1logrotate_mail_selinux(8)SELinux Policy logrotate_maillogrotate_mail_selinux(8)
2
3
4

NAME

6       logrotate_mail_selinux  - Security Enhanced Linux Policy for the logro‐
7       tate_mail processes
8

DESCRIPTION

10       Security-Enhanced Linux secures the logrotate_mail processes via flexi‐
11       ble mandatory access control.
12
13       The  logrotate_mail processes execute with the logrotate_mail_t SELinux
14       type. You can check if you have these processes  running  by  executing
15       the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep logrotate_mail_t
20
21
22

PROCESS TYPES

24       SELinux defines process types (domains) for each process running on the
25       system
26
27       You can see the context of a process using the -Z option to ps
28
29       Policy governs the access confined processes have  to  files.   SELinux
30       logrotate_mail  policy  is  very flexible allowing users to setup their
31       logrotate_mail processes in as secure a method as possible.
32
33       The following process types are defined for logrotate_mail:
34
35       logrotate_mail_t
36
37       Note: semanage permissive -a logrotate_mail_t can be used to  make  the
38       process  type logrotate_mail_t permissive. SELinux does not deny access
39       to permissive process types, but the AVC (SELinux denials) messages are
40       still generated.
41
42

BOOLEANS

44       SELinux  policy is customizable based on least access required.  logro‐
45       tate_mail policy is extremely flexible and has  several  booleans  that
46       allow  you  to  manipulate  the  policy and run logrotate_mail with the
47       tightest access possible.
48
49
50
51       If you want to allow all domains to execute in fips_mode, you must turn
52       on the fips_mode boolean. Enabled by default.
53
54       setsebool -P fips_mode 1
55
56
57
58       If  you  want  to  allow  system  to run with NIS, you must turn on the
59       nis_enabled boolean. Disabled by default.
60
61       setsebool -P nis_enabled 1
62
63
64

MANAGED FILES

66       The SELinux process type logrotate_mail_t can manage files labeled with
67       the  following  file types.  The paths listed are the default paths for
68       these file types.  Note the processes UID still need to have  DAC  per‐
69       missions.
70
71       cifs_t
72
73
74       courier_spool_t
75
76            /var/spool/courier(/.*)?
77            /var/spool/authdaemon(/.*)?
78
79       etc_aliases_t
80
81            /etc/mail/.*.db
82            /etc/mail/aliases.*
83            /etc/postfix/aliases.*
84            /etc/aliases
85            /etc/aliases.db
86
87       etc_mail_t
88
89            /etc/mail(/.*)?
90
91       exim_log_t
92
93            /var/log/exim[0-9]?(/.*)?
94
95       exim_spool_t
96
97            /var/spool/exim[0-9]?(/.*)?
98
99       mail_home_rw_t
100
101            /root/Maildir(/.*)?
102            /root/.esmtp_queue(/.*)?
103            /var/lib/arpwatch/.esmtp_queue(/.*)?
104            /home/[^/]+/.maildir(/.*)?
105            /home/[^/]+/Maildir(/.*)?
106            /home/[^/]+/.esmtp_queue(/.*)?
107
108       mail_home_t
109
110            /root/.mailrc
111            /root/.esmtprc
112            /root/.forward
113            /root/dead.letter
114            /home/[^/]+/.forward[^/]*
115            /home/[^/]+/.mailrc
116            /home/[^/]+/.esmtprc
117            /home/[^/]+/dead.letter
118
119       mail_spool_t
120
121            /var/mail(/.*)?
122            /var/spool/imap(/.*)?
123            /var/spool/mail(/.*)?
124            /var/spool/smtpd(/.*)?
125
126       mqueue_spool_t
127
128            /var/spool/(client)?mqueue(/.*)?
129            /var/spool/mqueue.in(/.*)?
130
131       nfs_t
132
133
134       sendmail_log_t
135
136            /var/log/mail(/.*)?
137            /var/log/sendmail.st.*
138
139       uucpd_spool_t
140
141            /var/spool/uucp(/.*)?
142            /var/spool/uucppublic(/.*)?
143
144

COMMANDS

146       semanage  fcontext  can also be used to manipulate default file context
147       mappings.
148
149       semanage permissive can also be used to manipulate  whether  or  not  a
150       process type is permissive.
151
152       semanage  module can also be used to enable/disable/install/remove pol‐
153       icy modules.
154
155       semanage boolean can also be used to manipulate the booleans
156
157
158       system-config-selinux is a GUI tool available to customize SELinux pol‐
159       icy settings.
160
161

AUTHOR

163       This manual page was auto-generated using sepolicy manpage .
164
165

SEE ALSO

167       selinux(8),  logrotate_mail(8),  semanage(8),  restorecon(8), chcon(1),
168       sepolicy(8), setsebool(8)
169
170
171
172logrotate_mail                     21-03-26          logrotate_mail_selinux(8)
Impressum