abrt_retrace_coredump_selinux man page on Oracle

Man page or keyword search:  
man Server   33470 pages
apropos Keyword Search (all sections)
Output format
Oracle logo
[printable version]

abrt_retrace_coredumpSELinuxxPolicy abrt_retraabrt_retrace_coredump_selinux(8)

NAME
       abrt_retrace_coredump_selinux  - Security Enhanced Linux Policy for the
       abrt_retrace_coredump processes

DESCRIPTION
       Security-Enhanced Linux secures the abrt_retrace_coredump processes via
       flexible mandatory access control.

       The abrt_retrace_coredump processes execute with the abrt_retrace_core‐
       dump_t SELinux type. You can check if you have these processes  running
       by executing the ps command with the -Z qualifier.

       For example:

       ps -eZ | grep abrt_retrace_coredump_t

ENTRYPOINTS
       The  abrt_retrace_coredump_t  SELinux  type  can	 be  entered  via  the
       abrt_retrace_coredump_exec_t file type.

       The default entrypoint paths for the abrt_retrace_coredump_t domain are
       the following:

       /usr/bin/coredump2packages

PROCESS TYPES
       SELinux defines process types (domains) for each process running on the
       system

       You can see the context of a process using the -Z option to ps

       Policy governs the access confined processes have  to  files.   SELinux
       abrt_retrace_coredump  policy  is very flexible allowing users to setup
       their abrt_retrace_coredump processes in as secure a method  as	possi‐
       ble.

       The following process types are defined for abrt_retrace_coredump:

       abrt_retrace_coredump_t

       Note:  semanage	permissive  -a	abrt_retrace_coredump_t can be used to
       make the process type abrt_retrace_coredump_t permissive. SELinux  does
       not  deny  access  to  permissive  process  types, but the AVC (SELinux
       denials) messages are still generated.

BOOLEANS
       SELinux	policy	is  customizable  based	 on  least  access   required.
       abrt_retrace_coredump  policy  is  extremely  flexible  and has several
       booleans	 that  allow  you   to	 manipulate   the   policy   and   run
       abrt_retrace_coredump with the tightest access possible.

       If  you	want  to deny any process from ptracing or debugging any other
       processes, you  must  turn  on  the  deny_ptrace	 boolean.  Enabled  by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors,
       you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If you want to allow all domains to have the kernel load	 modules,  you
       must  turn  on  the  domain_kernel_load_modules	boolean.  Disabled  by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn
       on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn
       on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

       If you want to allow confined applications to use nscd  shared  memory,
       you must turn on the nscd_use_shm boolean. Disabled by default.

       setsebool -P nscd_use_shm 1

MANAGED FILES
       The  SELinux  process  type  abrt_retrace_coredump_t  can  manage files
       labeled with the following  file	 types.	  The  paths  listed  are  the
       default	paths for these file types.  Note the processes UID still need
       to have DAC permissions.

       rpm_log_t

	    /var/log/yum.log.*
	    /var/log/up2date.*

       rpm_var_cache_t

	    /var/cache/yum(/.*)?
	    /var/cache/dnf(/.*)?
	    /var/spool/up2date(/.*)?
	    /var/cache/PackageKit(/.*)?

       rpm_var_run_t

	    /var/run/yum.*
	    /var/run/PackageKit(/.*)?

FILE CONTEXTS
       SELinux requires files to have an extended attribute to define the file
       type.

       You can see the context of a file using the -Z option to ls

       Policy  governs	the  access  confined  processes  have to these files.
       SELinux abrt_retrace_coredump policy is very flexible allowing users to
       setup  their  abrt_retrace_coredump  processes in as secure a method as
       possible.

       STANDARD FILE CONTEXT

       SELinux defines the file context types for  the	abrt_retrace_coredump,
       if  you	wanted to store files with these types in a diffent paths, you
       need to execute the semanage command to sepecify alternate labeling and
       then use restorecon to put the labels on disk.

       semanage	     fcontext	   -a	   -t	  abrt_retrace_coredump_exec_t
       '/srv/abrt_retrace_coredump/content(/.*)?'
       restorecon -R -v /srv/myabrt_retrace_coredump_content

       Note: SELinux often uses regular expressions  to	 specify  labels  that
       match multiple files.

       The following file types are defined for abrt_retrace_coredump:

       abrt_retrace_coredump_exec_t

       -  Set files with the abrt_retrace_coredump_exec_t type, if you want to
       transition an executable to the abrt_retrace_coredump_t domain.

       Note: File context can be temporarily modified with the chcon  command.
       If  you want to permanently change the file context you need to use the
       semanage fcontext command.  This will modify the SELinux labeling data‐
       base.  You will need to use restorecon to apply the labels.

COMMANDS
       semanage	 fcontext  can also be used to manipulate default file context
       mappings.

       semanage permissive can also be used to manipulate  whether  or	not  a
       process type is permissive.

       semanage	 module can also be used to enable/disable/install/remove pol‐
       icy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux pol‐
       icy settings.

AUTHOR
       This manual page was auto-generated using sepolicy manpage .

SEE ALSO
       selinux(8),   abrt_retrace_coredump(8),	 semanage(8),	restorecon(8),
       chcon(1), sepolicy(8) , setsebool(8)

abrt_retrace_coredump		   14-05-08   abrt_retrace_coredump_selinux(8)
[top]

List of man pages available for Oracle

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net