1blueman_selinux(8)          SELinux Policy blueman          blueman_selinux(8)
2
3
4

NAME

6       blueman_selinux  -  Security Enhanced Linux Policy for the blueman pro‐
7       cesses
8

DESCRIPTION

10       Security-Enhanced Linux secures  the  blueman  processes  via  flexible
11       mandatory access control.
12
13       The  blueman processes execute with the blueman_t SELinux type. You can
14       check if you have these processes running by executing the  ps  command
15       with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep blueman_t
20
21
22

ENTRYPOINTS

24       The  blueman_t  SELinux type can be entered via the blueman_exec_t file
25       type.
26
27       The default entrypoint paths for the blueman_t domain are  the  follow‐
28       ing:
29
30       /usr/libexec/blueman-mechanism
31

PROCESS TYPES

33       SELinux defines process types (domains) for each process running on the
34       system
35
36       You can see the context of a process using the -Z option to ps
37
38       Policy governs the access confined processes have  to  files.   SELinux
39       blueman  policy  is very flexible allowing users to setup their blueman
40       processes in as secure a method as possible.
41
42       The following process types are defined for blueman:
43
44       blueman_t
45
46       Note: semanage permissive -a blueman_t can be used to make the  process
47       type  blueman_t  permissive. SELinux does not deny access to permissive
48       process types, but the AVC (SELinux denials) messages are still  gener‐
49       ated.
50
51

BOOLEANS

53       SELinux policy is customizable based on least access required.  blueman
54       policy is extremely flexible and has several booleans that allow you to
55       manipulate  the  policy and run blueman with the tightest access possi‐
56       ble.
57
58
59
60       If you want to dontaudit all  daemons  scheduling  requests  (setsched,
61       sys_nice),  you  must turn on the daemons_dontaudit_scheduling boolean.
62       Enabled by default.
63
64       setsebool -P daemons_dontaudit_scheduling 1
65
66
67
68       If you want to allow all domains to execute in fips_mode, you must turn
69       on the fips_mode boolean. Enabled by default.
70
71       setsebool -P fips_mode 1
72
73
74
75       If  you  want  to  allow  system  to run with NIS, you must turn on the
76       nis_enabled boolean. Disabled by default.
77
78       setsebool -P nis_enabled 1
79
80
81
82       If you want to allow xguest to use blue tooth devices, you must turn on
83       the xguest_use_bluetooth boolean. Enabled by default.
84
85       setsebool -P xguest_use_bluetooth 1
86
87
88

MANAGED FILES

90       The  SELinux  process  type blueman_t can manage files labeled with the
91       following file types.  The paths listed are the default paths for these
92       file types.  Note the processes UID still need to have DAC permissions.
93
94       blueman_tmp_t
95
96
97       blueman_tmpfs_t
98
99
100       blueman_var_lib_t
101
102            /var/lib/blueman(/.*)?
103
104       blueman_var_run_t
105
106
107       cluster_conf_t
108
109            /etc/cluster(/.*)?
110
111       cluster_var_lib_t
112
113            /var/lib/pcsd(/.*)?
114            /var/lib/cluster(/.*)?
115            /var/lib/openais(/.*)?
116            /var/lib/pengine(/.*)?
117            /var/lib/corosync(/.*)?
118            /usr/lib/heartbeat(/.*)?
119            /var/lib/heartbeat(/.*)?
120            /var/lib/pacemaker(/.*)?
121
122       cluster_var_run_t
123
124            /var/run/crm(/.*)?
125            /var/run/cman_.*
126            /var/run/rsctmp(/.*)?
127            /var/run/aisexec.*
128            /var/run/heartbeat(/.*)?
129            /var/run/pcsd-ruby.socket
130            /var/run/corosync-qnetd(/.*)?
131            /var/run/corosync-qdevice(/.*)?
132            /var/run/corosync.pid
133            /var/run/cpglockd.pid
134            /var/run/rgmanager.pid
135            /var/run/cluster/rgmanager.sk
136
137       krb5_host_rcache_t
138
139            /var/tmp/krb5_0.rcache2
140            /var/cache/krb5rcache(/.*)?
141            /var/tmp/nfs_0
142            /var/tmp/DNS_25
143            /var/tmp/host_0
144            /var/tmp/imap_0
145            /var/tmp/HTTP_23
146            /var/tmp/HTTP_48
147            /var/tmp/ldap_55
148            /var/tmp/ldap_487
149            /var/tmp/ldapmap1_0
150
151       root_t
152
153            /sysroot/ostree/deploy/.*-atomic/deploy(/.*)?
154            /
155            /initrd
156
157

FILE CONTEXTS

159       SELinux requires files to have an extended attribute to define the file
160       type.
161
162       You can see the context of a file using the -Z option to ls
163
164       Policy governs the access  confined  processes  have  to  these  files.
165       SELinux  blueman  policy is very flexible allowing users to setup their
166       blueman processes in as secure a method as possible.
167
168       STANDARD FILE CONTEXT
169
170       SELinux defines the file context types for the blueman, if  you  wanted
171       to  store files with these types in a different paths, you need to exe‐
172       cute the semanage command to specify alternate labeling  and  then  use
173       restorecon to put the labels on disk.
174
175       semanage fcontext -a -t blueman_exec_t '/srv/blueman/content(/.*)?'
176       restorecon -R -v /srv/myblueman_content
177
178       Note:  SELinux  often  uses  regular expressions to specify labels that
179       match multiple files.
180
181       The following file types are defined for blueman:
182
183
184
185       blueman_exec_t
186
187       - Set files with the blueman_exec_t type, if you want to transition  an
188       executable to the blueman_t domain.
189
190
191
192       blueman_tmp_t
193
194       -  Set  files with the blueman_tmp_t type, if you want to store blueman
195       temporary files in the /tmp directories.
196
197
198
199       blueman_tmpfs_t
200
201       - Set files with the blueman_tmpfs_t type, if you want to store blueman
202       files on a tmpfs file system.
203
204
205
206       blueman_var_lib_t
207
208       -  Set  files with the blueman_var_lib_t type, if you want to store the
209       blueman files under the /var/lib directory.
210
211
212
213       blueman_var_run_t
214
215       - Set files with the blueman_var_run_t type, if you want to  store  the
216       blueman files under the /run or /var/run directory.
217
218
219
220       Note:  File context can be temporarily modified with the chcon command.
221       If you want to permanently change the file context you need to use  the
222       semanage fcontext command.  This will modify the SELinux labeling data‐
223       base.  You will need to use restorecon to apply the labels.
224
225

COMMANDS

227       semanage fcontext can also be used to manipulate default  file  context
228       mappings.
229
230       semanage  permissive  can  also  be used to manipulate whether or not a
231       process type is permissive.
232
233       semanage module can also be used to enable/disable/install/remove  pol‐
234       icy modules.
235
236       semanage boolean can also be used to manipulate the booleans
237
238
239       system-config-selinux is a GUI tool available to customize SELinux pol‐
240       icy settings.
241
242

AUTHOR

244       This manual page was auto-generated using sepolicy manpage .
245
246

SEE ALSO

248       selinux(8), blueman(8), semanage(8),  restorecon(8),  chcon(1),  sepol‐
249       icy(8), setsebool(8)
250
251
252
253blueman                            23-12-15                 blueman_selinux(8)
Impressum