1namespace_init_selinux(8)SELinux Policy namespace_initnamespace_init_selinux(8)
2
3
4

NAME

6       namespace_init_selinux  -  Security Enhanced Linux Policy for the name‐
7       space_init processes
8

DESCRIPTION

10       Security-Enhanced Linux secures the namespace_init processes via flexi‐
11       ble mandatory access control.
12
13       The  namespace_init processes execute with the namespace_init_t SELinux
14       type. You can check if you have these processes  running  by  executing
15       the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep namespace_init_t
20
21
22

ENTRYPOINTS

24       The  namespace_init_t  SELinux  type  can  be  entered  via  the  name‐
25       space_init_exec_t file type.
26
27       The default entrypoint paths for the namespace_init_t  domain  are  the
28       following:
29
30       /etc/security/namespace.init, /etc/security/namespace.d(/.*)?
31

PROCESS TYPES

33       SELinux defines process types (domains) for each process running on the
34       system
35
36       You can see the context of a process using the -Z option to ps
37
38       Policy governs the access confined processes have  to  files.   SELinux
39       namespace_init  policy  is  very flexible allowing users to setup their
40       namespace_init processes in as secure a method as possible.
41
42       The following process types are defined for namespace_init:
43
44       namespace_init_t
45
46       Note: semanage permissive -a namespace_init_t can be used to  make  the
47       process  type namespace_init_t permissive. SELinux does not deny access
48       to permissive process types, but the AVC (SELinux denials) messages are
49       still generated.
50
51

BOOLEANS

53       SELinux  policy  is customizable based on least access required.  name‐
54       space_init policy is extremely flexible and has several  booleans  that
55       allow  you  to  manipulate  the  policy and run namespace_init with the
56       tightest access possible.
57
58
59
60       If you want to allow system to run with  NIS,  you  must  turn  on  the
61       nis_enabled boolean. Disabled by default.
62
63       setsebool -P nis_enabled 1
64
65
66
67       If you want to enable polyinstantiated directory support, you must turn
68       on the polyinstantiation_enabled boolean. Disabled by default.
69
70       setsebool -P polyinstantiation_enabled 1
71
72
73

MANAGED FILES

75       The SELinux process type namespace_init_t can manage files labeled with
76       the  following  file types.  The paths listed are the default paths for
77       these file types.  Note the processes UID still need to have  DAC  per‐
78       missions.
79
80       krb5_host_rcache_t
81
82            /var/tmp/krb5_0.rcache2
83            /var/cache/krb5rcache(/.*)?
84            /var/tmp/nfs_0
85            /var/tmp/DNS_25
86            /var/tmp/host_0
87            /var/tmp/imap_0
88            /var/tmp/HTTP_23
89            /var/tmp/HTTP_48
90            /var/tmp/ldap_55
91            /var/tmp/ldap_487
92            /var/tmp/ldapmap1_0
93
94       security_t
95
96            /selinux
97
98       user_home_type
99
100            all user home files
101
102

FILE CONTEXTS

104       SELinux requires files to have an extended attribute to define the file
105       type.
106
107       You can see the context of a file using the -Z option to ls
108
109       Policy governs the access  confined  processes  have  to  these  files.
110       SELinux  namespace_init policy is very flexible allowing users to setup
111       their namespace_init processes in as secure a method as possible.
112
113       The following file types are defined for namespace_init:
114
115
116
117       namespace_init_exec_t
118
119       - Set files with the namespace_init_exec_t type, if you want to transi‐
120       tion an executable to the namespace_init_t domain.
121
122
123       Paths:
124            /etc/security/namespace.init, /etc/security/namespace.d(/.*)?
125
126
127       Note:  File context can be temporarily modified with the chcon command.
128       If you want to permanently change the file context you need to use  the
129       semanage fcontext command.  This will modify the SELinux labeling data‐
130       base.  You will need to use restorecon to apply the labels.
131
132

COMMANDS

134       semanage fcontext can also be used to manipulate default  file  context
135       mappings.
136
137       semanage  permissive  can  also  be used to manipulate whether or not a
138       process type is permissive.
139
140       semanage module can also be used to enable/disable/install/remove  pol‐
141       icy modules.
142
143       semanage boolean can also be used to manipulate the booleans
144
145
146       system-config-selinux is a GUI tool available to customize SELinux pol‐
147       icy settings.
148
149

AUTHOR

151       This manual page was auto-generated using sepolicy manpage .
152
153

SEE ALSO

155       selinux(8), namespace_init(8),  semanage(8),  restorecon(8),  chcon(1),
156       sepolicy(8), setsebool(8)
157
158
159
160namespace_init                     21-06-09          namespace_init_selinux(8)
Impressum