Current File : //proc/thread-self/root/kunden/usr/share/selinux/devel/html/openshift_cgroup_read.html

<!-- Creator     : groff version 1.22.4 -->
<!-- CreationDate: Thu Apr 10 20:00:00 2025 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta name="generator" content="groff -Thtml, see www.gnu.org">
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
<meta name="Content-Style" content="text/css">
<style type="text/css">
       p       { margin-top: 0; margin-bottom: 0; vertical-align: top }
       pre     { margin-top: 0; margin-bottom: 0; vertical-align: top }
       table   { margin-top: 0; margin-bottom: 0; vertical-align: top }
       h1      { text-align: center }
</style>
<title>openshift_cgroup_read_selinux</title>

</head>
<body>

<h1 align="center">openshift_cgroup_read_selinux</h1>

<a href="#NAME">NAME</a><br>
<a href="#DESCRIPTION">DESCRIPTION</a><br>
<a href="#ENTRYPOINTS">ENTRYPOINTS</a><br>
<a href="#PROCESS TYPES">PROCESS TYPES</a><br>
<a href="#BOOLEANS">BOOLEANS</a><br>
<a href="#FILE CONTEXTS">FILE CONTEXTS</a><br>
<a href="#COMMANDS">COMMANDS</a><br>
<a href="#AUTHOR">AUTHOR</a><br>
<a href="#SEE ALSO">SEE ALSO</a><br>

<hr>


<h2>NAME
<a name="NAME"></a>
</h2>



<p style="margin-left:11%; margin-top: 1em">openshift_cgroup_read_selinux
&minus; Security Enhanced Linux Policy for the
openshift_cgroup_read processes</p>

<h2>DESCRIPTION
<a name="DESCRIPTION"></a>
</h2>



<p style="margin-left:11%; margin-top: 1em">Security-Enhanced
Linux secures the openshift_cgroup_read processes via
flexible mandatory access control.</p>

<p style="margin-left:11%; margin-top: 1em">The
openshift_cgroup_read processes execute with the
openshift_cgroup_read_t SELinux type. You can check if you
have these processes running by executing the <b>ps</b>
command with the <b>&minus;Z</b> qualifier.</p>

<p style="margin-left:11%; margin-top: 1em">For
example:</p>

<p style="margin-left:11%; margin-top: 1em"><b>ps -eZ |
grep openshift_cgroup_read_t</b></p>

<h2>ENTRYPOINTS
<a name="ENTRYPOINTS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">The
openshift_cgroup_read_t SELinux type can be entered via the
<b>openshift_cgroup_read_exec_t</b> file type.</p>

<p style="margin-left:11%; margin-top: 1em">The default
entrypoint paths for the openshift_cgroup_read_t domain are
the following:</p>


<p style="margin-left:11%; margin-top: 1em">/usr/s?bin/(oo|rhc)-cgroup-read</p>

<h2>PROCESS TYPES
<a name="PROCESS TYPES"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">SELinux defines
process types (domains) for each process running on the
system</p>

<p style="margin-left:11%; margin-top: 1em">You can see the
context of a process using the <b>&minus;Z</b> option to
<b>ps</b></p>

<p style="margin-left:11%; margin-top: 1em">Policy governs
the access confined processes have to files. SELinux
openshift_cgroup_read policy is very flexible allowing users
to setup their openshift_cgroup_read processes in as secure
a method as possible.</p>

<p style="margin-left:11%; margin-top: 1em">The following
process types are defined for openshift_cgroup_read:</p>


<p style="margin-left:11%; margin-top: 1em"><b>openshift_cgroup_read_t</b></p>

<p style="margin-left:11%; margin-top: 1em">Note:
<b>semanage permissive -a openshift_cgroup_read_t</b> can be
used to make the process type openshift_cgroup_read_t
permissive. SELinux does not deny access to permissive
process types, but the AVC (SELinux denials) messages are
still generated.</p>

<h2>BOOLEANS
<a name="BOOLEANS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">SELinux policy
is customizable based on least access required.
openshift_cgroup_read policy is extremely flexible and has
several booleans that allow you to manipulate the policy and
run openshift_cgroup_read with the tightest access
possible.</p>

<p style="margin-left:11%; margin-top: 1em">If you want to
allow all domains to execute in fips_mode, you must turn on
the fips_mode boolean. Enabled by default.</p>

<p style="margin-left:11%; margin-top: 1em"><b>setsebool -P
fips_mode 1</b></p>

<h2>FILE CONTEXTS
<a name="FILE CONTEXTS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">SELinux
requires files to have an extended attribute to define the
file type.</p>

<p style="margin-left:11%; margin-top: 1em">You can see the
context of a file using the <b>&minus;Z</b> option to
<b>ls</b></p>

<p style="margin-left:11%; margin-top: 1em">Policy governs
the access confined processes have to these files. SELinux
openshift_cgroup_read policy is very flexible allowing users
to setup their openshift_cgroup_read processes in as secure
a method as possible.</p>

<p style="margin-left:11%; margin-top: 1em"><b>STANDARD
FILE CONTEXT</b></p>

<p style="margin-left:11%; margin-top: 1em">SELinux defines
the file context types for the openshift_cgroup_read, if you
wanted to store files with these types in a different paths,
you need to execute the semanage command to specify
alternate labeling and then use restorecon to put the labels
on disk.</p>

<p style="margin-left:11%; margin-top: 1em"><b>semanage
fcontext -a -t openshift_cgroup_read_tmp_t
&rsquo;/srv/myopenshift_cgroup_read_content(/.*)?&rsquo;
<br>
restorecon -R -v
/srv/myopenshift_cgroup_read_content</b></p>

<p style="margin-left:11%; margin-top: 1em">Note: SELinux
often uses regular expressions to specify labels that match
multiple files.</p>

<p style="margin-left:11%; margin-top: 1em"><i>The
following file types are defined for
openshift_cgroup_read:</i></p>


<p style="margin-left:11%; margin-top: 1em"><b>openshift_cgroup_read_exec_t</b></p>

<p style="margin-left:11%; margin-top: 1em">- Set files
with the openshift_cgroup_read_exec_t type, if you want to
transition an executable to the openshift_cgroup_read_t
domain.</p>


<p style="margin-left:11%; margin-top: 1em"><b>openshift_cgroup_read_tmp_t</b></p>

<p style="margin-left:11%; margin-top: 1em">- Set files
with the openshift_cgroup_read_tmp_t type, if you want to
store openshift cgroup read temporary files in the /tmp
directories.</p>

<p style="margin-left:11%; margin-top: 1em">Note: File
context can be temporarily modified with the chcon command.
If you want to permanently change the file context you need
to use the <b>semanage fcontext</b> command. This will
modify the SELinux labeling database. You will need to use
<b>restorecon</b> to apply the labels.</p>

<h2>COMMANDS
<a name="COMMANDS"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em"><b>semanage
fcontext</b> can also be used to manipulate default file
context mappings.</p>

<p style="margin-left:11%; margin-top: 1em"><b>semanage
permissive</b> can also be used to manipulate whether or not
a process type is permissive.</p>

<p style="margin-left:11%; margin-top: 1em"><b>semanage
module</b> can also be used to enable/disable/install/remove
policy modules.</p>

<p style="margin-left:11%; margin-top: 1em"><b>semanage
boolean</b> can also be used to manipulate the booleans</p>


<p style="margin-left:11%; margin-top: 1em"><b>system-config-selinux</b>
is a GUI tool available to customize SELinux policy
settings.</p>

<h2>AUTHOR
<a name="AUTHOR"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">This manual
page was auto-generated using <b>sepolicy manpage .</b></p>

<h2>SEE ALSO
<a name="SEE ALSO"></a>
</h2>


<p style="margin-left:11%; margin-top: 1em">selinux(8),
openshift_cgroup_read(8), semanage(8), restorecon(8),
chcon(1), sepolicy(8), setsebool(8)</p>
<hr>
</body>
</html>