1pegasus_openlmi_systemS_EsLeilniunxuxP(o8l)icy pegasus_oppeenglamsiu_ss_yospteenmlmi_system_selinux(8)
2
3
4
6 pegasus_openlmi_system_selinux - Security Enhanced Linux Policy for the
7 pegasus_openlmi_system processes
8
10 Security-Enhanced Linux secures the pegasus_openlmi_system processes
11 via flexible mandatory access control.
12
13 The pegasus_openlmi_system processes execute with the pega‐
14 sus_openlmi_system_t SELinux type. You can check if you have these pro‐
15 cesses running by executing the ps command with the -Z qualifier.
16
17 For example:
18
19 ps -eZ | grep pegasus_openlmi_system_t
20
21
22
24 The pegasus_openlmi_system_t SELinux type can be entered via the pega‐
25 sus_openlmi_system_exec_t file type.
26
27 The default entrypoint paths for the pegasus_openlmi_system_t domain
28 are the following:
29
30 /usr/libexec/pegasus/cmpiLMI_Fan-cimprovagt, /usr/libexec/pega‐
31 sus/cmpiLMI_Networking-cimprovagt, /usr/libexec/pegasus/cmpiLMI_Power‐
32 Management-cimprovagt
33
35 SELinux defines process types (domains) for each process running on the
36 system
37
38 You can see the context of a process using the -Z option to ps
39
40 Policy governs the access confined processes have to files. SELinux
41 pegasus_openlmi_system policy is very flexible allowing users to setup
42 their pegasus_openlmi_system processes in as secure a method as possi‐
43 ble.
44
45 The following process types are defined for pegasus_openlmi_system:
46
47 pegasus_openlmi_system_t
48
49 Note: semanage permissive -a pegasus_openlmi_system_t can be used to
50 make the process type pegasus_openlmi_system_t permissive. SELinux does
51 not deny access to permissive process types, but the AVC (SELinux de‐
52 nials) messages are still generated.
53
54
56 SELinux policy is customizable based on least access required. pega‐
57 sus_openlmi_system policy is extremely flexible and has several bool‐
58 eans that allow you to manipulate the policy and run pega‐
59 sus_openlmi_system with the tightest access possible.
60
61
62
63 If you want to allow all domains to execute in fips_mode, you must turn
64 on the fips_mode boolean. Enabled by default.
65
66 setsebool -P fips_mode 1
67
68
69
70 If you want to allow system to run with NIS, you must turn on the
71 nis_enabled boolean. Disabled by default.
72
73 setsebool -P nis_enabled 1
74
75
76
78 The SELinux process type pegasus_openlmi_system_t can manage files la‐
79 beled with the following file types. The paths listed are the default
80 paths for these file types. Note the processes UID still need to have
81 DAC permissions.
82
83 cluster_conf_t
84
85 /etc/cluster(/.*)?
86
87 cluster_var_lib_t
88
89 /var/lib/pcsd(/.*)?
90 /var/lib/cluster(/.*)?
91 /var/lib/openais(/.*)?
92 /var/lib/pengine(/.*)?
93 /var/lib/corosync(/.*)?
94 /usr/lib/heartbeat(/.*)?
95 /var/lib/heartbeat(/.*)?
96 /var/lib/pacemaker(/.*)?
97
98 cluster_var_run_t
99
100 /var/run/crm(/.*)?
101 /var/run/cman_.*
102 /var/run/rsctmp(/.*)?
103 /var/run/aisexec.*
104 /var/run/heartbeat(/.*)?
105 /var/run/pcsd-ruby.socket
106 /var/run/corosync-qnetd(/.*)?
107 /var/run/corosync-qdevice(/.*)?
108 /var/run/corosync.pid
109 /var/run/cpglockd.pid
110 /var/run/rgmanager.pid
111 /var/run/cluster/rgmanager.sk
112
113 krb5_host_rcache_t
114
115 /var/tmp/krb5_0.rcache2
116 /var/cache/krb5rcache(/.*)?
117 /var/tmp/nfs_0
118 /var/tmp/DNS_25
119 /var/tmp/host_0
120 /var/tmp/imap_0
121 /var/tmp/HTTP_23
122 /var/tmp/HTTP_48
123 /var/tmp/ldap_55
124 /var/tmp/ldap_487
125 /var/tmp/ldapmap1_0
126
127 pegasus_data_t
128
129 /var/lib/Pegasus(/.*)?
130 /etc/Pegasus/pegasus_current.conf
131 /etc/Pegasus/cimserver_current.conf
132
133 root_t
134
135 /sysroot/ostree/deploy/.*-atomic/deploy(/.*)?
136 /
137 /initrd
138
139 systemd_passwd_var_run_t
140
141 /var/run/systemd/ask-password(/.*)?
142 /var/run/systemd/ask-password-block(/.*)?
143
144
146 SELinux requires files to have an extended attribute to define the file
147 type.
148
149 You can see the context of a file using the -Z option to ls
150
151 Policy governs the access confined processes have to these files.
152 SELinux pegasus_openlmi_system policy is very flexible allowing users
153 to setup their pegasus_openlmi_system processes in as secure a method
154 as possible.
155
156 The following file types are defined for pegasus_openlmi_system:
157
158
159
160 pegasus_openlmi_system_exec_t
161
162 - Set files with the pegasus_openlmi_system_exec_t type, if you want to
163 transition an executable to the pegasus_openlmi_system_t domain.
164
165
166 Paths:
167 /usr/libexec/pegasus/cmpiLMI_Fan-cimprovagt, /usr/libexec/pega‐
168 sus/cmpiLMI_Networking-cimprovagt, /usr/libexec/pega‐
169 sus/cmpiLMI_PowerManagement-cimprovagt
170
171
172 Note: File context can be temporarily modified with the chcon command.
173 If you want to permanently change the file context you need to use the
174 semanage fcontext command. This will modify the SELinux labeling data‐
175 base. You will need to use restorecon to apply the labels.
176
177
179 semanage fcontext can also be used to manipulate default file context
180 mappings.
181
182 semanage permissive can also be used to manipulate whether or not a
183 process type is permissive.
184
185 semanage module can also be used to enable/disable/install/remove pol‐
186 icy modules.
187
188 semanage boolean can also be used to manipulate the booleans
189
190
191 system-config-selinux is a GUI tool available to customize SELinux pol‐
192 icy settings.
193
194
196 This manual page was auto-generated using sepolicy manpage .
197
198
200 selinux(8), pegasus_openlmi_system(8), semanage(8), restorecon(8),
201 chcon(1), sepolicy(8), setsebool(8)
202
203
204
205pegasus_openlmi_system 21-06-09 pegasus_openlmi_system_selinux(8)