1amanda_selinux(8)            SELinux Policy amanda           amanda_selinux(8)
2
3
4

NAME

6       amanda_selinux  -  Security  Enhanced  Linux Policy for the amanda pro‐
7       cesses
8

DESCRIPTION

10       Security-Enhanced Linux  secures  the  amanda  processes  via  flexible
11       mandatory access control.
12
13       The  amanda  processes  execute with the amanda_t SELinux type. You can
14       check if you have these processes running by executing the  ps  command
15       with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep amanda_t
20
21
22

ENTRYPOINTS

24       The  amanda_t  SELinux  type can be entered via the amanda_inetd_exec_t
25       file type.
26
27       The default entrypoint paths for the amanda_t domain are the following:
28
29       /usr/sbin/amandad,  /usr/lib/amanda/amandad,  /usr/lib/amanda/amindexd,
30       /usr/lib/amanda/amidxtaped
31

PROCESS TYPES

33       SELinux defines process types (domains) for each process running on the
34       system
35
36       You can see the context of a process using the -Z option to ps
37
38       Policy governs the access confined processes have  to  files.   SELinux
39       amanda  policy  is  very  flexible allowing users to setup their amanda
40       processes in as secure a method as possible.
41
42       The following process types are defined for amanda:
43
44       amanda_t, amanda_recover_t
45
46       Note: semanage permissive -a amanda_t can be used to make  the  process
47       type  amanda_t  permissive.  SELinux does not deny access to permissive
48       process types, but the AVC (SELinux denials) messages are still  gener‐
49       ated.
50
51

BOOLEANS

53       SELinux  policy is customizable based on least access required.  amanda
54       policy is extremely flexible and has several booleans that allow you to
55       manipulate the policy and run amanda with the tightest access possible.
56
57
58
59       If you want to allow all domains to execute in fips_mode, you must turn
60       on the fips_mode boolean. Enabled by default.
61
62       setsebool -P fips_mode 1
63
64
65

PORT TYPES

67       SELinux defines port types to represent TCP and UDP ports.
68
69       You can see the types associated with a port  by  using  the  following
70       command:
71
72       semanage port -l
73
74
75       Policy  governs  the  access  confined  processes  have to these ports.
76       SELinux amanda policy is very flexible allowing users  to  setup  their
77       amanda processes in as secure a method as possible.
78
79       The following port types are defined for amanda:
80
81
82       amanda_port_t
83
84
85
86       Default Defined Ports:
87                 tcp 10080-10083
88                 udp 10080-10082
89

MANAGED FILES

91       The  SELinux  process  type  amanda_t can manage files labeled with the
92       following file types.  The paths listed are the default paths for these
93       file types.  Note the processes UID still need to have DAC permissions.
94
95       cluster_conf_t
96
97            /etc/cluster(/.*)?
98
99       cluster_var_lib_t
100
101            /var/lib/pcsd(/.*)?
102            /var/lib/cluster(/.*)?
103            /var/lib/openais(/.*)?
104            /var/lib/pengine(/.*)?
105            /var/lib/corosync(/.*)?
106            /usr/lib/heartbeat(/.*)?
107            /var/lib/heartbeat(/.*)?
108            /var/lib/pacemaker(/.*)?
109
110       cluster_var_run_t
111
112            /var/run/crm(/.*)?
113            /var/run/cman_.*
114            /var/run/rsctmp(/.*)?
115            /var/run/aisexec.*
116            /var/run/heartbeat(/.*)?
117            /var/run/corosync-qnetd(/.*)?
118            /var/run/corosync-qdevice(/.*)?
119            /var/run/corosync.pid
120            /var/run/cpglockd.pid
121            /var/run/rgmanager.pid
122            /var/run/cluster/rgmanager.sk
123
124       root_t
125
126            /sysroot/ostree/deploy/.*-atomic/deploy(/.*)?
127            /
128            /initrd
129
130

FILE CONTEXTS

132       SELinux requires files to have an extended attribute to define the file
133       type.
134
135       You can see the context of a file using the -Z option to ls
136
137       Policy governs the access  confined  processes  have  to  these  files.
138       SELinux  amanda  policy  is very flexible allowing users to setup their
139       amanda processes in as secure a method as possible.
140
141       EQUIVALENCE DIRECTORIES
142
143
144       amanda policy stores data with multiple different  file  context  types
145       under  the  /var/lib/amanda  directory.  If you would like to store the
146       data in a different directory you can use the semanage command to  cre‐
147       ate an equivalence mapping.  If you wanted to store this data under the
148       /srv directory you would execute the following command:
149
150       semanage fcontext -a -e /var/lib/amanda /srv/amanda
151       restorecon -R -v /srv/amanda
152
153       STANDARD FILE CONTEXT
154
155       SELinux defines the file context types for the amanda, if you wanted to
156       store  files  with  these types in a diffent paths, you need to execute
157       the semanage command  to  sepecify  alternate  labeling  and  then  use
158       restorecon to put the labels on disk.
159
160       semanage   fcontext   -a  -t  amanda_recover_dir_t  '/srv/myamanda_con‐
161       tent(/.*)?'
162       restorecon -R -v /srv/myamanda_content
163
164       Note: SELinux often uses regular expressions  to  specify  labels  that
165       match multiple files.
166
167       The following file types are defined for amanda:
168
169
170
171       amanda_amandates_t
172
173       -  Set files with the amanda_amandates_t type, if you want to treat the
174       files as amanda amandates data.
175
176
177
178       amanda_config_t
179
180       - Set files with the amanda_config_t type, if you  want  to  treat  the
181       files  as  amanda  configuration  data,  usually  stored under the /etc
182       directory.
183
184
185       Paths:
186            /etc/amanda(/.*)?, /var/lib/amanda/.amandahosts
187
188
189       amanda_data_t
190
191       - Set files with the amanda_data_t type, if you want to treat the files
192       as amanda content.
193
194
195       Paths:
196            /etc/amanda/.*/index(/.*)?,         /etc/amanda/.*/tapelist(/.*)?,
197            /var/lib/amanda/[^/]+(/.*)?, /etc/amanda/DailySet1(/.*)?
198
199
200       amanda_dumpdates_t
201
202       - Set files with the amanda_dumpdates_t type, if you want to treat  the
203       files as amanda dumpdates data.
204
205
206
207       amanda_exec_t
208
209       -  Set  files with the amanda_exec_t type, if you want to transition an
210       executable to the amanda_t domain.
211
212
213
214       amanda_gnutarlists_t
215
216       - Set files with the amanda_gnutarlists_t type, if you  want  to  treat
217       the files as amanda gnutarlists data.
218
219
220
221       amanda_inetd_exec_t
222
223       -  Set  files with the amanda_inetd_exec_t type, if you want to transi‐
224       tion an executable to the amanda_inetd_t domain.
225
226
227       Paths:
228            /usr/sbin/amandad, /usr/lib/amanda/amandad,  /usr/lib/amanda/amin‐
229            dexd, /usr/lib/amanda/amidxtaped
230
231
232       amanda_log_t
233
234       -  Set  files with the amanda_log_t type, if you want to treat the data
235       as amanda log data, usually stored under the /var/log directory.
236
237
238       Paths:
239            /var/log/amanda(/.*)?, /var/lib/amanda/[^/]*/log(/.*)?
240
241
242       amanda_recover_dir_t
243
244       - Set files with the amanda_recover_dir_t type, if you  want  to  treat
245       the files as amanda recover dir data.
246
247
248
249       amanda_recover_exec_t
250
251       - Set files with the amanda_recover_exec_t type, if you want to transi‐
252       tion an executable to the amanda_recover_t domain.
253
254
255
256       amanda_tmp_t
257
258       - Set files with the amanda_tmp_t type, if you  want  to  store  amanda
259       temporary files in the /tmp directories.
260
261
262
263       amanda_tmpfs_t
264
265       -  Set  files with the amanda_tmpfs_t type, if you want to store amanda
266       files on a tmpfs file system.
267
268
269
270       amanda_unit_file_t
271
272       - Set files with the amanda_unit_file_t type, if you want to treat  the
273       files as amanda unit content.
274
275
276
277       amanda_usr_lib_t
278
279       -  Set  files  with the amanda_usr_lib_t type, if you want to treat the
280       files as amanda usr lib data.
281
282
283
284       amanda_var_lib_t
285
286       - Set files with the amanda_var_lib_t type, if you want  to  store  the
287       amanda files under the /var/lib directory.
288
289
290       Paths:
291            /var/lib/amanda(/.*)?,          /var/lib/amanda/[^/]+/index(/.*)?,
292            /var/lib/xfsdump/inventory(/.*)?, /var/lib/amanda
293
294
295       Note: File context can be temporarily modified with the chcon  command.
296       If  you want to permanently change the file context you need to use the
297       semanage fcontext command.  This will modify the SELinux labeling data‐
298       base.  You will need to use restorecon to apply the labels.
299
300

COMMANDS

302       semanage  fcontext  can also be used to manipulate default file context
303       mappings.
304
305       semanage permissive can also be used to manipulate  whether  or  not  a
306       process type is permissive.
307
308       semanage  module can also be used to enable/disable/install/remove pol‐
309       icy modules.
310
311       semanage port can also be used to manipulate the port definitions
312
313       semanage boolean can also be used to manipulate the booleans
314
315
316       system-config-selinux is a GUI tool available to customize SELinux pol‐
317       icy settings.
318
319

AUTHOR

321       This manual page was auto-generated using sepolicy manpage .
322
323

SEE ALSO

325       selinux(8),  amanda(8),  semanage(8),  restorecon(8),  chcon(1), sepol‐
326       icy(8),            setsebool(8),             amanda_recover_selinux(8),
327       amanda_recover_selinux(8)
328
329
330
331amanda                             20-05-05                  amanda_selinux(8)
Impressum