1NetworkManager_dispaStEcLhienru_xsePloilniucxy(8N)etworkMaNneatgweorr_kdMiasnpaagtecrh_edrispatcher_selinux(8)
2
3
4

NAME

6       NetworkManager_dispatcher_selinux  - Security Enhanced Linux Policy for
7       the NetworkManager_dispatcher processes
8

DESCRIPTION

10       Security-Enhanced Linux secures the NetworkManager_dispatcher processes
11       via flexible mandatory access control.
12
13       The  NetworkManager_dispatcher  processes  execute with the NetworkMan‐
14       ager_dispatcher_t SELinux type. You can check if you  have  these  pro‐
15       cesses running by executing the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep NetworkManager_dispatcher_t
20
21
22

ENTRYPOINTS

24       The  NetworkManager_dispatcher_t  SELinux  type  can be entered via the
25       NetworkManager_dispatcher_exec_t file type.
26
27       The default entrypoint paths for the NetworkManager_dispatcher_t domain
28       are the following:
29
30       /usr/libexec/nm-dispatcher
31

PROCESS TYPES

33       SELinux defines process types (domains) for each process running on the
34       system
35
36       You can see the context of a process using the -Z option to ps
37
38       Policy governs the access confined processes have  to  files.   SELinux
39       NetworkManager_dispatcher  policy  is  very  flexible allowing users to
40       setup their NetworkManager_dispatcher processes in as secure  a  method
41       as possible.
42
43       The following process types are defined for NetworkManager_dispatcher:
44
45       NetworkManager_dispatcher_t, NetworkManager_dispatcher_custom_t, NetworkManager_dispatcher_chronyc_t, NetworkManager_dispatcher_cloud_t, NetworkManager_dispatcher_console_t, NetworkManager_dispatcher_ddclient_t, NetworkManager_dispatcher_dhclient_t, NetworkManager_dispatcher_dnssec_t, NetworkManager_dispatcher_iscsid_t, NetworkManager_dispatcher_sendmail_t, NetworkManager_dispatcher_tlp_t, NetworkManager_dispatcher_winbind_t
46
47       Note: semanage permissive -a NetworkManager_dispatcher_t can be used to
48       make the process type NetworkManager_dispatcher_t  permissive.  SELinux
49       does  not deny access to permissive process types, but the AVC (SELinux
50       denials) messages are still generated.
51
52

BOOLEANS

54       SELinux policy is customizable based on least  access  required.   Net‐
55       workManager_dispatcher  policy  is  extremely  flexible and has several
56       booleans that allow you to manipulate the policy  and  run  NetworkMan‐
57       ager_dispatcher with the tightest access possible.
58
59
60
61       If you want to allow all domains to execute in fips_mode, you must turn
62       on the fips_mode boolean. Enabled by default.
63
64       setsebool -P fips_mode 1
65
66
67

MANAGED FILES

69       The SELinux process type NetworkManager_dispatcher_t can  manage  files
70       labeled  with  the  following file types.  The paths listed are the de‐
71       fault paths for these file types.  Note the processes UID still need to
72       have DAC permissions.
73
74       cluster_conf_t
75
76            /etc/cluster(/.*)?
77
78       cluster_var_lib_t
79
80            /var/lib/pcsd(/.*)?
81            /var/lib/cluster(/.*)?
82            /var/lib/openais(/.*)?
83            /var/lib/pengine(/.*)?
84            /var/lib/corosync(/.*)?
85            /usr/lib/heartbeat(/.*)?
86            /var/lib/heartbeat(/.*)?
87            /var/lib/pacemaker(/.*)?
88
89       cluster_var_run_t
90
91            /var/run/crm(/.*)?
92            /var/run/cman_.*
93            /var/run/rsctmp(/.*)?
94            /var/run/aisexec.*
95            /var/run/heartbeat(/.*)?
96            /var/run/pcsd-ruby.socket
97            /var/run/corosync-qnetd(/.*)?
98            /var/run/corosync-qdevice(/.*)?
99            /var/run/corosync.pid
100            /var/run/cpglockd.pid
101            /var/run/rgmanager.pid
102            /var/run/cluster/rgmanager.sk
103
104       root_t
105
106            /sysroot/ostree/deploy/.*-atomic/deploy(/.*)?
107            /
108            /initrd
109
110

FILE CONTEXTS

112       SELinux requires files to have an extended attribute to define the file
113       type.
114
115       You can see the context of a file using the -Z option to ls
116
117       Policy governs the access  confined  processes  have  to  these  files.
118       SELinux  NetworkManager_dispatcher  policy  is  very  flexible allowing
119       users to setup their NetworkManager_dispatcher processes in as secure a
120       method as possible.
121
122       STANDARD FILE CONTEXT
123
124       SELinux  defines  the  file  context  types for the NetworkManager_dis‐
125       patcher, if you wanted to store files with these  types  in  a  diffent
126       paths,  you  need  to execute the semanage command to specify alternate
127       labeling and then use restorecon to put the labels on disk.
128
129       semanage  fcontext  -a  -t  NetworkManager_dispatcher_console_var_run_t
130       '/srv/myNetworkManager_dispatcher_content(/.*)?'
131       restorecon -R -v /srv/myNetworkManager_dispatcher_content
132
133       Note:  SELinux  often  uses  regular expressions to specify labels that
134       match multiple files.
135
136       The following file types are defined for NetworkManager_dispatcher:
137
138
139
140       NetworkManager_dispatcher_chronyc_script_t
141
142       - Set files with the  NetworkManager_dispatcher_chronyc_script_t  type,
143       if  you  want  to  treat the files as NetworkManager dispatcher chronyc
144       script data.
145
146
147       Paths:
148            /etc/NetworkManager/dispatcher.d/20-chrony-dhcp, /usr/lib/Network‐
149            Manager/dispatcher.d/20-chrony-dhcp,      /etc/NetworkManager/dis‐
150            patcher.d/20-chrony-onoffline,        /usr/lib/NetworkManager/dis‐
151            patcher.d/20-chrony-onoffline
152
153
154       NetworkManager_dispatcher_cloud_script_t
155
156       -  Set files with the NetworkManager_dispatcher_cloud_script_t type, if
157       you want to treat the files as NetworkManager dispatcher  cloud  script
158       data.
159
160
161       Paths:
162            /etc/NetworkManager/dispatcher.d/hook-network-manager,   /etc/Net‐
163            workManager/dispatcher.d/cloud-init-azure-hook,  /usr/lib/Network‐
164            Manager/dispatcher.d/90-nm-cloud-setup.sh,    /usr/lib/NetworkMan‐
165            ager/dispatcher.d/no-wait.d/90-nm-cloud-setup.sh
166
167
168       NetworkManager_dispatcher_console_script_t
169
170       - Set files with the  NetworkManager_dispatcher_console_script_t  type,
171       if  you  want  to  treat the files as NetworkManager dispatcher console
172       script data.
173
174
175
176       NetworkManager_dispatcher_console_var_run_t
177
178       - Set files with the NetworkManager_dispatcher_console_var_run_t  type,
179       if  you want to store the NetworkManager dispatcher console files under
180       the /run or /var/run directory.
181
182
183
184       NetworkManager_dispatcher_ddclient_script_t
185
186       - Set files with the NetworkManager_dispatcher_ddclient_script_t  type,
187       if  you  want  to treat the files as NetworkManager dispatcher ddclient
188       script data.
189
190
191
192       NetworkManager_dispatcher_dhclient_script_t
193
194       - Set files with the NetworkManager_dispatcher_dhclient_script_t  type,
195       if  you  want  to treat the files as NetworkManager dispatcher dhclient
196       script data.
197
198
199       Paths:
200            /etc/NetworkManager/dispatcher.d/11-dhclient, /usr/lib/NetworkMan‐
201            ager/dispatcher.d/11-dhclient
202
203
204       NetworkManager_dispatcher_dnssec_script_t
205
206       - Set files with the NetworkManager_dispatcher_dnssec_script_t type, if
207       you want to treat the files as NetworkManager dispatcher dnssec  script
208       data.
209
210
211
212       NetworkManager_dispatcher_exec_t
213
214       - Set files with the NetworkManager_dispatcher_exec_t type, if you want
215       to transition an executable to the NetworkManager_dispatcher_t domain.
216
217
218
219       NetworkManager_dispatcher_iscsid_script_t
220
221       - Set files with the NetworkManager_dispatcher_iscsid_script_t type, if
222       you  want to treat the files as NetworkManager dispatcher iscsid script
223       data.
224
225
226
227       NetworkManager_dispatcher_script_t
228
229       - Set files with the NetworkManager_dispatcher_script_t  type,  if  you
230       want to treat the files as NetworkManager dispatcher script data.
231
232
233       Paths:
234            /etc/NetworkManager/dispatcher.d(/.*)?,       /usr/lib/NetworkMan‐
235            ager/dispatcher.d(/.*)?
236
237
238       NetworkManager_dispatcher_sendmail_script_t
239
240       - Set files with the NetworkManager_dispatcher_sendmail_script_t  type,
241       if  you  want  to treat the files as NetworkManager dispatcher sendmail
242       script data.
243
244
245
246       NetworkManager_dispatcher_tlp_script_t
247
248       - Set files with the  NetworkManager_dispatcher_tlp_script_t  type,  if
249       you  want  to  treat  the files as NetworkManager dispatcher tlp script
250       data.
251
252
253
254       NetworkManager_dispatcher_winbind_script_t
255
256       - Set files with the  NetworkManager_dispatcher_winbind_script_t  type,
257       if  you  want  to  treat the files as NetworkManager dispatcher winbind
258       script data.
259
260
261
262       Note: File context can be temporarily modified with the chcon  command.
263       If  you want to permanently change the file context you need to use the
264       semanage fcontext command.  This will modify the SELinux labeling data‐
265       base.  You will need to use restorecon to apply the labels.
266
267

COMMANDS

269       semanage  fcontext  can also be used to manipulate default file context
270       mappings.
271
272       semanage permissive can also be used to manipulate  whether  or  not  a
273       process type is permissive.
274
275       semanage  module can also be used to enable/disable/install/remove pol‐
276       icy modules.
277
278       semanage boolean can also be used to manipulate the booleans
279
280
281       system-config-selinux is a GUI tool available to customize SELinux pol‐
282       icy settings.
283
284

AUTHOR

286       This manual page was auto-generated using sepolicy manpage .
287
288

SEE ALSO

290       selinux(8),  NetworkManager_dispatcher(8),  semanage(8), restorecon(8),
291       chcon(1),      sepolicy(8),      setsebool(8),      NetworkManager_dis‐
292       patcher_chronyc_selinux(8),                         NetworkManager_dis‐
293       patcher_chronyc_selinux(8), NetworkManager_dispatcher_cloud_selinux(8),
294       NetworkManager_dispatcher_cloud_selinux(8),         NetworkManager_dis‐
295       patcher_console_selinux(8),              NetworkManager_dispatcher_con‐
296       sole_selinux(8),  NetworkManager_dispatcher_custom_selinux(8), Network‐
297       Manager_dispatcher_custom_selinux(8),     NetworkManager_dispatcher_dd‐
298       client_selinux(8),  NetworkManager_dispatcher_ddclient_selinux(8), Net‐
299       workManager_dispatcher_dhclient_selinux(8),         NetworkManager_dis‐
300       patcher_dhclient_selinux(8),                        NetworkManager_dis‐
301       patcher_dnssec_selinux(8), NetworkManager_dispatcher_dnssec_selinux(8),
302       NetworkManager_dispatcher_iscsid_selinux(8),        NetworkManager_dis‐
303       patcher_iscsid_selinux(8),              NetworkManager_dispatcher_send‐
304       mail_selinux(8),   NetworkManager_dispatcher_sendmail_selinux(8),  Net‐
305       workManager_dispatcher_tlp_selinux(8),              NetworkManager_dis‐
306       patcher_tlp_selinux(8),   NetworkManager_dispatcher_winbind_selinux(8),
307       NetworkManager_dispatcher_winbind_selinux(8)
308
309
310
311NetworkManager_dispatcher          22-05-27NetworkManager_dispatcher_selinux(8)
Impressum