1system_dbusd_selinux(8)   SELinux Policy system_dbusd  system_dbusd_selinux(8)
2
3
4

NAME

6       system_dbusd_selinux  -  Security  Enhanced  Linux  Policy for the sys‐
7       tem_dbusd processes
8

DESCRIPTION

10       Security-Enhanced Linux secures the system_dbusd processes via flexible
11       mandatory access control.
12
13       The  system_dbusd  processes  execute  with  the system_dbusd_t SELinux
14       type. You can check if you have these processes  running  by  executing
15       the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep system_dbusd_t
20
21
22

ENTRYPOINTS

24       The  system_dbusd_t  SELinux  type  can be entered via the dbusd_exec_t
25       file type.
26
27       The default entrypoint paths for the system_dbusd_t domain are the fol‐
28       lowing:
29
30       /usr/bin/dbus-daemon(-1)?,    /bin/dbus-daemon,   /usr/bin/dbus-broker,
31       /usr/bin/dbus-broker-launch,     /lib/dbus-1/dbus-daemon-launch-helper,
32       /usr/lib/dbus-1/dbus-daemon-launch-helper,    /usr/libexec/dbus-1/dbus-
33       daemon-launch-helper
34

PROCESS TYPES

36       SELinux defines process types (domains) for each process running on the
37       system
38
39       You can see the context of a process using the -Z option to ps
40
41       Policy  governs  the  access confined processes have to files.  SELinux
42       system_dbusd policy is very flexible allowing users to setup their sys‐
43       tem_dbusd processes in as secure a method as possible.
44
45       The following process types are defined for system_dbusd:
46
47       system_dbusd_t
48
49       Note:  semanage  permissive  -a  system_dbusd_t can be used to make the
50       process type system_dbusd_t permissive. SELinux does not deny access to
51       permissive  process  types,  but the AVC (SELinux denials) messages are
52       still generated.
53
54

BOOLEANS

56       SELinux policy is customizable based on least  access  required.   sys‐
57       tem_dbusd  policy  is  extremely flexible and has several booleans that
58       allow you to manipulate the policy and run system_dbusd with the tight‐
59       est access possible.
60
61
62
63       If  you  want to deny all system processes and Linux users to use blue‐
64       tooth wireless technology, you must turn on the deny_bluetooth boolean.
65       Enabled by default.
66
67       setsebool -P deny_bluetooth 1
68
69
70
71       If you want to allow all domains to execute in fips_mode, you must turn
72       on the fips_mode boolean. Enabled by default.
73
74       setsebool -P fips_mode 1
75
76
77
78       If you want to allow system to run with  NIS,  you  must  turn  on  the
79       nis_enabled boolean. Disabled by default.
80
81       setsebool -P nis_enabled 1
82
83
84

FILE CONTEXTS

86       SELinux requires files to have an extended attribute to define the file
87       type.
88
89       You can see the context of a file using the -Z option to ls
90
91       Policy governs the access  confined  processes  have  to  these  files.
92       SELinux  system_dbusd  policy  is very flexible allowing users to setup
93       their system_dbusd processes in as secure a method as possible.
94
95       STANDARD FILE CONTEXT
96
97       SELinux defines the file context types for  the  system_dbusd,  if  you
98       wanted  to store files with these types in a diffent paths, you need to
99       execute the semanage command to sepecify alternate  labeling  and  then
100       use restorecon to put the labels on disk.
101
102       semanage    fcontext    -a   -t   system_dbusd_var_run_t   '/srv/mysys‐
103       tem_dbusd_content(/.*)?'
104       restorecon -R -v /srv/mysystem_dbusd_content
105
106       Note: SELinux often uses regular expressions  to  specify  labels  that
107       match multiple files.
108
109       The following file types are defined for system_dbusd:
110
111
112
113       system_dbusd_tmp_t
114
115       - Set files with the system_dbusd_tmp_t type, if you want to store sys‐
116       tem dbusd temporary files in the /tmp directories.
117
118
119
120       system_dbusd_tmpfs_t
121
122       - Set files with the system_dbusd_tmpfs_t type, if you  want  to  store
123       system dbusd files on a tmpfs file system.
124
125
126
127       system_dbusd_var_lib_t
128
129       -  Set files with the system_dbusd_var_lib_t type, if you want to store
130       the system dbusd files under the /var/lib directory.
131
132
133       Paths:
134            /var/lib/dbus(/.*)?, /var/cache/ibus(/.*)?
135
136
137       system_dbusd_var_run_t
138
139       - Set files with the system_dbusd_var_run_t type, if you want to  store
140       the system dbusd files under the /run or /var/run directory.
141
142
143       Paths:
144            /var/run/dbus(/.*)?, /var/named/chroot/var/run/dbus(/.*)?
145
146
147       Note:  File context can be temporarily modified with the chcon command.
148       If you want to permanently change the file context you need to use  the
149       semanage fcontext command.  This will modify the SELinux labeling data‐
150       base.  You will need to use restorecon to apply the labels.
151
152

COMMANDS

154       semanage fcontext can also be used to manipulate default  file  context
155       mappings.
156
157       semanage  permissive  can  also  be used to manipulate whether or not a
158       process type is permissive.
159
160       semanage module can also be used to enable/disable/install/remove  pol‐
161       icy modules.
162
163       semanage boolean can also be used to manipulate the booleans
164
165
166       system-config-selinux is a GUI tool available to customize SELinux pol‐
167       icy settings.
168
169

AUTHOR

171       This manual page was auto-generated using sepolicy manpage .
172
173

SEE ALSO

175       selinux(8),  system_dbusd(8),  semanage(8),  restorecon(8),   chcon(1),
176       sepolicy(8), setsebool(8)
177
178
179
180system_dbusd                       20-05-05            system_dbusd_selinux(8)
Impressum