aboutsummaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
authorSven Vermeulen <sven.vermeulen@siphos.be>2014-08-15 18:23:37 +0200
committerSven Vermeulen <sven.vermeulen@siphos.be>2014-08-15 18:23:37 +0200
commit16613e5f359379db293c17d511edde5a680fedbe (patch)
treea2f609764c094c0e4e00954b1bac577efcc07b64 /man
parentCorrect date (diff)
downloadhardened-refpolicy-16613e5f359379db293c17d511edde5a680fedbe.tar.gz
hardened-refpolicy-16613e5f359379db293c17d511edde5a680fedbe.tar.bz2
hardened-refpolicy-16613e5f359379db293c17d511edde5a680fedbe.zip
Add tmpfiles_selinux manual page
Diffstat (limited to 'man')
-rw-r--r--man/man8/tmpfiles_selinux.8100
1 files changed, 100 insertions, 0 deletions
diff --git a/man/man8/tmpfiles_selinux.8 b/man/man8/tmpfiles_selinux.8
new file mode 100644
index 00000000..8a5b1405
--- /dev/null
+++ b/man/man8/tmpfiles_selinux.8
@@ -0,0 +1,100 @@
+.\" Man page generated from reStructuredText.
+.
+.TH TMPFILES_SELINUX 8 "2014-08-15" "" "SELinux"
+.SH NAME
+tmpfiles_selinux \- SELinux policy module for tmpfiles
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.SH DESCRIPTION
+.sp
+The \fBtmpfiles\fP SELinux module supports the use of the tmpfiles interface (for
+generating and managing temporary files, directories, sockets and what not) as
+documented through the \fItmpfiles.d\fP manual page, available at
+\fI\%http://www.freedesktop.org/software/systemd/man/tmpfiles.d.html\fP
+.SH BOOLEANS
+.sp
+The following booleans are defined through the \fBtmpfiles\fP SELinux policy module.
+They can be toggled using \fBsetsebool\fP, like so:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+setsebool \-P tmpfiles_manage_all_non_security
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B tmpfiles_manage_all_non_security
+Enable to allow tmpfiles to manage non\-default types (beyond variable run\-time
+locations) as well
+.UNINDENT
+.SH DOMAINS
+.SS tmpfiles_t
+.sp
+The \fBtmpfiles_t\fP domain is used by the \fItmpfiles\fP and \fIcheckpath\fP scripts
+which are responsible for creating and modifying the boot\-time resources.
+.SH LOCATIONS
+.INDENT 0.0
+.TP
+.B tmpfiles_conf_t
+is used for the tmpfiles configuration files (\fI/etc/tmpfiles.d\fP)
+.TP
+.B tmpfiles_exec_t
+is used as entrypoint for the tmpfiles application
+.TP
+.B tmpfiles_var_run_t
+is used as the variable run\-time data used by the tmpfiles application
+.UNINDENT
+.SH POLICY
+.sp
+The following interfaces can be used to enhance the default policy with
+tmpfiles\-related provileges. More details on these interfaces can be found in the
+interface HTML documentation, we will not list all available interfaces here.
+.INDENT 0.0
+.TP
+.B tmpfiles_read_conf
+to allow read access on the tmpfiles configuration files
+.TP
+.B tmpfiles_manage_conf
+to allow a domain to manage the tmpfiles configuration files
+.UNINDENT
+.SH SEE ALSO
+.INDENT 0.0
+.IP \(bu 2
+Gentoo and SELinux at \fI\%https://wiki.gentoo.org/wiki/SELinux\fP
+.IP \(bu 2
+Gentoo Hardened SELinux Project at
+\fI\%https://wiki.gentoo.org/wiki/Project:Hardened\fP
+.UNINDENT
+.SH AUTHOR
+Sven Vermeulen <swift@gentoo.org>
+.\" Generated by docutils manpage writer.
+.