1amanda_recover_selinux(8)SELinux Policy amanda_recoveramanda_recover_selinux(8)
2
3
4

NAME

6       amanda_recover_selinux   -  Security  Enhanced  Linux  Policy  for  the
7       amanda_recover processes
8

DESCRIPTION

10       Security-Enhanced Linux secures the amanda_recover processes via flexi‐
11       ble mandatory access control.
12
13       The  amanda_recover processes execute with the amanda_recover_t SELinux
14       type. You can check if you have these processes  running  by  executing
15       the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep amanda_recover_t
20
21
22

ENTRYPOINTS

24       The   amanda_recover_t   SELinux   type   can   be   entered   via  the
25       amanda_recover_exec_t file type.
26
27       The default entrypoint paths for the amanda_recover_t  domain  are  the
28       following:
29
30       /usr/sbin/amrecover
31

PROCESS TYPES

33       SELinux defines process types (domains) for each process running on the
34       system
35
36       You can see the context of a process using the -Z option to ps
37
38       Policy governs the access confined processes have  to  files.   SELinux
39       amanda_recover  policy  is  very flexible allowing users to setup their
40       amanda_recover processes in as secure a method as possible.
41
42       The following process types are defined for amanda_recover:
43
44       amanda_recover_t
45
46       Note: semanage permissive -a amanda_recover_t can be used to  make  the
47       process  type amanda_recover_t permissive. SELinux does not deny access
48       to permissive process types, but the AVC (SELinux denials) messages are
49       still generated.
50
51

BOOLEANS

53       SELinux   policy  is  customizable  based  on  least  access  required.
54       amanda_recover policy is extremely flexible and  has  several  booleans
55       that allow you to manipulate the policy and run amanda_recover with the
56       tightest access possible.
57
58
59
60       If you want to allow all domains to execute in fips_mode, you must turn
61       on the fips_mode boolean. Enabled by default.
62
63       setsebool -P fips_mode 1
64
65
66

MANAGED FILES

68       The SELinux process type amanda_recover_t can manage files labeled with
69       the following file types.  The paths listed are the default  paths  for
70       these  file  types.  Note the processes UID still need to have DAC per‐
71       missions.
72
73       amanda_log_t
74
75            /var/log/amanda(/.*)?
76            /var/lib/amanda/[^/]*/log(/.*)?
77
78       amanda_recover_dir_t
79
80            /root/restore
81
82

FILE CONTEXTS

84       SELinux requires files to have an extended attribute to define the file
85       type.
86
87       You can see the context of a file using the -Z option to ls
88
89       Policy  governs  the  access  confined  processes  have to these files.
90       SELinux amanda_recover policy is very flexible allowing users to  setup
91       their amanda_recover processes in as secure a method as possible.
92
93       STANDARD FILE CONTEXT
94
95       SELinux  defines  the file context types for the amanda_recover, if you
96       wanted to store files with these types in a diffent paths, you need  to
97       execute  the  semanage  command to sepecify alternate labeling and then
98       use restorecon to put the labels on disk.
99
100       semanage    fcontext    -a    -t    amanda_recover_dir_t     '/srv/mya‐
101       manda_recover_content(/.*)?'
102       restorecon -R -v /srv/myamanda_recover_content
103
104       Note:  SELinux  often  uses  regular expressions to specify labels that
105       match multiple files.
106
107       The following file types are defined for amanda_recover:
108
109
110
111       amanda_recover_dir_t
112
113       - Set files with the amanda_recover_dir_t type, if you  want  to  treat
114       the files as amanda recover dir data.
115
116
117
118       amanda_recover_exec_t
119
120       - Set files with the amanda_recover_exec_t type, if you want to transi‐
121       tion an executable to the amanda_recover_t domain.
122
123
124
125       Note: File context can be temporarily modified with the chcon  command.
126       If  you want to permanently change the file context you need to use the
127       semanage fcontext command.  This will modify the SELinux labeling data‐
128       base.  You will need to use restorecon to apply the labels.
129
130

COMMANDS

132       semanage  fcontext  can also be used to manipulate default file context
133       mappings.
134
135       semanage permissive can also be used to manipulate  whether  or  not  a
136       process type is permissive.
137
138       semanage  module can also be used to enable/disable/install/remove pol‐
139       icy modules.
140
141       semanage boolean can also be used to manipulate the booleans
142
143
144       system-config-selinux is a GUI tool available to customize SELinux pol‐
145       icy settings.
146
147

AUTHOR

149       This manual page was auto-generated using sepolicy manpage .
150
151

SEE ALSO

153       selinux(8),  amanda_recover(8),  semanage(8),  restorecon(8), chcon(1),
154       sepolicy(8), setsebool(8)
155
156
157
158amanda_recover                     20-05-05          amanda_recover_selinux(8)
Impressum