1mysqlmanagerd_selinux(8) SELinux Policy mysqlmanagerd mysqlmanagerd_selinux(8)
2
3
4

NAME

6       mysqlmanagerd_selinux  -  Security Enhanced Linux Policy for the mysql‐
7       managerd processes
8

DESCRIPTION

10       Security-Enhanced Linux secures the mysqlmanagerd processes via  flexi‐
11       ble mandatory access control.
12
13       The  mysqlmanagerd  processes  execute with the mysqlmanagerd_t SELinux
14       type. You can check if you have these processes  running  by  executing
15       the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep mysqlmanagerd_t
20
21
22

ENTRYPOINTS

24       The  mysqlmanagerd_t  SELinux  type  can  be  entered via the mysqlman‐
25       agerd_exec_t file type.
26
27       The default entrypoint paths for the  mysqlmanagerd_t  domain  are  the
28       following:
29
30       /usr/sbin/mysqlmanager
31

PROCESS TYPES

33       SELinux defines process types (domains) for each process running on the
34       system
35
36       You can see the context of a process using the -Z option to ps
37
38       Policy governs the access confined processes have  to  files.   SELinux
39       mysqlmanagerd  policy  is  very  flexible allowing users to setup their
40       mysqlmanagerd processes in as secure a method as possible.
41
42       The following process types are defined for mysqlmanagerd:
43
44       mysqlmanagerd_t
45
46       Note: semanage permissive -a mysqlmanagerd_t can be used  to  make  the
47       process  type  mysqlmanagerd_t permissive. SELinux does not deny access
48       to permissive process types, but the AVC (SELinux denials) messages are
49       still generated.
50
51

BOOLEANS

53       SELinux  policy is customizable based on least access required.  mysql‐
54       managerd policy is extremely flexible and  has  several  booleans  that
55       allow  you  to  manipulate  the  policy  and run mysqlmanagerd with the
56       tightest access possible.
57
58
59
60       If you want to allow all domains to execute in fips_mode, you must turn
61       on the fips_mode boolean. Enabled by default.
62
63       setsebool -P fips_mode 1
64
65
66

PORT TYPES

68       SELinux defines port types to represent TCP and UDP ports.
69
70       You  can  see  the  types associated with a port by using the following
71       command:
72
73       semanage port -l
74
75
76       Policy governs the access  confined  processes  have  to  these  ports.
77       SELinux  mysqlmanagerd  policy is very flexible allowing users to setup
78       their mysqlmanagerd processes in as secure a method as possible.
79
80       The following port types are defined for mysqlmanagerd:
81
82
83       mysqlmanagerd_port_t
84
85
86
87       Default Defined Ports:
88                 tcp 2273
89

MANAGED FILES

91       The SELinux process type mysqlmanagerd_t can manage files labeled  with
92       the  following  file types.  The paths listed are the default paths for
93       these file types.  Note the processes UID still need to have  DAC  per‐
94       missions.
95
96       cluster_conf_t
97
98            /etc/cluster(/.*)?
99
100       cluster_var_lib_t
101
102            /var/lib/pcsd(/.*)?
103            /var/lib/cluster(/.*)?
104            /var/lib/openais(/.*)?
105            /var/lib/pengine(/.*)?
106            /var/lib/corosync(/.*)?
107            /usr/lib/heartbeat(/.*)?
108            /var/lib/heartbeat(/.*)?
109            /var/lib/pacemaker(/.*)?
110
111       cluster_var_run_t
112
113            /var/run/crm(/.*)?
114            /var/run/cman_.*
115            /var/run/rsctmp(/.*)?
116            /var/run/aisexec.*
117            /var/run/heartbeat(/.*)?
118            /var/run/corosync-qnetd(/.*)?
119            /var/run/corosync-qdevice(/.*)?
120            /var/run/corosync.pid
121            /var/run/cpglockd.pid
122            /var/run/rgmanager.pid
123            /var/run/cluster/rgmanager.sk
124
125       mysqlmanagerd_var_run_t
126
127            /var/run/mysqld/mysqlmanager.*
128
129       root_t
130
131            /sysroot/ostree/deploy/.*-atomic/deploy(/.*)?
132            /
133            /initrd
134
135

FILE CONTEXTS

137       SELinux requires files to have an extended attribute to define the file
138       type.
139
140       You can see the context of a file using the -Z option to ls
141
142       Policy governs the access  confined  processes  have  to  these  files.
143       SELinux  mysqlmanagerd  policy is very flexible allowing users to setup
144       their mysqlmanagerd processes in as secure a method as possible.
145
146       STANDARD FILE CONTEXT
147
148       SELinux defines the file context types for the  mysqlmanagerd,  if  you
149       wanted  to store files with these types in a diffent paths, you need to
150       execute the semanage command to sepecify alternate  labeling  and  then
151       use restorecon to put the labels on disk.
152
153       semanage   fcontext  -a  -t  mysqlmanagerd_var_run_t  '/srv/mymysqlman‐
154       agerd_content(/.*)?'
155       restorecon -R -v /srv/mymysqlmanagerd_content
156
157       Note: SELinux often uses regular expressions  to  specify  labels  that
158       match multiple files.
159
160       The following file types are defined for mysqlmanagerd:
161
162
163
164       mysqlmanagerd_exec_t
165
166       -  Set files with the mysqlmanagerd_exec_t type, if you want to transi‐
167       tion an executable to the mysqlmanagerd_t domain.
168
169
170
171       mysqlmanagerd_initrc_exec_t
172
173       - Set files with the mysqlmanagerd_initrc_exec_t type, if you  want  to
174       transition an executable to the mysqlmanagerd_initrc_t domain.
175
176
177
178       mysqlmanagerd_var_run_t
179
180       - Set files with the mysqlmanagerd_var_run_t type, if you want to store
181       the mysqlmanagerd files under the /run or /var/run directory.
182
183
184
185       Note: File context can be temporarily modified with the chcon  command.
186       If  you want to permanently change the file context you need to use the
187       semanage fcontext command.  This will modify the SELinux labeling data‐
188       base.  You will need to use restorecon to apply the labels.
189
190

COMMANDS

192       semanage  fcontext  can also be used to manipulate default file context
193       mappings.
194
195       semanage permissive can also be used to manipulate  whether  or  not  a
196       process type is permissive.
197
198       semanage  module can also be used to enable/disable/install/remove pol‐
199       icy modules.
200
201       semanage port can also be used to manipulate the port definitions
202
203       semanage boolean can also be used to manipulate the booleans
204
205
206       system-config-selinux is a GUI tool available to customize SELinux pol‐
207       icy settings.
208
209

AUTHOR

211       This manual page was auto-generated using sepolicy manpage .
212
213

SEE ALSO

215       selinux(8),  mysqlmanagerd(8),  semanage(8),  restorecon(8),  chcon(1),
216       sepolicy(8), setsebool(8)
217
218
219
220mysqlmanagerd                      19-10-08           mysqlmanagerd_selinux(8)
Impressum