1lldpad_selinux(8)            SELinux Policy lldpad           lldpad_selinux(8)
2
3
4

NAME

6       lldpad_selinux  -  Security  Enhanced  Linux Policy for the lldpad pro‐
7       cesses
8

DESCRIPTION

10       Security-Enhanced Linux  secures  the  lldpad  processes  via  flexible
11       mandatory access control.
12
13       The  lldpad  processes  execute with the lldpad_t SELinux type. You can
14       check if you have these processes running by executing the  ps  command
15       with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep lldpad_t
20
21
22

ENTRYPOINTS

24       The  lldpad_t  SELinux  type  can be entered via the lldpad_exec_t file
25       type.
26
27       The default entrypoint paths for the lldpad_t domain are the following:
28
29       /usr/sbin/lldpd, /usr/sbin/lldpad
30

PROCESS TYPES

32       SELinux defines process types (domains) for each process running on the
33       system
34
35       You can see the context of a process using the -Z option to ps
36
37       Policy  governs  the  access confined processes have to files.  SELinux
38       lldpad policy is very flexible allowing users  to  setup  their  lldpad
39       processes in as secure a method as possible.
40
41       The following process types are defined for lldpad:
42
43       lldpad_t
44
45       Note:  semanage  permissive -a lldpad_t can be used to make the process
46       type lldpad_t permissive. SELinux does not deny  access  to  permissive
47       process  types, but the AVC (SELinux denials) messages are still gener‐
48       ated.
49
50

BOOLEANS

52       SELinux policy is customizable based on least access required.   lldpad
53       policy is extremely flexible and has several booleans that allow you to
54       manipulate the policy and run lldpad with the tightest access possible.
55
56
57
58       If you want to allow all domains to execute in fips_mode, you must turn
59       on the fips_mode boolean. Enabled by default.
60
61       setsebool -P fips_mode 1
62
63
64

MANAGED FILES

66       The  SELinux  process  type  lldpad_t can manage files labeled with the
67       following file types.  The paths listed are the default paths for these
68       file types.  Note the processes UID still need to have DAC permissions.
69
70       cluster_conf_t
71
72            /etc/cluster(/.*)?
73
74       cluster_var_lib_t
75
76            /var/lib/pcsd(/.*)?
77            /var/lib/cluster(/.*)?
78            /var/lib/openais(/.*)?
79            /var/lib/pengine(/.*)?
80            /var/lib/corosync(/.*)?
81            /usr/lib/heartbeat(/.*)?
82            /var/lib/heartbeat(/.*)?
83            /var/lib/pacemaker(/.*)?
84
85       cluster_var_run_t
86
87            /var/run/crm(/.*)?
88            /var/run/cman_.*
89            /var/run/rsctmp(/.*)?
90            /var/run/aisexec.*
91            /var/run/heartbeat(/.*)?
92            /var/run/pcsd-ruby.socket
93            /var/run/corosync-qnetd(/.*)?
94            /var/run/corosync-qdevice(/.*)?
95            /var/run/corosync.pid
96            /var/run/cpglockd.pid
97            /var/run/rgmanager.pid
98            /var/run/cluster/rgmanager.sk
99
100       lldpad_tmpfs_t
101
102            /dev/shm/lldpad.*
103
104       lldpad_var_lib_t
105
106            /var/lib/lldpd(/.*)?
107            /var/lib/lldpad(/.*)?
108
109       lldpad_var_run_t
110
111            /var/run/lldpd.*
112            /var/run/lldpd(/.*)?
113            /var/run/lldpad.*
114
115       root_t
116
117            /sysroot/ostree/deploy/.*-atomic/deploy(/.*)?
118            /
119            /initrd
120
121

FILE CONTEXTS

123       SELinux requires files to have an extended attribute to define the file
124       type.
125
126       You can see the context of a file using the -Z option to ls
127
128       Policy governs the access  confined  processes  have  to  these  files.
129       SELinux  lldpad  policy  is very flexible allowing users to setup their
130       lldpad processes in as secure a method as possible.
131
132       EQUIVALENCE DIRECTORIES
133
134
135       lldpad policy stores data with multiple different  file  context  types
136       under  the  /var/run/lldpd  directory.   If you would like to store the
137       data in a different directory you can use the semanage command to  cre‐
138       ate an equivalence mapping.  If you wanted to store this data under the
139       /srv directory you would execute the following command:
140
141       semanage fcontext -a -e /var/run/lldpd /srv/lldpd
142       restorecon -R -v /srv/lldpd
143
144       STANDARD FILE CONTEXT
145
146       SELinux defines the file context types for the lldpad, if you wanted to
147       store  files  with  these types in a diffent paths, you need to execute
148       the semanage command to specify alternate labeling  and  then  use  re‐
149       storecon to put the labels on disk.
150
151       semanage fcontext -a -t lldpad_var_run_t '/srv/mylldpad_content(/.*)?'
152       restorecon -R -v /srv/mylldpad_content
153
154       Note:  SELinux  often  uses  regular expressions to specify labels that
155       match multiple files.
156
157       The following file types are defined for lldpad:
158
159
160
161       lldpad_exec_t
162
163       - Set files with the lldpad_exec_t type, if you want to  transition  an
164       executable to the lldpad_t domain.
165
166
167       Paths:
168            /usr/sbin/lldpd, /usr/sbin/lldpad
169
170
171       lldpad_initrc_exec_t
172
173       -  Set files with the lldpad_initrc_exec_t type, if you want to transi‐
174       tion an executable to the lldpad_initrc_t domain.
175
176
177
178       lldpad_tmpfs_t
179
180       - Set files with the lldpad_tmpfs_t type, if you want to  store  lldpad
181       files on a tmpfs file system.
182
183
184
185       lldpad_var_lib_t
186
187       -  Set  files  with the lldpad_var_lib_t type, if you want to store the
188       lldpad files under the /var/lib directory.
189
190
191       Paths:
192            /var/lib/lldpd(/.*)?, /var/lib/lldpad(/.*)?
193
194
195       lldpad_var_run_t
196
197       - Set files with the lldpad_var_run_t type, if you want  to  store  the
198       lldpad files under the /run or /var/run directory.
199
200
201       Paths:
202            /var/run/lldpd.*, /var/run/lldpd(/.*)?, /var/run/lldpad.*
203
204
205       Note:  File context can be temporarily modified with the chcon command.
206       If you want to permanently change the file context you need to use  the
207       semanage fcontext command.  This will modify the SELinux labeling data‐
208       base.  You will need to use restorecon to apply the labels.
209
210

COMMANDS

212       semanage fcontext can also be used to manipulate default  file  context
213       mappings.
214
215       semanage  permissive  can  also  be used to manipulate whether or not a
216       process type is permissive.
217
218       semanage module can also be used to enable/disable/install/remove  pol‐
219       icy modules.
220
221       semanage boolean can also be used to manipulate the booleans
222
223
224       system-config-selinux is a GUI tool available to customize SELinux pol‐
225       icy settings.
226
227

AUTHOR

229       This manual page was auto-generated using sepolicy manpage .
230
231

SEE ALSO

233       selinux(8), lldpad(8),  semanage(8),  restorecon(8),  chcon(1),  sepol‐
234       icy(8), setsebool(8)
235
236
237
238lldpad                             21-11-19                  lldpad_selinux(8)
Impressum