Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

run_init(8) [debian man page]

RUN_INIT(8)								NSA							       RUN_INIT(8)

NAME

       run_init - run an init script in the proper SELinux context

SYNOPSIS

       run_init SCRIPT [[ARGS]...]

DESCRIPTION

       Run  a  init  script under the proper context, which is specified in /etc/selinux/POLICYTYPE/contexts/initrc_context.  It is generally used
       interactively as it requires either shadow or PAM user authentication (depending on compile-time options).  It should be possible  to  con-
       figure PAM such that interactive input is not required.	Check your PAM documentation.

FILES

       /etc/passwd - user account information
       /etc/shadow - encrypted passwords and age information
       /etc/selinux/POLICYTYPE/contexts/initrc_context - contains the context to run init scripts under

SEE ALSO

       newrole (1), runcon (1)

AUTHORS

       Wayne Salamon (wsalamon@tislabs.com)
       Dan Walsh (dwalsh@redhat.com)

Security Enhanced Linux 					     May 2003							       RUN_INIT(8)

Check Out this Related Man Page

rsync_selinux(8)					rsync Selinux Policy documentation					  rsync_selinux(8)

NAME

       rsync_selinux - Security Enhanced Linux Policy for the rsync daemon

DESCRIPTION

       Security-Enhanced Linux secures the rsync server via flexible mandatory access control.

FILE_CONTEXTS
       SELinux	requires  files to have an extended attribute to define the file type.	Policy governs the access daemons have to these files.	If
       you want to share files using the rsync daemon, you must label the files and directories public_content_t.  So if  you  created	a  special
       directory /var/rsync, you would need to label the directory with the chcon tool.

       chcon -t public_content_t /var/rsync

       To make this change permanent (survive a relabel), use the semanage command to add the change to file context configuration:

       semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"

       This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:

       /var/rsync(/.*)? system_u:object_r:publix_content_t:s0

       Run the restorecon command to apply the changes:

       restorecon -R -v /var/rsync/

SHARING FILES

       If  you	want  to  share  files	with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and pub-
       lic_content_rw_t.  These context allow any of the above domains to read the content.  If you want a particular domain to write to the  pub-
       lic_content_rw_t domain, you must set the appropriate boolean.  allow_DOMAIN_anon_write.  So for rsync you would execute:

       setsebool -P allow_rsync_anon_write=1

BOOLEANS

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

       selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)

dwalsh@redhat.com						    17 Jan 2005 						  rsync_selinux(8)
Man Page