Current File : //kunden/usr/share/selinux/devel/html/NetworkManager_dispatcher_dnssec.html

<!-- Creator     : groff version 1.22.4 -->
<!-- CreationDate: Thu Apr 10 20:00:00 2025 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta name="generator" content="groff -Thtml, see www.gnu.org">
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
<meta name="Content-Style" content="text/css">
<style type="text/css">
       p       { margin-top: 0; margin-bottom: 0; vertical-align: top }
       pre     { margin-top: 0; margin-bottom: 0; vertical-align: top }
       table   { margin-top: 0; margin-bottom: 0; vertical-align: top }
       h1      { text-align: center }
</style>
<title>NetworkManager_dispatcher_dnssec_selinux</title>

</head>
<body>

<h1 align="center">NetworkManager_dispatcher_dnssec_selinux</h1>

<a href="#NAME">NAME</a><br>
<a href="#DESCRIPTION">DESCRIPTION</a><br>
<a href="#ENTRYPOINTS">ENTRYPOINTS</a><br>
<a href="#PROCESS TYPES">PROCESS TYPES</a><br>
<a href="#BOOLEANS">BOOLEANS</a><br>
<a href="#FILE CONTEXTS">FILE CONTEXTS</a><br>
<a href="#COMMANDS">COMMANDS</a><br>
<a href="#AUTHOR">AUTHOR</a><br>
<a href="#SEE ALSO">SEE ALSO</a><br>

<hr>


<h2>NAME
<a name="NAME"></a>
</h2>



<p style="margin-left:11%; margin-top: 1em">NetworkManager_dispatcher_dnssec_selinux
&minus; Security Enhanced Linux Policy for the
NetworkManager_dispatcher_dnssec processes</p>

<h2>DESCRIPTION
<a name="DESCRIPTION"></a>
</h2>



<p style="margin-left:11%; margin-top: 1em">Security-Enhanced
Linux secures the NetworkManager_dispatcher_dnssec processes
via flexible mandatory access control.</p>

<p style="margin-left:11%; margin-top: 1em">The
NetworkManager_dispatcher_dnssec processes execute with the
NetworkManager_dispatcher_dnssec_t SELinux type. You can
check if you have these processes running by executing the
<b>ps</b> command with the <b>&minus;Z</b> qualifier.</p>

<p style="margin-left:11%; margin-top: 1em">For
example:</p>

<p style="margin-left:11%; margin-top: 1em"><b>ps -eZ |
grep NetworkManager_dispatcher_dnssec_t</b></p>

<h2>ENTRYPOINTS
<a name="ENTRYPOINTS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">The
NetworkManager_dispatcher_dnssec_t SELinux type can be
entered via the
<b>NetworkManager_dispatcher_dnssec_script_t</b> file
type.</p>

<p style="margin-left:11%; margin-top: 1em">The default
entrypoint paths for the NetworkManager_dispatcher_dnssec_t
domain are the following:</p>


<p style="margin-left:11%; margin-top: 1em">/usr/lib/NetworkManager/dispatcher.d/01-dnssec-trigger</p>

<h2>PROCESS TYPES
<a name="PROCESS TYPES"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">SELinux defines
process types (domains) for each process running on the
system</p>

<p style="margin-left:11%; margin-top: 1em">You can see the
context of a process using the <b>&minus;Z</b> option to
<b>ps</b></p>

<p style="margin-left:11%; margin-top: 1em">Policy governs
the access confined processes have to files. SELinux
NetworkManager_dispatcher_dnssec policy is very flexible
allowing users to setup their
NetworkManager_dispatcher_dnssec processes in as secure a
method as possible.</p>

<p style="margin-left:11%; margin-top: 1em">The following
process types are defined for
NetworkManager_dispatcher_dnssec:</p>


<p style="margin-left:11%; margin-top: 1em"><b>NetworkManager_dispatcher_dnssec_t</b></p>

<p style="margin-left:11%; margin-top: 1em">Note:
<b>semanage permissive -a
NetworkManager_dispatcher_dnssec_t</b> can be used to make
the process type NetworkManager_dispatcher_dnssec_t
permissive. SELinux does not deny access to permissive
process types, but the AVC (SELinux denials) messages are
still generated.</p>

<h2>BOOLEANS
<a name="BOOLEANS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">SELinux policy
is customizable based on least access required.
NetworkManager_dispatcher_dnssec policy is extremely
flexible and has several booleans that allow you to
manipulate the policy and run
NetworkManager_dispatcher_dnssec with the tightest access
possible.</p>

<p style="margin-left:11%; margin-top: 1em">If you want to
allow all domains to execute in fips_mode, you must turn on
the fips_mode boolean. Enabled by default.</p>

<p style="margin-left:11%; margin-top: 1em"><b>setsebool -P
fips_mode 1</b></p>

<h2>FILE CONTEXTS
<a name="FILE CONTEXTS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">SELinux
requires files to have an extended attribute to define the
file type.</p>

<p style="margin-left:11%; margin-top: 1em">You can see the
context of a file using the <b>&minus;Z</b> option to
<b>ls</b></p>

<p style="margin-left:11%; margin-top: 1em">Policy governs
the access confined processes have to these files. SELinux
NetworkManager_dispatcher_dnssec policy is very flexible
allowing users to setup their
NetworkManager_dispatcher_dnssec processes in as secure a
method as possible.</p>

<p style="margin-left:11%; margin-top: 1em"><i>The
following file types are defined for
NetworkManager_dispatcher_dnssec:</i></p>


<p style="margin-left:11%; margin-top: 1em"><b>NetworkManager_dispatcher_dnssec_script_t</b></p>

<p style="margin-left:11%; margin-top: 1em">- Set files
with the NetworkManager_dispatcher_dnssec_script_t type, if
you want to treat the files as NetworkManager dispatcher
dnssec script data.</p>

<p style="margin-left:11%; margin-top: 1em">Note: File
context can be temporarily modified with the chcon command.
If you want to permanently change the file context you need
to use the <b>semanage fcontext</b> command. This will
modify the SELinux labeling database. You will need to use
<b>restorecon</b> to apply the labels.</p>

<h2>COMMANDS
<a name="COMMANDS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em"><b>semanage
fcontext</b> can also be used to manipulate default file
context mappings.</p>

<p style="margin-left:11%; margin-top: 1em"><b>semanage
permissive</b> can also be used to manipulate whether or not
a process type is permissive.</p>

<p style="margin-left:11%; margin-top: 1em"><b>semanage
module</b> can also be used to enable/disable/install/remove
policy modules.</p>

<p style="margin-left:11%; margin-top: 1em"><b>semanage
boolean</b> can also be used to manipulate the booleans</p>


<p style="margin-left:11%; margin-top: 1em"><b>system-config-selinux</b>
is a GUI tool available to customize SELinux policy
settings.</p>

<h2>AUTHOR
<a name="AUTHOR"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">This manual
page was auto-generated using <b>sepolicy manpage .</b></p>

<h2>SEE ALSO
<a name="SEE ALSO"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">selinux(8),
NetworkManager_dispatcher_dnssec(8), semanage(8),
restorecon(8), chcon(1), sepolicy(8), setsebool(8)</p>
<hr>
</body>
</html>