1mysqlmanagerd_selinux(8) SELinux Policy mysqlmanagerd mysqlmanagerd_selinux(8)
2
3
4

NAME

6       mysqlmanagerd_selinux  -  Security Enhanced Linux Policy for the mysql‐
7       managerd processes
8

DESCRIPTION

10       Security-Enhanced Linux secures the mysqlmanagerd processes via  flexi‐
11       ble mandatory access control.
12
13       The  mysqlmanagerd  processes  execute with the mysqlmanagerd_t SELinux
14       type. You can check if you have these processes  running  by  executing
15       the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep mysqlmanagerd_t
20
21
22

ENTRYPOINTS

24       The  mysqlmanagerd_t  SELinux  type  can  be  entered via the mysqlman‐
25       agerd_exec_t file type.
26
27       The default entrypoint paths for the  mysqlmanagerd_t  domain  are  the
28       following:
29
30       /usr/sbin/mysqlmanager
31

PROCESS TYPES

33       SELinux defines process types (domains) for each process running on the
34       system
35
36       You can see the context of a process using the -Z option to ps
37
38       Policy governs the access confined processes have  to  files.   SELinux
39       mysqlmanagerd  policy  is  very  flexible allowing users to setup their
40       mysqlmanagerd processes in as secure a method as possible.
41
42       The following process types are defined for mysqlmanagerd:
43
44       mysqlmanagerd_t
45
46       Note: semanage permissive -a mysqlmanagerd_t can be used  to  make  the
47       process  type  mysqlmanagerd_t permissive. SELinux does not deny access
48       to permissive process types, but the AVC (SELinux denials) messages are
49       still generated.
50
51

BOOLEANS

53       SELinux  policy is customizable based on least access required.  mysql‐
54       managerd policy is extremely flexible and has several booleans that al‐
55       low  you to manipulate the policy and run mysqlmanagerd with the tight‐
56       est access possible.
57
58
59
60       If you want to allow all domains to execute in fips_mode, you must turn
61       on the fips_mode boolean. Enabled by default.
62
63       setsebool -P fips_mode 1
64
65
66

PORT TYPES

68       SELinux defines port types to represent TCP and UDP ports.
69
70       You  can  see  the  types associated with a port by using the following
71       command:
72
73       semanage port -l
74
75
76       Policy governs the access  confined  processes  have  to  these  ports.
77       SELinux  mysqlmanagerd  policy is very flexible allowing users to setup
78       their mysqlmanagerd processes in as secure a method as possible.
79
80       The following port types are defined for mysqlmanagerd:
81
82
83       mysqlmanagerd_port_t
84
85
86
87       Default Defined Ports:
88                 tcp 2273
89

MANAGED FILES

91       The SELinux process type mysqlmanagerd_t can manage files labeled  with
92       the  following  file types.  The paths listed are the default paths for
93       these file types.  Note the processes UID still need to have  DAC  per‐
94       missions.
95
96       cluster_conf_t
97
98            /etc/cluster(/.*)?
99
100       cluster_var_lib_t
101
102            /var/lib/pcsd(/.*)?
103            /var/lib/cluster(/.*)?
104            /var/lib/openais(/.*)?
105            /var/lib/pengine(/.*)?
106            /var/lib/corosync(/.*)?
107            /usr/lib/heartbeat(/.*)?
108            /var/lib/heartbeat(/.*)?
109            /var/lib/pacemaker(/.*)?
110
111       cluster_var_run_t
112
113            /var/run/crm(/.*)?
114            /var/run/cman_.*
115            /var/run/rsctmp(/.*)?
116            /var/run/aisexec.*
117            /var/run/heartbeat(/.*)?
118            /var/run/pcsd-ruby.socket
119            /var/run/corosync-qnetd(/.*)?
120            /var/run/corosync-qdevice(/.*)?
121            /var/run/corosync.pid
122            /var/run/cpglockd.pid
123            /var/run/rgmanager.pid
124            /var/run/cluster/rgmanager.sk
125
126       mysqlmanagerd_var_run_t
127
128            /var/run/mysqld/mysqlmanager.*
129
130       root_t
131
132            /sysroot/ostree/deploy/.*-atomic/deploy(/.*)?
133            /
134            /initrd
135
136

FILE CONTEXTS

138       SELinux requires files to have an extended attribute to define the file
139       type.
140
141       You can see the context of a file using the -Z option to ls
142
143       Policy governs the access  confined  processes  have  to  these  files.
144       SELinux  mysqlmanagerd  policy is very flexible allowing users to setup
145       their mysqlmanagerd processes in as secure a method as possible.
146
147       STANDARD FILE CONTEXT
148
149       SELinux defines the file context types for the  mysqlmanagerd,  if  you
150       wanted  to store files with these types in a diffent paths, you need to
151       execute the semanage command to specify alternate labeling and then use
152       restorecon to put the labels on disk.
153
154       semanage   fcontext  -a  -t  mysqlmanagerd_var_run_t  '/srv/mymysqlman‐
155       agerd_content(/.*)?'
156       restorecon -R -v /srv/mymysqlmanagerd_content
157
158       Note: SELinux often uses regular expressions  to  specify  labels  that
159       match multiple files.
160
161       The following file types are defined for mysqlmanagerd:
162
163
164
165       mysqlmanagerd_exec_t
166
167       -  Set files with the mysqlmanagerd_exec_t type, if you want to transi‐
168       tion an executable to the mysqlmanagerd_t domain.
169
170
171
172       mysqlmanagerd_initrc_exec_t
173
174       - Set files with the mysqlmanagerd_initrc_exec_t type, if you  want  to
175       transition an executable to the mysqlmanagerd_initrc_t domain.
176
177
178
179       mysqlmanagerd_var_run_t
180
181       - Set files with the mysqlmanagerd_var_run_t type, if you want to store
182       the mysqlmanagerd files under the /run or /var/run directory.
183
184
185
186       Note: File context can be temporarily modified with the chcon  command.
187       If  you want to permanently change the file context you need to use the
188       semanage fcontext command.  This will modify the SELinux labeling data‐
189       base.  You will need to use restorecon to apply the labels.
190
191

COMMANDS

193       semanage  fcontext  can also be used to manipulate default file context
194       mappings.
195
196       semanage permissive can also be used to manipulate  whether  or  not  a
197       process type is permissive.
198
199       semanage  module can also be used to enable/disable/install/remove pol‐
200       icy modules.
201
202       semanage port can also be used to manipulate the port definitions
203
204       semanage boolean can also be used to manipulate the booleans
205
206
207       system-config-selinux is a GUI tool available to customize SELinux pol‐
208       icy settings.
209
210

AUTHOR

212       This manual page was auto-generated using sepolicy manpage .
213
214

SEE ALSO

216       selinux(8), mysqlmanagerd(8), semanage(8), restorecon(8), chcon(1), se‐
217       policy(8), setsebool(8)
218
219
220
221mysqlmanagerd                      21-11-19           mysqlmanagerd_selinux(8)
Impressum