1NetworkManager_dispaStEcLhienru_xsePloilniucxy(8N)etworkMaNneatgweorr_kdMiasnpaagtecrh_edrispatcher_selinux(8)
2
3
4

NAME

6       NetworkManager_dispatcher_selinux  - Security Enhanced Linux Policy for
7       the NetworkManager_dispatcher processes
8

DESCRIPTION

10       Security-Enhanced Linux secures the NetworkManager_dispatcher processes
11       via flexible mandatory access control.
12
13       The  NetworkManager_dispatcher  processes  execute with the NetworkMan‐
14       ager_dispatcher_t SELinux type. You can check if you  have  these  pro‐
15       cesses running by executing the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep NetworkManager_dispatcher_t
20
21
22

ENTRYPOINTS

24       The  NetworkManager_dispatcher_t  SELinux  type  can be entered via the
25       NetworkManager_dispatcher_exec_t file type.
26
27       The default entrypoint paths for the NetworkManager_dispatcher_t domain
28       are the following:
29
30       /usr/libexec/nm-dispatcher
31

PROCESS TYPES

33       SELinux defines process types (domains) for each process running on the
34       system
35
36       You can see the context of a process using the -Z option to ps
37
38       Policy governs the access confined processes have  to  files.   SELinux
39       NetworkManager_dispatcher  policy  is  very  flexible allowing users to
40       setup their NetworkManager_dispatcher processes in as secure  a  method
41       as possible.
42
43       The following process types are defined for NetworkManager_dispatcher:
44
45       NetworkManager_dispatcher_t, NetworkManager_dispatcher_custom_t, NetworkManager_dispatcher_chronyc_t, NetworkManager_dispatcher_cloud_t, NetworkManager_dispatcher_console_t, NetworkManager_dispatcher_ddclient_t, NetworkManager_dispatcher_dhclient_t, NetworkManager_dispatcher_dnssec_t, NetworkManager_dispatcher_iscsid_t, NetworkManager_dispatcher_sendmail_t, NetworkManager_dispatcher_tlp_t, NetworkManager_dispatcher_winbind_t
46
47       Note: semanage permissive -a NetworkManager_dispatcher_t can be used to
48       make the process type NetworkManager_dispatcher_t  permissive.  SELinux
49       does  not deny access to permissive process types, but the AVC (SELinux
50       denials) messages are still generated.
51
52

BOOLEANS

54       SELinux policy is customizable based on least  access  required.   Net‐
55       workManager_dispatcher  policy  is  extremely  flexible and has several
56       booleans that allow you to manipulate the policy  and  run  NetworkMan‐
57       ager_dispatcher with the tightest access possible.
58
59
60
61       If  you  want  to  dontaudit all daemons scheduling requests (setsched,
62       sys_nice), you must turn on the  daemons_dontaudit_scheduling  boolean.
63       Enabled by default.
64
65       setsebool -P daemons_dontaudit_scheduling 1
66
67
68
69       If you want to allow all domains to execute in fips_mode, you must turn
70       on the fips_mode boolean. Enabled by default.
71
72       setsebool -P fips_mode 1
73
74
75

MANAGED FILES

77       The SELinux process type NetworkManager_dispatcher_t can  manage  files
78       labeled  with  the  following file types.  The paths listed are the de‐
79       fault paths for these file types.  Note the processes UID still need to
80       have DAC permissions.
81
82       cluster_conf_t
83
84            /etc/cluster(/.*)?
85
86       cluster_var_lib_t
87
88            /var/lib/pcsd(/.*)?
89            /var/lib/cluster(/.*)?
90            /var/lib/openais(/.*)?
91            /var/lib/pengine(/.*)?
92            /var/lib/corosync(/.*)?
93            /usr/lib/heartbeat(/.*)?
94            /var/lib/heartbeat(/.*)?
95            /var/lib/pacemaker(/.*)?
96
97       cluster_var_run_t
98
99            /var/run/crm(/.*)?
100            /var/run/cman_.*
101            /var/run/rsctmp(/.*)?
102            /var/run/aisexec.*
103            /var/run/heartbeat(/.*)?
104            /var/run/pcsd-ruby.socket
105            /var/run/corosync-qnetd(/.*)?
106            /var/run/corosync-qdevice(/.*)?
107            /var/run/corosync.pid
108            /var/run/cpglockd.pid
109            /var/run/rgmanager.pid
110            /var/run/cluster/rgmanager.sk
111
112       root_t
113
114            /sysroot/ostree/deploy/.*-atomic/deploy(/.*)?
115            /
116            /initrd
117
118

FILE CONTEXTS

120       SELinux requires files to have an extended attribute to define the file
121       type.
122
123       You can see the context of a file using the -Z option to ls
124
125       Policy governs the access  confined  processes  have  to  these  files.
126       SELinux  NetworkManager_dispatcher  policy  is  very  flexible allowing
127       users to setup their NetworkManager_dispatcher processes in as secure a
128       method as possible.
129
130       STANDARD FILE CONTEXT
131
132       SELinux  defines  the  file  context  types for the NetworkManager_dis‐
133       patcher, if you wanted to store files with these types in  a  different
134       paths,  you  need  to execute the semanage command to specify alternate
135       labeling and then use restorecon to put the labels on disk.
136
137       semanage  fcontext  -a  -t  NetworkManager_dispatcher_console_var_run_t
138       '/srv/NetworkManager_dispatcher/content(/.*)?'
139       restorecon -R -v /srv/myNetworkManager_dispatcher_content
140
141       Note:  SELinux  often  uses  regular expressions to specify labels that
142       match multiple files.
143
144       The following file types are defined for NetworkManager_dispatcher:
145
146
147
148       NetworkManager_dispatcher_chronyc_script_t
149
150       - Set files with the  NetworkManager_dispatcher_chronyc_script_t  type,
151       if  you  want  to  treat the files as NetworkManager dispatcher chronyc
152       script data.
153
154
155       Paths:
156            /etc/NetworkManager/dispatcher.d/20-chrony-dhcp, /usr/lib/Network‐
157            Manager/dispatcher.d/20-chrony-dhcp,      /etc/NetworkManager/dis‐
158            patcher.d/20-chrony-onoffline,        /usr/lib/NetworkManager/dis‐
159            patcher.d/20-chrony-onoffline
160
161
162       NetworkManager_dispatcher_cloud_script_t
163
164       -  Set files with the NetworkManager_dispatcher_cloud_script_t type, if
165       you want to treat the files as NetworkManager dispatcher  cloud  script
166       data.
167
168
169       Paths:
170            /etc/NetworkManager/dispatcher.d/hook-network-manager,   /etc/Net‐
171            workManager/dispatcher.d/cloud-init-azure-hook,  /usr/lib/Network‐
172            Manager/dispatcher.d/90-nm-cloud-setup.sh,    /usr/lib/NetworkMan‐
173            ager/dispatcher.d/no-wait.d/90-nm-cloud-setup.sh
174
175
176       NetworkManager_dispatcher_console_script_t
177
178       - Set files with the  NetworkManager_dispatcher_console_script_t  type,
179       if  you  want  to  treat the files as NetworkManager dispatcher console
180       script data.
181
182
183
184       NetworkManager_dispatcher_console_var_run_t
185
186       - Set files with the NetworkManager_dispatcher_console_var_run_t  type,
187       if  you want to store the NetworkManager dispatcher console files under
188       the /run or /var/run directory.
189
190
191
192       NetworkManager_dispatcher_ddclient_script_t
193
194       - Set files with the NetworkManager_dispatcher_ddclient_script_t  type,
195       if  you  want  to treat the files as NetworkManager dispatcher ddclient
196       script data.
197
198
199
200       NetworkManager_dispatcher_dhclient_script_t
201
202       - Set files with the NetworkManager_dispatcher_dhclient_script_t  type,
203       if  you  want  to treat the files as NetworkManager dispatcher dhclient
204       script data.
205
206
207       Paths:
208            /etc/NetworkManager/dispatcher.d/11-dhclient, /usr/lib/NetworkMan‐
209            ager/dispatcher.d/11-dhclient
210
211
212       NetworkManager_dispatcher_dnssec_script_t
213
214       - Set files with the NetworkManager_dispatcher_dnssec_script_t type, if
215       you want to treat the files as NetworkManager dispatcher dnssec  script
216       data.
217
218
219
220       NetworkManager_dispatcher_exec_t
221
222       - Set files with the NetworkManager_dispatcher_exec_t type, if you want
223       to transition an executable to the NetworkManager_dispatcher_t domain.
224
225
226
227       NetworkManager_dispatcher_iscsid_script_t
228
229       - Set files with the NetworkManager_dispatcher_iscsid_script_t type, if
230       you  want to treat the files as NetworkManager dispatcher iscsid script
231       data.
232
233
234
235       NetworkManager_dispatcher_script_t
236
237       - Set files with the NetworkManager_dispatcher_script_t  type,  if  you
238       want to treat the files as NetworkManager dispatcher script data.
239
240
241       Paths:
242            /etc/NetworkManager/dispatcher.d(/.*)?,       /usr/lib/NetworkMan‐
243            ager/dispatcher.d(/.*)?
244
245
246       NetworkManager_dispatcher_sendmail_script_t
247
248       - Set files with the NetworkManager_dispatcher_sendmail_script_t  type,
249       if  you  want  to treat the files as NetworkManager dispatcher sendmail
250       script data.
251
252
253
254       NetworkManager_dispatcher_tlp_script_t
255
256       - Set files with the  NetworkManager_dispatcher_tlp_script_t  type,  if
257       you  want  to  treat  the files as NetworkManager dispatcher tlp script
258       data.
259
260
261
262       NetworkManager_dispatcher_winbind_script_t
263
264       - Set files with the  NetworkManager_dispatcher_winbind_script_t  type,
265       if  you  want  to  treat the files as NetworkManager dispatcher winbind
266       script data.
267
268
269
270       Note: File context can be temporarily modified with the chcon  command.
271       If  you want to permanently change the file context you need to use the
272       semanage fcontext command.  This will modify the SELinux labeling data‐
273       base.  You will need to use restorecon to apply the labels.
274
275

COMMANDS

277       semanage  fcontext  can also be used to manipulate default file context
278       mappings.
279
280       semanage permissive can also be used to manipulate  whether  or  not  a
281       process type is permissive.
282
283       semanage  module can also be used to enable/disable/install/remove pol‐
284       icy modules.
285
286       semanage boolean can also be used to manipulate the booleans
287
288
289       system-config-selinux is a GUI tool available to customize SELinux pol‐
290       icy settings.
291
292

AUTHOR

294       This manual page was auto-generated using sepolicy manpage .
295
296

SEE ALSO

298       selinux(8),  NetworkManager_dispatcher(8),  semanage(8), restorecon(8),
299       chcon(1),      sepolicy(8),      setsebool(8),      NetworkManager_dis‐
300       patcher_chronyc_selinux(8),                         NetworkManager_dis‐
301       patcher_chronyc_selinux(8), NetworkManager_dispatcher_cloud_selinux(8),
302       NetworkManager_dispatcher_cloud_selinux(8),         NetworkManager_dis‐
303       patcher_console_selinux(8),              NetworkManager_dispatcher_con‐
304       sole_selinux(8),  NetworkManager_dispatcher_custom_selinux(8), Network‐
305       Manager_dispatcher_custom_selinux(8),     NetworkManager_dispatcher_dd‐
306       client_selinux(8),  NetworkManager_dispatcher_ddclient_selinux(8), Net‐
307       workManager_dispatcher_dhclient_selinux(8),         NetworkManager_dis‐
308       patcher_dhclient_selinux(8),                        NetworkManager_dis‐
309       patcher_dnssec_selinux(8), NetworkManager_dispatcher_dnssec_selinux(8),
310       NetworkManager_dispatcher_iscsid_selinux(8),        NetworkManager_dis‐
311       patcher_iscsid_selinux(8),              NetworkManager_dispatcher_send‐
312       mail_selinux(8),   NetworkManager_dispatcher_sendmail_selinux(8),  Net‐
313       workManager_dispatcher_tlp_selinux(8),              NetworkManager_dis‐
314       patcher_tlp_selinux(8),   NetworkManager_dispatcher_winbind_selinux(8),
315       NetworkManager_dispatcher_winbind_selinux(8)
316
317
318
319NetworkManager_dispatcher          23-10-20NetworkManager_dispatcher_selinux(8)
Impressum