Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/man/man8/tmpfiles_selinux.8
blob: 8a5b1405b3a5f613fef317cc72eee7b2cdd161ae (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

.\" Man page generated from reStructuredText.
.
.TH TMPFILES_SELINUX 8 "2014-08-15" "" "SELinux"
.SH NAME
tmpfiles_selinux \- SELinux policy module for tmpfiles
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH DESCRIPTION
.sp
The \fBtmpfiles\fP SELinux module supports the use of the tmpfiles interface (for
generating and managing temporary files, directories, sockets and what not) as
documented through the \fItmpfiles.d\fP manual page, available at
\fI\%http://www.freedesktop.org/software/systemd/man/tmpfiles.d.html\fP
.SH BOOLEANS
.sp
The following booleans are defined through the \fBtmpfiles\fP SELinux policy module.
They can be toggled using \fBsetsebool\fP, like so:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
setsebool \-P tmpfiles_manage_all_non_security
.ft P
.fi
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B tmpfiles_manage_all_non_security
Enable to allow tmpfiles to manage non\-default types (beyond variable run\-time
locations) as well
.UNINDENT
.SH DOMAINS
.SS tmpfiles_t
.sp
The \fBtmpfiles_t\fP domain is used by the \fItmpfiles\fP and \fIcheckpath\fP scripts
which are responsible for creating and modifying the boot\-time resources.
.SH LOCATIONS
.INDENT 0.0
.TP
.B tmpfiles_conf_t
is used for the tmpfiles configuration files (\fI/etc/tmpfiles.d\fP)
.TP
.B tmpfiles_exec_t
is used as entrypoint for the tmpfiles application
.TP
.B tmpfiles_var_run_t
is used as the variable run\-time data used by the tmpfiles application
.UNINDENT
.SH POLICY
.sp
The following interfaces can be used to enhance the default policy with
tmpfiles\-related provileges. More details on these interfaces can be found in the
interface HTML documentation, we will not list all available interfaces here.
.INDENT 0.0
.TP
.B tmpfiles_read_conf
to allow read access on the tmpfiles configuration files
.TP
.B tmpfiles_manage_conf
to allow a domain to manage the tmpfiles configuration files
.UNINDENT
.SH SEE ALSO
.INDENT 0.0
.IP \(bu 2
Gentoo and SELinux at \fI\%https://wiki.gentoo.org/wiki/SELinux\fP
.IP \(bu 2
Gentoo Hardened SELinux Project at
\fI\%https://wiki.gentoo.org/wiki/Project:Hardened\fP
.UNINDENT
.SH AUTHOR
Sven Vermeulen <swift@gentoo.org>
.\" Generated by docutils manpage writer.
.