1NetworkManager_dSiEsLpiantucxhePro_ldihccyliNeenttwN_oesrtekwlMoiarnnkuaMxga(en8ra)_gdeirs_pdaitscphaetrc_hdehrc_ldihecnltient_selinux(8)
2
3
4

NAME

6       NetworkManager_dispatcher_dhclient_selinux  -  Security  Enhanced Linux
7       Policy for the NetworkManager_dispatcher_dhclient processes
8

DESCRIPTION

10       Security-Enhanced Linux secures the  NetworkManager_dispatcher_dhclient
11       processes via flexible mandatory access control.
12
13       The  NetworkManager_dispatcher_dhclient processes execute with the Net‐
14       workManager_dispatcher_dhclient_t SELinux type. You can  check  if  you
15       have  these  processes  running by executing the ps command with the -Z
16       qualifier.
17
18       For example:
19
20       ps -eZ | grep NetworkManager_dispatcher_dhclient_t
21
22
23

ENTRYPOINTS

25       The NetworkManager_dispatcher_dhclient_t SELinux type  can  be  entered
26       via the NetworkManager_dispatcher_dhclient_script_t file type.
27
28       The    default    entrypoint    paths   for   the   NetworkManager_dis‐
29       patcher_dhclient_t domain are the following:
30
31       /etc/NetworkManager/dispatcher.d/11-dhclient,      /usr/lib/NetworkMan‐
32       ager/dispatcher.d/11-dhclient
33

PROCESS TYPES

35       SELinux defines process types (domains) for each process running on the
36       system
37
38       You can see the context of a process using the -Z option to ps
39
40       Policy governs the access confined processes have  to  files.   SELinux
41       NetworkManager_dispatcher_dhclient  policy  is  very  flexible allowing
42       users to setup their NetworkManager_dispatcher_dhclient processes in as
43       secure a method as possible.
44
45       The   following  process  types  are  defined  for  NetworkManager_dis‐
46       patcher_dhclient:
47
48       NetworkManager_dispatcher_dhclient_t
49
50       Note: semanage permissive -a  NetworkManager_dispatcher_dhclient_t  can
51       be  used  to make the process type NetworkManager_dispatcher_dhclient_t
52       permissive. SELinux does not deny access to permissive  process  types,
53       but the AVC (SELinux denials) messages are still generated.
54
55

BOOLEANS

57       SELinux  policy  is  customizable based on least access required.  Net‐
58       workManager_dispatcher_dhclient policy is extremely  flexible  and  has
59       several  booleans  that allow you to manipulate the policy and run Net‐
60       workManager_dispatcher_dhclient with the tightest access possible.
61
62
63
64       If you want to allow all domains to execute in fips_mode, you must turn
65       on the fips_mode boolean. Enabled by default.
66
67       setsebool -P fips_mode 1
68
69
70

FILE CONTEXTS

72       SELinux requires files to have an extended attribute to define the file
73       type.
74
75       You can see the context of a file using the -Z option to ls
76
77       Policy governs the access  confined  processes  have  to  these  files.
78       SELinux  NetworkManager_dispatcher_dhclient policy is very flexible al‐
79       lowing users to  setup  their  NetworkManager_dispatcher_dhclient  pro‐
80       cesses in as secure a method as possible.
81
82       The   following   file   types   are  defined  for  NetworkManager_dis‐
83       patcher_dhclient:
84
85
86
87       NetworkManager_dispatcher_dhclient_script_t
88
89       - Set files with the NetworkManager_dispatcher_dhclient_script_t  type,
90       if  you  want  to treat the files as NetworkManager dispatcher dhclient
91       script data.
92
93
94       Paths:
95            /etc/NetworkManager/dispatcher.d/11-dhclient, /usr/lib/NetworkMan‐
96            ager/dispatcher.d/11-dhclient
97
98
99       Note:  File context can be temporarily modified with the chcon command.
100       If you want to permanently change the file context you need to use  the
101       semanage fcontext command.  This will modify the SELinux labeling data‐
102       base.  You will need to use restorecon to apply the labels.
103
104

COMMANDS

106       semanage fcontext can also be used to manipulate default  file  context
107       mappings.
108
109       semanage  permissive  can  also  be used to manipulate whether or not a
110       process type is permissive.
111
112       semanage module can also be used to enable/disable/install/remove  pol‐
113       icy modules.
114
115       semanage boolean can also be used to manipulate the booleans
116
117
118       system-config-selinux is a GUI tool available to customize SELinux pol‐
119       icy settings.
120
121

AUTHOR

123       This manual page was auto-generated using sepolicy manpage .
124
125

SEE ALSO

127       selinux(8),  NetworkManager_dispatcher_dhclient(8),  semanage(8),   re‐
128       storecon(8), chcon(1), sepolicy(8), setsebool(8)
129
130
131
132NetworkManager_dispatcher_dhclientNe2t3w-o0r2k-M0a3nager_dispatcher_dhclient_selinux(8)
Impressum