diff options
author | Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-08-15 18:23:37 +0200 |
---|---|---|
committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-08-15 18:23:37 +0200 |
commit | 16613e5f359379db293c17d511edde5a680fedbe (patch) | |
tree | a2f609764c094c0e4e00954b1bac577efcc07b64 /man | |
parent | Correct date (diff) | |
download | hardened-refpolicy-16613e5f359379db293c17d511edde5a680fedbe.tar.gz hardened-refpolicy-16613e5f359379db293c17d511edde5a680fedbe.tar.bz2 hardened-refpolicy-16613e5f359379db293c17d511edde5a680fedbe.zip |
Add tmpfiles_selinux manual page
Diffstat (limited to 'man')
-rw-r--r-- | man/man8/tmpfiles_selinux.8 | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/man/man8/tmpfiles_selinux.8 b/man/man8/tmpfiles_selinux.8 new file mode 100644 index 000000000..8a5b1405b --- /dev/null +++ b/man/man8/tmpfiles_selinux.8 @@ -0,0 +1,100 @@ +.\" Man page generated from reStructuredText. +. +.TH TMPFILES_SELINUX 8 "2014-08-15" "" "SELinux" +.SH NAME +tmpfiles_selinux \- SELinux policy module for tmpfiles +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.SH DESCRIPTION +.sp +The \fBtmpfiles\fP SELinux module supports the use of the tmpfiles interface (for +generating and managing temporary files, directories, sockets and what not) as +documented through the \fItmpfiles.d\fP manual page, available at +\fI\%http://www.freedesktop.org/software/systemd/man/tmpfiles.d.html\fP +.SH BOOLEANS +.sp +The following booleans are defined through the \fBtmpfiles\fP SELinux policy module. +They can be toggled using \fBsetsebool\fP, like so: +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +setsebool \-P tmpfiles_manage_all_non_security +.ft P +.fi +.UNINDENT +.UNINDENT +.INDENT 0.0 +.TP +.B tmpfiles_manage_all_non_security +Enable to allow tmpfiles to manage non\-default types (beyond variable run\-time +locations) as well +.UNINDENT +.SH DOMAINS +.SS tmpfiles_t +.sp +The \fBtmpfiles_t\fP domain is used by the \fItmpfiles\fP and \fIcheckpath\fP scripts +which are responsible for creating and modifying the boot\-time resources. +.SH LOCATIONS +.INDENT 0.0 +.TP +.B tmpfiles_conf_t +is used for the tmpfiles configuration files (\fI/etc/tmpfiles.d\fP) +.TP +.B tmpfiles_exec_t +is used as entrypoint for the tmpfiles application +.TP +.B tmpfiles_var_run_t +is used as the variable run\-time data used by the tmpfiles application +.UNINDENT +.SH POLICY +.sp +The following interfaces can be used to enhance the default policy with +tmpfiles\-related provileges. More details on these interfaces can be found in the +interface HTML documentation, we will not list all available interfaces here. +.INDENT 0.0 +.TP +.B tmpfiles_read_conf +to allow read access on the tmpfiles configuration files +.TP +.B tmpfiles_manage_conf +to allow a domain to manage the tmpfiles configuration files +.UNINDENT +.SH SEE ALSO +.INDENT 0.0 +.IP \(bu 2 +Gentoo and SELinux at \fI\%https://wiki.gentoo.org/wiki/SELinux\fP +.IP \(bu 2 +Gentoo Hardened SELinux Project at +\fI\%https://wiki.gentoo.org/wiki/Project:Hardened\fP +.UNINDENT +.SH AUTHOR +Sven Vermeulen <swift@gentoo.org> +.\" Generated by docutils manpage writer. +. |