1setroubleshoot_fixit_seSlEiLniunxu(x8)Policy setroubleshsoeottr_ofuibxlietshoot_fixit_selinux(8)
2
3
4

NAME

6       setroubleshoot_fixit_selinux  -  Security Enhanced Linux Policy for the
7       setroubleshoot_fixit processes
8

DESCRIPTION

10       Security-Enhanced Linux secures the setroubleshoot_fixit processes  via
11       flexible mandatory access control.
12
13       The   setroubleshoot_fixit   processes   execute   with   the   setrou‐
14       bleshoot_fixit_t SELinux type. You can check if  you  have  these  pro‐
15       cesses running by executing the ps command with the -Z qualifier.
16
17       For example:
18
19       ps -eZ | grep setroubleshoot_fixit_t
20
21
22

ENTRYPOINTS

24       The  setroubleshoot_fixit_t SELinux type can be entered via the setrou‐
25       bleshoot_fixit_exec_t file type.
26
27       The default entrypoint paths for the setroubleshoot_fixit_t domain  are
28       the following:
29
30       /usr/share/setroubleshoot/SetroubleshootFixit.py*
31

PROCESS TYPES

33       SELinux defines process types (domains) for each process running on the
34       system
35
36       You can see the context of a process using the -Z option to ps
37
38       Policy governs the access confined processes have  to  files.   SELinux
39       setroubleshoot_fixit  policy  is  very flexible allowing users to setup
40       their setroubleshoot_fixit processes in as secure a method as possible.
41
42       The following process types are defined for setroubleshoot_fixit:
43
44       setroubleshoot_fixit_t
45
46       Note: semanage permissive -a setroubleshoot_fixit_t can be used to make
47       the  process  type  setroubleshoot_fixit_t permissive. SELinux does not
48       deny access to permissive process types, but the AVC (SELinux  denials)
49       messages are still generated.
50
51

BOOLEANS

53       SELinux policy is customizable based on least access required.  setrou‐
54       bleshoot_fixit policy is extremely flexible and  has  several  booleans
55       that  allow  you  to manipulate the policy and run setroubleshoot_fixit
56       with the tightest access possible.
57
58
59
60       If you want to dontaudit all  daemons  scheduling  requests  (setsched,
61       sys_nice),  you  must turn on the daemons_dontaudit_scheduling boolean.
62       Enabled by default.
63
64       setsebool -P daemons_dontaudit_scheduling 1
65
66
67
68       If you want to allow all domains to execute in fips_mode, you must turn
69       on the fips_mode boolean. Enabled by default.
70
71       setsebool -P fips_mode 1
72
73
74
75       If  you  want  to  allow  system  to run with NIS, you must turn on the
76       nis_enabled boolean. Disabled by default.
77
78       setsebool -P nis_enabled 1
79
80
81

MANAGED FILES

83       The SELinux process type setroubleshoot_fixit_t can  manage  files  la‐
84       beled  with the following file types.  The paths listed are the default
85       paths for these file types.  Note the processes UID still need to  have
86       DAC permissions.
87
88       cluster_conf_t
89
90            /etc/cluster(/.*)?
91
92       cluster_var_lib_t
93
94            /var/lib/pcsd(/.*)?
95            /var/lib/cluster(/.*)?
96            /var/lib/openais(/.*)?
97            /var/lib/pengine(/.*)?
98            /var/lib/corosync(/.*)?
99            /usr/lib/heartbeat(/.*)?
100            /var/lib/heartbeat(/.*)?
101            /var/lib/pacemaker(/.*)?
102
103       cluster_var_run_t
104
105            /var/run/crm(/.*)?
106            /var/run/cman_.*
107            /var/run/rsctmp(/.*)?
108            /var/run/aisexec.*
109            /var/run/heartbeat(/.*)?
110            /var/run/pcsd-ruby.socket
111            /var/run/corosync-qnetd(/.*)?
112            /var/run/corosync-qdevice(/.*)?
113            /var/run/corosync.pid
114            /var/run/cpglockd.pid
115            /var/run/rgmanager.pid
116            /var/run/cluster/rgmanager.sk
117
118       krb5_host_rcache_t
119
120            /var/tmp/krb5_0.rcache2
121            /var/cache/krb5rcache(/.*)?
122            /var/tmp/nfs_0
123            /var/tmp/DNS_25
124            /var/tmp/host_0
125            /var/tmp/imap_0
126            /var/tmp/HTTP_23
127            /var/tmp/HTTP_48
128            /var/tmp/ldap_55
129            /var/tmp/ldap_487
130            /var/tmp/ldapmap1_0
131
132       root_t
133
134            /sysroot/ostree/deploy/.*-atomic/deploy(/.*)?
135            /
136            /initrd
137
138       setroubleshoot_fixit_tmp_t
139
140
141       setroubleshoot_fixit_tmpfs_t
142
143
144

FILE CONTEXTS

146       SELinux requires files to have an extended attribute to define the file
147       type.
148
149       You can see the context of a file using the -Z option to ls
150
151       Policy governs the access  confined  processes  have  to  these  files.
152       SELinux  setroubleshoot_fixit policy is very flexible allowing users to
153       setup their setroubleshoot_fixit processes in as  secure  a  method  as
154       possible.
155
156       STANDARD FILE CONTEXT
157
158       SELinux defines the file context types for the setroubleshoot_fixit, if
159       you wanted to store files with these types in a  different  paths,  you
160       need  to execute the semanage command to specify alternate labeling and
161       then use restorecon to put the labels on disk.
162
163       semanage  fcontext  -a  -t  setroubleshoot_fixit_exec_t   '/srv/setrou‐
164       bleshoot_fixit/content(/.*)?'
165       restorecon -R -v /srv/mysetroubleshoot_fixit_content
166
167       Note:  SELinux  often  uses  regular expressions to specify labels that
168       match multiple files.
169
170       The following file types are defined for setroubleshoot_fixit:
171
172
173
174       setroubleshoot_fixit_exec_t
175
176       - Set files with the setroubleshoot_fixit_exec_t type, if you  want  to
177       transition an executable to the setroubleshoot_fixit_t domain.
178
179
180
181       setroubleshoot_fixit_tmp_t
182
183       -  Set  files  with the setroubleshoot_fixit_tmp_t type, if you want to
184       store setroubleshoot fixit temporary files in the /tmp directories.
185
186
187
188       setroubleshoot_fixit_tmpfs_t
189
190       - Set files with the setroubleshoot_fixit_tmpfs_t type, if you want  to
191       store setroubleshoot fixit files on a tmpfs file system.
192
193
194
195       Note:  File context can be temporarily modified with the chcon command.
196       If you want to permanently change the file context you need to use  the
197       semanage fcontext command.  This will modify the SELinux labeling data‐
198       base.  You will need to use restorecon to apply the labels.
199
200

COMMANDS

202       semanage fcontext can also be used to manipulate default  file  context
203       mappings.
204
205       semanage  permissive  can  also  be used to manipulate whether or not a
206       process type is permissive.
207
208       semanage module can also be used to enable/disable/install/remove  pol‐
209       icy modules.
210
211       semanage boolean can also be used to manipulate the booleans
212
213
214       system-config-selinux is a GUI tool available to customize SELinux pol‐
215       icy settings.
216
217

AUTHOR

219       This manual page was auto-generated using sepolicy manpage .
220
221

SEE ALSO

223       selinux(8),   setroubleshoot_fixit(8),   semanage(8),    restorecon(8),
224       chcon(1), sepolicy(8), setsebool(8)
225
226
227
228setroubleshoot_fixit               23-12-15    setroubleshoot_fixit_selinux(8)
Impressum