "sanlock SELinux Policy documentation" +.SH "NAME" +sanlock_selinux \- Security Enhanced Linux Policy for the sanlock processes @@ -34283,57 +39561,71 @@ index 0000000..1a2393d + + +.EX ++.PP +.B sanlock_exec_t +.EE + +- Set files with the sanlock_exec_t type, if you want to transition an executable to the sanlock_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sanlock_initrc_exec_t +.EE + +- Set files with the sanlock_initrc_exec_t type, if you want to transition an executable to the sanlock_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sanlock_log_t +.EE + +- Set files with the sanlock_log_t type, if you want to treat the data as sanlock log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sanlock_var_run_t +.EE + +- Set files with the sanlock_var_run_t type, if you want to store the sanlock files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux sanlock policy is very flexible allowing users to setup their sanlock processes in as secure a method as possible. ++.PP ++The following process types are defined for sanlock: ++ ++.EX ++.B sanlock_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -34351,10 +39643,10 @@ index 0000000..1a2393d \ No newline at end of file diff --git a/man/man8/saslauthd_selinux.8 b/man/man8/saslauthd_selinux.8 new file mode 100644 -index 0000000..60c1ccb +index 0000000..5458895 --- /dev/null +++ b/man/man8/saslauthd_selinux.8 -@@ -0,0 +1,93 @@ +@@ -0,0 +1,114 @@ +.TH "saslauthd_selinux" "8" "saslauthd" "dwalsh@redhat.com" "saslauthd SELinux Policy documentation" +.SH "NAME" +saslauthd_selinux \- Security Enhanced Linux Policy for the saslauthd processes @@ -34386,32 +39678,23 @@ index 0000000..60c1ccb + + +.EX ++.PP +.B saslauthd_exec_t +.EE + +- Set files with the saslauthd_exec_t type, if you want to transition an executable to the saslauthd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B saslauthd_initrc_exec_t +.EE + +- Set files with the saslauthd_initrc_exec_t type, if you want to transition an executable to the saslauthd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B saslauthd_keytab_t +.EE + @@ -34419,21 +39702,51 @@ index 0000000..60c1ccb + + +.EX ++.PP +.B saslauthd_var_run_t +.EE + +- Set files with the saslauthd_var_run_t type, if you want to store the saslauthd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/lib/sasl2(/.*)?, /var/run/saslauthd(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux saslauthd policy is very flexible allowing users to setup their saslauthd processes in as secure a method as possible. ++.PP ++The following process types are defined for saslauthd: ++ ++.EX ++.B saslauthd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -34451,10 +39764,10 @@ index 0000000..60c1ccb \ No newline at end of file diff --git a/man/man8/sblim_selinux.8 b/man/man8/sblim_selinux.8 new file mode 100644 -index 0000000..bf666a4 +index 0000000..29afb9c --- /dev/null +++ b/man/man8/sblim_selinux.8 -@@ -0,0 +1,68 @@ +@@ -0,0 +1,87 @@ +.TH "sblim_selinux" "8" "sblim" "dwalsh@redhat.com" "sblim SELinux Policy documentation" +.SH "NAME" +sblim_selinux \- Security Enhanced Linux Policy for the sblim processes @@ -34475,44 +39788,63 @@ index 0000000..bf666a4 + + +.EX ++.PP +.B sblim_gatherd_exec_t +.EE + +- Set files with the sblim_gatherd_exec_t type, if you want to transition an executable to the sblim_gatherd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sblim_reposd_exec_t +.EE + +- Set files with the sblim_reposd_exec_t type, if you want to transition an executable to the sblim_reposd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sblim_var_run_t +.EE + +- Set files with the sblim_var_run_t type, if you want to store the sblim files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux sblim policy is very flexible allowing users to setup their sblim processes in as secure a method as possible. ++.PP ++The following process types are defined for sblim: ++ ++.EX ++.B sblim_reposd_t, sblim_gatherd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -34525,10 +39857,10 @@ index 0000000..bf666a4 +selinux(8), sblim(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/sectoolm_selinux.8 b/man/man8/sectoolm_selinux.8 new file mode 100644 -index 0000000..231d9a7 +index 0000000..c1232de --- /dev/null +++ b/man/man8/sectoolm_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "sectoolm_selinux" "8" "sectoolm" "dwalsh@redhat.com" "sectoolm SELinux Policy documentation" +.SH "NAME" +sectoolm_selinux \- Security Enhanced Linux Policy for the sectoolm processes @@ -34549,18 +39881,47 @@ index 0000000..231d9a7 + + +.EX ++.PP +.B sectoolm_exec_t +.EE + +- Set files with the sectoolm_exec_t type, if you want to transition an executable to the sectoolm_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux sectoolm policy is very flexible allowing users to setup their sectoolm processes in as secure a method as possible. ++.PP ++The following process types are defined for sectoolm: ++ ++.EX ++.B sectoolm_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -34573,10 +39934,10 @@ index 0000000..231d9a7 +selinux(8), sectoolm(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/selinux_selinux.8 b/man/man8/selinux_selinux.8 new file mode 100644 -index 0000000..2dd8987 +index 0000000..c58d504 --- /dev/null +++ b/man/man8/selinux_selinux.8 -@@ -0,0 +1,78 @@ +@@ -0,0 +1,99 @@ +.TH "selinux_selinux" "8" "selinux" "dwalsh@redhat.com" "selinux SELinux Policy documentation" +.SH "NAME" +selinux_selinux \- Security Enhanced Linux Policy for the selinux processes @@ -34597,35 +39958,27 @@ index 0000000..2dd8987 + + +.EX ++.PP +.B selinux_config_t +.EE + +- Set files with the selinux_config_t type, if you want to treat the files as selinux configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/etc/selinux/([^/]*/)?users(/.*)?, /etc/selinux(/.*)?, /etc/selinux/([^/]*/)?seusers, /etc/selinux/([^/]*/)?setrans\.conf -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B selinux_munin_plugin_exec_t +.EE + +- Set files with the selinux_munin_plugin_exec_t type, if you want to transition an executable to the selinux_munin_plugin_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B selinux_munin_plugin_tmp_t +.EE + @@ -34633,18 +39986,47 @@ index 0000000..2dd8987 + + +.EX ++.PP +.B selinux_var_lib_t +.EE + +- Set files with the selinux_var_lib_t type, if you want to store the selinux files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux selinux policy is very flexible allowing users to setup their selinux processes in as secure a method as possible. ++.PP ++The following process types are defined for selinux: ++ ++.EX ++.B selinux_munin_plugin_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -34657,10 +40039,10 @@ index 0000000..2dd8987 +selinux(8), selinux(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/semanage_selinux.8 b/man/man8/semanage_selinux.8 new file mode 100644 -index 0000000..d89b54a +index 0000000..32ccc93 --- /dev/null +++ b/man/man8/semanage_selinux.8 -@@ -0,0 +1,94 @@ +@@ -0,0 +1,111 @@ +.TH "semanage_selinux" "8" "semanage" "dwalsh@redhat.com" "semanage SELinux Policy documentation" +.SH "NAME" +semanage_selinux \- Security Enhanced Linux Policy for the semanage processes @@ -34681,51 +40063,39 @@ index 0000000..d89b54a + + +.EX ++.PP +.B semanage_exec_t +.EE + +- Set files with the semanage_exec_t type, if you want to transition an executable to the semanage_t domain. + +.br ++.TP 5 +Paths: +/usr/share/system-config-selinux/system-config-selinux-dbus\.py, /usr/sbin/semanage, /usr/sbin/semodule -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B semanage_read_lock_t +.EE + +- Set files with the semanage_read_lock_t type, if you want to treat the files as semanage read lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B semanage_store_t +.EE + +- Set files with the semanage_store_t type, if you want to treat the files as semanage store data. + +.br ++.TP 5 +Paths: +/etc/share/selinux/mls(/.*)?, /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)?, /etc/selinux/([^/]*/)?policy(/.*)?, /etc/share/selinux/targeted(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B semanage_tmp_t +.EE + @@ -34733,18 +40103,47 @@ index 0000000..d89b54a + + +.EX ++.PP +.B semanage_trans_lock_t +.EE + +- Set files with the semanage_trans_lock_t type, if you want to treat the files as semanage trans lock data, stored under the /var/lock directory + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux semanage policy is very flexible allowing users to setup their semanage processes in as secure a method as possible. ++.PP ++The following process types are defined for semanage: ++ ++.EX ++.B semanage_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -34757,10 +40156,10 @@ index 0000000..d89b54a +selinux(8), semanage(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/sendmail_selinux.8 b/man/man8/sendmail_selinux.8 new file mode 100644 -index 0000000..1cdbd31 +index 0000000..37d0591 --- /dev/null +++ b/man/man8/sendmail_selinux.8 -@@ -0,0 +1,133 @@ +@@ -0,0 +1,152 @@ +.TH "sendmail_selinux" "8" "sendmail" "dwalsh@redhat.com" "sendmail SELinux Policy documentation" +.SH "NAME" +sendmail_selinux \- Security Enhanced Linux Policy for the sendmail processes @@ -34806,35 +40205,27 @@ index 0000000..1cdbd31 + + +.EX ++.PP +.B sendmail_exec_t +.EE + +- Set files with the sendmail_exec_t type, if you want to transition an executable to the sendmail_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/mail(x)?, /usr/sbin/rmail, /usr/sbin/ssmtp, /usr/bin/esmtp, /var/qmail/bin/sendmail, /usr/sbin/sendmail\.postfix, /usr/lib/courier/bin/sendmail, /usr/lib/sendmail, /bin/mail(x)?, /usr/sbin/sendmail(\.sendmail)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sendmail_initrc_exec_t +.EE + +- Set files with the sendmail_initrc_exec_t type, if you want to transition an executable to the sendmail_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sendmail_keytab_t +.EE + @@ -34842,22 +40233,19 @@ index 0000000..1cdbd31 + + +.EX ++.PP +.B sendmail_log_t +.EE + +- Set files with the sendmail_log_t type, if you want to treat the data as sendmail log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/sendmail\.st, /var/log/mail(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sendmail_tmp_t +.EE + @@ -34865,21 +40253,51 @@ index 0000000..1cdbd31 + + +.EX ++.PP +.B sendmail_var_run_t +.EE + +- Set files with the sendmail_var_run_t type, if you want to store the sendmail files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/sendmail\.pid, /var/run/sm-client\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux sendmail policy is very flexible allowing users to setup their sendmail processes in as secure a method as possible. ++.PP ++The following process types are defined for sendmail: ++ ++.EX ++.B sendmail_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -34897,10 +40315,10 @@ index 0000000..1cdbd31 \ No newline at end of file diff --git a/man/man8/services_selinux.8 b/man/man8/services_selinux.8 new file mode 100644 -index 0000000..45be83b +index 0000000..4a816d3 --- /dev/null +++ b/man/man8/services_selinux.8 -@@ -0,0 +1,52 @@ +@@ -0,0 +1,83 @@ +.TH "services_selinux" "8" "services" "dwalsh@redhat.com" "services SELinux Policy documentation" +.SH "NAME" +services_selinux \- Security Enhanced Linux Policy for the services processes @@ -34921,28 +40339,59 @@ index 0000000..45be83b + + +.EX ++.PP +.B services_munin_plugin_exec_t +.EE + +- Set files with the services_munin_plugin_exec_t type, if you want to transition an executable to the services_munin_plugin_t domain. + +.br ++.TP 5 +Paths: +/usr/share/munin/plugins/nut.*, /usr/share/munin/plugins/named, /usr/share/munin/plugins/varnish_.*, /usr/share/munin/plugins/tomcat_.*, /usr/share/munin/plugins/postgres_.*, /usr/share/munin/plugins/asterisk_.*, /usr/share/munin/plugins/lpstat, /usr/share/munin/plugins/mysql_.*, /usr/share/munin/plugins/slapd_.*, /usr/share/munin/plugins/apache_.*, /usr/share/munin/plugins/ping_, /usr/share/munin/plugins/squid_.*, /usr/share/munin/plugins/fail2ban, /usr/share/munin/plugins/openvpn, /usr/share/munin/plugins/snmp_.*, /usr/share/munin/plugins/samba, /usr/share/munin/plugins/ntp_.*, /usr/share/munin/plugins/http_loadtime ++ ++.EX ++.PP ++.B services_munin_plugin_tmp_t ++.EE ++ ++- Set files with the services_munin_plugin_tmp_t type, if you want to store services munin plugin temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux services policy is very flexible allowing users to setup their services processes in as secure a method as possible. ++.PP ++The following process types are defined for services: + +.EX -+.B services_munin_plugin_tmp_t ++.B services_munin_plugin_t +.EE -+ -+- Set files with the services_munin_plugin_tmp_t type, if you want to store services munin plugin temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -34955,10 +40404,10 @@ index 0000000..45be83b +selinux(8), services(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/setfiles_selinux.8 b/man/man8/setfiles_selinux.8 new file mode 100644 -index 0000000..f027b5f +index 0000000..de1733a --- /dev/null +++ b/man/man8/setfiles_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "setfiles_selinux" "8" "setfiles" "dwalsh@redhat.com" "setfiles SELinux Policy documentation" +.SH "NAME" +setfiles_selinux \- Security Enhanced Linux Policy for the setfiles processes @@ -34979,21 +40428,51 @@ index 0000000..f027b5f + + +.EX ++.PP +.B setfiles_exec_t +.EE + +- Set files with the setfiles_exec_t type, if you want to transition an executable to the setfiles_t domain. + +.br ++.TP 5 +Paths: +/sbin/setfiles.*, /sbin/restorecon, /usr/sbin/setfiles.*, /usr/sbin/restorecon ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux setfiles policy is very flexible allowing users to setup their setfiles processes in as secure a method as possible. ++.PP ++The following process types are defined for setfiles: ++ ++.EX ++.B setfiles_mac_t, setfiles_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -35006,10 +40485,10 @@ index 0000000..f027b5f +selinux(8), setfiles(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/setkey_selinux.8 b/man/man8/setkey_selinux.8 new file mode 100644 -index 0000000..fcac8ed +index 0000000..0eca4ce --- /dev/null +++ b/man/man8/setkey_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "setkey_selinux" "8" "setkey" "dwalsh@redhat.com" "setkey SELinux Policy documentation" +.SH "NAME" +setkey_selinux \- Security Enhanced Linux Policy for the setkey processes @@ -35030,21 +40509,51 @@ index 0000000..fcac8ed + + +.EX ++.PP +.B setkey_exec_t +.EE + +- Set files with the setkey_exec_t type, if you want to transition an executable to the setkey_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/setkey, /sbin/setkey ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux setkey policy is very flexible allowing users to setup their setkey processes in as secure a method as possible. ++.PP ++The following process types are defined for setkey: ++ ++.EX ++.B setkey_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -35057,10 +40566,10 @@ index 0000000..fcac8ed +selinux(8), setkey(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/setrans_selinux.8 b/man/man8/setrans_selinux.8 new file mode 100644 -index 0000000..4700028 +index 0000000..274037f --- /dev/null +++ b/man/man8/setrans_selinux.8 -@@ -0,0 +1,74 @@ +@@ -0,0 +1,95 @@ +.TH "setrans_selinux" "8" "setrans" "dwalsh@redhat.com" "setrans SELinux Policy documentation" +.SH "NAME" +setrans_selinux \- Security Enhanced Linux Policy for the setrans processes @@ -35081,50 +40590,71 @@ index 0000000..4700028 + + +.EX ++.PP +.B setrans_exec_t +.EE + +- Set files with the setrans_exec_t type, if you want to transition an executable to the setrans_t domain. + +.br ++.TP 5 +Paths: +/sbin/mcstransd, /usr/sbin/mcstransd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B setrans_initrc_exec_t +.EE + +- Set files with the setrans_initrc_exec_t type, if you want to transition an executable to the setrans_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B setrans_var_run_t +.EE + +- Set files with the setrans_var_run_t type, if you want to store the setrans files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/mcstransd\.pid, /var/run/setrans(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux setrans policy is very flexible allowing users to setup their setrans processes in as secure a method as possible. ++.PP ++The following process types are defined for setrans: ++ ++.EX ++.B setrans_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -35137,10 +40667,10 @@ index 0000000..4700028 +selinux(8), setrans(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/setroubleshoot_selinux.8 b/man/man8/setroubleshoot_selinux.8 new file mode 100644 -index 0000000..52b6fff +index 0000000..796de21 --- /dev/null +++ b/man/man8/setroubleshoot_selinux.8 -@@ -0,0 +1,94 @@ +@@ -0,0 +1,103 @@ +.TH "setroubleshoot_selinux" "8" "setroubleshoot" "dwalsh@redhat.com" "setroubleshoot SELinux Policy documentation" +.SH "NAME" +setroubleshoot_selinux \- Security Enhanced Linux Policy for the setroubleshoot processes @@ -35161,70 +40691,79 @@ index 0000000..52b6fff + + +.EX ++.PP +.B setroubleshoot_fixit_exec_t +.EE + +- Set files with the setroubleshoot_fixit_exec_t type, if you want to transition an executable to the setroubleshoot_fixit_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B setroubleshoot_var_lib_t +.EE + +- Set files with the setroubleshoot_var_lib_t type, if you want to store the setroubleshoot files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B setroubleshoot_var_log_t +.EE + +- Set files with the setroubleshoot_var_log_t type, if you want to treat the data as setroubleshoot var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B setroubleshoot_var_run_t +.EE + +- Set files with the setroubleshoot_var_run_t type, if you want to store the setroubleshoot files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B setroubleshootd_exec_t +.EE + +- Set files with the setroubleshootd_exec_t type, if you want to transition an executable to the setroubleshootd_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux setroubleshoot policy is very flexible allowing users to setup their setroubleshoot processes in as secure a method as possible. ++.PP ++The following process types are defined for setroubleshoot: ++ ++.EX ++.B setroubleshoot_fixit_t, setroubleshootd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -35237,10 +40776,10 @@ index 0000000..52b6fff +selinux(8), setroubleshoot(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/setroubleshootd_selinux.8 b/man/man8/setroubleshootd_selinux.8 new file mode 100644 -index 0000000..56986a1 +index 0000000..2715192 --- /dev/null +++ b/man/man8/setroubleshootd_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "setroubleshootd_selinux" "8" "setroubleshootd" "dwalsh@redhat.com" "setroubleshootd SELinux Policy documentation" +.SH "NAME" +setroubleshootd_selinux \- Security Enhanced Linux Policy for the setroubleshootd processes @@ -35261,18 +40800,47 @@ index 0000000..56986a1 + + +.EX ++.PP +.B setroubleshootd_exec_t +.EE + +- Set files with the setroubleshootd_exec_t type, if you want to transition an executable to the setroubleshootd_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux setroubleshootd policy is very flexible allowing users to setup their setroubleshootd processes in as secure a method as possible. ++.PP ++The following process types are defined for setroubleshootd: ++ ++.EX ++.B setroubleshoot_fixit_t, setroubleshootd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -35285,10 +40853,10 @@ index 0000000..56986a1 +selinux(8), setroubleshootd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/setsebool_selinux.8 b/man/man8/setsebool_selinux.8 new file mode 100644 -index 0000000..b900bf7 +index 0000000..eaa6e4b --- /dev/null +++ b/man/man8/setsebool_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "setsebool_selinux" "8" "setsebool" "dwalsh@redhat.com" "setsebool SELinux Policy documentation" +.SH "NAME" +setsebool_selinux \- Security Enhanced Linux Policy for the setsebool processes @@ -35309,18 +40877,47 @@ index 0000000..b900bf7 + + +.EX ++.PP +.B setsebool_exec_t +.EE + +- Set files with the setsebool_exec_t type, if you want to transition an executable to the setsebool_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux setsebool policy is very flexible allowing users to setup their setsebool processes in as secure a method as possible. ++.PP ++The following process types are defined for setsebool: ++ ++.EX ++.B setsebool_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -35333,10 +40930,10 @@ index 0000000..b900bf7 +selinux(8), setsebool(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/sge_selinux.8 b/man/man8/sge_selinux.8 new file mode 100644 -index 0000000..98fd734 +index 0000000..d7633d0 --- /dev/null +++ b/man/man8/sge_selinux.8 -@@ -0,0 +1,97 @@ +@@ -0,0 +1,118 @@ +.TH "sge_selinux" "8" "sge" "dwalsh@redhat.com" "sge SELinux Policy documentation" +.SH "NAME" +sge_selinux \- Security Enhanced Linux Policy for the sge processes @@ -35368,19 +40965,15 @@ index 0000000..98fd734 + + +.EX ++.PP +.B sge_execd_exec_t +.EE + +- Set files with the sge_execd_exec_t type, if you want to transition an executable to the sge_execd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sge_job_exec_t +.EE + @@ -35388,38 +40981,63 @@ index 0000000..98fd734 + + +.EX ++.PP +.B sge_shepherd_exec_t +.EE + +- Set files with the sge_shepherd_exec_t type, if you want to transition an executable to the sge_shepherd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sge_spool_t +.EE + +- Set files with the sge_spool_t type, if you want to store the sge files under the /var/spool directory. + ++ ++.EX ++.PP ++.B sge_tmp_t ++.EE ++ ++- Set files with the sge_tmp_t type, if you want to store sge temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux sge policy is very flexible allowing users to setup their sge processes in as secure a method as possible. ++.PP ++The following process types are defined for sge: + +.EX -+.B sge_tmp_t ++.B sge_execd_t, sge_job_ssh_t, sge_shepherd_t, sge_job_t +.EE -+ -+- Set files with the sge_tmp_t type, if you want to store sge temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -35437,10 +41055,10 @@ index 0000000..98fd734 \ No newline at end of file diff --git a/man/man8/shorewall_selinux.8 b/man/man8/shorewall_selinux.8 new file mode 100644 -index 0000000..a3db652 +index 0000000..876ab3a --- /dev/null +++ b/man/man8/shorewall_selinux.8 -@@ -0,0 +1,126 @@ +@@ -0,0 +1,135 @@ +.TH "shorewall_selinux" "8" "shorewall" "dwalsh@redhat.com" "shorewall SELinux Policy documentation" +.SH "NAME" +shorewall_selinux \- Security Enhanced Linux Policy for the shorewall processes @@ -35461,80 +41079,59 @@ index 0000000..a3db652 + + +.EX ++.PP +.B shorewall_etc_t +.EE + +- Set files with the shorewall_etc_t type, if you want to store shorewall files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/shorewall-lite(/.*)?, /etc/shorewall(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B shorewall_exec_t +.EE + +- Set files with the shorewall_exec_t type, if you want to transition an executable to the shorewall_t domain. + +.br ++.TP 5 +Paths: +/sbin/shorewall6?, /sbin/shorewall-lite, /usr/sbin/shorewall-lite, /usr/sbin/shorewall6? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B shorewall_initrc_exec_t +.EE + +- Set files with the shorewall_initrc_exec_t type, if you want to transition an executable to the shorewall_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/shorewall, /etc/rc\.d/init\.d/shorewall-lite -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B shorewall_lock_t +.EE + +- Set files with the shorewall_lock_t type, if you want to treat the files as shorewall lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B shorewall_log_t +.EE + +- Set files with the shorewall_log_t type, if you want to treat the data as shorewall log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B shorewall_tmp_t +.EE + @@ -35542,21 +41139,51 @@ index 0000000..a3db652 + + +.EX ++.PP +.B shorewall_var_lib_t +.EE + +- Set files with the shorewall_var_lib_t type, if you want to store the shorewall files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/shorewall-lite(/.*)?, /var/lib/shorewall(/.*)?, /var/lib/shorewall6(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux shorewall policy is very flexible allowing users to setup their shorewall processes in as secure a method as possible. ++.PP ++The following process types are defined for shorewall: ++ ++.EX ++.B shorewall_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -35569,10 +41196,10 @@ index 0000000..a3db652 +selinux(8), shorewall(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/showmount_selinux.8 b/man/man8/showmount_selinux.8 new file mode 100644 -index 0000000..bad57fb +index 0000000..cdba2c2 --- /dev/null +++ b/man/man8/showmount_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "showmount_selinux" "8" "showmount" "dwalsh@redhat.com" "showmount SELinux Policy documentation" +.SH "NAME" +showmount_selinux \- Security Enhanced Linux Policy for the showmount processes @@ -35593,18 +41220,47 @@ index 0000000..bad57fb + + +.EX ++.PP +.B showmount_exec_t +.EE + +- Set files with the showmount_exec_t type, if you want to transition an executable to the showmount_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux showmount policy is very flexible allowing users to setup their showmount processes in as secure a method as possible. ++.PP ++The following process types are defined for showmount: ++ ++.EX ++.B showmount_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -35617,10 +41273,10 @@ index 0000000..bad57fb +selinux(8), showmount(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/shutdown_selinux.8 b/man/man8/shutdown_selinux.8 new file mode 100644 -index 0000000..0e2d67b +index 0000000..7a73e5b --- /dev/null +++ b/man/man8/shutdown_selinux.8 -@@ -0,0 +1,71 @@ +@@ -0,0 +1,91 @@ +.TH "shutdown_selinux" "8" "shutdown" "dwalsh@redhat.com" "shutdown SELinux Policy documentation" +.SH "NAME" +shutdown_selinux \- Security Enhanced Linux Policy for the shutdown processes @@ -35641,47 +41297,67 @@ index 0000000..0e2d67b + + +.EX ++.PP +.B shutdown_etc_t +.EE + +- Set files with the shutdown_etc_t type, if you want to store shutdown files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B shutdown_exec_t +.EE + +- Set files with the shutdown_exec_t type, if you want to transition an executable to the shutdown_t domain. + +.br ++.TP 5 +Paths: +/sbin/shutdown, /usr/sbin/shutdown, /usr/lib/upstart/shutdown, /lib/upstart/shutdown -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B shutdown_var_run_t +.EE + +- Set files with the shutdown_var_run_t type, if you want to store the shutdown files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux shutdown policy is very flexible allowing users to setup their shutdown processes in as secure a method as possible. ++.PP ++The following process types are defined for shutdown: ++ ++.EX ++.B shutdown_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -35694,10 +41370,10 @@ index 0000000..0e2d67b +selinux(8), shutdown(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/slapd_selinux.8 b/man/man8/slapd_selinux.8 new file mode 100644 -index 0000000..184fd51 +index 0000000..ef51b22 --- /dev/null +++ b/man/man8/slapd_selinux.8 -@@ -0,0 +1,162 @@ +@@ -0,0 +1,175 @@ +.TH "slapd_selinux" "8" "slapd" "dwalsh@redhat.com" "slapd SELinux Policy documentation" +.SH "NAME" +slapd_selinux \- Security Enhanced Linux Policy for the slapd processes @@ -35718,6 +41394,7 @@ index 0000000..184fd51 + + +.EX ++.PP +.B slapd_cert_t +.EE + @@ -35725,61 +41402,43 @@ index 0000000..184fd51 + + +.EX ++.PP +.B slapd_db_t +.EE + +- Set files with the slapd_db_t type, if you want to treat the files as slapd database content. + +.br ++.TP 5 +Paths: +/etc/openldap/slapd\.d(/.*)?, /var/lib/ldap(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B slapd_etc_t +.EE + +- Set files with the slapd_etc_t type, if you want to store slapd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B slapd_exec_t +.EE + +- Set files with the slapd_exec_t type, if you want to transition an executable to the slapd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B slapd_initrc_exec_t +.EE + +- Set files with the slapd_initrc_exec_t type, if you want to transition an executable to the slapd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B slapd_keytab_t +.EE + @@ -35787,6 +41446,7 @@ index 0000000..184fd51 + + +.EX ++.PP +.B slapd_lock_t +.EE + @@ -35794,6 +41454,7 @@ index 0000000..184fd51 + + +.EX ++.PP +.B slapd_log_t +.EE + @@ -35801,19 +41462,15 @@ index 0000000..184fd51 + + +.EX ++.PP +.B slapd_replog_t +.EE + +- Set files with the slapd_replog_t type, if you want to treat the files as slapd replog data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B slapd_tmp_t +.EE + @@ -35821,6 +41478,7 @@ index 0000000..184fd51 + + +.EX ++.PP +.B slapd_tmpfs_t +.EE + @@ -35828,6 +41486,7 @@ index 0000000..184fd51 + + +.EX ++.PP +.B slapd_unit_file_t +.EE + @@ -35835,21 +41494,51 @@ index 0000000..184fd51 + + +.EX ++.PP +.B slapd_var_run_t +.EE + +- Set files with the slapd_var_run_t type, if you want to store the slapd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/slapd\.args, /var/run/openldap(/.*)?, /var/run/slapd\.pid, /var/run/ldapi, /var/run/slapd.* ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux slapd policy is very flexible allowing users to setup their slapd processes in as secure a method as possible. ++.PP ++The following process types are defined for slapd: ++ ++.EX ++.B slapd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -35862,10 +41551,10 @@ index 0000000..184fd51 +selinux(8), slapd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/smbcontrol_selinux.8 b/man/man8/smbcontrol_selinux.8 new file mode 100644 -index 0000000..bd2a229 +index 0000000..7e6b857 --- /dev/null +++ b/man/man8/smbcontrol_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "smbcontrol_selinux" "8" "smbcontrol" "dwalsh@redhat.com" "smbcontrol SELinux Policy documentation" +.SH "NAME" +smbcontrol_selinux \- Security Enhanced Linux Policy for the smbcontrol processes @@ -35886,18 +41575,47 @@ index 0000000..bd2a229 + + +.EX ++.PP +.B smbcontrol_exec_t +.EE + +- Set files with the smbcontrol_exec_t type, if you want to transition an executable to the smbcontrol_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux smbcontrol policy is very flexible allowing users to setup their smbcontrol processes in as secure a method as possible. ++.PP ++The following process types are defined for smbcontrol: ++ ++.EX ++.B smbcontrol_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -35910,10 +41628,10 @@ index 0000000..bd2a229 +selinux(8), smbcontrol(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/smbd_selinux.8 b/man/man8/smbd_selinux.8 new file mode 100644 -index 0000000..0c2c1e8 +index 0000000..a00daff --- /dev/null +++ b/man/man8/smbd_selinux.8 -@@ -0,0 +1,122 @@ +@@ -0,0 +1,151 @@ +.TH "smbd_selinux" "8" "smbd" "dwalsh@redhat.com" "smbd SELinux Policy documentation" +.SH "NAME" +smbd_selinux \- Security Enhanced Linux Policy for the smbd processes @@ -35929,18 +41647,16 @@ index 0000000..0c2c1e8 +.PP +.B +semanage fcontext -a -t public_content_t "/var/smbd(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/smbd ++.br ++.B restorecon -F -R -v /var/smbd +.pp +.TP +Allow smbd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_smbdd_anon_write boolean to be set. +.PP +.B +semanage fcontext -a -t public_content_rw_t "/var/smbd/incoming(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/smbd/incoming ++.br ++.B restorecon -F -R -v /var/smbd/incoming + + +.PP @@ -35962,19 +41678,15 @@ index 0000000..0c2c1e8 + + +.EX ++.PP +.B smbd_exec_t +.EE + +- Set files with the smbd_exec_t type, if you want to transition an executable to the smbd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B smbd_keytab_t +.EE + @@ -35982,6 +41694,7 @@ index 0000000..0c2c1e8 + + +.EX ++.PP +.B smbd_tmp_t +.EE + @@ -35989,14 +41702,18 @@ index 0000000..0c2c1e8 + + +.EX ++.PP +.B smbd_var_run_t +.EE + +- Set files with the smbd_var_run_t type, if you want to store the smbd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/samba/gencache\.tdb, /var/run/samba/share_info\.tdb, /var/run/samba/locking\.tdb, /var/run/samba/connections\.tdb, /var/run/samba/smbd\.pid, /var/run/samba/sessionid\.tdb, /var/run/samba/brlock\.tdb ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -36015,17 +41732,47 @@ index 0000000..0c2c1e8 +SELinux smbd policy is very flexible allowing users to setup their smbd processes in as secure a method as possible. +.PP +The following port types are defined for smbd: -+.EX + ++.EX ++.TP 5 +.B smbd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux smbd policy is very flexible allowing users to setup their smbd processes in as secure a method as possible. ++.PP ++The following process types are defined for smbd: + -+.B tcp 137-139,445 ++.EX ++.B smbcontrol_t, smbmount_t, smbd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -36038,10 +41785,10 @@ index 0000000..0c2c1e8 +selinux(8), smbd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/smbmount_selinux.8 b/man/man8/smbmount_selinux.8 new file mode 100644 -index 0000000..4f13450 +index 0000000..fd0dad0 --- /dev/null +++ b/man/man8/smbmount_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "smbmount_selinux" "8" "smbmount" "dwalsh@redhat.com" "smbmount SELinux Policy documentation" +.SH "NAME" +smbmount_selinux \- Security Enhanced Linux Policy for the smbmount processes @@ -36062,21 +41809,51 @@ index 0000000..4f13450 + + +.EX ++.PP +.B smbmount_exec_t +.EE + +- Set files with the smbmount_exec_t type, if you want to transition an executable to the smbmount_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/smbmnt, /usr/bin/smbmount ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux smbmount policy is very flexible allowing users to setup their smbmount processes in as secure a method as possible. ++.PP ++The following process types are defined for smbmount: ++ ++.EX ++.B smbmount_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -36089,10 +41866,10 @@ index 0000000..4f13450 +selinux(8), smbmount(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/smokeping_selinux.8 b/man/man8/smokeping_selinux.8 new file mode 100644 -index 0000000..b0c427a +index 0000000..1721cb0 --- /dev/null +++ b/man/man8/smokeping_selinux.8 -@@ -0,0 +1,81 @@ +@@ -0,0 +1,95 @@ +.TH "smokeping_selinux" "8" "smokeping" "dwalsh@redhat.com" "smokeping SELinux Policy documentation" +.SH "NAME" +smokeping_selinux \- Security Enhanced Linux Policy for the smokeping processes @@ -36113,57 +41890,71 @@ index 0000000..b0c427a + + +.EX ++.PP +.B smokeping_exec_t +.EE + +- Set files with the smokeping_exec_t type, if you want to transition an executable to the smokeping_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B smokeping_initrc_exec_t +.EE + +- Set files with the smokeping_initrc_exec_t type, if you want to transition an executable to the smokeping_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B smokeping_var_lib_t +.EE + +- Set files with the smokeping_var_lib_t type, if you want to store the smokeping files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B smokeping_var_run_t +.EE + +- Set files with the smokeping_var_run_t type, if you want to store the smokeping files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux smokeping policy is very flexible allowing users to setup their smokeping processes in as secure a method as possible. ++.PP ++The following process types are defined for smokeping: ++ ++.EX ++.B smokeping_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -36176,10 +41967,10 @@ index 0000000..b0c427a +selinux(8), smokeping(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/smoltclient_selinux.8 b/man/man8/smoltclient_selinux.8 new file mode 100644 -index 0000000..97911a9 +index 0000000..0056ce1 --- /dev/null +++ b/man/man8/smoltclient_selinux.8 -@@ -0,0 +1,49 @@ +@@ -0,0 +1,79 @@ +.TH "smoltclient_selinux" "8" "smoltclient" "dwalsh@redhat.com" "smoltclient SELinux Policy documentation" +.SH "NAME" +smoltclient_selinux \- Security Enhanced Linux Policy for the smoltclient processes @@ -36200,25 +41991,55 @@ index 0000000..97911a9 + + +.EX ++.PP +.B smoltclient_exec_t +.EE + +- Set files with the smoltclient_exec_t type, if you want to transition an executable to the smoltclient_t domain. + ++ ++.EX ++.PP ++.B smoltclient_tmp_t ++.EE ++ ++- Set files with the smoltclient_tmp_t type, if you want to store smoltclient temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux smoltclient policy is very flexible allowing users to setup their smoltclient processes in as secure a method as possible. ++.PP ++The following process types are defined for smoltclient: + +.EX -+.B smoltclient_tmp_t ++.B smoltclient_t +.EE -+ -+- Set files with the smoltclient_tmp_t type, if you want to store smoltclient temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -36231,10 +42052,10 @@ index 0000000..97911a9 +selinux(8), smoltclient(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/snmpd_selinux.8 b/man/man8/snmpd_selinux.8 new file mode 100644 -index 0000000..241b3e8 +index 0000000..3de1dc2 --- /dev/null +++ b/man/man8/snmpd_selinux.8 -@@ -0,0 +1,127 @@ +@@ -0,0 +1,141 @@ +.TH "snmpd_selinux" "8" "snmpd" "dwalsh@redhat.com" "snmpd SELinux Policy documentation" +.SH "NAME" +snmpd_selinux \- Security Enhanced Linux Policy for the snmpd processes @@ -36255,72 +42076,58 @@ index 0000000..241b3e8 + + +.EX ++.PP +.B snmpd_exec_t +.EE + +- Set files with the snmpd_exec_t type, if you want to transition an executable to the snmpd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B snmpd_initrc_exec_t +.EE + +- Set files with the snmpd_initrc_exec_t type, if you want to transition an executable to the snmpd_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/snmpd, /etc/rc\.d/init\.d/snmptrapd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B snmpd_log_t +.EE + +- Set files with the snmpd_log_t type, if you want to treat the data as snmpd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B snmpd_var_lib_t +.EE + +- Set files with the snmpd_var_lib_t type, if you want to store the snmpd files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/agentx(/.*)?, /usr/share/snmp/mibs/\.index, /var/net-snmp(/.*)?, /var/lib/net-snmp(/.*)?, /var/lib/snmp(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B snmpd_var_run_t +.EE + +- Set files with the snmpd_var_run_t type, if you want to store the snmpd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/net-snmpd(/.*)?, /var/run/snmpd\.pid, /var/run/snmpd(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -36339,19 +42146,47 @@ index 0000000..241b3e8 +SELinux snmpd policy is very flexible allowing users to setup their snmpd processes in as secure a method as possible. +.PP +The following port types are defined for snmpd: -+.EX + ++.EX ++.TP 5 +.B snmp_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 161-162,199,1161 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 161-162 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux snmpd policy is very flexible allowing users to setup their snmpd processes in as secure a method as possible. ++.PP ++The following process types are defined for snmpd: ++ ++.EX ++.B snmpd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -36364,10 +42199,10 @@ index 0000000..241b3e8 +selinux(8), snmpd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/snort_selinux.8 b/man/man8/snort_selinux.8 new file mode 100644 -index 0000000..ed6d9e7 +index 0000000..963f850 --- /dev/null +++ b/man/man8/snort_selinux.8 -@@ -0,0 +1,104 @@ +@@ -0,0 +1,115 @@ +.TH "snort_selinux" "8" "snort" "dwalsh@redhat.com" "snort SELinux Policy documentation" +.SH "NAME" +snort_selinux \- Security Enhanced Linux Policy for the snort processes @@ -36388,61 +42223,43 @@ index 0000000..ed6d9e7 + + +.EX ++.PP +.B snort_etc_t +.EE + +- Set files with the snort_etc_t type, if you want to store snort files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B snort_exec_t +.EE + +- Set files with the snort_exec_t type, if you want to transition an executable to the snort_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/snort-plain, /usr/s?bin/snort -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B snort_initrc_exec_t +.EE + +- Set files with the snort_initrc_exec_t type, if you want to transition an executable to the snort_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B snort_log_t +.EE + +- Set files with the snort_log_t type, if you want to treat the data as snort log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B snort_tmp_t +.EE + @@ -36450,18 +42267,47 @@ index 0000000..ed6d9e7 + + +.EX ++.PP +.B snort_var_run_t +.EE + +- Set files with the snort_var_run_t type, if you want to store the snort files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux snort policy is very flexible allowing users to setup their snort processes in as secure a method as possible. ++.PP ++The following process types are defined for snort: ++ ++.EX ++.B snort_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -36474,10 +42320,10 @@ index 0000000..ed6d9e7 +selinux(8), snort(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/sosreport_selinux.8 b/man/man8/sosreport_selinux.8 new file mode 100644 -index 0000000..775c417 +index 0000000..83ad6fb --- /dev/null +++ b/man/man8/sosreport_selinux.8 -@@ -0,0 +1,62 @@ +@@ -0,0 +1,87 @@ +.TH "sosreport_selinux" "8" "sosreport" "dwalsh@redhat.com" "sosreport SELinux Policy documentation" +.SH "NAME" +sosreport_selinux \- Security Enhanced Linux Policy for the sosreport processes @@ -36498,38 +42344,63 @@ index 0000000..775c417 + + +.EX ++.PP +.B sosreport_exec_t +.EE + +- Set files with the sosreport_exec_t type, if you want to transition an executable to the sosreport_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sosreport_tmp_t +.EE + +- Set files with the sosreport_tmp_t type, if you want to store sosreport temporary files in the /tmp directories. + ++ ++.EX ++.PP ++.B sosreport_tmpfs_t ++.EE ++ ++- Set files with the sosreport_tmpfs_t type, if you want to store sosreport files on a tmpfs file system. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux sosreport policy is very flexible allowing users to setup their sosreport processes in as secure a method as possible. ++.PP ++The following process types are defined for sosreport: + +.EX -+.B sosreport_tmpfs_t ++.B sosreport_t +.EE -+ -+- Set files with the sosreport_tmpfs_t type, if you want to store sosreport files on a tmpfs file system. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -36542,10 +42413,10 @@ index 0000000..775c417 +selinux(8), sosreport(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/soundd_selinux.8 b/man/man8/soundd_selinux.8 new file mode 100644 -index 0000000..d27c159 +index 0000000..2453feb --- /dev/null +++ b/man/man8/soundd_selinux.8 -@@ -0,0 +1,139 @@ +@@ -0,0 +1,157 @@ +.TH "soundd_selinux" "8" "soundd" "dwalsh@redhat.com" "soundd SELinux Policy documentation" +.SH "NAME" +soundd_selinux \- Security Enhanced Linux Policy for the soundd processes @@ -36566,64 +42437,47 @@ index 0000000..d27c159 + + +.EX ++.PP +.B soundd_etc_t +.EE + +- Set files with the soundd_etc_t type, if you want to store soundd files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/yiff(/.*)?, /etc/nas(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B soundd_exec_t +.EE + +- Set files with the soundd_exec_t type, if you want to transition an executable to the soundd_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/gpe-soundserver, /usr/sbin/yiff, /usr/bin/nasd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B soundd_initrc_exec_t +.EE + +- Set files with the soundd_initrc_exec_t type, if you want to transition an executable to the soundd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B soundd_state_t +.EE + +- Set files with the soundd_state_t type, if you want to treat the files as soundd state data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B soundd_tmp_t +.EE + @@ -36631,6 +42485,7 @@ index 0000000..d27c159 + + +.EX ++.PP +.B soundd_tmpfs_t +.EE + @@ -36638,14 +42493,18 @@ index 0000000..d27c159 + + +.EX ++.PP +.B soundd_var_run_t +.EE + +- Set files with the soundd_var_run_t type, if you want to store the soundd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/nasd(/.*)?, /var/run/yiff-[0-9]+\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -36664,17 +42523,47 @@ index 0000000..d27c159 +SELinux soundd policy is very flexible allowing users to setup their soundd processes in as secure a method as possible. +.PP +The following port types are defined for soundd: -+.EX + ++.EX ++.TP 5 +.B soundd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux soundd policy is very flexible allowing users to setup their soundd processes in as secure a method as possible. ++.PP ++The following process types are defined for soundd: + -+.B tcp 8000,9433,16001 ++.EX ++.B soundd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -36687,10 +42576,10 @@ index 0000000..d27c159 +selinux(8), soundd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/spamass_selinux.8 b/man/man8/spamass_selinux.8 new file mode 100644 -index 0000000..7548453 +index 0000000..aa543a3 --- /dev/null +++ b/man/man8/spamass_selinux.8 -@@ -0,0 +1,86 @@ +@@ -0,0 +1,106 @@ +.TH "spamass_selinux" "8" "spamass" "dwalsh@redhat.com" "spamass SELinux Policy documentation" +.SH "NAME" +spamass_selinux \- Security Enhanced Linux Policy for the spamass processes @@ -36722,47 +42611,67 @@ index 0000000..7548453 + + +.EX ++.PP +.B spamass_milter_data_t +.EE + +- Set files with the spamass_milter_data_t type, if you want to treat the files as spamass milter content. + +.br ++.TP 5 +Paths: +/var/run/spamass-milter(/.*)?, /var/run/spamass-milter\.pid -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B spamass_milter_exec_t +.EE + +- Set files with the spamass_milter_exec_t type, if you want to transition an executable to the spamass_milter_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B spamass_milter_state_t +.EE + +- Set files with the spamass_milter_state_t type, if you want to treat the files as spamass milter state data. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux spamass policy is very flexible allowing users to setup their spamass processes in as secure a method as possible. ++.PP ++The following process types are defined for spamass: ++ ++.EX ++.B spamass_milter_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -36780,10 +42689,10 @@ index 0000000..7548453 \ No newline at end of file diff --git a/man/man8/spamc_selinux.8 b/man/man8/spamc_selinux.8 new file mode 100644 -index 0000000..c46c069 +index 0000000..d4139a8 --- /dev/null +++ b/man/man8/spamc_selinux.8 -@@ -0,0 +1,65 @@ +@@ -0,0 +1,91 @@ +.TH "spamc_selinux" "8" "spamc" "dwalsh@redhat.com" "spamc SELinux Policy documentation" +.SH "NAME" +spamc_selinux \- Security Enhanced Linux Policy for the spamc processes @@ -36804,41 +42713,67 @@ index 0000000..c46c069 + + +.EX ++.PP +.B spamc_exec_t +.EE + +- Set files with the spamc_exec_t type, if you want to transition an executable to the spamc_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/spamc, /usr/bin/sa-learn, /usr/bin/spamassassin -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B spamc_home_t +.EE + +- Set files with the spamc_home_t type, if you want to store spamc files in the users home directory. + ++ ++.EX ++.PP ++.B spamc_tmp_t ++.EE ++ ++- Set files with the spamc_tmp_t type, if you want to store spamc temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux spamc policy is very flexible allowing users to setup their spamc processes in as secure a method as possible. ++.PP ++The following process types are defined for spamc: + +.EX -+.B spamc_tmp_t ++.B spamc_t +.EE -+ -+- Set files with the spamc_tmp_t type, if you want to store spamc temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -36851,10 +42786,10 @@ index 0000000..c46c069 +selinux(8), spamc(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/spamd_selinux.8 b/man/man8/spamd_selinux.8 new file mode 100644 -index 0000000..fa9bfab +index 0000000..3d6bb91 --- /dev/null +++ b/man/man8/spamd_selinux.8 -@@ -0,0 +1,213 @@ +@@ -0,0 +1,218 @@ +.TH "spamd_selinux" "8" "spamd" "dwalsh@redhat.com" "spamd SELinux Policy documentation" +.SH "NAME" +spamd_selinux \- Security Enhanced Linux Policy for the spamd processes @@ -36900,19 +42835,15 @@ index 0000000..fa9bfab + + +.EX ++.PP +.B spamd_compiled_t +.EE + +- Set files with the spamd_compiled_t type, if you want to treat the files as spamd compiled data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B spamd_etc_t +.EE + @@ -36920,70 +42851,55 @@ index 0000000..fa9bfab + + +.EX ++.PP +.B spamd_exec_t +.EE + +- Set files with the spamd_exec_t type, if you want to transition an executable to the spamd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/spamd, /usr/bin/mimedefang-multiplexor, /usr/bin/spamd, /usr/bin/mimedefang -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B spamd_initrc_exec_t +.EE + +- Set files with the spamd_initrc_exec_t type, if you want to transition an executable to the spamd_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/spamd, /etc/rc\.d/init\.d/mimedefang.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B spamd_log_t +.EE + +- Set files with the spamd_log_t type, if you want to treat the data as spamd log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/spamd\.log, /var/log/mimedefang -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B spamd_spool_t +.EE + +- Set files with the spamd_spool_t type, if you want to store the spamd files under the /var/spool directory. + +.br ++.TP 5 +Paths: +/var/spool/spamd(/.*)?, /var/spool/spamassassin(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B spamd_tmp_t +.EE + @@ -36991,40 +42907,34 @@ index 0000000..fa9bfab + + +.EX ++.PP +.B spamd_update_exec_t +.EE + +- Set files with the spamd_update_exec_t type, if you want to transition an executable to the spamd_update_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B spamd_var_lib_t +.EE + +- Set files with the spamd_var_lib_t type, if you want to store the spamd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B spamd_var_run_t +.EE + +- Set files with the spamd_var_run_t type, if you want to store the spamd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/spamassassin(/.*)?, /var/spool/MIMEDefang(/.*)?, /var/spool/MD-Quarantine(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -37043,17 +42953,47 @@ index 0000000..fa9bfab +SELinux spamd policy is very flexible allowing users to setup their spamd processes in as secure a method as possible. +.PP +The following port types are defined for spamd: -+.EX + ++.EX ++.TP 5 +.B spamd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux spamd policy is very flexible allowing users to setup their spamd processes in as secure a method as possible. ++.PP ++The following process types are defined for spamd: + -+.B tcp 783 ++.EX ++.B spamc_t, spamd_t, spamd_update_t, spamass_milter_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -37071,10 +43011,10 @@ index 0000000..fa9bfab \ No newline at end of file diff --git a/man/man8/squid_selinux.8 b/man/man8/squid_selinux.8 new file mode 100644 -index 0000000..b617a59 +index 0000000..104476c --- /dev/null +++ b/man/man8/squid_selinux.8 -@@ -0,0 +1,169 @@ +@@ -0,0 +1,179 @@ +.TH "squid_selinux" "8" "squid" "dwalsh@redhat.com" "squid SELinux Policy documentation" +.SH "NAME" +squid_selinux \- Security Enhanced Linux Policy for the squid processes @@ -37113,80 +43053,59 @@ index 0000000..b617a59 + + +.EX ++.PP +.B squid_cache_t +.EE + +- Set files with the squid_cache_t type, if you want to store the files under the /var/cache directory. + +.br ++.TP 5 +Paths: +/var/cache/squid(/.*)?, /var/spool/squid(/.*)?, /var/squidGuard(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B squid_conf_t +.EE + +- Set files with the squid_conf_t type, if you want to treat the files as squid configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/etc/squid(/.*)?, /usr/share/squid(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B squid_exec_t +.EE + +- Set files with the squid_exec_t type, if you want to transition an executable to the squid_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B squid_initrc_exec_t +.EE + +- Set files with the squid_initrc_exec_t type, if you want to transition an executable to the squid_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B squid_log_t +.EE + +- Set files with the squid_log_t type, if you want to treat the data as squid log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/squid(/.*)?, /var/log/squidGuard(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B squid_tmpfs_t +.EE + @@ -37194,11 +43113,14 @@ index 0000000..b617a59 + + +.EX ++.PP +.B squid_var_run_t +.EE + +- Set files with the squid_var_run_t type, if you want to store the squid files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -37217,19 +43139,47 @@ index 0000000..b617a59 +SELinux squid policy is very flexible allowing users to setup their squid processes in as secure a method as possible. +.PP +The following port types are defined for squid: -+.EX + ++.EX ++.TP 5 +.B squid_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 3128,3401,4827 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 3401,4827 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux squid policy is very flexible allowing users to setup their squid processes in as secure a method as possible. ++.PP ++The following process types are defined for squid: ++ ++.EX ++.B squid_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -37247,10 +43197,10 @@ index 0000000..b617a59 \ No newline at end of file diff --git a/man/man8/srvsvcd_selinux.8 b/man/man8/srvsvcd_selinux.8 new file mode 100644 -index 0000000..624a6f5 +index 0000000..b3bfe90 --- /dev/null +++ b/man/man8/srvsvcd_selinux.8 -@@ -0,0 +1,69 @@ +@@ -0,0 +1,95 @@ +.TH "srvsvcd_selinux" "8" "srvsvcd" "dwalsh@redhat.com" "srvsvcd SELinux Policy documentation" +.SH "NAME" +srvsvcd_selinux \- Security Enhanced Linux Policy for the srvsvcd processes @@ -37271,19 +43221,15 @@ index 0000000..624a6f5 + + +.EX ++.PP +.B srvsvcd_exec_t +.EE + +- Set files with the srvsvcd_exec_t type, if you want to transition an executable to the srvsvcd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B srvsvcd_var_lib_t +.EE + @@ -37291,25 +43237,55 @@ index 0000000..624a6f5 + + +.EX ++.PP +.B srvsvcd_var_run_t +.EE + +- Set files with the srvsvcd_var_run_t type, if you want to store the srvsvcd files under the /run directory. + ++ ++.EX ++.PP ++.B srvsvcd_var_socket_t ++.EE ++ ++- Set files with the srvsvcd_var_socket_t type, if you want to treat the files as srvsvcd var socket data. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux srvsvcd policy is very flexible allowing users to setup their srvsvcd processes in as secure a method as possible. ++.PP ++The following process types are defined for srvsvcd: + +.EX -+.B srvsvcd_var_socket_t ++.B srvsvcd_t +.EE -+ -+- Set files with the srvsvcd_var_socket_t type, if you want to treat the files as srvsvcd var socket data. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -37322,7 +43298,7 @@ index 0000000..624a6f5 +selinux(8), srvsvcd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ssh_selinux.8 b/man/man8/ssh_selinux.8 new file mode 100644 -index 0000000..2550ea1 +index 0000000..5fbe8ec --- /dev/null +++ b/man/man8/ssh_selinux.8 @@ -0,0 +1,248 @@ @@ -37385,19 +43361,15 @@ index 0000000..2550ea1 + + +.EX ++.PP +.B ssh_agent_exec_t +.EE + +- Set files with the ssh_agent_exec_t type, if you want to transition an executable to the ssh_agent_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ssh_agent_tmp_t +.EE + @@ -37405,61 +43377,43 @@ index 0000000..2550ea1 + + +.EX ++.PP +.B ssh_exec_t +.EE + +- Set files with the ssh_exec_t type, if you want to transition an executable to the ssh_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ssh_home_t +.EE + +- Set files with the ssh_home_t type, if you want to store ssh files in the users home directory. + +.br ++.TP 5 +Paths: +/var/lib/nocpulse/\.ssh(/.*)?, /var/lib/gitolite/\.ssh(/.*)?, /var/lib/libra/.*/\.ssh(/.*)?, /root/\.shosts, /var/lib/amanda/\.ssh(/.*)?, /root/\.ssh(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ssh_keygen_exec_t +.EE + +- Set files with the ssh_keygen_exec_t type, if you want to transition an executable to the ssh_keygen_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ssh_keysign_exec_t +.EE + +- Set files with the ssh_keysign_exec_t type, if you want to transition an executable to the ssh_keysign_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ssh_tmpfs_t +.EE + @@ -37467,48 +43421,35 @@ index 0000000..2550ea1 + + +.EX ++.PP +.B sshd_exec_t +.EE + +- Set files with the sshd_exec_t type, if you want to transition an executable to the sshd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sshd_initrc_exec_t +.EE + +- Set files with the sshd_initrc_exec_t type, if you want to transition an executable to the sshd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sshd_key_t +.EE + +- Set files with the sshd_key_t type, if you want to treat the files as sshd key data. + +.br ++.TP 5 +Paths: +/etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/primes -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sshd_keytab_t +.EE + @@ -37516,6 +43457,7 @@ index 0000000..2550ea1 + + +.EX ++.PP +.B sshd_tmpfs_t +.EE + @@ -37523,14 +43465,18 @@ index 0000000..2550ea1 + + +.EX ++.PP +.B sshd_var_run_t +.EE + +- Set files with the sshd_var_run_t type, if you want to store the sshd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/sshd\.pid, /var/run/sshd\.init\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -37549,17 +43495,47 @@ index 0000000..2550ea1 +SELinux ssh policy is very flexible allowing users to setup their ssh processes in as secure a method as possible. +.PP +The following port types are defined for ssh: -+.EX + ++.EX ++.TP 5 +.B ssh_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ssh policy is very flexible allowing users to setup their ssh processes in as secure a method as possible. ++.PP ++The following process types are defined for ssh: + -+.B tcp 22 ++.EX ++.B sshd_sandbox_t, ssh_keysign_t, ssh_keygen_t, ssh_t, sshd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -37577,10 +43553,10 @@ index 0000000..2550ea1 \ No newline at end of file diff --git a/man/man8/sshd_selinux.8 b/man/man8/sshd_selinux.8 new file mode 100644 -index 0000000..5b81326 +index 0000000..cb97a44 --- /dev/null +++ b/man/man8/sshd_selinux.8 -@@ -0,0 +1,166 @@ +@@ -0,0 +1,188 @@ +.TH "sshd_selinux" "8" "sshd" "dwalsh@redhat.com" "sshd SELinux Policy documentation" +.SH "NAME" +sshd_selinux \- Security Enhanced Linux Policy for the sshd processes @@ -37640,48 +43616,35 @@ index 0000000..5b81326 + + +.EX ++.PP +.B sshd_exec_t +.EE + +- Set files with the sshd_exec_t type, if you want to transition an executable to the sshd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sshd_initrc_exec_t +.EE + +- Set files with the sshd_initrc_exec_t type, if you want to transition an executable to the sshd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sshd_key_t +.EE + +- Set files with the sshd_key_t type, if you want to treat the files as sshd key data. + +.br ++.TP 5 +Paths: +/etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/primes -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sshd_keytab_t +.EE + @@ -37689,6 +43652,7 @@ index 0000000..5b81326 + + +.EX ++.PP +.B sshd_tmpfs_t +.EE + @@ -37696,14 +43660,18 @@ index 0000000..5b81326 + + +.EX ++.PP +.B sshd_var_run_t +.EE + +- Set files with the sshd_var_run_t type, if you want to store the sshd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/sshd\.pid, /var/run/sshd\.init\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -37722,17 +43690,47 @@ index 0000000..5b81326 +SELinux sshd policy is very flexible allowing users to setup their sshd processes in as secure a method as possible. +.PP +The following port types are defined for sshd: -+.EX + ++.EX ++.TP 5 +.B ssh_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux sshd policy is very flexible allowing users to setup their sshd processes in as secure a method as possible. ++.PP ++The following process types are defined for sshd: + -+.B tcp 22 ++.EX ++.B sshd_sandbox_t, ssh_keysign_t, ssh_keygen_t, ssh_t, sshd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -37750,10 +43748,10 @@ index 0000000..5b81326 \ No newline at end of file diff --git a/man/man8/sssd_selinux.8 b/man/man8/sssd_selinux.8 new file mode 100644 -index 0000000..ad2a12f +index 0000000..f84f89e --- /dev/null +++ b/man/man8/sssd_selinux.8 -@@ -0,0 +1,107 @@ +@@ -0,0 +1,111 @@ +.TH "sssd_selinux" "8" "sssd" "dwalsh@redhat.com" "sssd SELinux Policy documentation" +.SH "NAME" +sssd_selinux \- Security Enhanced Linux Policy for the sssd processes @@ -37774,83 +43772,87 @@ index 0000000..ad2a12f + + +.EX ++.PP +.B sssd_exec_t +.EE + +- Set files with the sssd_exec_t type, if you want to transition an executable to the sssd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sssd_initrc_exec_t +.EE + +- Set files with the sssd_initrc_exec_t type, if you want to transition an executable to the sssd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sssd_public_t +.EE + +- Set files with the sssd_public_t type, if you want to treat the files as sssd public data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sssd_var_lib_t +.EE + +- Set files with the sssd_var_lib_t type, if you want to store the sssd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sssd_var_log_t +.EE + +- Set files with the sssd_var_log_t type, if you want to treat the data as sssd var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sssd_var_run_t +.EE + +- Set files with the sssd_var_run_t type, if you want to store the sssd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux sssd policy is very flexible allowing users to setup their sssd processes in as secure a method as possible. ++.PP ++The following process types are defined for sssd: ++ ++.EX ++.B sssd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -37863,10 +43865,10 @@ index 0000000..ad2a12f +selinux(8), sssd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/stunnel_selinux.8 b/man/man8/stunnel_selinux.8 new file mode 100644 -index 0000000..f211d78 +index 0000000..dc17b67 --- /dev/null +++ b/man/man8/stunnel_selinux.8 -@@ -0,0 +1,95 @@ +@@ -0,0 +1,125 @@ +.TH "stunnel_selinux" "8" "stunnel" "dwalsh@redhat.com" "stunnel SELinux Policy documentation" +.SH "NAME" +stunnel_selinux \- Security Enhanced Linux Policy for the stunnel processes @@ -37887,35 +43889,27 @@ index 0000000..f211d78 + + +.EX ++.PP +.B stunnel_etc_t +.EE + +- Set files with the stunnel_etc_t type, if you want to store stunnel files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B stunnel_exec_t +.EE + +- Set files with the stunnel_exec_t type, if you want to transition an executable to the stunnel_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/stunnel, /usr/bin/stunnel -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B stunnel_tmp_t +.EE + @@ -37923,11 +43917,14 @@ index 0000000..f211d78 + + +.EX ++.PP +.B stunnel_var_run_t +.EE + +- Set files with the stunnel_var_run_t type, if you want to store the stunnel files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -37946,12 +43943,47 @@ index 0000000..f211d78 +SELinux stunnel policy is very flexible allowing users to setup their stunnel processes in as secure a method as possible. +.PP +The following port types are defined for stunnel: -+.EX + ++.EX ++.TP 5 +.B stunnel_port_t ++.TP 10 ++.EE ++ ++ ++Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux stunnel policy is very flexible allowing users to setup their stunnel processes in as secure a method as possible. ++.PP ++The following process types are defined for stunnel: ++ ++.EX ++.B stunnel_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -37964,10 +43996,10 @@ index 0000000..f211d78 +selinux(8), stunnel(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/sulogin_selinux.8 b/man/man8/sulogin_selinux.8 new file mode 100644 -index 0000000..403da22 +index 0000000..0412cfa --- /dev/null +++ b/man/man8/sulogin_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "sulogin_selinux" "8" "sulogin" "dwalsh@redhat.com" "sulogin SELinux Policy documentation" +.SH "NAME" +sulogin_selinux \- Security Enhanced Linux Policy for the sulogin processes @@ -37988,21 +44020,51 @@ index 0000000..403da22 + + +.EX ++.PP +.B sulogin_exec_t +.EE + +- Set files with the sulogin_exec_t type, if you want to transition an executable to the sulogin_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/sushell, /sbin/sulogin, /usr/sbin/sulogin, /sbin/sushell ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux sulogin policy is very flexible allowing users to setup their sulogin processes in as secure a method as possible. ++.PP ++The following process types are defined for sulogin: ++ ++.EX ++.B sulogin_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -38015,10 +44077,10 @@ index 0000000..403da22 +selinux(8), sulogin(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/svc_selinux.8 b/man/man8/svc_selinux.8 new file mode 100644 -index 0000000..f1d738d +index 0000000..7267256 --- /dev/null +++ b/man/man8/svc_selinux.8 -@@ -0,0 +1,119 @@ +@@ -0,0 +1,127 @@ +.TH "svc_selinux" "8" "svc" "dwalsh@redhat.com" "svc SELinux Policy documentation" +.SH "NAME" +svc_selinux \- Security Enhanced Linux Policy for the svc processes @@ -38039,95 +44101,103 @@ index 0000000..f1d738d + + +.EX ++.PP +.B svc_conf_t +.EE + +- Set files with the svc_conf_t type, if you want to treat the files as svc configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/var/dnscache/env(/.*)?, /var/tinydns/env(/.*)?, /var/axfrdns/env(/.*)?, /var/service/.*/env(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B svc_log_t +.EE + +- Set files with the svc_log_t type, if you want to treat the data as svc log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B svc_multilog_exec_t +.EE + +- Set files with the svc_multilog_exec_t type, if you want to transition an executable to the svc_multilog_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B svc_run_exec_t +.EE + +- Set files with the svc_run_exec_t type, if you want to transition an executable to the svc_run_t domain. + +.br ++.TP 5 +Paths: +/var/tinydns/run, /var/qmail/supervise/.*/run, /var/axfrdns/log/run, /usr/bin/setuidgid, /usr/bin/fghack, /var/tinydns/log/run, /var/service/.*/log/run, /var/axfrdns/run, /var/qmail/supervise/.*/log/run, /usr/bin/envuidgid, /usr/bin/envdir, /var/dnscache/run, /usr/bin/softlimit, /var/service/.*/run.*, /usr/bin/pgrphack, /var/dnscache/log/run, /usr/bin/setlock -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B svc_start_exec_t +.EE + +- Set files with the svc_start_exec_t type, if you want to transition an executable to the svc_start_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/svok, /usr/bin/svscan, /usr/bin/svc, /usr/bin/svscanboot, /usr/bin/supervise -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B svc_svc_t +.EE + +- Set files with the svc_svc_t type, if you want to treat the files as svc svc data. + +.br ++.TP 5 +Paths: +/service, /var/tinydns(/.*)?, /service/.*, /var/service/.*, /var/qmail/supervise(/.*)?, /var/dnscache(/.*)?, /var/axfrdns(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux svc policy is very flexible allowing users to setup their svc processes in as secure a method as possible. ++.PP ++The following process types are defined for svc: ++ ++.EX ++.B svc_multilog_t, svc_start_t, svc_run_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -38140,10 +44210,10 @@ index 0000000..f1d738d +selinux(8), svc(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/swat_selinux.8 b/man/man8/swat_selinux.8 new file mode 100644 -index 0000000..76b4384 +index 0000000..862df94 --- /dev/null +++ b/man/man8/swat_selinux.8 -@@ -0,0 +1,78 @@ +@@ -0,0 +1,113 @@ +.TH "swat_selinux" "8" "swat" "dwalsh@redhat.com" "swat SELinux Policy documentation" +.SH "NAME" +swat_selinux \- Security Enhanced Linux Policy for the swat processes @@ -38164,19 +44234,15 @@ index 0000000..76b4384 + + +.EX ++.PP +.B swat_exec_t +.EE + +- Set files with the swat_exec_t type, if you want to transition an executable to the swat_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B swat_tmp_t +.EE + @@ -38184,11 +44250,20 @@ index 0000000..76b4384 + + +.EX ++.PP +.B swat_var_run_t +.EE + +- Set files with the swat_var_run_t type, if you want to store the swat files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -38201,17 +44276,47 @@ index 0000000..76b4384 +SELinux swat policy is very flexible allowing users to setup their swat processes in as secure a method as possible. +.PP +The following port types are defined for swat: -+.EX + ++.EX ++.TP 5 +.B swat_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux swat policy is very flexible allowing users to setup their swat processes in as secure a method as possible. ++.PP ++The following process types are defined for swat: + -+.B tcp 901 ++.EX ++.B swat_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -38224,10 +44329,10 @@ index 0000000..76b4384 +selinux(8), swat(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/syslogd_selinux.8 b/man/man8/syslogd_selinux.8 new file mode 100644 -index 0000000..5bc1cf5 +index 0000000..1459cdc --- /dev/null +++ b/man/man8/syslogd_selinux.8 -@@ -0,0 +1,150 @@ +@@ -0,0 +1,170 @@ +.TH "syslogd_selinux" "8" "syslogd" "dwalsh@redhat.com" "syslogd SELinux Policy documentation" +.SH "NAME" +syslogd_selinux \- Security Enhanced Linux Policy for the syslogd processes @@ -38273,35 +44378,27 @@ index 0000000..5bc1cf5 + + +.EX ++.PP +.B syslogd_exec_t +.EE + +- Set files with the syslogd_exec_t type, if you want to transition an executable to the syslogd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/rsyslogd, /usr/sbin/syslog-ng, /usr/lib/systemd/systemd-kmsg-syslogd, /usr/sbin/metalog, /usr/lib/systemd/systemd-journald, /usr/sbin/syslogd, /usr/sbin/minilogd, /sbin/rsyslogd, /sbin/syslogd, /sbin/syslog-ng, /lib/systemd/systemd-kmsg-syslogd, /sbin/minilogd, /lib/systemd/systemd-journald -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B syslogd_initrc_exec_t +.EE + +- Set files with the syslogd_initrc_exec_t type, if you want to transition an executable to the syslogd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B syslogd_tmp_t +.EE + @@ -38309,30 +44406,30 @@ index 0000000..5bc1cf5 + + +.EX ++.PP +.B syslogd_var_lib_t +.EE + +- Set files with the syslogd_var_lib_t type, if you want to store the syslogd files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/syslog-ng.persist, /var/lib/r?syslog(/.*)?, /var/lib/syslog-ng(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B syslogd_var_run_t +.EE + +- Set files with the syslogd_var_run_t type, if you want to store the syslogd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/log/syslog-ng(/.*)?, /var/run/syslog-ng(/.*)?, /var/run/metalog\.pid, /var/run/syslogd\.pid, /var/run/log(/.*)?, /var/run/syslog-ng.ctl ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -38351,19 +44448,47 @@ index 0000000..5bc1cf5 +SELinux syslogd policy is very flexible allowing users to setup their syslogd processes in as secure a method as possible. +.PP +The following port types are defined for syslogd: -+.EX + ++.EX ++.TP 5 +.B syslogd_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 6514 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 514,6514 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux syslogd policy is very flexible allowing users to setup their syslogd processes in as secure a method as possible. ++.PP ++The following process types are defined for syslogd: ++ ++.EX ++.B syslogd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -38381,10 +44506,10 @@ index 0000000..5bc1cf5 \ No newline at end of file diff --git a/man/man8/sysstat_selinux.8 b/man/man8/sysstat_selinux.8 new file mode 100644 -index 0000000..6bbd8c4 +index 0000000..5ccf806 --- /dev/null +++ b/man/man8/sysstat_selinux.8 -@@ -0,0 +1,61 @@ +@@ -0,0 +1,87 @@ +.TH "sysstat_selinux" "8" "sysstat" "dwalsh@redhat.com" "sysstat SELinux Policy documentation" +.SH "NAME" +sysstat_selinux \- Security Enhanced Linux Policy for the sysstat processes @@ -38405,37 +44530,63 @@ index 0000000..6bbd8c4 + + +.EX ++.PP +.B sysstat_exec_t +.EE + +- Set files with the sysstat_exec_t type, if you want to transition an executable to the sysstat_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/sa/sa.*, /usr/lib/sysstat/sa.*, /usr/lib/atsar/atsa.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B sysstat_log_t +.EE + +- Set files with the sysstat_log_t type, if you want to treat the data as sysstat log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/sysstat(/.*)?, /var/log/sa(/.*)?, /var/log/atsar(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux sysstat policy is very flexible allowing users to setup their sysstat processes in as secure a method as possible. ++.PP ++The following process types are defined for sysstat: ++ ++.EX ++.B sysstat_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -38448,10 +44599,10 @@ index 0000000..6bbd8c4 +selinux(8), sysstat(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/system_selinux.8 b/man/man8/system_selinux.8 new file mode 100644 -index 0000000..f46b1ca +index 0000000..29bd641 --- /dev/null +++ b/man/man8/system_selinux.8 -@@ -0,0 +1,364 @@ +@@ -0,0 +1,339 @@ +.TH "system_selinux" "8" "system" "dwalsh@redhat.com" "system SELinux Policy documentation" +.SH "NAME" +system_selinux \- Security Enhanced Linux Policy for the system processes @@ -38504,38 +44655,31 @@ index 0000000..f46b1ca + + +.EX ++.PP +.B system_conf_t +.EE + +- Set files with the system_conf_t type, if you want to treat the files as system configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/etc/sysctl\.conf(\.old)?, /etc/sysconfig/ipvsadm.*, /etc/sysconfig/ebtables.*, /etc/sysconfig/ip6?tables.*, /etc/sysconfig/system-config-firewall.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B system_cron_spool_t +.EE + +- Set files with the system_cron_spool_t type, if you want to store the system cron files under the /var/spool directory. + +.br ++.TP 5 +Paths: +/etc/crontab, /var/spool/anacron(/.*)?, /etc/cron\.d(/.*)?, /var/spool/fcron/systab, /var/spool/fcron/systab\.orig, /var/spool/fcron/new\.systab -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B system_cronjob_lock_t +.EE + @@ -38543,6 +44687,7 @@ index 0000000..f46b1ca + + +.EX ++.PP +.B system_cronjob_tmp_t +.EE + @@ -38550,6 +44695,7 @@ index 0000000..f46b1ca + + +.EX ++.PP +.B system_cronjob_var_lib_t +.EE + @@ -38557,6 +44703,7 @@ index 0000000..f46b1ca + + +.EX ++.PP +.B system_cronjob_var_run_t +.EE + @@ -38564,6 +44711,7 @@ index 0000000..f46b1ca + + +.EX ++.PP +.B system_dbusd_tmp_t +.EE + @@ -38571,35 +44719,27 @@ index 0000000..f46b1ca + + +.EX ++.PP +.B system_dbusd_var_lib_t +.EE + +- Set files with the system_dbusd_var_lib_t type, if you want to store the system dbusd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B system_dbusd_var_run_t +.EE + +- Set files with the system_dbusd_var_run_t type, if you want to store the system dbusd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/named/chroot/var/run/dbus(/.*)?, /var/run/dbus(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B system_mail_tmp_t +.EE + @@ -38607,38 +44747,31 @@ index 0000000..f46b1ca + + +.EX ++.PP +.B system_map_t +.EE + +- Set files with the system_map_t type, if you want to treat the files as system map data. + +.br ++.TP 5 +Paths: +/boot/System\.map(-.*)?, /boot/efi(/.*)?/System\.map(-.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B system_munin_plugin_exec_t +.EE + +- Set files with the system_munin_plugin_exec_t type, if you want to transition an executable to the system_munin_plugin_t domain. + +.br ++.TP 5 +Paths: +/usr/share/munin/plugins/proc_pri, /usr/share/munin/plugins/swap, /usr/share/munin/plugins/interrupts, /usr/share/munin/plugins/cpu.*, /usr/share/munin/plugins/yum, /usr/share/munin/plugins/load, /usr/share/munin/plugins/irqstats, /usr/share/munin/plugins/processes, /usr/share/munin/plugins/iostat.*, /usr/share/munin/plugins/nfs.*, /usr/share/munin/plugins/munin_.*, /usr/share/munin/plugins/threads, /usr/share/munin/plugins/netstat, /usr/share/munin/plugins/acpi, /usr/share/munin/plugins/forks, /usr/share/munin/plugins/uptime, /usr/share/munin/plugins/users, /usr/share/munin/plugins/memory, /usr/share/munin/plugins/if_.*, /usr/share/munin/plugins/open_files -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B system_munin_plugin_tmp_t +.EE + @@ -38646,162 +44779,155 @@ index 0000000..f46b1ca + + +.EX ++.PP +.B systemd_logger_exec_t +.EE + +- Set files with the systemd_logger_exec_t type, if you want to transition an executable to the systemd_logger_t domain. + +.br ++.TP 5 +Paths: +/lib/systemd/systemd-logger, /usr/lib/systemd/systemd-logger -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_logind_exec_t +.EE + +- Set files with the systemd_logind_exec_t type, if you want to transition an executable to the systemd_logind_t domain. + +.br ++.TP 5 +Paths: +/lib/systemd/systemd-logind, /usr/lib/systemd/systemd-logind -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_logind_sessions_t +.EE + +- Set files with the systemd_logind_sessions_t type, if you want to treat the files as systemd logind sessions data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_logind_var_run_t +.EE + +- Set files with the systemd_logind_var_run_t type, if you want to store the systemd logind files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/systemd/users(/.*)?, /var/run/systemd/seats(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_notify_exec_t +.EE + +- Set files with the systemd_notify_exec_t type, if you want to transition an executable to the systemd_notify_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/systemd-notify, /bin/systemd-notify -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_passwd_agent_exec_t +.EE + +- Set files with the systemd_passwd_agent_exec_t type, if you want to transition an executable to the systemd_passwd_agent_t domain. + +.br ++.TP 5 +Paths: +/bin/systemd-tty-ask-password-agent, /usr/bin/systemd-gnome-ask-password-agent, /usr/bin/systemd-tty-ask-password-agent -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_passwd_var_run_t +.EE + +- Set files with the systemd_passwd_var_run_t type, if you want to store the systemd passwd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/systemd/ask-password(/.*)?, /var/run/systemd/ask-password-block(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_systemctl_exec_t +.EE + +- Set files with the systemd_systemctl_exec_t type, if you want to transition an executable to the systemd_systemctl_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/systemctl, /bin/systemctl -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_tmpfiles_exec_t +.EE + +- Set files with the systemd_tmpfiles_exec_t type, if you want to transition an executable to the systemd_tmpfiles_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/systemd-tmpfiles, /bin/systemd-tmpfiles, /usr/lib/systemd/systemd-tmpfiles, /lib/systemd/systemd-tmpfiles -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_unit_file_t +.EE + +- Set files with the systemd_unit_file_t type, if you want to treat the files as systemd unit content. + +.br ++.TP 5 +Paths: +/usr/lib/systemd/system(/.*)?, /lib/systemd/system(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux system policy is very flexible allowing users to setup their system processes in as secure a method as possible. ++.PP ++The following process types are defined for system: ++ ++.EX ++.B system_munin_plugin_t, systemd_logger_t, systemd_logind_t, system_cronjob_t, systemd_notify_t, system_mail_t, systemd_passwd_agent_t, system_dbusd_t, systemd_tmpfiles_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -38819,10 +44945,10 @@ index 0000000..f46b1ca \ No newline at end of file diff --git a/man/man8/systemd_selinux.8 b/man/man8/systemd_selinux.8 new file mode 100644 -index 0000000..34e8561 +index 0000000..f3ff4b1 --- /dev/null +++ b/man/man8/systemd_selinux.8 -@@ -0,0 +1,222 @@ +@@ -0,0 +1,215 @@ +.TH "systemd_selinux" "8" "systemd" "dwalsh@redhat.com" "systemd SELinux Policy documentation" +.SH "NAME" +systemd_selinux \- Security Enhanced Linux Policy for the systemd processes @@ -38875,162 +45001,155 @@ index 0000000..34e8561 + + +.EX ++.PP +.B systemd_logger_exec_t +.EE + +- Set files with the systemd_logger_exec_t type, if you want to transition an executable to the systemd_logger_t domain. + +.br ++.TP 5 +Paths: +/lib/systemd/systemd-logger, /usr/lib/systemd/systemd-logger -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_logind_exec_t +.EE + +- Set files with the systemd_logind_exec_t type, if you want to transition an executable to the systemd_logind_t domain. + +.br ++.TP 5 +Paths: +/lib/systemd/systemd-logind, /usr/lib/systemd/systemd-logind -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_logind_sessions_t +.EE + +- Set files with the systemd_logind_sessions_t type, if you want to treat the files as systemd logind sessions data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_logind_var_run_t +.EE + +- Set files with the systemd_logind_var_run_t type, if you want to store the systemd logind files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/systemd/users(/.*)?, /var/run/systemd/seats(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_notify_exec_t +.EE + +- Set files with the systemd_notify_exec_t type, if you want to transition an executable to the systemd_notify_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/systemd-notify, /bin/systemd-notify -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_passwd_agent_exec_t +.EE + +- Set files with the systemd_passwd_agent_exec_t type, if you want to transition an executable to the systemd_passwd_agent_t domain. + +.br ++.TP 5 +Paths: +/bin/systemd-tty-ask-password-agent, /usr/bin/systemd-gnome-ask-password-agent, /usr/bin/systemd-tty-ask-password-agent -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_passwd_var_run_t +.EE + +- Set files with the systemd_passwd_var_run_t type, if you want to store the systemd passwd files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/systemd/ask-password(/.*)?, /var/run/systemd/ask-password-block(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_systemctl_exec_t +.EE + +- Set files with the systemd_systemctl_exec_t type, if you want to transition an executable to the systemd_systemctl_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/systemctl, /bin/systemctl -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_tmpfiles_exec_t +.EE + +- Set files with the systemd_tmpfiles_exec_t type, if you want to transition an executable to the systemd_tmpfiles_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/systemd-tmpfiles, /bin/systemd-tmpfiles, /usr/lib/systemd/systemd-tmpfiles, /lib/systemd/systemd-tmpfiles -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B systemd_unit_file_t +.EE + +- Set files with the systemd_unit_file_t type, if you want to treat the files as systemd unit content. + +.br ++.TP 5 +Paths: +/usr/lib/systemd/system(/.*)?, /lib/systemd/system(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux systemd policy is very flexible allowing users to setup their systemd processes in as secure a method as possible. ++.PP ++The following process types are defined for systemd: ++ ++.EX ++.B system_munin_plugin_t, systemd_logger_t, systemd_logind_t, system_cronjob_t, systemd_notify_t, system_mail_t, systemd_passwd_agent_t, system_dbusd_t, systemd_tmpfiles_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -39048,10 +45167,10 @@ index 0000000..34e8561 \ No newline at end of file diff --git a/man/man8/tcpd_selinux.8 b/man/man8/tcpd_selinux.8 new file mode 100644 -index 0000000..5dc6158 +index 0000000..dcf911c --- /dev/null +++ b/man/man8/tcpd_selinux.8 -@@ -0,0 +1,78 @@ +@@ -0,0 +1,108 @@ +.TH "tcpd_selinux" "8" "tcpd" "dwalsh@redhat.com" "tcpd SELinux Policy documentation" +.SH "NAME" +tcpd_selinux \- Security Enhanced Linux Policy for the tcpd processes @@ -39097,25 +45216,55 @@ index 0000000..5dc6158 + + +.EX ++.PP +.B tcpd_exec_t +.EE + +- Set files with the tcpd_exec_t type, if you want to transition an executable to the tcpd_t domain. + ++ ++.EX ++.PP ++.B tcpd_tmp_t ++.EE ++ ++- Set files with the tcpd_tmp_t type, if you want to store tcpd temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux tcpd policy is very flexible allowing users to setup their tcpd processes in as secure a method as possible. ++.PP ++The following process types are defined for tcpd: + +.EX -+.B tcpd_tmp_t ++.B tcpd_t +.EE -+ -+- Set files with the tcpd_tmp_t type, if you want to store tcpd temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -39133,10 +45282,10 @@ index 0000000..5dc6158 \ No newline at end of file diff --git a/man/man8/tcsd_selinux.8 b/man/man8/tcsd_selinux.8 new file mode 100644 -index 0000000..8432c3e +index 0000000..ccd27e8 --- /dev/null +++ b/man/man8/tcsd_selinux.8 -@@ -0,0 +1,90 @@ +@@ -0,0 +1,113 @@ +.TH "tcsd_selinux" "8" "tcsd" "dwalsh@redhat.com" "tcsd SELinux Policy documentation" +.SH "NAME" +tcsd_selinux \- Security Enhanced Linux Policy for the tcsd processes @@ -39157,37 +45306,30 @@ index 0000000..8432c3e + + +.EX ++.PP +.B tcsd_exec_t +.EE + +- Set files with the tcsd_exec_t type, if you want to transition an executable to the tcsd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tcsd_initrc_exec_t +.EE + +- Set files with the tcsd_initrc_exec_t type, if you want to transition an executable to the tcsd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tcsd_var_lib_t +.EE + +- Set files with the tcsd_var_lib_t type, if you want to store the tcsd files under the /var/lib directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -39206,17 +45348,47 @@ index 0000000..8432c3e +SELinux tcsd policy is very flexible allowing users to setup their tcsd processes in as secure a method as possible. +.PP +The following port types are defined for tcsd: -+.EX + ++.EX ++.TP 5 +.B tcs_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux tcsd policy is very flexible allowing users to setup their tcsd processes in as secure a method as possible. ++.PP ++The following process types are defined for tcsd: + -+.B tcp 30003 ++.EX ++.B tcsd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -39229,10 +45401,10 @@ index 0000000..8432c3e +selinux(8), tcsd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/telepathy_selinux.8 b/man/man8/telepathy_selinux.8 new file mode 100644 -index 0000000..2b30157 +index 0000000..94e44da --- /dev/null +++ b/man/man8/telepathy_selinux.8 -@@ -0,0 +1,297 @@ +@@ -0,0 +1,305 @@ +.TH "telepathy_selinux" "8" "telepathy" "dwalsh@redhat.com" "telepathy SELinux Policy documentation" +.SH "NAME" +telepathy_selinux \- Security Enhanced Linux Policy for the telepathy processes @@ -39271,6 +45443,7 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_cache_home_t +.EE + @@ -39278,6 +45451,7 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_data_home_t +.EE + @@ -39285,6 +45459,7 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_gabble_cache_home_t +.EE + @@ -39292,19 +45467,15 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_gabble_exec_t +.EE + +- Set files with the telepathy_gabble_exec_t type, if you want to transition an executable to the telepathy_gabble_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B telepathy_gabble_tmp_t +.EE + @@ -39312,19 +45483,15 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_idle_exec_t +.EE + +- Set files with the telepathy_idle_exec_t type, if you want to transition an executable to the telepathy_idle_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B telepathy_idle_tmp_t +.EE + @@ -39332,6 +45499,7 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_logger_cache_home_t +.EE + @@ -39339,6 +45507,7 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_logger_data_home_t +.EE + @@ -39346,19 +45515,15 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_logger_exec_t +.EE + +- Set files with the telepathy_logger_exec_t type, if you want to transition an executable to the telepathy_logger_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B telepathy_logger_tmp_t +.EE + @@ -39366,6 +45531,7 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_mission_control_cache_home_t +.EE + @@ -39373,6 +45539,7 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_mission_control_data_home_t +.EE + @@ -39380,19 +45547,15 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_mission_control_exec_t +.EE + +- Set files with the telepathy_mission_control_exec_t type, if you want to transition an executable to the telepathy_mission_control_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B telepathy_mission_control_home_t +.EE + @@ -39400,6 +45563,7 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_mission_control_tmp_t +.EE + @@ -39407,22 +45571,19 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_msn_exec_t +.EE + +- Set files with the telepathy_msn_exec_t type, if you want to transition an executable to the telepathy_msn_t domain. + +.br ++.TP 5 +Paths: +/usr/libexec/telepathy-butterfly, /usr/libexec/telepathy-haze -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B telepathy_msn_tmp_t +.EE + @@ -39430,19 +45591,15 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_salut_exec_t +.EE + +- Set files with the telepathy_salut_exec_t type, if you want to transition an executable to the telepathy_salut_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B telepathy_salut_tmp_t +.EE + @@ -39450,19 +45607,15 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_sofiasip_exec_t +.EE + +- Set files with the telepathy_sofiasip_exec_t type, if you want to transition an executable to the telepathy_sofiasip_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B telepathy_sofiasip_tmp_t +.EE + @@ -39470,19 +45623,15 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_stream_engine_exec_t +.EE + +- Set files with the telepathy_stream_engine_exec_t type, if you want to transition an executable to the telepathy_stream_engine_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B telepathy_stream_engine_tmp_t +.EE + @@ -39490,19 +45639,15 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_sunshine_exec_t +.EE + +- Set files with the telepathy_sunshine_exec_t type, if you want to transition an executable to the telepathy_sunshine_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B telepathy_sunshine_home_t +.EE + @@ -39510,12 +45655,47 @@ index 0000000..2b30157 + + +.EX ++.PP +.B telepathy_sunshine_tmp_t +.EE + +- Set files with the telepathy_sunshine_tmp_t type, if you want to store telepathy sunshine temporary files in the /tmp directories. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux telepathy policy is very flexible allowing users to setup their telepathy processes in as secure a method as possible. ++.PP ++The following process types are defined for telepathy: ++ ++.EX ++.B telepathy_gabble_t, telepathy_sofiasip_t, telepathy_idle_t, telepathy_mission_control_t, telepathy_salut_t, telepathy_sunshine_t, telepathy_logger_t, telepathy_stream_engine_t, telepathy_msn_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -39533,10 +45713,10 @@ index 0000000..2b30157 \ No newline at end of file diff --git a/man/man8/telnetd_selinux.8 b/man/man8/telnetd_selinux.8 new file mode 100644 -index 0000000..69851e4 +index 0000000..888cb81 --- /dev/null +++ b/man/man8/telnetd_selinux.8 -@@ -0,0 +1,88 @@ +@@ -0,0 +1,125 @@ +.TH "telnetd_selinux" "8" "telnetd" "dwalsh@redhat.com" "telnetd SELinux Policy documentation" +.SH "NAME" +telnetd_selinux \- Security Enhanced Linux Policy for the telnetd processes @@ -39557,22 +45737,19 @@ index 0000000..69851e4 + + +.EX ++.PP +.B telnetd_exec_t +.EE + +- Set files with the telnetd_exec_t type, if you want to transition an executable to the telnetd_t domain. + +.br ++.TP 5 +Paths: +/usr/kerberos/sbin/telnetd, /usr/sbin/in\.telnetd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B telnetd_keytab_t +.EE + @@ -39580,6 +45757,7 @@ index 0000000..69851e4 + + +.EX ++.PP +.B telnetd_tmp_t +.EE + @@ -39587,11 +45765,20 @@ index 0000000..69851e4 + + +.EX ++.PP +.B telnetd_var_run_t +.EE + +- Set files with the telnetd_var_run_t type, if you want to store the telnetd files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -39604,17 +45791,47 @@ index 0000000..69851e4 +SELinux telnetd policy is very flexible allowing users to setup their telnetd processes in as secure a method as possible. +.PP +The following port types are defined for telnetd: -+.EX + ++.EX ++.TP 5 +.B telnetd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux telnetd policy is very flexible allowing users to setup their telnetd processes in as secure a method as possible. ++.PP ++The following process types are defined for telnetd: + -+.B tcp 23 ++.EX ++.B telnetd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -39627,10 +45844,10 @@ index 0000000..69851e4 +selinux(8), telnetd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/tftpd_selinux.8 b/man/man8/tftpd_selinux.8 new file mode 100644 -index 0000000..b5e6772 +index 0000000..d5366dc --- /dev/null +++ b/man/man8/tftpd_selinux.8 -@@ -0,0 +1,131 @@ +@@ -0,0 +1,155 @@ +.TH "tftpd_selinux" "8" "tftpd" "dwalsh@redhat.com" "tftpd SELinux Policy documentation" +.SH "NAME" +tftpd_selinux \- Security Enhanced Linux Policy for the tftpd processes @@ -39646,18 +45863,16 @@ index 0000000..b5e6772 +.PP +.B +semanage fcontext -a -t public_content_t "/var/tftpd(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/tftpd ++.br ++.B restorecon -F -R -v /var/tftpd +.pp +.TP +Allow tftpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_tftpdd_anon_write boolean to be set. +.PP +.B +semanage fcontext -a -t public_content_rw_t "/var/tftpd/incoming(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/tftpd/incoming ++.br ++.B restorecon -F -R -v /var/tftpd/incoming + + +.PP @@ -39679,22 +45894,19 @@ index 0000000..b5e6772 + + +.EX ++.PP +.B tftpd_exec_t +.EE + +- Set files with the tftpd_exec_t type, if you want to transition an executable to the tftpd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/in\.tftpd, /usr/sbin/atftpd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tftpd_var_run_t +.EE + @@ -39702,27 +45914,26 @@ index 0000000..b5e6772 + + +.EX ++.PP +.B tftpdir_rw_t +.EE + +- Set files with the tftpdir_rw_t type, if you want to treat the files as tftpdir read/write content. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tftpdir_t +.EE + +- Set files with the tftpdir_t type, if you want to treat the files as tftpdir data. + +.br ++.TP 5 +Paths: +/tftpboot/.*, /tftpboot ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -39741,17 +45952,47 @@ index 0000000..b5e6772 +SELinux tftpd policy is very flexible allowing users to setup their tftpd processes in as secure a method as possible. +.PP +The following port types are defined for tftpd: -+.EX + ++.EX ++.TP 5 +.B tftp_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux tftpd policy is very flexible allowing users to setup their tftpd processes in as secure a method as possible. ++.PP ++The following process types are defined for tftpd: + -+.B udp 69 ++.EX ++.B tftpd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -39764,10 +46005,10 @@ index 0000000..b5e6772 +selinux(8), tftpd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/tgtd_selinux.8 b/man/man8/tgtd_selinux.8 new file mode 100644 -index 0000000..2c4f209 +index 0000000..9654fe0 --- /dev/null +++ b/man/man8/tgtd_selinux.8 -@@ -0,0 +1,95 @@ +@@ -0,0 +1,111 @@ +.TH "tgtd_selinux" "8" "tgtd" "dwalsh@redhat.com" "tgtd SELinux Policy documentation" +.SH "NAME" +tgtd_selinux \- Security Enhanced Linux Policy for the tgtd processes @@ -39788,32 +46029,23 @@ index 0000000..2c4f209 + + +.EX ++.PP +.B tgtd_exec_t +.EE + +- Set files with the tgtd_exec_t type, if you want to transition an executable to the tgtd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tgtd_initrc_exec_t +.EE + +- Set files with the tgtd_initrc_exec_t type, if you want to transition an executable to the tgtd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tgtd_tmp_t +.EE + @@ -39821,6 +46053,7 @@ index 0000000..2c4f209 + + +.EX ++.PP +.B tgtd_tmpfs_t +.EE + @@ -39828,31 +46061,55 @@ index 0000000..2c4f209 + + +.EX ++.PP +.B tgtd_var_lib_t +.EE + +- Set files with the tgtd_var_lib_t type, if you want to store the tgtd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tgtd_var_run_t +.EE + +- Set files with the tgtd_var_run_t type, if you want to store the tgtd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux tgtd policy is very flexible allowing users to setup their tgtd processes in as secure a method as possible. ++.PP ++The following process types are defined for tgtd: ++ ++.EX ++.B tgtd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -39865,10 +46122,10 @@ index 0000000..2c4f209 +selinux(8), tgtd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/thin_selinux.8 b/man/man8/thin_selinux.8 new file mode 100644 -index 0000000..45b67dc +index 0000000..3729132 --- /dev/null +++ b/man/man8/thin_selinux.8 -@@ -0,0 +1,55 @@ +@@ -0,0 +1,79 @@ +.TH "thin_selinux" "8" "thin" "dwalsh@redhat.com" "thin SELinux Policy documentation" +.SH "NAME" +thin_selinux \- Security Enhanced Linux Policy for the thin processes @@ -39889,31 +46146,55 @@ index 0000000..45b67dc + + +.EX ++.PP +.B thin_exec_t +.EE + +- Set files with the thin_exec_t type, if you want to transition an executable to the thin_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B thin_var_run_t +.EE + +- Set files with the thin_var_run_t type, if you want to store the thin files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux thin policy is very flexible allowing users to setup their thin processes in as secure a method as possible. ++.PP ++The following process types are defined for thin: ++ ++.EX ++.B thin_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -39926,10 +46207,10 @@ index 0000000..45b67dc +selinux(8), thin(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/thumb_selinux.8 b/man/man8/thumb_selinux.8 new file mode 100644 -index 0000000..b5e4e23 +index 0000000..0692cbc --- /dev/null +++ b/man/man8/thumb_selinux.8 -@@ -0,0 +1,52 @@ +@@ -0,0 +1,83 @@ +.TH "thumb_selinux" "8" "thumb" "dwalsh@redhat.com" "thumb SELinux Policy documentation" +.SH "NAME" +thumb_selinux \- Security Enhanced Linux Policy for the thumb processes @@ -39950,28 +46231,59 @@ index 0000000..b5e4e23 + + +.EX ++.PP +.B thumb_exec_t +.EE + +- Set files with the thumb_exec_t type, if you want to transition an executable to the thumb_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/evince-thumbnailer, /usr/bin/gnome-thumbnail-font, /usr/bin/totem-video-thumbnailer ++ ++.EX ++.PP ++.B thumb_tmp_t ++.EE ++ ++- Set files with the thumb_tmp_t type, if you want to store thumb temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux thumb policy is very flexible allowing users to setup their thumb processes in as secure a method as possible. ++.PP ++The following process types are defined for thumb: + +.EX -+.B thumb_tmp_t ++.B thumb_t +.EE -+ -+- Set files with the thumb_tmp_t type, if you want to store thumb temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -39984,10 +46296,10 @@ index 0000000..b5e4e23 +selinux(8), thumb(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/tmpreaper_selinux.8 b/man/man8/tmpreaper_selinux.8 new file mode 100644 -index 0000000..06c5d7b +index 0000000..6f6b4a0 --- /dev/null +++ b/man/man8/tmpreaper_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "tmpreaper_selinux" "8" "tmpreaper" "dwalsh@redhat.com" "tmpreaper SELinux Policy documentation" +.SH "NAME" +tmpreaper_selinux \- Security Enhanced Linux Policy for the tmpreaper processes @@ -40008,21 +46320,51 @@ index 0000000..06c5d7b + + +.EX ++.PP +.B tmpreaper_exec_t +.EE + +- Set files with the tmpreaper_exec_t type, if you want to transition an executable to the tmpreaper_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/tmpwatch, /usr/sbin/tmpreaper ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux tmpreaper policy is very flexible allowing users to setup their tmpreaper processes in as secure a method as possible. ++.PP ++The following process types are defined for tmpreaper: ++ ++.EX ++.B tmpreaper_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -40035,10 +46377,10 @@ index 0000000..06c5d7b +selinux(8), tmpreaper(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/tor_selinux.8 b/man/man8/tor_selinux.8 new file mode 100644 -index 0000000..b813a22 +index 0000000..a044dbf --- /dev/null +++ b/man/man8/tor_selinux.8 -@@ -0,0 +1,160 @@ +@@ -0,0 +1,171 @@ +.TH "tor_selinux" "8" "tor" "dwalsh@redhat.com" "tor SELinux Policy documentation" +.SH "NAME" +tor_selinux \- Security Enhanced Linux Policy for the tor processes @@ -40070,82 +46412,62 @@ index 0000000..b813a22 + + +.EX ++.PP +.B tor_etc_t +.EE + +- Set files with the tor_etc_t type, if you want to store tor files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tor_exec_t +.EE + +- Set files with the tor_exec_t type, if you want to transition an executable to the tor_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/tor, /usr/bin/tor -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tor_initrc_exec_t +.EE + +- Set files with the tor_initrc_exec_t type, if you want to transition an executable to the tor_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tor_var_lib_t +.EE + +- Set files with the tor_var_lib_t type, if you want to store the tor files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/tor(/.*)?, /var/lib/tor-data(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tor_var_log_t +.EE + +- Set files with the tor_var_log_t type, if you want to treat the data as tor var log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tor_var_run_t +.EE + +- Set files with the tor_var_run_t type, if you want to store the tor files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -40164,27 +46486,58 @@ index 0000000..b813a22 +SELinux tor policy is very flexible allowing users to setup their tor processes in as secure a method as possible. +.PP +The following port types are defined for tor: -+.EX + ++.EX ++.TP 5 +.B tor_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 6969,9001,9030,9051 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B tor_socks_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux tor policy is very flexible allowing users to setup their tor processes in as secure a method as possible. ++.PP ++The following process types are defined for tor: + -+.B tcp 9050 ++.EX ++.B tor_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -40202,10 +46555,10 @@ index 0000000..b813a22 \ No newline at end of file diff --git a/man/man8/traceroute_selinux.8 b/man/man8/traceroute_selinux.8 new file mode 100644 -index 0000000..5aa9724 +index 0000000..f631ab7 --- /dev/null +++ b/man/man8/traceroute_selinux.8 -@@ -0,0 +1,67 @@ +@@ -0,0 +1,101 @@ +.TH "traceroute_selinux" "8" "traceroute" "dwalsh@redhat.com" "traceroute SELinux Policy documentation" +.SH "NAME" +traceroute_selinux \- Security Enhanced Linux Policy for the traceroute processes @@ -40226,14 +46579,18 @@ index 0000000..5aa9724 + + +.EX ++.PP +.B traceroute_exec_t +.EE + +- Set files with the traceroute_exec_t type, if you want to transition an executable to the traceroute_t domain. + +.br ++.TP 5 +Paths: +/bin/tracepath.*, /usr/bin/traceroute.*, /usr/bin/nmap, /usr/bin/lft, /bin/traceroute.*, /usr/bin/tracepath.*, /usr/sbin/traceroute.* ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -40252,17 +46609,47 @@ index 0000000..5aa9724 +SELinux traceroute policy is very flexible allowing users to setup their traceroute processes in as secure a method as possible. +.PP +The following port types are defined for traceroute: -+.EX + ++.EX ++.TP 5 +.B traceroute_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux traceroute policy is very flexible allowing users to setup their traceroute processes in as secure a method as possible. ++.PP ++The following process types are defined for traceroute: + -+.B udp 64000-64010 ++.EX ++.B traceroute_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -40275,10 +46662,10 @@ index 0000000..5aa9724 +selinux(8), traceroute(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/tuned_selinux.8 b/man/man8/tuned_selinux.8 new file mode 100644 -index 0000000..969f0cd +index 0000000..509a481 --- /dev/null +++ b/man/man8/tuned_selinux.8 -@@ -0,0 +1,84 @@ +@@ -0,0 +1,99 @@ +.TH "tuned_selinux" "8" "tuned" "dwalsh@redhat.com" "tuned SELinux Policy documentation" +.SH "NAME" +tuned_selinux \- Security Enhanced Linux Policy for the tuned processes @@ -40299,60 +46686,75 @@ index 0000000..969f0cd + + +.EX ++.PP +.B tuned_exec_t +.EE + +- Set files with the tuned_exec_t type, if you want to transition an executable to the tuned_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tuned_initrc_exec_t +.EE + +- Set files with the tuned_initrc_exec_t type, if you want to transition an executable to the tuned_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tuned_log_t +.EE + +- Set files with the tuned_log_t type, if you want to treat the data as tuned log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/tuned(/.*)?, /var/log/tuned\.log -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tuned_var_run_t +.EE + +- Set files with the tuned_var_run_t type, if you want to store the tuned files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux tuned policy is very flexible allowing users to setup their tuned processes in as secure a method as possible. ++.PP ++The following process types are defined for tuned: ++ ++.EX ++.B tuned_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -40365,10 +46767,10 @@ index 0000000..969f0cd +selinux(8), tuned(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/tvtime_selinux.8 b/man/man8/tvtime_selinux.8 new file mode 100644 -index 0000000..0b9a683 +index 0000000..d02f5cb --- /dev/null +++ b/man/man8/tvtime_selinux.8 -@@ -0,0 +1,63 @@ +@@ -0,0 +1,95 @@ +.TH "tvtime_selinux" "8" "tvtime" "dwalsh@redhat.com" "tvtime SELinux Policy documentation" +.SH "NAME" +tvtime_selinux \- Security Enhanced Linux Policy for the tvtime processes @@ -40389,19 +46791,15 @@ index 0000000..0b9a683 + + +.EX ++.PP +.B tvtime_exec_t +.EE + +- Set files with the tvtime_exec_t type, if you want to transition an executable to the tvtime_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B tvtime_home_t +.EE + @@ -40409,6 +46807,7 @@ index 0000000..0b9a683 + + +.EX ++.PP +.B tvtime_tmp_t +.EE + @@ -40416,12 +46815,47 @@ index 0000000..0b9a683 + + +.EX ++.PP +.B tvtime_tmpfs_t +.EE + +- Set files with the tvtime_tmpfs_t type, if you want to store tvtime files on a tmpfs file system. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux tvtime policy is very flexible allowing users to setup their tvtime processes in as secure a method as possible. ++.PP ++The following process types are defined for tvtime: ++ ++.EX ++.B tvtime_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -40434,10 +46868,10 @@ index 0000000..0b9a683 +selinux(8), tvtime(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/udev_selinux.8 b/man/man8/udev_selinux.8 new file mode 100644 -index 0000000..d745c59 +index 0000000..44d7efc --- /dev/null +++ b/man/man8/udev_selinux.8 -@@ -0,0 +1,97 @@ +@@ -0,0 +1,115 @@ +.TH "udev_selinux" "8" "udev" "dwalsh@redhat.com" "udev SELinux Policy documentation" +.SH "NAME" +udev_selinux \- Security Enhanced Linux Policy for the udev processes @@ -40458,6 +46892,7 @@ index 0000000..d745c59 + + +.EX ++.PP +.B udev_etc_t +.EE + @@ -40465,66 +46900,83 @@ index 0000000..d745c59 + + +.EX ++.PP +.B udev_exec_t +.EE + +- Set files with the udev_exec_t type, if you want to transition an executable to the udev_t domain. + +.br ++.TP 5 +Paths: +/lib/udev/udevd, /sbin/udevd, /sbin/udev, /usr/sbin/wait_for_sysfs, /sbin/udevsend, /usr/sbin/udevadm, /usr/bin/udevadm, /usr/bin/udevinfo, /usr/sbin/start_udev, /usr/sbin/udev, /usr/sbin/udevsend, /sbin/start_udev, /sbin/udevstart, /bin/udevadm, /sbin/wait_for_sysfs, /lib/udev/udev-acl, /sbin/udevadm, /usr/sbin/udevd, /usr/sbin/udevstart, /usr/lib/udev/udev-acl, /usr/lib/udev/udevd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B udev_helper_exec_t +.EE + +- Set files with the udev_helper_exec_t type, if you want to transition an executable to the udev_helper_t domain. + +.br ++.TP 5 +Paths: +/etc/udev/scripts/.+, /etc/hotplug\.d/default/udev.*, /etc/dev\.d/.+ -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B udev_rules_t +.EE + +- Set files with the udev_rules_t type, if you want to treat the files as udev rules data. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B udev_var_run_t +.EE + +- Set files with the udev_var_run_t type, if you want to store the udev files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/udev(/.*)?, /dev/\.udevdb, /var/run/PackageKit/udev(/.*)?, /dev/\.udev(/.*)?, /dev/udev\.tbl, /var/run/libgpod(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux udev policy is very flexible allowing users to setup their udev processes in as secure a method as possible. ++.PP ++The following process types are defined for udev: ++ ++.EX ++.B udev_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -40537,10 +46989,10 @@ index 0000000..d745c59 +selinux(8), udev(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ulogd_selinux.8 b/man/man8/ulogd_selinux.8 new file mode 100644 -index 0000000..c5bdf07 +index 0000000..4ab5d93 --- /dev/null +++ b/man/man8/ulogd_selinux.8 -@@ -0,0 +1,94 @@ +@@ -0,0 +1,103 @@ +.TH "ulogd_selinux" "8" "ulogd" "dwalsh@redhat.com" "ulogd SELinux Policy documentation" +.SH "NAME" +ulogd_selinux \- Security Enhanced Linux Policy for the ulogd processes @@ -40561,70 +47013,79 @@ index 0000000..c5bdf07 + + +.EX ++.PP +.B ulogd_etc_t +.EE + +- Set files with the ulogd_etc_t type, if you want to store ulogd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ulogd_exec_t +.EE + +- Set files with the ulogd_exec_t type, if you want to transition an executable to the ulogd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ulogd_initrc_exec_t +.EE + +- Set files with the ulogd_initrc_exec_t type, if you want to transition an executable to the ulogd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ulogd_modules_t +.EE + +- Set files with the ulogd_modules_t type, if you want to treat the files as ulogd modules. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ulogd_var_log_t +.EE + +- Set files with the ulogd_var_log_t type, if you want to treat the data as ulogd var log data, usually stored under the /var/log directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ulogd policy is very flexible allowing users to setup their ulogd processes in as secure a method as possible. ++.PP ++The following process types are defined for ulogd: ++ ++.EX ++.B ulogd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -40637,10 +47098,10 @@ index 0000000..c5bdf07 +selinux(8), ulogd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/uml_selinux.8 b/man/man8/uml_selinux.8 new file mode 100644 -index 0000000..bcb071a +index 0000000..291735c --- /dev/null +++ b/man/man8/uml_selinux.8 -@@ -0,0 +1,90 @@ +@@ -0,0 +1,119 @@ +.TH "uml_selinux" "8" "uml" "dwalsh@redhat.com" "uml SELinux Policy documentation" +.SH "NAME" +uml_selinux \- Security Enhanced Linux Policy for the uml processes @@ -40661,6 +47122,7 @@ index 0000000..bcb071a + + +.EX ++.PP +.B uml_exec_t +.EE + @@ -40668,6 +47130,7 @@ index 0000000..bcb071a + + +.EX ++.PP +.B uml_ro_t +.EE + @@ -40675,6 +47138,7 @@ index 0000000..bcb071a + + +.EX ++.PP +.B uml_rw_t +.EE + @@ -40682,32 +47146,23 @@ index 0000000..bcb071a + + +.EX ++.PP +.B uml_switch_exec_t +.EE + +- Set files with the uml_switch_exec_t type, if you want to transition an executable to the uml_switch_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B uml_switch_var_run_t +.EE + +- Set files with the uml_switch_var_run_t type, if you want to store the uml switch files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B uml_tmp_t +.EE + @@ -40715,12 +47170,47 @@ index 0000000..bcb071a + + +.EX ++.PP +.B uml_tmpfs_t +.EE + +- Set files with the uml_tmpfs_t type, if you want to store uml files on a tmpfs file system. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux uml policy is very flexible allowing users to setup their uml processes in as secure a method as possible. ++.PP ++The following process types are defined for uml: ++ ++.EX ++.B uml_switch_t, uml_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -40733,10 +47223,10 @@ index 0000000..bcb071a +selinux(8), uml(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/unconfined_selinux.8 b/man/man8/unconfined_selinux.8 new file mode 100644 -index 0000000..3dc3505 +index 0000000..21e62f0 --- /dev/null +++ b/man/man8/unconfined_selinux.8 -@@ -0,0 +1,95 @@ +@@ -0,0 +1,125 @@ +.TH "unconfined_selinux" "8" "unconfined" "dwalsh@redhat.com" "unconfined SELinux Policy documentation" +.SH "NAME" +unconfined_selinux \- Security Enhanced Linux Policy for the unconfined processes @@ -40803,21 +47293,51 @@ index 0000000..3dc3505 + + +.EX ++.PP +.B unconfined_exec_t +.EE + +- Set files with the unconfined_exec_t type, if you want to transition an executable to the unconfined_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/vncserver, /usr/sbin/xrdp, /usr/sbin/xrdp-sesman ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux unconfined policy is very flexible allowing users to setup their unconfined processes in as secure a method as possible. ++.PP ++The following process types are defined for unconfined: ++ ++.EX ++.B unconfined_cronjob_t, unconfined_dbusd_t, unconfined_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -40835,10 +47355,10 @@ index 0000000..3dc3505 \ No newline at end of file diff --git a/man/man8/update_selinux.8 b/man/man8/update_selinux.8 new file mode 100644 -index 0000000..d963f0f +index 0000000..a755e2d --- /dev/null +++ b/man/man8/update_selinux.8 -@@ -0,0 +1,52 @@ +@@ -0,0 +1,83 @@ +.TH "update_selinux" "8" "update" "dwalsh@redhat.com" "update SELinux Policy documentation" +.SH "NAME" +update_selinux \- Security Enhanced Linux Policy for the update processes @@ -40859,28 +47379,59 @@ index 0000000..d963f0f + + +.EX ++.PP +.B update_modules_exec_t +.EE + +- Set files with the update_modules_exec_t type, if you want to transition an executable to the update_modules_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/modules-update, /usr/sbin/update-modules, /sbin/modules-update, /sbin/generate-modprobe\.conf, /sbin/update-modules, /usr/sbin/generate-modprobe\.conf ++ ++.EX ++.PP ++.B update_modules_tmp_t ++.EE ++ ++- Set files with the update_modules_tmp_t type, if you want to store update modules temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux update policy is very flexible allowing users to setup their update processes in as secure a method as possible. ++.PP ++The following process types are defined for update: + +.EX -+.B update_modules_tmp_t ++.B update_modules_t +.EE -+ -+- Set files with the update_modules_tmp_t type, if you want to store update modules temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -40893,10 +47444,10 @@ index 0000000..d963f0f +selinux(8), update(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/updfstab_selinux.8 b/man/man8/updfstab_selinux.8 new file mode 100644 -index 0000000..2286faa +index 0000000..a211ed1 --- /dev/null +++ b/man/man8/updfstab_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "updfstab_selinux" "8" "updfstab" "dwalsh@redhat.com" "updfstab SELinux Policy documentation" +.SH "NAME" +updfstab_selinux \- Security Enhanced Linux Policy for the updfstab processes @@ -40917,21 +47468,51 @@ index 0000000..2286faa + + +.EX ++.PP +.B updfstab_exec_t +.EE + +- Set files with the updfstab_exec_t type, if you want to transition an executable to the updfstab_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/updfstab, /usr/sbin/fstab-sync ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux updfstab policy is very flexible allowing users to setup their updfstab processes in as secure a method as possible. ++.PP ++The following process types are defined for updfstab: ++ ++.EX ++.B updfstab_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -40944,10 +47525,10 @@ index 0000000..2286faa +selinux(8), updfstab(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/updpwd_selinux.8 b/man/man8/updpwd_selinux.8 new file mode 100644 -index 0000000..fa035c6 +index 0000000..92bab47 --- /dev/null +++ b/man/man8/updpwd_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "updpwd_selinux" "8" "updpwd" "dwalsh@redhat.com" "updpwd SELinux Policy documentation" +.SH "NAME" +updpwd_selinux \- Security Enhanced Linux Policy for the updpwd processes @@ -40968,21 +47549,51 @@ index 0000000..fa035c6 + + +.EX ++.PP +.B updpwd_exec_t +.EE + +- Set files with the updpwd_exec_t type, if you want to transition an executable to the updpwd_t domain. + +.br ++.TP 5 +Paths: +/sbin/unix_update, /usr/sbin/unix_update ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux updpwd policy is very flexible allowing users to setup their updpwd processes in as secure a method as possible. ++.PP ++The following process types are defined for updpwd: ++ ++.EX ++.B updpwd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -40995,10 +47606,10 @@ index 0000000..fa035c6 +selinux(8), updpwd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/usbmodules_selinux.8 b/man/man8/usbmodules_selinux.8 new file mode 100644 -index 0000000..968bd61 +index 0000000..a34f9c0 --- /dev/null +++ b/man/man8/usbmodules_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "usbmodules_selinux" "8" "usbmodules" "dwalsh@redhat.com" "usbmodules SELinux Policy documentation" +.SH "NAME" +usbmodules_selinux \- Security Enhanced Linux Policy for the usbmodules processes @@ -41019,21 +47630,51 @@ index 0000000..968bd61 + + +.EX ++.PP +.B usbmodules_exec_t +.EE + +- Set files with the usbmodules_exec_t type, if you want to transition an executable to the usbmodules_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/usbmodules, /sbin/usbmodules ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux usbmodules policy is very flexible allowing users to setup their usbmodules processes in as secure a method as possible. ++.PP ++The following process types are defined for usbmodules: ++ ++.EX ++.B usbmodules_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -41046,10 +47687,10 @@ index 0000000..968bd61 +selinux(8), usbmodules(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/usbmuxd_selinux.8 b/man/man8/usbmuxd_selinux.8 new file mode 100644 -index 0000000..fa823b6 +index 0000000..6db86ae --- /dev/null +++ b/man/man8/usbmuxd_selinux.8 -@@ -0,0 +1,55 @@ +@@ -0,0 +1,79 @@ +.TH "usbmuxd_selinux" "8" "usbmuxd" "dwalsh@redhat.com" "usbmuxd SELinux Policy documentation" +.SH "NAME" +usbmuxd_selinux \- Security Enhanced Linux Policy for the usbmuxd processes @@ -41070,31 +47711,55 @@ index 0000000..fa823b6 + + +.EX ++.PP +.B usbmuxd_exec_t +.EE + +- Set files with the usbmuxd_exec_t type, if you want to transition an executable to the usbmuxd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B usbmuxd_var_run_t +.EE + +- Set files with the usbmuxd_var_run_t type, if you want to store the usbmuxd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux usbmuxd policy is very flexible allowing users to setup their usbmuxd processes in as secure a method as possible. ++.PP ++The following process types are defined for usbmuxd: ++ ++.EX ++.B usbmuxd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -41107,10 +47772,10 @@ index 0000000..fa823b6 +selinux(8), usbmuxd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/useradd_selinux.8 b/man/man8/useradd_selinux.8 new file mode 100644 -index 0000000..7652e43 +index 0000000..8867f8c --- /dev/null +++ b/man/man8/useradd_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "useradd_selinux" "8" "useradd" "dwalsh@redhat.com" "useradd SELinux Policy documentation" +.SH "NAME" +useradd_selinux \- Security Enhanced Linux Policy for the useradd processes @@ -41131,21 +47796,51 @@ index 0000000..7652e43 + + +.EX ++.PP +.B useradd_exec_t +.EE + +- Set files with the useradd_exec_t type, if you want to transition an executable to the useradd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/useradd, /usr/sbin/usermod, /usr/sbin/userdel ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux useradd policy is very flexible allowing users to setup their useradd processes in as secure a method as possible. ++.PP ++The following process types are defined for useradd: ++ ++.EX ++.B useradd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -41158,10 +47853,10 @@ index 0000000..7652e43 +selinux(8), useradd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/usernetctl_selinux.8 b/man/man8/usernetctl_selinux.8 new file mode 100644 -index 0000000..dd07657 +index 0000000..86ec83d --- /dev/null +++ b/man/man8/usernetctl_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "usernetctl_selinux" "8" "usernetctl" "dwalsh@redhat.com" "usernetctl SELinux Policy documentation" +.SH "NAME" +usernetctl_selinux \- Security Enhanced Linux Policy for the usernetctl processes @@ -41182,18 +47877,47 @@ index 0000000..dd07657 + + +.EX ++.PP +.B usernetctl_exec_t +.EE + +- Set files with the usernetctl_exec_t type, if you want to transition an executable to the usernetctl_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux usernetctl policy is very flexible allowing users to setup their usernetctl processes in as secure a method as possible. ++.PP ++The following process types are defined for usernetctl: ++ ++.EX ++.B usernetctl_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -41206,10 +47930,10 @@ index 0000000..dd07657 +selinux(8), usernetctl(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/utempter_selinux.8 b/man/man8/utempter_selinux.8 new file mode 100644 -index 0000000..eceaa3f +index 0000000..775d8ea --- /dev/null +++ b/man/man8/utempter_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "utempter_selinux" "8" "utempter" "dwalsh@redhat.com" "utempter SELinux Policy documentation" +.SH "NAME" +utempter_selinux \- Security Enhanced Linux Policy for the utempter processes @@ -41230,18 +47954,47 @@ index 0000000..eceaa3f + + +.EX ++.PP +.B utempter_exec_t +.EE + +- Set files with the utempter_exec_t type, if you want to transition an executable to the utempter_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux utempter policy is very flexible allowing users to setup their utempter processes in as secure a method as possible. ++.PP ++The following process types are defined for utempter: ++ ++.EX ++.B utempter_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -41254,10 +48007,10 @@ index 0000000..eceaa3f +selinux(8), utempter(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/uucpd_selinux.8 b/man/man8/uucpd_selinux.8 new file mode 100644 -index 0000000..f856c1d +index 0000000..02b475f --- /dev/null +++ b/man/man8/uucpd_selinux.8 -@@ -0,0 +1,134 @@ +@@ -0,0 +1,157 @@ +.TH "uucpd_selinux" "8" "uucpd" "dwalsh@redhat.com" "uucpd SELinux Policy documentation" +.SH "NAME" +uucpd_selinux \- Security Enhanced Linux Policy for the uucpd processes @@ -41278,45 +48031,31 @@ index 0000000..f856c1d + + +.EX ++.PP +.B uucpd_exec_t +.EE + +- Set files with the uucpd_exec_t type, if you want to transition an executable to the uucpd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B uucpd_lock_t +.EE + +- Set files with the uucpd_lock_t type, if you want to treat the files as uucpd lock data, stored under the /var/lock directory + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B uucpd_log_t +.EE + +- Set files with the uucpd_log_t type, if you want to treat the data as uucpd log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B uucpd_ro_t +.EE + @@ -41324,6 +48063,7 @@ index 0000000..f856c1d + + +.EX ++.PP +.B uucpd_rw_t +.EE + @@ -41331,22 +48071,19 @@ index 0000000..f856c1d + + +.EX ++.PP +.B uucpd_spool_t +.EE + +- Set files with the uucpd_spool_t type, if you want to store the uucpd files under the /var/spool directory. + +.br ++.TP 5 +Paths: +/var/spool/uucppublic(/.*)?, /var/spool/uucp(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B uucpd_tmp_t +.EE + @@ -41354,11 +48091,20 @@ index 0000000..f856c1d + + +.EX ++.PP +.B uucpd_var_run_t +.EE + +- Set files with the uucpd_var_run_t type, if you want to store the uucpd files under the /run directory. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ +.SH PORT TYPES +SELinux defines port types to represent TCP and UDP ports. +.PP @@ -41371,17 +48117,47 @@ index 0000000..f856c1d +SELinux uucpd policy is very flexible allowing users to setup their uucpd processes in as secure a method as possible. +.PP +The following port types are defined for uucpd: -+.EX + ++.EX ++.TP 5 +.B uucpd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux uucpd policy is very flexible allowing users to setup their uucpd processes in as secure a method as possible. ++.PP ++The following process types are defined for uucpd: + -+.B tcp 540 ++.EX ++.B uucpd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -41394,10 +48170,10 @@ index 0000000..f856c1d +selinux(8), uucpd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/uuidd_selinux.8 b/man/man8/uuidd_selinux.8 new file mode 100644 -index 0000000..2542fa3 +index 0000000..3ebb523 --- /dev/null +++ b/man/man8/uuidd_selinux.8 -@@ -0,0 +1,81 @@ +@@ -0,0 +1,95 @@ +.TH "uuidd_selinux" "8" "uuidd" "dwalsh@redhat.com" "uuidd SELinux Policy documentation" +.SH "NAME" +uuidd_selinux \- Security Enhanced Linux Policy for the uuidd processes @@ -41418,57 +48194,71 @@ index 0000000..2542fa3 + + +.EX ++.PP +.B uuidd_exec_t +.EE + +- Set files with the uuidd_exec_t type, if you want to transition an executable to the uuidd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B uuidd_initrc_exec_t +.EE + +- Set files with the uuidd_initrc_exec_t type, if you want to transition an executable to the uuidd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B uuidd_var_lib_t +.EE + +- Set files with the uuidd_var_lib_t type, if you want to store the uuidd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B uuidd_var_run_t +.EE + +- Set files with the uuidd_var_run_t type, if you want to store the uuidd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux uuidd policy is very flexible allowing users to setup their uuidd processes in as secure a method as possible. ++.PP ++The following process types are defined for uuidd: ++ ++.EX ++.B uuidd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -41481,10 +48271,10 @@ index 0000000..2542fa3 +selinux(8), uuidd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/uux_selinux.8 b/man/man8/uux_selinux.8 new file mode 100644 -index 0000000..61f04af +index 0000000..79bae62 --- /dev/null +++ b/man/man8/uux_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "uux_selinux" "8" "uux" "dwalsh@redhat.com" "uux SELinux Policy documentation" +.SH "NAME" +uux_selinux \- Security Enhanced Linux Policy for the uux processes @@ -41505,18 +48295,47 @@ index 0000000..61f04af + + +.EX ++.PP +.B uux_exec_t +.EE + +- Set files with the uux_exec_t type, if you want to transition an executable to the uux_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux uux policy is very flexible allowing users to setup their uux processes in as secure a method as possible. ++.PP ++The following process types are defined for uux: ++ ++.EX ++.B uux_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -41529,10 +48348,10 @@ index 0000000..61f04af +selinux(8), uux(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/varnishd_selinux.8 b/man/man8/varnishd_selinux.8 new file mode 100644 -index 0000000..a0472a8 +index 0000000..e08c2eb --- /dev/null +++ b/man/man8/varnishd_selinux.8 -@@ -0,0 +1,138 @@ +@@ -0,0 +1,152 @@ +.TH "varnishd_selinux" "8" "varnishd" "dwalsh@redhat.com" "varnishd SELinux Policy documentation" +.SH "NAME" +varnishd_selinux \- Security Enhanced Linux Policy for the varnishd processes @@ -41564,45 +48383,31 @@ index 0000000..a0472a8 + + +.EX ++.PP +.B varnishd_etc_t +.EE + +- Set files with the varnishd_etc_t type, if you want to store varnishd files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B varnishd_exec_t +.EE + +- Set files with the varnishd_exec_t type, if you want to transition an executable to the varnishd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B varnishd_initrc_exec_t +.EE + +- Set files with the varnishd_initrc_exec_t type, if you want to transition an executable to the varnishd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B varnishd_tmp_t +.EE + @@ -41610,24 +48415,22 @@ index 0000000..a0472a8 + + +.EX ++.PP +.B varnishd_var_lib_t +.EE + +- Set files with the varnishd_var_lib_t type, if you want to store the varnishd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B varnishd_var_run_t +.EE + +- Set files with the varnishd_var_run_t type, if you want to store the varnishd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -41646,17 +48449,47 @@ index 0000000..a0472a8 +SELinux varnishd policy is very flexible allowing users to setup their varnishd processes in as secure a method as possible. +.PP +The following port types are defined for varnishd: -+.EX + ++.EX ++.TP 5 +.B varnishd_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux varnishd policy is very flexible allowing users to setup their varnishd processes in as secure a method as possible. ++.PP ++The following process types are defined for varnishd: + -+.B tcp 6081-6082 ++.EX ++.B varnishd_t, varnishlog_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -41674,10 +48507,10 @@ index 0000000..a0472a8 \ No newline at end of file diff --git a/man/man8/varnishlog_selinux.8 b/man/man8/varnishlog_selinux.8 new file mode 100644 -index 0000000..328f113 +index 0000000..2261e47 --- /dev/null +++ b/man/man8/varnishlog_selinux.8 -@@ -0,0 +1,90 @@ +@@ -0,0 +1,107 @@ +.TH "varnishlog_selinux" "8" "varnishlog" "dwalsh@redhat.com" "varnishlog SELinux Policy documentation" +.SH "NAME" +varnishlog_selinux \- Security Enhanced Linux Policy for the varnishlog processes @@ -41698,66 +48531,83 @@ index 0000000..328f113 + + +.EX ++.PP +.B varnishlog_exec_t +.EE + +- Set files with the varnishlog_exec_t type, if you want to transition an executable to the varnishlog_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/varnisncsa, /usr/bin/varnishlog -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B varnishlog_initrc_exec_t +.EE + +- Set files with the varnishlog_initrc_exec_t type, if you want to transition an executable to the varnishlog_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/varnishlog, /etc/rc\.d/init\.d/varnishncsa -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B varnishlog_log_t +.EE + +- Set files with the varnishlog_log_t type, if you want to treat the data as varnishlog log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B varnishlog_var_run_t +.EE + +- Set files with the varnishlog_var_run_t type, if you want to store the varnishlog files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/varnishncsa\.pid, /var/run/varnishlog\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux varnishlog policy is very flexible allowing users to setup their varnishlog processes in as secure a method as possible. ++.PP ++The following process types are defined for varnishlog: ++ ++.EX ++.B varnishlog_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -41770,10 +48620,10 @@ index 0000000..328f113 +selinux(8), varnishlog(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/vbetool_selinux.8 b/man/man8/vbetool_selinux.8 new file mode 100644 -index 0000000..a0ee44f +index 0000000..0368c3a --- /dev/null +++ b/man/man8/vbetool_selinux.8 -@@ -0,0 +1,57 @@ +@@ -0,0 +1,86 @@ +.TH "vbetool_selinux" "8" "vbetool" "dwalsh@redhat.com" "vbetool SELinux Policy documentation" +.SH "NAME" +vbetool_selinux \- Security Enhanced Linux Policy for the vbetool processes @@ -41805,18 +48655,47 @@ index 0000000..a0ee44f + + +.EX ++.PP +.B vbetool_exec_t +.EE + +- Set files with the vbetool_exec_t type, if you want to transition an executable to the vbetool_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux vbetool policy is very flexible allowing users to setup their vbetool processes in as secure a method as possible. ++.PP ++The following process types are defined for vbetool: ++ ++.EX ++.B vbetool_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -41834,10 +48713,10 @@ index 0000000..a0ee44f \ No newline at end of file diff --git a/man/man8/vdagent_selinux.8 b/man/man8/vdagent_selinux.8 new file mode 100644 -index 0000000..6765c74 +index 0000000..781cca8 --- /dev/null +++ b/man/man8/vdagent_selinux.8 -@@ -0,0 +1,74 @@ +@@ -0,0 +1,95 @@ +.TH "vdagent_selinux" "8" "vdagent" "dwalsh@redhat.com" "vdagent SELinux Policy documentation" +.SH "NAME" +vdagent_selinux \- Security Enhanced Linux Policy for the vdagent processes @@ -41858,50 +48737,71 @@ index 0000000..6765c74 + + +.EX ++.PP +.B vdagent_exec_t +.EE + +- Set files with the vdagent_exec_t type, if you want to transition an executable to the vdagent_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vdagent_log_t +.EE + +- Set files with the vdagent_log_t type, if you want to treat the data as vdagent log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/spice-vdagentd(/.*)?, /var/log/spice-vdagentd\.log -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vdagent_var_run_t +.EE + +- Set files with the vdagent_var_run_t type, if you want to store the vdagent files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/spice-vdagentd.\pid, /var/run/spice-vdagentd(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux vdagent policy is very flexible allowing users to setup their vdagent processes in as secure a method as possible. ++.PP ++The following process types are defined for vdagent: ++ ++.EX ++.B vdagent_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -41914,10 +48814,10 @@ index 0000000..6765c74 +selinux(8), vdagent(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/vhostmd_selinux.8 b/man/man8/vhostmd_selinux.8 new file mode 100644 -index 0000000..187a0bf +index 0000000..1135d0c --- /dev/null +++ b/man/man8/vhostmd_selinux.8 -@@ -0,0 +1,75 @@ +@@ -0,0 +1,95 @@ +.TH "vhostmd_selinux" "8" "vhostmd" "dwalsh@redhat.com" "vhostmd SELinux Policy documentation" +.SH "NAME" +vhostmd_selinux \- Security Enhanced Linux Policy for the vhostmd processes @@ -41938,32 +48838,23 @@ index 0000000..187a0bf + + +.EX ++.PP +.B vhostmd_exec_t +.EE + +- Set files with the vhostmd_exec_t type, if you want to transition an executable to the vhostmd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vhostmd_initrc_exec_t +.EE + +- Set files with the vhostmd_initrc_exec_t type, if you want to transition an executable to the vhostmd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vhostmd_tmpfs_t +.EE + @@ -41971,18 +48862,47 @@ index 0000000..187a0bf + + +.EX ++.PP +.B vhostmd_var_run_t +.EE + +- Set files with the vhostmd_var_run_t type, if you want to store the vhostmd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux vhostmd policy is very flexible allowing users to setup their vhostmd processes in as secure a method as possible. ++.PP ++The following process types are defined for vhostmd: ++ ++.EX ++.B vhostmd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -41995,10 +48915,10 @@ index 0000000..187a0bf +selinux(8), vhostmd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/virsh_selinux.8 b/man/man8/virsh_selinux.8 new file mode 100644 -index 0000000..50bf932 +index 0000000..0632fd2 --- /dev/null +++ b/man/man8/virsh_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "virsh_selinux" "8" "virsh" "dwalsh@redhat.com" "virsh SELinux Policy documentation" +.SH "NAME" +virsh_selinux \- Security Enhanced Linux Policy for the virsh processes @@ -42019,18 +48939,47 @@ index 0000000..50bf932 + + +.EX ++.PP +.B virsh_exec_t +.EE + +- Set files with the virsh_exec_t type, if you want to transition an executable to the virsh_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux virsh policy is very flexible allowing users to setup their virsh processes in as secure a method as possible. ++.PP ++The following process types are defined for virsh: ++ ++.EX ++.B virsh_ssh_t, virsh_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -42043,10 +48992,10 @@ index 0000000..50bf932 +selinux(8), virsh(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/virt_selinux.8 b/man/man8/virt_selinux.8 new file mode 100644 -index 0000000..96b1fdf +index 0000000..928026d --- /dev/null +++ b/man/man8/virt_selinux.8 -@@ -0,0 +1,364 @@ +@@ -0,0 +1,343 @@ +.TH "virt_selinux" "8" "virt" "dwalsh@redhat.com" "virt SELinux Policy documentation" +.SH "NAME" +virt_selinux \- Security Enhanced Linux Policy for the virt processes @@ -42134,83 +49083,63 @@ index 0000000..96b1fdf + + +.EX ++.PP +.B virt_bridgehelper_exec_t +.EE + +- Set files with the virt_bridgehelper_exec_t type, if you want to transition an executable to the virt_bridgehelper_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virt_cache_t +.EE + +- Set files with the virt_cache_t type, if you want to store the files under the /var/cache directory. + +.br ++.TP 5 +Paths: +/var/cache/oz(/.*)?, /var/cache/libvirt(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virt_content_t +.EE + +- Set files with the virt_content_t type, if you want to treat the files as virt content. + +.br ++.TP 5 +Paths: +/var/lib/vdsm(/.*)?, /var/lib/oz/isos(/.*)?, /var/lib/libvirt/boot(/.*)?, /var/lib/libvirt/isos(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virt_etc_rw_t +.EE + +- Set files with the virt_etc_rw_t type, if you want to treat the files as virt etc read/write content. + +.br ++.TP 5 +Paths: +/etc/libvirt/.*/.*, /etc/xen/.*/.*, /etc/xen/[^/]*, /etc/libvirt/[^/]* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virt_etc_t +.EE + +- Set files with the virt_etc_t type, if you want to store virt files in the /etc directories. + +.br ++.TP 5 +Paths: +/etc/libvirt/[^/]*, /etc/libvirt, /etc/xen/[^/]*, /etc/xen -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virt_home_t +.EE + @@ -42218,51 +49147,39 @@ index 0000000..96b1fdf + + +.EX ++.PP +.B virt_image_t +.EE + +- Set files with the virt_image_t type, if you want to treat the files as virt image data. + +.br ++.TP 5 +Paths: +/var/lib/imagefactory/images(/.*)?, /var/lib/libvirt/images(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virt_log_t +.EE + +- Set files with the virt_log_t type, if you want to treat the data as virt log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/log(/.*)?, /var/log/vdsm(/.*)?, /var/log/libvirt(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virt_qmf_exec_t +.EE + +- Set files with the virt_qmf_exec_t type, if you want to transition an executable to the virt_qmf_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virt_tmp_t +.EE + @@ -42270,67 +49187,51 @@ index 0000000..96b1fdf + + +.EX ++.PP +.B virt_var_lib_t +.EE + +- Set files with the virt_var_lib_t type, if you want to store the virt files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/oz(/.*)?, /var/lib/libvirt(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virt_var_run_t +.EE + +- Set files with the virt_var_run_t type, if you want to store the virt files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/vdsm(/.*)?, /var/vdsm(/.*)?, /var/run/libvirt(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virtd_exec_t +.EE + +- Set files with the virtd_exec_t type, if you want to transition an executable to the virtd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/condor_vm-gahp, /usr/bin/imgfac\.py, /usr/bin/imagefactory, /usr/bin/nova-compute, /usr/sbin/libvirtd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virtd_initrc_exec_t +.EE + +- Set files with the virtd_initrc_exec_t type, if you want to transition an executable to the virtd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virtd_keytab_t +.EE + @@ -42338,24 +49239,22 @@ index 0000000..96b1fdf + + +.EX ++.PP +.B virtd_lxc_exec_t +.EE + +- Set files with the virtd_lxc_exec_t type, if you want to transition an executable to the virtd_lxc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virtd_lxc_var_run_t +.EE + +- Set files with the virtd_lxc_var_run_t type, if you want to store the virtd lxc files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -42374,29 +49273,58 @@ index 0000000..96b1fdf +SELinux virt policy is very flexible allowing users to setup their virt processes in as secure a method as possible. +.PP +The following port types are defined for virt: -+.EX + ++.EX ++.TP 5 +.B virt_migration_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 49152-49216 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B virt_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 16509,16514 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 16509,16514 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux virt policy is very flexible allowing users to setup their virt processes in as secure a method as possible. ++.PP ++The following process types are defined for virt: ++ ++.EX ++.B virtd_lxc_t, virt_qmf_t, virt_bridgehelper_t, virtd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -42414,10 +49342,10 @@ index 0000000..96b1fdf \ No newline at end of file diff --git a/man/man8/virtd_selinux.8 b/man/man8/virtd_selinux.8 new file mode 100644 -index 0000000..715514f +index 0000000..dde8a43 --- /dev/null +++ b/man/man8/virtd_selinux.8 -@@ -0,0 +1,196 @@ +@@ -0,0 +1,215 @@ +.TH "virtd_selinux" "8" "virtd" "dwalsh@redhat.com" "virtd SELinux Policy documentation" +.SH "NAME" +virtd_selinux \- Security Enhanced Linux Policy for the virtd processes @@ -42505,35 +49433,27 @@ index 0000000..715514f + + +.EX ++.PP +.B virtd_exec_t +.EE + +- Set files with the virtd_exec_t type, if you want to transition an executable to the virtd_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/condor_vm-gahp, /usr/bin/imgfac\.py, /usr/bin/imagefactory, /usr/bin/nova-compute, /usr/sbin/libvirtd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virtd_initrc_exec_t +.EE + +- Set files with the virtd_initrc_exec_t type, if you want to transition an executable to the virtd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virtd_keytab_t +.EE + @@ -42541,24 +49461,22 @@ index 0000000..715514f + + +.EX ++.PP +.B virtd_lxc_exec_t +.EE + +- Set files with the virtd_lxc_exec_t type, if you want to transition an executable to the virtd_lxc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B virtd_lxc_var_run_t +.EE + +- Set files with the virtd_lxc_var_run_t type, if you want to store the virtd lxc files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -42577,29 +49495,58 @@ index 0000000..715514f +SELinux virtd policy is very flexible allowing users to setup their virtd processes in as secure a method as possible. +.PP +The following port types are defined for virtd: -+.EX + ++.EX ++.TP 5 +.B virt_migration_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 49152-49216 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B virt_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 16509,16514 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 16509,16514 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux virtd policy is very flexible allowing users to setup their virtd processes in as secure a method as possible. ++.PP ++The following process types are defined for virtd: ++ ++.EX ++.B virtd_lxc_t, virt_qmf_t, virt_bridgehelper_t, virtd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -42617,10 +49564,10 @@ index 0000000..715514f \ No newline at end of file diff --git a/man/man8/vlock_selinux.8 b/man/man8/vlock_selinux.8 new file mode 100644 -index 0000000..fa9e6bc +index 0000000..150979d --- /dev/null +++ b/man/man8/vlock_selinux.8 -@@ -0,0 +1,42 @@ +@@ -0,0 +1,71 @@ +.TH "vlock_selinux" "8" "vlock" "dwalsh@redhat.com" "vlock SELinux Policy documentation" +.SH "NAME" +vlock_selinux \- Security Enhanced Linux Policy for the vlock processes @@ -42641,18 +49588,47 @@ index 0000000..fa9e6bc + + +.EX ++.PP +.B vlock_exec_t +.EE + +- Set files with the vlock_exec_t type, if you want to transition an executable to the vlock_t domain. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux vlock policy is very flexible allowing users to setup their vlock processes in as secure a method as possible. ++.PP ++The following process types are defined for vlock: ++ ++.EX ++.B vlock_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -42665,10 +49641,10 @@ index 0000000..fa9e6bc +selinux(8), vlock(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/vmware_selinux.8 b/man/man8/vmware_selinux.8 new file mode 100644 -index 0000000..c2e5517 +index 0000000..d97fc1d --- /dev/null +++ b/man/man8/vmware_selinux.8 -@@ -0,0 +1,142 @@ +@@ -0,0 +1,167 @@ +.TH "vmware_selinux" "8" "vmware" "dwalsh@redhat.com" "vmware SELinux Policy documentation" +.SH "NAME" +vmware_selinux \- Security Enhanced Linux Policy for the vmware processes @@ -42689,6 +49665,7 @@ index 0000000..c2e5517 + + +.EX ++.PP +.B vmware_conf_t +.EE + @@ -42696,22 +49673,19 @@ index 0000000..c2e5517 + + +.EX ++.PP +.B vmware_exec_t +.EE + +- Set files with the vmware_exec_t type, if you want to transition an executable to the vmware_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/vmware/bin/vmware-mks, /usr/lib/vmware/bin/vmplayer, /usr/bin/vmware-ping, /usr/lib/vmware/bin/vmware-ui, /usr/sbin/vmware-serverd, /usr/bin/vmware, /usr/bin/vmware-wizard -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vmware_file_t +.EE + @@ -42719,22 +49693,19 @@ index 0000000..c2e5517 + + +.EX ++.PP +.B vmware_host_exec_t +.EE + +- Set files with the vmware_host_exec_t type, if you want to transition an executable to the vmware_host_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/vmware-smbpasswd\.bin, /usr/bin/vmware-smbd, /usr/lib/vmware-tools/sbin64/vmware.*, /usr/bin/vmnet-dhcpd, /usr/bin/vmnet-bridge, /usr/bin/vmware-nmbd, /usr/bin/vmnet-netifup, /usr/sbin/vmware-guest.*, /usr/bin/vmnet-natd, /usr/bin/vmware-vmx, /usr/bin/vmware-network, /usr/bin/vmnet-sniffer, /usr/bin/vmware-smbpasswd, /usr/lib/vmware-tools/sbin32/vmware.*, /usr/lib/vmware/bin/vmware-vmx -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vmware_host_pid_t +.EE + @@ -42742,6 +49713,7 @@ index 0000000..c2e5517 + + +.EX ++.PP +.B vmware_host_tmp_t +.EE + @@ -42749,22 +49721,19 @@ index 0000000..c2e5517 + + +.EX ++.PP +.B vmware_log_t +.EE + +- Set files with the vmware_log_t type, if you want to treat the data as vmware log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/vmware.*, /var/log/vnetlib.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vmware_pid_t +.EE + @@ -42772,22 +49741,19 @@ index 0000000..c2e5517 + + +.EX ++.PP +.B vmware_sys_conf_t +.EE + +- Set files with the vmware_sys_conf_t type, if you want to treat the files as vmware sys configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/usr/lib/vmware/config, /etc/vmware.*(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vmware_tmp_t +.EE + @@ -42795,12 +49761,47 @@ index 0000000..c2e5517 + + +.EX ++.PP +.B vmware_tmpfs_t +.EE + +- Set files with the vmware_tmpfs_t type, if you want to store vmware files on a tmpfs file system. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux vmware policy is very flexible allowing users to setup their vmware processes in as secure a method as possible. ++.PP ++The following process types are defined for vmware: ++ ++.EX ++.B vmware_t, vmware_host_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -42813,10 +49814,10 @@ index 0000000..c2e5517 +selinux(8), vmware(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/vnstat_selinux.8 b/man/man8/vnstat_selinux.8 new file mode 100644 -index 0000000..9fef382 +index 0000000..f86fdd5 --- /dev/null +++ b/man/man8/vnstat_selinux.8 -@@ -0,0 +1,81 @@ +@@ -0,0 +1,95 @@ +.TH "vnstat_selinux" "8" "vnstat" "dwalsh@redhat.com" "vnstat SELinux Policy documentation" +.SH "NAME" +vnstat_selinux \- Security Enhanced Linux Policy for the vnstat processes @@ -42837,57 +49838,71 @@ index 0000000..9fef382 + + +.EX ++.PP +.B vnstat_exec_t +.EE + +- Set files with the vnstat_exec_t type, if you want to transition an executable to the vnstat_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vnstatd_exec_t +.EE + +- Set files with the vnstatd_exec_t type, if you want to transition an executable to the vnstatd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vnstatd_var_lib_t +.EE + +- Set files with the vnstatd_var_lib_t type, if you want to store the vnstatd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vnstatd_var_run_t +.EE + +- Set files with the vnstatd_var_run_t type, if you want to store the vnstatd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux vnstat policy is very flexible allowing users to setup their vnstat processes in as secure a method as possible. ++.PP ++The following process types are defined for vnstat: ++ ++.EX ++.B vnstat_t, vnstatd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -42900,10 +49915,10 @@ index 0000000..9fef382 +selinux(8), vnstat(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/vnstatd_selinux.8 b/man/man8/vnstatd_selinux.8 new file mode 100644 -index 0000000..0eb38d9 +index 0000000..5c73277 --- /dev/null +++ b/man/man8/vnstatd_selinux.8 -@@ -0,0 +1,68 @@ +@@ -0,0 +1,87 @@ +.TH "vnstatd_selinux" "8" "vnstatd" "dwalsh@redhat.com" "vnstatd SELinux Policy documentation" +.SH "NAME" +vnstatd_selinux \- Security Enhanced Linux Policy for the vnstatd processes @@ -42924,44 +49939,63 @@ index 0000000..0eb38d9 + + +.EX ++.PP +.B vnstatd_exec_t +.EE + +- Set files with the vnstatd_exec_t type, if you want to transition an executable to the vnstatd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vnstatd_var_lib_t +.EE + +- Set files with the vnstatd_var_lib_t type, if you want to store the vnstatd files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vnstatd_var_run_t +.EE + +- Set files with the vnstatd_var_run_t type, if you want to store the vnstatd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux vnstatd policy is very flexible allowing users to setup their vnstatd processes in as secure a method as possible. ++.PP ++The following process types are defined for vnstatd: ++ ++.EX ++.B vnstat_t, vnstatd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -42974,10 +50008,10 @@ index 0000000..0eb38d9 +selinux(8), vnstatd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/vpnc_selinux.8 b/man/man8/vpnc_selinux.8 new file mode 100644 -index 0000000..e22cd85 +index 0000000..85189b1 --- /dev/null +++ b/man/man8/vpnc_selinux.8 -@@ -0,0 +1,65 @@ +@@ -0,0 +1,91 @@ +.TH "vpnc_selinux" "8" "vpnc" "dwalsh@redhat.com" "vpnc SELinux Policy documentation" +.SH "NAME" +vpnc_selinux \- Security Enhanced Linux Policy for the vpnc processes @@ -42998,22 +50032,19 @@ index 0000000..e22cd85 + + +.EX ++.PP +.B vpnc_exec_t +.EE + +- Set files with the vpnc_exec_t type, if you want to transition an executable to the vpnc_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/vpnc, /usr/bin/openconnect, /sbin/vpnc -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B vpnc_tmp_t +.EE + @@ -43021,18 +50052,47 @@ index 0000000..e22cd85 + + +.EX ++.PP +.B vpnc_var_run_t +.EE + +- Set files with the vpnc_var_run_t type, if you want to store the vpnc files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux vpnc policy is very flexible allowing users to setup their vpnc processes in as secure a method as possible. ++.PP ++The following process types are defined for vpnc: ++ ++.EX ++.B vpnc_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -43045,10 +50105,10 @@ index 0000000..e22cd85 +selinux(8), vpnc(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/wdmd_selinux.8 b/man/man8/wdmd_selinux.8 new file mode 100644 -index 0000000..9143fce +index 0000000..dda16c6 --- /dev/null +++ b/man/man8/wdmd_selinux.8 -@@ -0,0 +1,68 @@ +@@ -0,0 +1,87 @@ +.TH "wdmd_selinux" "8" "wdmd" "dwalsh@redhat.com" "wdmd SELinux Policy documentation" +.SH "NAME" +wdmd_selinux \- Security Enhanced Linux Policy for the wdmd processes @@ -43069,44 +50129,63 @@ index 0000000..9143fce + + +.EX ++.PP +.B wdmd_exec_t +.EE + +- Set files with the wdmd_exec_t type, if you want to transition an executable to the wdmd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B wdmd_initrc_exec_t +.EE + +- Set files with the wdmd_initrc_exec_t type, if you want to transition an executable to the wdmd_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B wdmd_var_run_t +.EE + +- Set files with the wdmd_var_run_t type, if you want to store the wdmd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux wdmd policy is very flexible allowing users to setup their wdmd processes in as secure a method as possible. ++.PP ++The following process types are defined for wdmd: ++ ++.EX ++.B wdmd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -43119,10 +50198,10 @@ index 0000000..9143fce +selinux(8), wdmd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/webalizer_selinux.8 b/man/man8/webalizer_selinux.8 new file mode 100644 -index 0000000..3621fc1 +index 0000000..37587bf --- /dev/null +++ b/man/man8/webalizer_selinux.8 -@@ -0,0 +1,83 @@ +@@ -0,0 +1,111 @@ +.TH "webalizer_selinux" "8" "webalizer" "dwalsh@redhat.com" "webalizer SELinux Policy documentation" +.SH "NAME" +webalizer_selinux \- Security Enhanced Linux Policy for the webalizer processes @@ -43143,6 +50222,7 @@ index 0000000..3621fc1 + + +.EX ++.PP +.B webalizer_etc_t +.EE + @@ -43150,19 +50230,15 @@ index 0000000..3621fc1 + + +.EX ++.PP +.B webalizer_exec_t +.EE + +- Set files with the webalizer_exec_t type, if you want to transition an executable to the webalizer_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B webalizer_tmp_t +.EE + @@ -43170,6 +50246,7 @@ index 0000000..3621fc1 + + +.EX ++.PP +.B webalizer_usage_t +.EE + @@ -43177,25 +50254,55 @@ index 0000000..3621fc1 + + +.EX ++.PP +.B webalizer_var_lib_t +.EE + +- Set files with the webalizer_var_lib_t type, if you want to store the webalizer files under the /var/lib directory. + ++ ++.EX ++.PP ++.B webalizer_write_t ++.EE ++ ++- Set files with the webalizer_write_t type, if you want to treat the files as webalizer read/write content. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux webalizer policy is very flexible allowing users to setup their webalizer processes in as secure a method as possible. ++.PP ++The following process types are defined for webalizer: + +.EX -+.B webalizer_write_t ++.B webalizer_t +.EE -+ -+- Set files with the webalizer_write_t type, if you want to treat the files as webalizer read/write content. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -43208,10 +50315,10 @@ index 0000000..3621fc1 +selinux(8), webalizer(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/winbind_selinux.8 b/man/man8/winbind_selinux.8 new file mode 100644 -index 0000000..059f636 +index 0000000..f7baef6 --- /dev/null +++ b/man/man8/winbind_selinux.8 -@@ -0,0 +1,93 @@ +@@ -0,0 +1,114 @@ +.TH "winbind_selinux" "8" "winbind" "dwalsh@redhat.com" "winbind SELinux Policy documentation" +.SH "NAME" +winbind_selinux \- Security Enhanced Linux Policy for the winbind processes @@ -43243,32 +50350,23 @@ index 0000000..059f636 + + +.EX ++.PP +.B winbind_exec_t +.EE + +- Set files with the winbind_exec_t type, if you want to transition an executable to the winbind_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B winbind_helper_exec_t +.EE + +- Set files with the winbind_helper_exec_t type, if you want to transition an executable to the winbind_helper_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B winbind_log_t +.EE + @@ -43276,21 +50374,51 @@ index 0000000..059f636 + + +.EX ++.PP +.B winbind_var_run_t +.EE + +- Set files with the winbind_var_run_t type, if you want to store the winbind files under the /run directory. + +.br ++.TP 5 +Paths: +/var/cache/samba/winbindd_privileged(/.*)?, /var/lib/samba/winbindd_privileged(/.*)?, /var/run/winbindd(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux winbind policy is very flexible allowing users to setup their winbind processes in as secure a method as possible. ++.PP ++The following process types are defined for winbind: ++ ++.EX ++.B winbind_helper_t, winbind_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -43308,10 +50436,10 @@ index 0000000..059f636 \ No newline at end of file diff --git a/man/man8/wine_selinux.8 b/man/man8/wine_selinux.8 new file mode 100644 -index 0000000..3ff4156 +index 0000000..5b527b6 --- /dev/null +++ b/man/man8/wine_selinux.8 -@@ -0,0 +1,67 @@ +@@ -0,0 +1,98 @@ +.TH "wine_selinux" "8" "wine" "dwalsh@redhat.com" "wine SELinux Policy documentation" +.SH "NAME" +wine_selinux \- Security Enhanced Linux Policy for the wine processes @@ -43343,28 +50471,59 @@ index 0000000..3ff4156 + + +.EX ++.PP +.B wine_exec_t +.EE + +- Set files with the wine_exec_t type, if you want to transition an executable to the wine_t domain. + +.br ++.TP 5 +Paths: +/opt/google/picasa(/.*)?/bin/msiexec, /usr/bin/regedit, /opt/google/picasa(/.*)?/bin/wine.*, /opt/google/picasa(/.*)?/bin/notepad, /opt/google/picasa(/.*)?/bin/regedit, /usr/bin/regsvr32, /usr/bin/uninstaller, /opt/google/picasa(/.*)?/bin/uninstaller, /opt/google/picasa(/.*)?/bin/wdi, /opt/google/picasa(/.*)?/bin/regsvr32, /usr/bin/msiexec, /opt/google/picasa(/.*)?/Picasa3/.*exe, /opt/teamviewer(/.*)?/bin/wine.*, /usr/bin/wine.*, /opt/google/picasa(/.*)?/bin/progman, /opt/picasa/wine/bin/wine.*, /usr/bin/notepad, /opt/cxoffice/bin/wine.* ++ ++.EX ++.PP ++.B wine_tmp_t ++.EE ++ ++- Set files with the wine_tmp_t type, if you want to store wine temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux wine policy is very flexible allowing users to setup their wine processes in as secure a method as possible. ++.PP ++The following process types are defined for wine: + +.EX -+.B wine_tmp_t ++.B wine_t +.EE -+ -+- Set files with the wine_tmp_t type, if you want to store wine temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -43382,10 +50541,10 @@ index 0000000..3ff4156 \ No newline at end of file diff --git a/man/man8/wireshark_selinux.8 b/man/man8/wireshark_selinux.8 new file mode 100644 -index 0000000..d8bd9aa +index 0000000..b5c8899 --- /dev/null +++ b/man/man8/wireshark_selinux.8 -@@ -0,0 +1,63 @@ +@@ -0,0 +1,95 @@ +.TH "wireshark_selinux" "8" "wireshark" "dwalsh@redhat.com" "wireshark SELinux Policy documentation" +.SH "NAME" +wireshark_selinux \- Security Enhanced Linux Policy for the wireshark processes @@ -43406,19 +50565,15 @@ index 0000000..d8bd9aa + + +.EX ++.PP +.B wireshark_exec_t +.EE + +- Set files with the wireshark_exec_t type, if you want to transition an executable to the wireshark_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B wireshark_home_t +.EE + @@ -43426,6 +50581,7 @@ index 0000000..d8bd9aa + + +.EX ++.PP +.B wireshark_tmp_t +.EE + @@ -43433,12 +50589,47 @@ index 0000000..d8bd9aa + + +.EX ++.PP +.B wireshark_tmpfs_t +.EE + +- Set files with the wireshark_tmpfs_t type, if you want to store wireshark files on a tmpfs file system. + ++ ++.PP ++Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the ++.B semanage fcontext ++command. This will modify the SELinux labeling database. You will need to use ++.B restorecon ++to apply the labels. ++ ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux wireshark policy is very flexible allowing users to setup their wireshark processes in as secure a method as possible. ++.PP ++The following process types are defined for wireshark: ++ ++.EX ++.B wireshark_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -43451,10 +50642,10 @@ index 0000000..d8bd9aa +selinux(8), wireshark(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/wpa_selinux.8 b/man/man8/wpa_selinux.8 new file mode 100644 -index 0000000..199107e +index 0000000..cf33cbd --- /dev/null +++ b/man/man8/wpa_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "wpa_selinux" "8" "wpa" "dwalsh@redhat.com" "wpa SELinux Policy documentation" +.SH "NAME" +wpa_selinux \- Security Enhanced Linux Policy for the wpa processes @@ -43475,21 +50666,51 @@ index 0000000..199107e + + +.EX ++.PP +.B wpa_cli_exec_t +.EE + +- Set files with the wpa_cli_exec_t type, if you want to transition an executable to the wpa_cli_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/wpa_cli, /sbin/wpa_cli ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux wpa policy is very flexible allowing users to setup their wpa processes in as secure a method as possible. ++.PP ++The following process types are defined for wpa: ++ ++.EX ++.B wpa_cli_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -43502,10 +50723,10 @@ index 0000000..199107e +selinux(8), wpa(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/xauth_selinux.8 b/man/man8/xauth_selinux.8 new file mode 100644 -index 0000000..8889877 +index 0000000..ad0528e --- /dev/null +++ b/man/man8/xauth_selinux.8 -@@ -0,0 +1,68 @@ +@@ -0,0 +1,95 @@ +.TH "xauth_selinux" "8" "xauth" "dwalsh@redhat.com" "xauth SELinux Policy documentation" +.SH "NAME" +xauth_selinux \- Security Enhanced Linux Policy for the xauth processes @@ -43526,44 +50747,71 @@ index 0000000..8889877 + + +.EX ++.PP +.B xauth_exec_t +.EE + +- Set files with the xauth_exec_t type, if you want to transition an executable to the xauth_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/xauth, /usr/X11R6/bin/xauth -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xauth_home_t +.EE + +- Set files with the xauth_home_t type, if you want to store xauth files in the users home directory. + +.br ++.TP 5 +Paths: +/var/lib/nxserver/home/\.xauth.*, /root/\.Xauth.*, /var/lib/nxserver/home/\.Xauthority.*, /root/\.Xauthority.*, /root/\.serverauth.*, /var/lib/pqsql/\.Xauthority.*, /root/\.xauth.*, /var/lib/pqsql/\.xauth.* ++ ++.EX ++.PP ++.B xauth_tmp_t ++.EE ++ ++- Set files with the xauth_tmp_t type, if you want to store xauth temporary files in the /tmp directories. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux xauth policy is very flexible allowing users to setup their xauth processes in as secure a method as possible. ++.PP ++The following process types are defined for xauth: + +.EX -+.B xauth_tmp_t ++.B xauth_t +.EE -+ -+- Set files with the xauth_tmp_t type, if you want to store xauth temporary files in the /tmp directories. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -43576,10 +50824,10 @@ index 0000000..8889877 +selinux(8), xauth(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/xdm_selinux.8 b/man/man8/xdm_selinux.8 new file mode 100644 -index 0000000..6845657 +index 0000000..f6908ec --- /dev/null +++ b/man/man8/xdm_selinux.8 -@@ -0,0 +1,224 @@ +@@ -0,0 +1,223 @@ +.TH "xdm_selinux" "8" "xdm" "dwalsh@redhat.com" "xdm SELinux Policy documentation" +.SH "NAME" +xdm_selinux \- Security Enhanced Linux Policy for the xdm processes @@ -43618,51 +50866,39 @@ index 0000000..6845657 + + +.EX ++.PP +.B xdm_etc_t +.EE + +- Set files with the xdm_etc_t type, if you want to store xdm files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xdm_exec_t +.EE + +- Set files with the xdm_exec_t type, if you want to transition an executable to the xdm_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/[xgkw]dm, /usr/bin/slim, /usr/sbin/[xgkw]dm, /usr/X11R6/bin/[xgkw]dm, /usr/sbin/lxdm, /usr/sbin/lxdm-binary, /usr/bin/lxdm-binary, /usr/bin/gpe-dm, /usr/bin/gdm-binary, /usr/bin/lxdm, /opt/kde3/bin/kdm, /usr/sbin/gdm-binary -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xdm_home_t +.EE + +- Set files with the xdm_home_t type, if you want to store xdm files in the users home directory. + +.br ++.TP 5 +Paths: +/root/\.xsession-errors.*, /root/\.dmrc.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xdm_lock_t +.EE + @@ -43670,64 +50906,47 @@ index 0000000..6845657 + + +.EX ++.PP +.B xdm_log_t +.EE + +- Set files with the xdm_log_t type, if you want to treat the data as xdm log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/slim\.log.*, /var/log/(l)?xdm\.log.*, /var/log/gdm(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xdm_rw_etc_t +.EE + +- Set files with the xdm_rw_etc_t type, if you want to store xdm rw files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xdm_spool_t +.EE + +- Set files with the xdm_spool_t type, if you want to store the xdm files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xdm_tmp_t +.EE + +- Set files with the xdm_tmp_t type, if you want to store xdm temporary files in the /tmp directories. + +.br ++.TP 5 +Paths: +/tmp/\.X0-lock, /tmp/\.X11-unix(/.*)?, /tmp/\.ICE-unix(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xdm_tmpfs_t +.EE + @@ -43735,30 +50954,30 @@ index 0000000..6845657 + + +.EX ++.PP +.B xdm_var_lib_t +.EE + +- Set files with the xdm_var_lib_t type, if you want to store the xdm files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/[gxkw]dm(/.*)?, /var/cache/gdm(/.*)?, /var/lib/lxdm(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xdm_var_run_t +.EE + +- Set files with the xdm_var_run_t type, if you want to store the xdm files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/kdm(/.*)?, /var/run/slim.*, /var/run/lxdm(/.*)?, /var/run/gdm(/.*)?, /usr/lib/qt-.*/etc/settings(/.*)?, /var/run/lxdm\.auth, /var/run/xauth(/.*)?, /var/run/xdmctl(/.*)?, /var/run/[gx]dm\.pid, /var/run/slim(/.*)?, /var/run/gdm_socket, /etc/kde3?/kdm/backgroundrc, /var/run/lxdm\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -43777,19 +50996,47 @@ index 0000000..6845657 +SELinux xdm policy is very flexible allowing users to setup their xdm processes in as secure a method as possible. +.PP +The following port types are defined for xdm: -+.EX + ++.EX ++.TP 5 +.B xdmcp_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 177 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 177 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux xdm policy is very flexible allowing users to setup their xdm processes in as secure a method as possible. ++.PP ++The following process types are defined for xdm: ++ ++.EX ++.B xdm_t, xdm_dbusd_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -43807,10 +51054,10 @@ index 0000000..6845657 \ No newline at end of file diff --git a/man/man8/xenconsoled_selinux.8 b/man/man8/xenconsoled_selinux.8 new file mode 100644 -index 0000000..a141bd7 +index 0000000..9087cd1 --- /dev/null +++ b/man/man8/xenconsoled_selinux.8 -@@ -0,0 +1,55 @@ +@@ -0,0 +1,79 @@ +.TH "xenconsoled_selinux" "8" "xenconsoled" "dwalsh@redhat.com" "xenconsoled SELinux Policy documentation" +.SH "NAME" +xenconsoled_selinux \- Security Enhanced Linux Policy for the xenconsoled processes @@ -43831,31 +51078,55 @@ index 0000000..a141bd7 + + +.EX ++.PP +.B xenconsoled_exec_t +.EE + +- Set files with the xenconsoled_exec_t type, if you want to transition an executable to the xenconsoled_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xenconsoled_var_run_t +.EE + +- Set files with the xenconsoled_var_run_t type, if you want to store the xenconsoled files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux xenconsoled policy is very flexible allowing users to setup their xenconsoled processes in as secure a method as possible. ++.PP ++The following process types are defined for xenconsoled: ++ ++.EX ++.B xenconsoled_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -43868,10 +51139,10 @@ index 0000000..a141bd7 +selinux(8), xenconsoled(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/xend_selinux.8 b/man/man8/xend_selinux.8 new file mode 100644 -index 0000000..bae807a +index 0000000..ab26c78 --- /dev/null +++ b/man/man8/xend_selinux.8 -@@ -0,0 +1,148 @@ +@@ -0,0 +1,170 @@ +.TH "xend_selinux" "8" "xend" "dwalsh@redhat.com" "xend SELinux Policy documentation" +.SH "NAME" +xend_selinux \- Security Enhanced Linux Policy for the xend processes @@ -43917,19 +51188,15 @@ index 0000000..bae807a + + +.EX ++.PP +.B xend_exec_t +.EE + +- Set files with the xend_exec_t type, if you want to transition an executable to the xend_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xend_tmp_t +.EE + @@ -43937,46 +51204,42 @@ index 0000000..bae807a + + +.EX ++.PP +.B xend_var_lib_t +.EE + +- Set files with the xend_var_lib_t type, if you want to store the xend files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/xen(/.*)?, /var/lib/xend(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xend_var_log_t +.EE + +- Set files with the xend_var_log_t type, if you want to treat the data as xend var log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/xen(/.*)?, /var/log/xen-hotplug\.log, /var/log/xend\.log, /var/log/xend-debug\.log -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xend_var_run_t +.EE + +- Set files with the xend_var_run_t type, if you want to store the xend files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/xenner(/.*)?, /var/run/xend(/.*)?, /var/run/xend\.pid ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -43995,17 +51258,47 @@ index 0000000..bae807a +SELinux xend policy is very flexible allowing users to setup their xend processes in as secure a method as possible. +.PP +The following port types are defined for xend: -+.EX + ++.EX ++.TP 5 +.B xen_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux xend policy is very flexible allowing users to setup their xend processes in as secure a method as possible. ++.PP ++The following process types are defined for xend: + -+.B tcp 8002 ++.EX ++.B xend_t, xenstored_t, xenconsoled_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -44023,10 +51316,10 @@ index 0000000..bae807a \ No newline at end of file diff --git a/man/man8/xenstored_selinux.8 b/man/man8/xenstored_selinux.8 new file mode 100644 -index 0000000..7d3048e +index 0000000..8df9230 --- /dev/null +++ b/man/man8/xenstored_selinux.8 -@@ -0,0 +1,85 @@ +@@ -0,0 +1,107 @@ +.TH "xenstored_selinux" "8" "xenstored" "dwalsh@redhat.com" "xenstored SELinux Policy documentation" +.SH "NAME" +xenstored_selinux \- Security Enhanced Linux Policy for the xenstored processes @@ -44047,19 +51340,15 @@ index 0000000..7d3048e + + +.EX ++.PP +.B xenstored_exec_t +.EE + +- Set files with the xenstored_exec_t type, if you want to transition an executable to the xenstored_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xenstored_tmp_t +.EE + @@ -44067,19 +51356,15 @@ index 0000000..7d3048e + + +.EX ++.PP +.B xenstored_var_lib_t +.EE + +- Set files with the xenstored_var_lib_t type, if you want to store the xenstored files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xenstored_var_log_t +.EE + @@ -44087,21 +51372,51 @@ index 0000000..7d3048e + + +.EX ++.PP +.B xenstored_var_run_t +.EE + +- Set files with the xenstored_var_run_t type, if you want to store the xenstored files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/xenstore\.pid, /var/run/xenstored(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux xenstored policy is very flexible allowing users to setup their xenstored processes in as secure a method as possible. ++.PP ++The following process types are defined for xenstored: ++ ++.EX ++.B xenstored_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -44114,10 +51429,10 @@ index 0000000..7d3048e +selinux(8), xenstored(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/xserver_selinux.8 b/man/man8/xserver_selinux.8 new file mode 100644 -index 0000000..f309331 +index 0000000..c03b62f --- /dev/null +++ b/man/man8/xserver_selinux.8 -@@ -0,0 +1,148 @@ +@@ -0,0 +1,170 @@ +.TH "xserver_selinux" "8" "xserver" "dwalsh@redhat.com" "xserver SELinux Policy documentation" +.SH "NAME" +xserver_selinux \- Security Enhanced Linux Policy for the xserver processes @@ -44163,38 +51478,31 @@ index 0000000..f309331 + + +.EX ++.PP +.B xserver_exec_t +.EE + +- Set files with the xserver_exec_t type, if you want to transition an executable to the xserver_t domain. + +.br ++.TP 5 +Paths: +/usr/bin/Xair, /usr/bin/Xephyr, /usr/X11R6/bin/Xwrapper, /usr/X11R6/bin/XFree86, /etc/init\.d/xfree86-common, /usr/X11R6/bin/Xorg, /usr/X11R6/bin/Xipaq, /usr/bin/Xorg, /usr/X11R6/bin/X -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xserver_log_t +.EE + +- Set files with the xserver_log_t type, if you want to treat the data as xserver log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/usr/var/[xgkw]dm(/.*)?, /var/[xgk]dm(/.*)?, /var/log/nvidia-installer\.log.*, /var/log/XFree86.*, /var/log/Xorg.*, /var/log/[kw]dm\.log.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xserver_tmpfs_t +.EE + @@ -44202,27 +51510,26 @@ index 0000000..f309331 + + +.EX ++.PP +.B xserver_var_lib_t +.EE + +- Set files with the xserver_var_lib_t type, if you want to store the xserver files under the /var/lib directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B xserver_var_run_t +.EE + +- Set files with the xserver_var_run_t type, if you want to store the xserver files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/xorg(/.*)?, /var/run/video.rom ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -44241,17 +51548,47 @@ index 0000000..f309331 +SELinux xserver policy is very flexible allowing users to setup their xserver processes in as secure a method as possible. +.PP +The following port types are defined for xserver: -+.EX + ++.EX ++.TP 5 +.B xserver_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux xserver policy is very flexible allowing users to setup their xserver processes in as secure a method as possible. ++.PP ++The following process types are defined for xserver: + -+.B tcp 6000-6020 ++.EX ++.B xserver_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -44268,10 +51605,10 @@ index 0000000..f309331 +, setsebool(8) \ No newline at end of file diff --git a/man/man8/ypbind_selinux.8 b/man/man8/ypbind_selinux.8 -index 5061a5f..a205a95 100644 +index 5061a5f..ca18929 100644 --- a/man/man8/ypbind_selinux.8 +++ b/man/man8/ypbind_selinux.8 -@@ -1,19 +1,102 @@ +@@ -1,19 +1,118 @@ -.TH "ypbind_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "ypbind Selinux Policy documentation" +.TH "ypbind_selinux" "8" "ypbind" "dwalsh@redhat.com" "ypbind SELinux Policy documentation" .SH "NAME" @@ -44313,63 +51650,79 @@ index 5061a5f..a205a95 100644 + + +.EX ++.PP +.B ypbind_exec_t +.EE + +- Set files with the ypbind_exec_t type, if you want to transition an executable to the ypbind_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/ypbind, /sbin/ypbind -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ypbind_initrc_exec_t +.EE + +- Set files with the ypbind_initrc_exec_t type, if you want to transition an executable to the ypbind_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ypbind_unit_file_t +.EE + +- Set files with the ypbind_unit_file_t type, if you want to treat the files as ypbind unit content. + +.br ++.TP 5 +Paths: +/usr/lib/systemd/system/ypbind\.service, /lib/systemd/system/ypbind\.service -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ypbind_var_run_t +.EE + +- Set files with the ypbind_var_run_t type, if you want to store the ypbind files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ypbind policy is very flexible allowing users to setup their ypbind processes in as secure a method as possible. ++.PP ++The following process types are defined for ypbind: ++ ++.EX ++.B ypbind_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.B semanage boolean +can also be used to manipulate the booleans @@ -44389,10 +51742,10 @@ index 5061a5f..a205a95 100644 \ No newline at end of file diff --git a/man/man8/yppasswdd_selinux.8 b/man/man8/yppasswdd_selinux.8 new file mode 100644 -index 0000000..74c44e7 +index 0000000..d419896 --- /dev/null +++ b/man/man8/yppasswdd_selinux.8 -@@ -0,0 +1,55 @@ +@@ -0,0 +1,79 @@ +.TH "yppasswdd_selinux" "8" "yppasswdd" "dwalsh@redhat.com" "yppasswdd SELinux Policy documentation" +.SH "NAME" +yppasswdd_selinux \- Security Enhanced Linux Policy for the yppasswdd processes @@ -44413,31 +51766,55 @@ index 0000000..74c44e7 + + +.EX ++.PP +.B yppasswdd_exec_t +.EE + +- Set files with the yppasswdd_exec_t type, if you want to transition an executable to the yppasswdd_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B yppasswdd_var_run_t +.EE + +- Set files with the yppasswdd_var_run_t type, if you want to store the yppasswdd files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux yppasswdd policy is very flexible allowing users to setup their yppasswdd processes in as secure a method as possible. ++.PP ++The following process types are defined for yppasswdd: ++ ++.EX ++.B yppasswdd_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -44450,10 +51827,10 @@ index 0000000..74c44e7 +selinux(8), yppasswdd(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ypserv_selinux.8 b/man/man8/ypserv_selinux.8 new file mode 100644 -index 0000000..cd2ed32 +index 0000000..7302580 --- /dev/null +++ b/man/man8/ypserv_selinux.8 -@@ -0,0 +1,68 @@ +@@ -0,0 +1,87 @@ +.TH "ypserv_selinux" "8" "ypserv" "dwalsh@redhat.com" "ypserv SELinux Policy documentation" +.SH "NAME" +ypserv_selinux \- Security Enhanced Linux Policy for the ypserv processes @@ -44474,44 +51851,63 @@ index 0000000..cd2ed32 + + +.EX ++.PP +.B ypserv_conf_t +.EE + +- Set files with the ypserv_conf_t type, if you want to treat the files as ypserv configuration data, usually stored under the /etc directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ypserv_exec_t +.EE + +- Set files with the ypserv_exec_t type, if you want to transition an executable to the ypserv_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ypserv_var_run_t +.EE + +- Set files with the ypserv_var_run_t type, if you want to store the ypserv files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ypserv policy is very flexible allowing users to setup their ypserv processes in as secure a method as possible. ++.PP ++The following process types are defined for ypserv: ++ ++.EX ++.B ypserv_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -44524,10 +51920,10 @@ index 0000000..cd2ed32 +selinux(8), ypserv(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/ypxfr_selinux.8 b/man/man8/ypxfr_selinux.8 new file mode 100644 -index 0000000..03dc951 +index 0000000..4e0894b --- /dev/null +++ b/man/man8/ypxfr_selinux.8 -@@ -0,0 +1,58 @@ +@@ -0,0 +1,83 @@ +.TH "ypxfr_selinux" "8" "ypxfr" "dwalsh@redhat.com" "ypxfr SELinux Policy documentation" +.SH "NAME" +ypxfr_selinux \- Security Enhanced Linux Policy for the ypxfr processes @@ -44548,34 +51944,59 @@ index 0000000..03dc951 + + +.EX ++.PP +.B ypxfr_exec_t +.EE + +- Set files with the ypxfr_exec_t type, if you want to transition an executable to the ypxfr_t domain. + +.br ++.TP 5 +Paths: +/usr/lib/yp/ypxfr, /usr/sbin/rpc\.ypxfrd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B ypxfr_var_run_t +.EE + +- Set files with the ypxfr_var_run_t type, if you want to store the ypxfr files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux ypxfr policy is very flexible allowing users to setup their ypxfr processes in as secure a method as possible. ++.PP ++The following process types are defined for ypxfr: ++ ++.EX ++.B ypxfr_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -44588,10 +52009,10 @@ index 0000000..03dc951 +selinux(8), ypxfr(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/zabbix_selinux.8 b/man/man8/zabbix_selinux.8 new file mode 100644 -index 0000000..4250a68 +index 0000000..481a4da --- /dev/null +++ b/man/man8/zabbix_selinux.8 -@@ -0,0 +1,169 @@ +@@ -0,0 +1,194 @@ +.TH "zabbix_selinux" "8" "zabbix" "dwalsh@redhat.com" "zabbix SELinux Policy documentation" +.SH "NAME" +zabbix_selinux \- Security Enhanced Linux Policy for the zabbix processes @@ -44630,6 +52051,7 @@ index 0000000..4250a68 + + +.EX ++.PP +.B zabbix_agent_exec_t +.EE + @@ -44637,6 +52059,7 @@ index 0000000..4250a68 + + +.EX ++.PP +.B zabbix_agent_initrc_exec_t +.EE + @@ -44644,51 +52067,39 @@ index 0000000..4250a68 + + +.EX ++.PP +.B zabbix_exec_t +.EE + +- Set files with the zabbix_exec_t type, if you want to transition an executable to the zabbix_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/zabbix_server_sqlite3, /usr/sbin/zabbix_server_mysql, /usr/sbin/zabbix_server_pgsql, /usr/sbin/zabbix_server -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zabbix_initrc_exec_t +.EE + +- Set files with the zabbix_initrc_exec_t type, if you want to transition an executable to the zabbix_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/zabbix-server, /etc/rc\.d/init\.d/zabbix -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zabbix_log_t +.EE + +- Set files with the zabbix_log_t type, if you want to treat the data as zabbix log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zabbix_tmp_t +.EE + @@ -44696,6 +52107,7 @@ index 0000000..4250a68 + + +.EX ++.PP +.B zabbix_tmpfs_t +.EE + @@ -44703,11 +52115,14 @@ index 0000000..4250a68 + + +.EX ++.PP +.B zabbix_var_run_t +.EE + +- Set files with the zabbix_var_run_t type, if you want to store the zabbix files under the /run directory. + ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -44726,27 +52141,58 @@ index 0000000..4250a68 +SELinux zabbix policy is very flexible allowing users to setup their zabbix processes in as secure a method as possible. +.PP +The following port types are defined for zabbix: -+.EX + ++.EX ++.TP 5 +.B zabbix_agent_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 10050 ++Default Defined Ports: ++tcp 8021 +.EE -+.EX + ++.EX ++.TP 5 +.B zabbix_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux zabbix policy is very flexible allowing users to setup their zabbix processes in as secure a method as possible. ++.PP ++The following process types are defined for zabbix: + -+.B tcp 10051 ++.EX ++.B zabbix_agent_t, zabbix_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -44764,10 +52210,10 @@ index 0000000..4250a68 \ No newline at end of file diff --git a/man/man8/zarafa_selinux.8 b/man/man8/zarafa_selinux.8 new file mode 100644 -index 0000000..6c18ac4 +index 0000000..1462f23 --- /dev/null +++ b/man/man8/zarafa_selinux.8 -@@ -0,0 +1,372 @@ +@@ -0,0 +1,313 @@ +.TH "zarafa_selinux" "8" "zarafa" "dwalsh@redhat.com" "zarafa SELinux Policy documentation" +.SH "NAME" +zarafa_selinux \- Security Enhanced Linux Policy for the zarafa processes @@ -44788,19 +52234,15 @@ index 0000000..6c18ac4 + + +.EX ++.PP +.B zarafa_deliver_exec_t +.EE + +- Set files with the zarafa_deliver_exec_t type, if you want to transition an executable to the zarafa_deliver_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_deliver_log_t +.EE + @@ -44808,6 +52250,7 @@ index 0000000..6c18ac4 + + +.EX ++.PP +.B zarafa_deliver_tmp_t +.EE + @@ -44815,6 +52258,7 @@ index 0000000..6c18ac4 + + +.EX ++.PP +.B zarafa_deliver_var_run_t +.EE + @@ -44822,123 +52266,79 @@ index 0000000..6c18ac4 + + +.EX ++.PP +.B zarafa_etc_t +.EE + +- Set files with the zarafa_etc_t type, if you want to store zarafa files in the /etc directories. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_gateway_exec_t +.EE + +- Set files with the zarafa_gateway_exec_t type, if you want to transition an executable to the zarafa_gateway_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_gateway_log_t +.EE + +- Set files with the zarafa_gateway_log_t type, if you want to treat the data as zarafa gateway log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_gateway_var_run_t +.EE + +- Set files with the zarafa_gateway_var_run_t type, if you want to store the zarafa gateway files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_ical_exec_t +.EE + +- Set files with the zarafa_ical_exec_t type, if you want to transition an executable to the zarafa_ical_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_ical_log_t +.EE + +- Set files with the zarafa_ical_log_t type, if you want to treat the data as zarafa ical log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_ical_var_run_t +.EE + +- Set files with the zarafa_ical_var_run_t type, if you want to store the zarafa ical files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_indexer_exec_t +.EE + +- Set files with the zarafa_indexer_exec_t type, if you want to transition an executable to the zarafa_indexer_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_indexer_log_t +.EE + +- Set files with the zarafa_indexer_log_t type, if you want to treat the data as zarafa indexer log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_indexer_tmp_t +.EE + @@ -44946,84 +52346,55 @@ index 0000000..6c18ac4 + + +.EX ++.PP +.B zarafa_indexer_var_run_t +.EE + +- Set files with the zarafa_indexer_var_run_t type, if you want to store the zarafa indexer files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_monitor_exec_t +.EE + +- Set files with the zarafa_monitor_exec_t type, if you want to transition an executable to the zarafa_monitor_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_monitor_log_t +.EE + +- Set files with the zarafa_monitor_log_t type, if you want to treat the data as zarafa monitor log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_monitor_var_run_t +.EE + +- Set files with the zarafa_monitor_var_run_t type, if you want to store the zarafa monitor files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_server_exec_t +.EE + +- Set files with the zarafa_server_exec_t type, if you want to transition an executable to the zarafa_server_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_server_log_t +.EE + +- Set files with the zarafa_server_log_t type, if you want to treat the data as zarafa server log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_server_tmp_t +.EE + @@ -45031,22 +52402,19 @@ index 0000000..6c18ac4 + + +.EX ++.PP +.B zarafa_server_var_run_t +.EE + +- Set files with the zarafa_server_var_run_t type, if you want to store the zarafa server files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/zarafa, /var/run/zarafa-server\.pid -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_share_t +.EE + @@ -45054,53 +52422,42 @@ index 0000000..6c18ac4 + + +.EX ++.PP +.B zarafa_spooler_exec_t +.EE + +- Set files with the zarafa_spooler_exec_t type, if you want to transition an executable to the zarafa_spooler_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_spooler_log_t +.EE + +- Set files with the zarafa_spooler_log_t type, if you want to treat the data as zarafa spooler log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_spooler_var_run_t +.EE + +- Set files with the zarafa_spooler_var_run_t type, if you want to store the zarafa spooler files under the /run directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zarafa_var_lib_t +.EE + +- Set files with the zarafa_var_lib_t type, if you want to store the zarafa files under the /var/lib directory. + +.br ++.TP 5 +Paths: +/var/lib/zarafa-webaccess(/.*)?, /var/lib/zarafa(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -45119,17 +52476,47 @@ index 0000000..6c18ac4 +SELinux zarafa policy is very flexible allowing users to setup their zarafa processes in as secure a method as possible. +.PP +The following port types are defined for zarafa: -+.EX + ++.EX ++.TP 5 +.B zarafa_port_t ++.TP 10 +.EE + -+.EX ++ +Default Defined Ports: ++tcp 8021 ++.EE ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux zarafa policy is very flexible allowing users to setup their zarafa processes in as secure a method as possible. ++.PP ++The following process types are defined for zarafa: + -+.B tcp 236,237 ++.EX ++.B zarafa_gateway_t, zarafa_spooler_t, zarafa_deliver_t, zarafa_monitor_t, zarafa_indexer_t, zarafa_server_t, zarafa_ical_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.PP +.B system-config-selinux @@ -45142,10 +52529,10 @@ index 0000000..6c18ac4 +selinux(8), zarafa(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/zebra_selinux.8 b/man/man8/zebra_selinux.8 new file mode 100644 -index 0000000..75b2d7c +index 0000000..98239dc --- /dev/null +++ b/man/man8/zebra_selinux.8 -@@ -0,0 +1,155 @@ +@@ -0,0 +1,172 @@ +.TH "zebra_selinux" "8" "zebra" "dwalsh@redhat.com" "zebra SELinux Policy documentation" +.SH "NAME" +zebra_selinux \- Security Enhanced Linux Policy for the zebra processes @@ -45177,70 +52564,55 @@ index 0000000..75b2d7c + + +.EX ++.PP +.B zebra_conf_t +.EE + +- Set files with the zebra_conf_t type, if you want to treat the files as zebra configuration data, usually stored under the /etc directory. + +.br ++.TP 5 +Paths: +/etc/zebra(/.*)?, /etc/quagga(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zebra_exec_t +.EE + +- Set files with the zebra_exec_t type, if you want to transition an executable to the zebra_t domain. + +.br ++.TP 5 +Paths: +/usr/sbin/zebra, /usr/sbin/rip.*, /usr/sbin/bgpd, /usr/sbin/ospf.* -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zebra_initrc_exec_t +.EE + +- Set files with the zebra_initrc_exec_t type, if you want to transition an executable to the zebra_initrc_t domain. + +.br ++.TP 5 +Paths: +/etc/rc\.d/init\.d/ripngd, /etc/rc\.d/init\.d/zebra, /etc/rc\.d/init\.d/ripd, /etc/rc\.d/init\.d/bgpd, /etc/rc\.d/init\.d/ospf6d, /etc/rc\.d/init\.d/ospfd -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zebra_log_t +.EE + +- Set files with the zebra_log_t type, if you want to treat the data as zebra log data, usually stored under the /var/log directory. + +.br ++.TP 5 +Paths: +/var/log/quagga(/.*)?, /var/log/zebra(/.*)? -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zebra_tmp_t +.EE + @@ -45248,14 +52620,18 @@ index 0000000..75b2d7c + + +.EX ++.PP +.B zebra_var_run_t +.EE + +- Set files with the zebra_var_run_t type, if you want to store the zebra files under the /run directory. + +.br ++.TP 5 +Paths: +/var/run/\.zserv, /var/run/\.zebra, /var/run/quagga(/.*)? ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use @@ -45274,19 +52650,47 @@ index 0000000..75b2d7c +SELinux zebra policy is very flexible allowing users to setup their zebra processes in as secure a method as possible. +.PP +The following port types are defined for zebra: -+.EX + ++.EX ++.TP 5 +.B zebra_port_t ++.TP 10 +.EE + -+.EX -+Default Defined Ports: + -+.B tcp 2600-2604,2606 ++Default Defined Ports: ++tcp 8021 +.EE -+.B udp 2600-2604,2606 ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux zebra policy is very flexible allowing users to setup their zebra processes in as secure a method as possible. ++.PP ++The following process types are defined for zebra: ++ ++.EX ++.B zebra_t +.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules ++ ++.B semanage port ++can also be used to manipulate the port definitions + +.B semanage boolean +can also be used to manipulate the booleans @@ -45304,10 +52708,10 @@ index 0000000..75b2d7c \ No newline at end of file diff --git a/man/man8/zoneminder_selinux.8 b/man/man8/zoneminder_selinux.8 new file mode 100644 -index 0000000..0c04793 +index 0000000..6bdbdc5 --- /dev/null +++ b/man/man8/zoneminder_selinux.8 -@@ -0,0 +1,136 @@ +@@ -0,0 +1,145 @@ +.TH "zoneminder_selinux" "8" "zoneminder" "dwalsh@redhat.com" "zoneminder SELinux Policy documentation" +.SH "NAME" +zoneminder_selinux \- Security Enhanced Linux Policy for the zoneminder processes @@ -45323,18 +52727,16 @@ index 0000000..0c04793 +.PP +.B +semanage fcontext -a -t public_content_t "/var/zoneminder(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/zoneminder ++.br ++.B restorecon -F -R -v /var/zoneminder +.pp +.TP +Allow zoneminder servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This also requires the allow_zoneminderd_anon_write boolean to be set. +.PP +.B +semanage fcontext -a -t public_content_rw_t "/var/zoneminder/incoming(/.*)?" -+.TP -+.B -+restorecon -F -R -v /var/zoneminder/incoming ++.br ++.B restorecon -F -R -v /var/zoneminder/incoming + + +.PP @@ -45356,58 +52758,39 @@ index 0000000..0c04793 + + +.EX ++.PP +.B zoneminder_exec_t +.EE + +- Set files with the zoneminder_exec_t type, if you want to transition an executable to the zoneminder_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zoneminder_initrc_exec_t +.EE + +- Set files with the zoneminder_initrc_exec_t type, if you want to transition an executable to the zoneminder_initrc_t domain. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zoneminder_log_t +.EE + +- Set files with the zoneminder_log_t type, if you want to treat the data as zoneminder log data, usually stored under the /var/log directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zoneminder_spool_t +.EE + +- Set files with the zoneminder_spool_t type, if you want to store the zoneminder files under the /var/spool directory. + -+Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the -+.B semanage fcontext -+command. This will modify the SELinux labeling database. You will need to use -+.B restorecon -+to apply the labels. -+ + +.EX ++.PP +.B zoneminder_tmpfs_t +.EE + @@ -45415,25 +52798,55 @@ index 0000000..0c04793 + + +.EX ++.PP +.B zoneminder_var_lib_t +.EE + +- Set files with the zoneminder_var_lib_t type, if you want to store the zoneminder files under the /var/lib directory. + ++ ++.EX ++.PP ++.B zoneminder_var_run_t ++.EE ++ ++- Set files with the zoneminder_var_run_t type, if you want to store the zoneminder files under the /run directory. ++ ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux zoneminder policy is very flexible allowing users to setup their zoneminder processes in as secure a method as possible. ++.PP ++The following process types are defined for zoneminder: + +.EX -+.B zoneminder_var_run_t ++.B zoneminder_t +.EE -+ -+- Set files with the zoneminder_var_run_t type, if you want to store the zoneminder files under the /run directory. ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. + +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -45446,10 +52859,10 @@ index 0000000..0c04793 +selinux(8), zoneminder(8), semanage(8), restorecon(8), chcon(1) diff --git a/man/man8/zos_selinux.8 b/man/man8/zos_selinux.8 new file mode 100644 -index 0000000..6eb668b +index 0000000..7a117d7 --- /dev/null +++ b/man/man8/zos_selinux.8 -@@ -0,0 +1,45 @@ +@@ -0,0 +1,75 @@ +.TH "zos_selinux" "8" "zos" "dwalsh@redhat.com" "zos SELinux Policy documentation" +.SH "NAME" +zos_selinux \- Security Enhanced Linux Policy for the zos processes @@ -45470,21 +52883,51 @@ index 0000000..6eb668b + + +.EX ++.PP +.B zos_remote_exec_t +.EE + +- Set files with the zos_remote_exec_t type, if you want to transition an executable to the zos_remote_t domain. + +.br ++.TP 5 +Paths: +/sbin/audispd-zos-remote, /usr/sbin/audispd-zos-remote ++ ++.PP +Note: File context can be temporarily modified with the chcon command. If you want to permanantly change the file context you need to use the +.B semanage fcontext +command. This will modify the SELinux labeling database. You will need to use +.B restorecon +to apply the labels. + ++.SH PROCESS TYPES ++SELinux defines process types (domains) for each process running on the system ++.PP ++You can see the context of a process using the \fB\-Z\fP option to \fBps\bP ++.PP ++Policy governs the access confined processes have to files. ++SELinux zos policy is very flexible allowing users to setup their zos processes in as secure a method as possible. ++.PP ++The following process types are defined for zos: ++ ++.EX ++.B zos_remote_t ++.EE ++.PP ++Note: ++.B semanage permississive -a PROCESS_TYPE ++can be used to make a process type permissive. Permissive process types are not denied access by SELinux. AVC messages will still be generated. ++ +.SH "COMMANDS" ++.B semanage fcontext ++can also be used to manipulate default file context mappings. ++.PP ++.B semanage permissive ++can also be used to manipulate whether or not a process type is permissive. ++.PP ++.B semanage module ++can also be used to enable/disable/install/remove policy modules + +.PP +.B system-config-selinux @@ -46902,7 +54345,7 @@ index 4f7bd3c..9143343 100644 - unconfined_domain(kudzu_t) ') diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te -index 7090dae..ed9fa39 100644 +index 7090dae..77c91f7 100644 --- a/policy/modules/admin/logrotate.te +++ b/policy/modules/admin/logrotate.te @@ -29,9 +29,7 @@ files_type(logrotate_var_lib_t) @@ -46940,7 +54383,15 @@ index 7090dae..ed9fa39 100644 selinux_get_fs_mount(logrotate_t) selinux_get_enforce_mode(logrotate_t) -@@ -102,6 +103,7 @@ files_read_var_lib_files(logrotate_t) +@@ -85,6 +86,7 @@ auth_use_nsswitch(logrotate_t) + # Run helper programs. + corecmd_exec_bin(logrotate_t) + corecmd_exec_shell(logrotate_t) ++corecmd_getattr_all_executables(logrotate_t) + + domain_signal_all_domains(logrotate_t) + domain_use_interactive_fds(logrotate_t) +@@ -102,6 +104,7 @@ files_read_var_lib_files(logrotate_t) files_manage_generic_spool(logrotate_t) files_manage_generic_spool_dirs(logrotate_t) files_getattr_generic_locks(logrotate_t) @@ -46948,7 +54399,7 @@ index 7090dae..ed9fa39 100644 # cjp: why is this needed? init_domtrans_script(logrotate_t) -@@ -116,17 +118,16 @@ miscfiles_read_localization(logrotate_t) +@@ -116,17 +119,16 @@ miscfiles_read_localization(logrotate_t) seutil_dontaudit_read_config(logrotate_t) @@ -46972,7 +54423,7 @@ index 7090dae..ed9fa39 100644 # for savelog can_exec(logrotate_t, logrotate_exec_t) -@@ -138,7 +139,7 @@ ifdef(`distro_debian', ` +@@ -138,7 +140,7 @@ ifdef(`distro_debian', ` ') optional_policy(` @@ -46981,7 +54432,7 @@ index 7090dae..ed9fa39 100644 ') optional_policy(` -@@ -154,6 +155,10 @@ optional_policy(` +@@ -154,6 +156,10 @@ optional_policy(` ') optional_policy(` @@ -46992,7 +54443,7 @@ index 7090dae..ed9fa39 100644 asterisk_domtrans(logrotate_t) ') -@@ -162,10 +167,20 @@ optional_policy(` +@@ -162,10 +168,20 @@ optional_policy(` ') optional_policy(` @@ -47013,7 +54464,7 @@ index 7090dae..ed9fa39 100644 cups_domtrans(logrotate_t) ') -@@ -178,6 +193,10 @@ optional_policy(` +@@ -178,6 +194,10 @@ optional_policy(` ') optional_policy(` @@ -47024,7 +54475,7 @@ index 7090dae..ed9fa39 100644 icecast_signal(logrotate_t) ') -@@ -194,15 +213,19 @@ optional_policy(` +@@ -194,15 +214,19 @@ optional_policy(` ') optional_policy(` @@ -47045,7 +54496,7 @@ index 7090dae..ed9fa39 100644 optional_policy(` samba_exec_log(logrotate_t) -@@ -228,3 +251,14 @@ optional_policy(` +@@ -228,3 +252,14 @@ optional_policy(` optional_policy(` varnishd_manage_log(logrotate_t) ') @@ -89776,10 +97227,10 @@ index 0000000..c8b246f + diff --git a/policy/modules/services/l2tpd.te b/policy/modules/services/l2tpd.te new file mode 100644 -index 0000000..4aac893 +index 0000000..de801ff --- /dev/null +++ b/policy/modules/services/l2tpd.te -@@ -0,0 +1,56 @@ +@@ -0,0 +1,50 @@ +policy_module(l2tpd, 1.0.0) + +######################################## @@ -89794,9 +97245,6 @@ index 0000000..4aac893 +type l2tpd_initrc_exec_t; +init_script_file(l2tpd_initrc_exec_t) + -+type l2tpd_tmp_t; -+files_tmp_file(l2tpd_tmp_t) -+ +type l2tpd_var_run_t; +files_pid_file(l2tpd_var_run_t) + @@ -89811,9 +97259,6 @@ index 0000000..4aac893 +allow l2tpd_t self:unix_stream_socket create_stream_socket_perms; +allow l2tpd_t self:tcp_socket create_stream_socket_perms; + -+manage_sock_files_pattern(l2tpd_t, l2tpd_tmp_t, l2tpd_tmp_t) -+files_tmp_filetrans(l2tpd_t, l2tpd_tmp_t, sock_file) -+ +manage_dirs_pattern(l2tpd_t, l2tpd_var_run_t, l2tpd_var_run_t) +manage_files_pattern(l2tpd_t, l2tpd_var_run_t, l2tpd_var_run_t) +manage_sock_files_pattern(l2tpd_t, l2tpd_var_run_t, l2tpd_var_run_t) @@ -90993,52 +98438,52 @@ index 0000000..5b84980 +') diff --git a/policy/modules/services/matahari.fc b/policy/modules/services/matahari.fc new file mode 100644 -index 0000000..94f7371 +index 0000000..14be385 --- /dev/null +++ b/policy/modules/services/matahari.fc @@ -0,0 +1,39 @@ -+/etc/rc\.d/init\.d/matahari-host -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0) -+/etc/rc\.d/init\.d/matahari-net -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0) -+/etc/rc\.d/init\.d/matahari-service -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0) ++/etc/rc\.d/init\.d/matahari-host -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0) ++/etc/rc\.d/init\.d/matahari-net -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0) ++/etc/rc\.d/init\.d/matahari-service -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0) +/etc/rc\.d/init\.d/matahari-sysconfig -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0) -+/etc/init.d/matahari-sysconfig-console -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0) ++/etc/init.d/matahari-sysconfig-console -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0) + -+/lib/systemd/system/matahari-host\.service -- gen_context(system_u:object_r:matahari_hostd_unit_file_t,s0) -+/lib/systemd/system/matahari-network\.service -- gen_context(system_u:object_r:matahari_netd_unit_file_t,s0) -+/lib/systemd/system/matahari-service\.service -- gen_context(system_u:object_r:matahari_serviced_unit_file_t,s0) -+/lib/systemd/system/matahari-sysconfig\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0) -+/lib/systemd/system/matahari-sysconfig-console\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0) ++/lib/systemd/system/matahari-host\.service -- gen_context(system_u:object_r:matahari_hostd_unit_file_t,s0) ++/lib/systemd/system/matahari-network\.service -- gen_context(system_u:object_r:matahari_netd_unit_file_t,s0) ++/lib/systemd/system/matahari-service\.service -- gen_context(system_u:object_r:matahari_serviced_unit_file_t,s0) ++/lib/systemd/system/matahari-sysconfig\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0) ++/lib/systemd/system/matahari-sysconfig-console\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0) + -+/usr/lib/systemd/system/matahari-host\.service -- gen_context(system_u:object_r:matahari_hostd_unit_file_t,s0) -+/usr/lib/systemd/system/matahari-network\.service -- gen_context(system_u:object_r:matahari_netd_unit_file_t,s0) -+/usr/lib/systemd/system/matahari-service\.service -- gen_context(system_u:object_r:matahari_serviced_unit_file_t,s0) -+/usr/lib/systemd/system/matahari-sysconfig\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0) -+/usr/lib/systemd/system/matahari-sysconfig-console\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0) ++/usr/lib/systemd/system/matahari-host\.service -- gen_context(system_u:object_r:matahari_hostd_unit_file_t,s0) ++/usr/lib/systemd/system/matahari-network\.service -- gen_context(system_u:object_r:matahari_netd_unit_file_t,s0) ++/usr/lib/systemd/system/matahari-service\.service -- gen_context(system_u:object_r:matahari_serviced_unit_file_t,s0) ++/usr/lib/systemd/system/matahari-sysconfig\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0) ++/usr/lib/systemd/system/matahari-sysconfig-console\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0) + + -+/usr/sbin/matahari-hostd -- gen_context(system_u:object_r:matahari_hostd_exec_t,s0) -+/usr/sbin/matahari-dbus-hostd -- gen_context(system_u:object_r:matahari_hostd_exec_t,s0) -+/usr/sbin/matahari-qmf-hostd -- gen_context(system_u:object_r:matahari_hostd_exec_t,s0) ++/usr/sbin/matahari-hostd -- gen_context(system_u:object_r:matahari_hostd_exec_t,s0) ++/usr/sbin/matahari-dbus-hostd -- gen_context(system_u:object_r:matahari_hostd_exec_t,s0) ++/usr/sbin/matahari-qmf-hostd -- gen_context(system_u:object_r:matahari_hostd_exec_t,s0) + -+/usr/sbin/matahari-qmf-sysconfigd -- gen_context(system_u:object_r:matahari_sysconfigd_exec_t,s0) ++/usr/sbin/matahari-qmf-sysconfigd -- gen_context(system_u:object_r:matahari_sysconfigd_exec_t,s0) +/usr/sbin/matahari-qmf-sysconfig-consoled -- gen_context(system_u:object_r:matahari_sysconfigd_exec_t,s0) + -+/usr/sbin/matahari-netd -- gen_context(system_u:object_r:matahari_netd_exec_t,s0) -+/usr/sbin/matahari-dbus-networkd -- gen_context(system_u:object_r:matahari_netd_exec_t,s0) -+/usr/sbin/matahari-qmf-networkd -- gen_context(system_u:object_r:matahari_netd_exec_t,s0) ++/usr/sbin/matahari-netd -- gen_context(system_u:object_r:matahari_netd_exec_t,s0) ++/usr/sbin/matahari-dbus-networkd -- gen_context(system_u:object_r:matahari_netd_exec_t,s0) ++/usr/sbin/matahari-qmf-networkd -- gen_context(system_u:object_r:matahari_netd_exec_t,s0) + -+/usr/sbin/matahari-serviced -- gen_context(system_u:object_r:matahari_serviced_exec_t,s0) -+/usr/sbin/matahari-dbus-serviced -- gen_context(system_u:object_r:matahari_serviced_exec_t,s0) -+/usr/sbin/matahari-qmf-serviced -- gen_context(system_u:object_r:matahari_serviced_exec_t,s0) ++/usr/sbin/matahari-serviced -- gen_context(system_u:object_r:matahari_serviced_exec_t,s0) ++/usr/sbin/matahari-dbus-serviced -- gen_context(system_u:object_r:matahari_serviced_exec_t,s0) ++/usr/sbin/matahari-qmf-serviced -- gen_context(system_u:object_r:matahari_serviced_exec_t,s0) + -+/var/lib/matahari(/.*)? gen_context(system_u:object_r:matahari_var_lib_t,s0) ++/var/lib/matahari(/.*)? gen_context(system_u:object_r:matahari_var_lib_t,s0) + -+/var/run/matahari(/.*)? gen_context(system_u:object_r:matahari_var_run_t,s0) -+/var/run/matahari\.pid -- gen_context(system_u:object_r:matahari_var_run_t,s0) -+/var/run/matahari-broker\.pid -- gen_context(system_u:object_r:matahari_var_run_t,s0) ++/var/run/matahari(/.*)? gen_context(system_u:object_r:matahari_var_run_t,s0) ++/var/run/matahari\.pid -- gen_context(system_u:object_r:matahari_var_run_t,s0) ++/var/run/matahari-broker\.pid -- gen_context(system_u:object_r:matahari_var_run_t,s0) diff --git a/policy/modules/services/matahari.if b/policy/modules/services/matahari.if new file mode 100644 -index 0000000..18d534b +index 0000000..3f69cdf --- /dev/null +++ b/policy/modules/services/matahari.if @@ -0,0 +1,286 @@ @@ -91254,29 +98699,29 @@ index 0000000..18d534b +# +interface(`matahari_systemctl',` + gen_require(` -+ type matahari_hostd_unit_file_t; -+ type matahari_netd_unit_file_t; -+ type matahari_serviced_unit_file_t; -+ type matahari_sysconfigd_unit_file_t; -+ type matahari_sysconfigd_unit_file_t; ++ type matahari_hostd_unit_file_t; ++ type matahari_netd_unit_file_t; ++ type matahari_serviced_unit_file_t; ++ type matahari_sysconfigd_unit_file_t; ++ type matahari_sysconfigd_unit_file_t; + ') + + systemd_exec_systemctl($1) + + allow $1 matahari_hostd_unit_file_t:file read_file_perms; -+ allow $1 matahari_netd_unit_file_t:file read_file_perms -+ allow $1 matahari_serviced_unit_file_t:file read_file_perms -+ allow $1 matahari_sysconfigd_unit_file_t:file read_file_perms ++ allow $1 matahari_netd_unit_file_t:file read_file_perms; ++ allow $1 matahari_serviced_unit_file_t:file read_file_perms; ++ allow $1 matahari_sysconfigd_unit_file_t:file read_file_perms; + + allow $1 matahari_hostd_unit_file_t:service all_service_perms; -+ allow $1 matahari_netd_unit_file_t:service all_service_perms; -+ allow $1 matahari_serviced_unit_file_t:service all_service_perms; -+ allow $1 matahari_sysconfigd_unit_file_t:service all_service_perms; ++ allow $1 matahari_netd_unit_file_t:service all_service_perms; ++ allow $1 matahari_serviced_unit_file_t:service all_service_perms; ++ allow $1 matahari_sysconfigd_unit_file_t:service all_service_perms; + + ps_process_pattern($1, matahari_hostd_t) -+ ps_process_pattern($1, matahari_netd_t) -+ ps_process_pattern($1, matahari_serviced_t) -+ ps_process_pattern($1, matahari_sysconfigd_t) ++ ps_process_pattern($1, matahari_netd_t) ++ ps_process_pattern($1, matahari_serviced_t) ++ ps_process_pattern($1, matahari_sysconfigd_t) +') + +######################################## @@ -108759,7 +116204,7 @@ index 93fe7bf..1b07ed4 100644 init_labeled_script_domtrans($1, soundd_initrc_exec_t) domain_system_change_exemption($1) diff --git a/policy/modules/services/spamassassin.fc b/policy/modules/services/spamassassin.fc -index 6b3abf9..fce8932 100644 +index 6b3abf9..21f3e07 100644 --- a/policy/modules/services/spamassassin.fc +++ b/policy/modules/services/spamassassin.fc @@ -1,15 +1,38 @@ @@ -108802,7 +116247,7 @@ index 6b3abf9..fce8932 100644 +/usr/bin/razor.* -- gen_context(system_u:object_r:spamc_exec_t,s0) + +/var/lib/razor(/.*)? gen_context(system_u:object_r:spamd_var_lib_t,s0) -+/var/log/razor-agent\.log -- gen_context(system_u:object_r: spamd_log_t,s0) ++/var/log/razor-agent\.log -- gen_context(system_u:object_r:spamd_log_t,s0) diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if index c954f31..82fc7f6 100644 --- a/policy/modules/services/spamassassin.if @@ -109624,7 +117069,7 @@ index 4b2230e..7b3d2db 100644 + kerberos_manage_host_rcache(squid_t) +') diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc -index 078bcd7..0827883 100644 +index 078bcd7..21ff471 100644 --- a/policy/modules/services/ssh.fc +++ b/policy/modules/services/ssh.fc @@ -1,9 +1,19 @@ @@ -109641,7 +117086,7 @@ index 078bcd7..0827883 100644 /etc/ssh/ssh_host_key -- gen_context(system_u:object_r:sshd_key_t,s0) /etc/ssh/ssh_host_dsa_key -- gen_context(system_u:object_r:sshd_key_t,s0) /etc/ssh/ssh_host_rsa_key -- gen_context(system_u:object_r:sshd_key_t,s0) -+/etc/ssh/ssh_host_key.pub -- gen_context(system_u:object_r:sshd_key_t,s0) ++/etc/ssh/ssh_host_key.pub -- gen_context(system_u:object_r:sshd_key_t,s0) +/etc/ssh/ssh_host_dsa_key.pub -- gen_context(system_u:object_r:sshd_key_t,s0) +/etc/ssh/ssh_host_rsa_key.pub -- gen_context(system_u:object_r:sshd_key_t,s0)