1NetworkManager_diSsEpLaitncuhxerP_odlniscsyecN_estewloNirenktuMwxao(nr8ak)gMearn_adgiesrp_adticshpeart_cdhnesrs_edcnssec_selinux(8)
2
3
4
6 NetworkManager_dispatcher_dnssec_selinux - Security Enhanced Linux Pol‐
7 icy for the NetworkManager_dispatcher_dnssec processes
8
10 Security-Enhanced Linux secures the NetworkManager_dispatcher_dnssec
11 processes via flexible mandatory access control.
12
13 The NetworkManager_dispatcher_dnssec processes execute with the Net‐
14 workManager_dispatcher_dnssec_t SELinux type. You can check if you have
15 these processes running by executing the ps command with the -Z quali‐
16 fier.
17
18 For example:
19
20 ps -eZ | grep NetworkManager_dispatcher_dnssec_t
21
22
23
25 The NetworkManager_dispatcher_dnssec_t SELinux type can be entered via
26 the NetworkManager_dispatcher_dnssec_script_t file type.
27
28 The default entrypoint paths for the NetworkManager_dispatcher_dnssec_t
29 domain are the following:
30
31 /usr/lib/NetworkManager/dispatcher.d/01-dnssec-trigger
32
34 SELinux defines process types (domains) for each process running on the
35 system
36
37 You can see the context of a process using the -Z option to ps
38
39 Policy governs the access confined processes have to files. SELinux
40 NetworkManager_dispatcher_dnssec policy is very flexible allowing users
41 to setup their NetworkManager_dispatcher_dnssec processes in as secure
42 a method as possible.
43
44 The following process types are defined for NetworkManager_dis‐
45 patcher_dnssec:
46
47 NetworkManager_dispatcher_dnssec_t
48
49 Note: semanage permissive -a NetworkManager_dispatcher_dnssec_t can be
50 used to make the process type NetworkManager_dispatcher_dnssec_t per‐
51 missive. SELinux does not deny access to permissive process types, but
52 the AVC (SELinux denials) messages are still generated.
53
54
56 SELinux policy is customizable based on least access required. Net‐
57 workManager_dispatcher_dnssec policy is extremely flexible and has sev‐
58 eral booleans that allow you to manipulate the policy and run Network‐
59 Manager_dispatcher_dnssec with the tightest access possible.
60
61
62
63 If you want to allow all domains to execute in fips_mode, you must turn
64 on the fips_mode boolean. Enabled by default.
65
66 setsebool -P fips_mode 1
67
68
69
71 SELinux requires files to have an extended attribute to define the file
72 type.
73
74 You can see the context of a file using the -Z option to ls
75
76 Policy governs the access confined processes have to these files.
77 SELinux NetworkManager_dispatcher_dnssec policy is very flexible allow‐
78 ing users to setup their NetworkManager_dispatcher_dnssec processes in
79 as secure a method as possible.
80
81 The following file types are defined for NetworkManager_dis‐
82 patcher_dnssec:
83
84
85
86 NetworkManager_dispatcher_dnssec_script_t
87
88 - Set files with the NetworkManager_dispatcher_dnssec_script_t type, if
89 you want to treat the files as NetworkManager dispatcher dnssec script
90 data.
91
92
93
94 Note: File context can be temporarily modified with the chcon command.
95 If you want to permanently change the file context you need to use the
96 semanage fcontext command. This will modify the SELinux labeling data‐
97 base. You will need to use restorecon to apply the labels.
98
99
101 semanage fcontext can also be used to manipulate default file context
102 mappings.
103
104 semanage permissive can also be used to manipulate whether or not a
105 process type is permissive.
106
107 semanage module can also be used to enable/disable/install/remove pol‐
108 icy modules.
109
110 semanage boolean can also be used to manipulate the booleans
111
112
113 system-config-selinux is a GUI tool available to customize SELinux pol‐
114 icy settings.
115
116
118 This manual page was auto-generated using sepolicy manpage .
119
120
122 selinux(8), NetworkManager_dispatcher_dnssec(8), semanage(8), restore‐
123 con(8), chcon(1), sepolicy(8), setsebool(8)
124
125
126
127NetworkManager_dispatcher_dnssec 2N2e-t0w5o-r2k7Manager_dispatcher_dnssec_selinux(8)