NetworkManager_dispatcher_dnssec_selinux(8)

1NetworkManager_diSsEpLaitncuhxerP_odlniscsyecN_estewloNirenktuMwxao(nr8ak)gMearn_adgiesrp_adticshpeart_cdhnesrs_edcnssec_selinux(8)
2
3
4

NAME

6       NetworkManager_dispatcher_dnssec_selinux - Security Enhanced Linux Pol‐
7       icy for the NetworkManager_dispatcher_dnssec processes
8

DESCRIPTION

10       Security-Enhanced Linux  secures  the  NetworkManager_dispatcher_dnssec
11       processes via flexible mandatory access control.
12
13       The  NetworkManager_dispatcher_dnssec  processes  execute with the Net‐
14       workManager_dispatcher_dnssec_t SELinux type. You can check if you have
15       these  processes running by executing the ps command with the -Z quali‐
16       fier.
17
18       For example:
19
20       ps -eZ | grep NetworkManager_dispatcher_dnssec_t
21
22
23

ENTRYPOINTS

25       The NetworkManager_dispatcher_dnssec_t SELinux type can be entered  via
26       the NetworkManager_dispatcher_dnssec_script_t file type.
27
28       The default entrypoint paths for the NetworkManager_dispatcher_dnssec_t
29       domain are the following:
30
31       /usr/lib/NetworkManager/dispatcher.d/01-dnssec-trigger
32

PROCESS TYPES

34       SELinux defines process types (domains) for each process running on the
35       system
36
37       You can see the context of a process using the -Z option to ps
38
39       Policy  governs  the  access confined processes have to files.  SELinux
40       NetworkManager_dispatcher_dnssec policy is very flexible allowing users
41       to  setup their NetworkManager_dispatcher_dnssec processes in as secure
42       a method as possible.
43
44       The  following  process  types  are  defined  for   NetworkManager_dis‐
45       patcher_dnssec:
46
47       NetworkManager_dispatcher_dnssec_t
48
49       Note:  semanage permissive -a NetworkManager_dispatcher_dnssec_t can be
50       used to make the process type  NetworkManager_dispatcher_dnssec_t  per‐
51       missive.  SELinux does not deny access to permissive process types, but
52       the AVC (SELinux denials) messages are still generated.
53
54

BOOLEANS

56       SELinux policy is customizable based on least  access  required.   Net‐
57       workManager_dispatcher_dnssec policy is extremely flexible and has sev‐
58       eral booleans that allow you to manipulate the policy and run  Network‐
59       Manager_dispatcher_dnssec with the tightest access possible.
60
61
62
63       If you want to allow all domains to execute in fips_mode, you must turn
64       on the fips_mode boolean. Enabled by default.
65
66       setsebool -P fips_mode 1
67
68
69

FILE CONTEXTS

71       SELinux requires files to have an extended attribute to define the file
72       type.
73
74       You can see the context of a file using the -Z option to ls
75
76       Policy  governs  the  access  confined  processes  have to these files.
77       SELinux NetworkManager_dispatcher_dnssec policy is very flexible allow‐
78       ing  users to setup their NetworkManager_dispatcher_dnssec processes in
79       as secure a method as possible.
80
81       The  following  file  types   are   defined   for   NetworkManager_dis‐
82       patcher_dnssec:
83
84
85
86       NetworkManager_dispatcher_dnssec_script_t
87
88       - Set files with the NetworkManager_dispatcher_dnssec_script_t type, if
89       you want to treat the files as NetworkManager dispatcher dnssec  script
90       data.
91
92
93
94       Note:  File context can be temporarily modified with the chcon command.
95       If you want to permanently change the file context you need to use  the
96       semanage fcontext command.  This will modify the SELinux labeling data‐
97       base.  You will need to use restorecon to apply the labels.
98
99

COMMANDS

101       semanage fcontext can also be used to manipulate default  file  context
102       mappings.
103
104       semanage  permissive  can  also  be used to manipulate whether or not a
105       process type is permissive.
106
107       semanage module can also be used to enable/disable/install/remove  pol‐
108       icy modules.
109
110       semanage boolean can also be used to manipulate the booleans
111
112
113       system-config-selinux is a GUI tool available to customize SELinux pol‐
114       icy settings.
115
116

AUTHOR

118       This manual page was auto-generated using sepolicy manpage .
119
120