NetworkManager_dispatcher_winbind_selinux(8)

1NetworkManager_dSiEsLpiantucxhePro_lwiicnybiNnedt_wsoNerelktiMwnaounrxak(gM8ea)rn_adgiesrp_adticshpeart_cwhienrb_iwnidnbind_selinux(8)
2
3
4

NAME

6       NetworkManager_dispatcher_winbind_selinux  -  Security  Enhanced  Linux
7       Policy for the NetworkManager_dispatcher_winbind processes
8

DESCRIPTION

10       Security-Enhanced Linux secures  the  NetworkManager_dispatcher_winbind
11       processes via flexible mandatory access control.
12
13       The  NetworkManager_dispatcher_winbind  processes execute with the Net‐
14       workManager_dispatcher_winbind_t SELinux type. You  can  check  if  you
15       have  these  processes  running by executing the ps command with the -Z
16       qualifier.
17
18       For example:
19
20       ps -eZ | grep NetworkManager_dispatcher_winbind_t
21
22
23

ENTRYPOINTS

25       The NetworkManager_dispatcher_winbind_t SELinux type can be entered via
26       the NetworkManager_dispatcher_winbind_script_t file type.
27
28       The  default  entrypoint  paths  for the NetworkManager_dispatcher_win‐
29       bind_t domain are the following:
30
31       /usr/lib/NetworkManager/dispatcher.d/30-winbind
32

PROCESS TYPES

34       SELinux defines process types (domains) for each process running on the
35       system
36
37       You can see the context of a process using the -Z option to ps
38
39       Policy  governs  the  access confined processes have to files.  SELinux
40       NetworkManager_dispatcher_winbind  policy  is  very  flexible  allowing
41       users  to setup their NetworkManager_dispatcher_winbind processes in as
42       secure a method as possible.
43
44       The  following  process  types  are  defined  for   NetworkManager_dis‐
45       patcher_winbind:
46
47       NetworkManager_dispatcher_winbind_t
48
49       Note: semanage permissive -a NetworkManager_dispatcher_winbind_t can be
50       used to make the process type NetworkManager_dispatcher_winbind_t  per‐
51       missive.  SELinux does not deny access to permissive process types, but
52       the AVC (SELinux denials) messages are still generated.
53
54

BOOLEANS

56       SELinux policy is customizable based on least  access  required.   Net‐
57       workManager_dispatcher_winbind  policy  is  extremely  flexible and has
58       several booleans that allow you to manipulate the policy and  run  Net‐
59       workManager_dispatcher_winbind with the tightest access possible.
60
61
62
63       If you want to allow all domains to execute in fips_mode, you must turn
64       on the fips_mode boolean. Enabled by default.
65
66       setsebool -P fips_mode 1
67
68
69

MANAGED FILES

71       The SELinux process type NetworkManager_dispatcher_winbind_t can manage
72       files  labeled with the following file types.  The paths listed are the
73       default paths for these file types.  Note the processes UID still  need
74       to have DAC permissions.
75
76       systemd_passwd_var_run_t
77
78            /var/run/systemd/ask-password(/.*)?
79            /var/run/systemd/ask-password-block(/.*)?
80
81

FILE CONTEXTS

83       SELinux requires files to have an extended attribute to define the file
84       type.
85
86       You can see the context of a file using the -Z option to ls
87
88       Policy governs the access  confined  processes  have  to  these  files.
89       SELinux  NetworkManager_dispatcher_winbind  policy is very flexible al‐
90       lowing users to setup their NetworkManager_dispatcher_winbind processes
91       in as secure a method as possible.
92
93       The following file types are defined for NetworkManager_dispatcher_win‐
94       bind:
95
96
97
98       NetworkManager_dispatcher_winbind_script_t
99
100       - Set files with the  NetworkManager_dispatcher_winbind_script_t  type,
101       if  you  want  to  treat the files as NetworkManager dispatcher winbind
102       script data.
103
104
105
106       Note: File context can be temporarily modified with the chcon  command.
107       If  you want to permanently change the file context you need to use the
108       semanage fcontext command.  This will modify the SELinux labeling data‐
109       base.  You will need to use restorecon to apply the labels.
110
111

COMMANDS

113       semanage  fcontext  can also be used to manipulate default file context
114       mappings.
115
116       semanage permissive can also be used to manipulate  whether  or  not  a
117       process type is permissive.
118
119       semanage  module can also be used to enable/disable/install/remove pol‐
120       icy modules.
121
122       semanage boolean can also be used to manipulate the booleans
123
124
125       system-config-selinux is a GUI tool available to customize SELinux pol‐
126       icy settings.
127
128

AUTHOR

130       This manual page was auto-generated using sepolicy manpage .
131
132