1sepgsql_trusted_proc_seSlEiLniunxu(x8)Policy sepgsql_trussetpegds_qplr_otcrusted_proc_selinux(8)
2
3
4

NAME

6       sepgsql_trusted_proc_selinux  -  Security Enhanced Linux Policy for the
7       sepgsql_trusted_proc processes
8

DESCRIPTION

10       Security-Enhanced Linux secures the sepgsql_trusted_proc processes  via
11       flexible mandatory access control.
12
13       The     sepgsql_trusted_proc     processes     execute     with     the
14       sepgsql_trusted_proc_t SELinux type. You can check if  you  have  these
15       processes running by executing the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep sepgsql_trusted_proc_t
20
21
22

PROCESS TYPES

24       SELinux defines process types (domains) for each process running on the
25       system
26
27       You can see the context of a process using the -Z option to ps
28
29       Policy governs the access confined processes have  to  files.   SELinux
30       sepgsql_trusted_proc  policy  is  very flexible allowing users to setup
31       their sepgsql_trusted_proc processes in as secure a method as possible.
32
33       The following process types are defined for sepgsql_trusted_proc:
34
35       sepgsql_trusted_proc_t
36
37       Note: semanage permissive -a sepgsql_trusted_proc_t can be used to make
38       the  process  type  sepgsql_trusted_proc_t permissive. SELinux does not
39       deny access to permissive process types, but the AVC (SELinux  denials)
40       messages are still generated.
41
42

BOOLEANS

44       SELinux   policy  is  customizable  based  on  least  access  required.
45       sepgsql_trusted_proc policy is extremely flexible and has several bool‐
46       eans    that   allow   you   to   manipulate   the   policy   and   run
47       sepgsql_trusted_proc with the tightest access possible.
48
49
50
51       If you want to allow all domains to use other domains file descriptors,
52       you must turn on the allow_domain_fd_use boolean. Enabled by default.
53
54       setsebool -P allow_domain_fd_use 1
55
56
57
58       If  you want to allow sysadm to debug or ptrace all processes, you must
59       turn on the allow_ptrace boolean. Disabled by default.
60
61       setsebool -P allow_ptrace 1
62
63
64
65       If you want to allow all domains to have the kernel load  modules,  you
66       must  turn  on  the  domain_kernel_load_modules  boolean.  Disabled  by
67       default.
68
69       setsebool -P domain_kernel_load_modules 1
70
71
72
73       If you want to allow all domains to execute in fips_mode, you must turn
74       on the fips_mode boolean. Enabled by default.
75
76       setsebool -P fips_mode 1
77
78
79
80       If you want to enable reading of urandom for all domains, you must turn
81       on the global_ssp boolean. Disabled by default.
82
83       setsebool -P global_ssp 1
84
85
86

MANAGED FILES

88       The  SELinux  process  type  sepgsql_trusted_proc_t  can  manage  files
89       labeled  with  the  following  file  types.   The  paths listed are the
90       default paths for these file types.  Note the processes UID still  need
91       to have DAC permissions.
92
93       initrc_tmp_t
94
95
96       mnt_t
97
98            /mnt(/[^/]*)
99            /mnt(/[^/]*)?
100            /rhev(/[^/]*)?
101            /media(/[^/]*)
102            /media(/[^/]*)?
103            /etc/rhgb(/.*)?
104            /media/.hal-.*
105            /net
106            /afs
107            /rhev
108            /misc
109
110       tmp_t
111
112            /tmp
113            /usr/tmp
114            /var/tmp
115            /tmp-inst
116            /var/tmp-inst
117            /var/tmp/vi.recover
118
119

COMMANDS

121       semanage  fcontext  can also be used to manipulate default file context
122       mappings.
123
124       semanage permissive can also be used to manipulate  whether  or  not  a
125       process type is permissive.
126
127       semanage  module can also be used to enable/disable/install/remove pol‐
128       icy modules.
129
130       semanage boolean can also be used to manipulate the booleans
131
132
133       system-config-selinux is a GUI tool available to customize SELinux pol‐
134       icy settings.
135
136

AUTHOR

138       This manual page was auto-generated using sepolicy manpage .
139
140

SEE ALSO

142       selinux(8),    sepgsql_trusted_proc(8),   semanage(8),   restorecon(8),
143       chcon(1) , setsebool(8)
144
145
146
147sepgsql_trusted_proc               15-06-03    sepgsql_trusted_proc_selinux(8)
Impressum