[gentoo-commits] proj/hardened-refpolicy:master commit in: man/man8/

[gentoo-commits] proj/hardened-refpolicy:master commit in: man/man8/

[Sven Vermeulen]

commit:     48404931bf20ba7c2efb775ce22a86d63a30a930
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri Aug 15 16:11:26 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Aug 15 16:11:26 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=48404931

Add salt_selinux manual page

---
 man/man8/salt_selinux.8 | 195 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 195 insertions(+)

diff --git a/man/man8/salt_selinux.8 b/man/man8/salt_selinux.8
new file mode 100644
index 0000000..eada9f2
--- /dev/null
+++ b/man/man8/salt_selinux.8
@@ -0,0 +1,195 @@
+.\" Man page generated from reStructuredText.
+.
+.TH SALT_SELINUX 8 "2013-04-11" "" "SELinux"
+.SH NAME
+salt_selinux \- SELinux policy module for Salt
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.SH DESCRIPTION
+.sp
+The \fBsalt\fP SELinux module supports the Salt configuration management (as
+offered by Saltstack) tools and resources.
+.SH BOOLEANS
+.sp
+The following booleans are defined through the \fBsalt\fP SELinux policy module.
+They can be toggled using \fBsetsebool\fP, like so:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+setsebool \-P salt_master_read_nfs on
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B salt_master_read_nfs
+Should be enabled if the Salt state files (SLS) are stored on an NFS mount
+.TP
+.B salt_minion_manage_nfs
+Should be enabled if the Salt minion needs manage privileges on NFS mounts
+.UNINDENT
+.SH DOMAINS
+.SS salt_master_t
+.sp
+The \fBsalt_master_t\fP domain is used by the Salt master. It is usually launched
+by the init script \fBsalt\-master\fP although it can also be launched through the
+command line command \fBsalt\-master \-d\fP.
+.sp
+This domain is responsible for servicing the Salt minions. Unlike the Salt
+minion domain (\fBsalt_minion_t\fP) the master domain is not very privileged as it
+only provides access to the Salt state files.
+.SS salt_minion_t
+.sp
+The \fBsalt_minion_t\fP domain is used by the Salt minion. It is usually launched
+by the init script \fBsalt\-minion\fP although it can also be launched through the
+command line command \fBsalt\-minion \-d\fP.
+.sp
+This domain is responsible for enforcing the state as provided by the Salt
+master on the system. This makes the \fBsalt_minion_t\fP domain a \fIvery
+privileged\fP domain.
+.SH LOCATIONS
+.SS FUNCTIONAL
+.sp
+The following list of locations identify file resources that are used by the
+Salt domains. They are by default allocated towards the default locations for
+Salt, so if you use a different location, you will need to properly address
+this. You can do so through \fBsemanage\fP, like so:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+semanage fcontext \-a \-t salt_sls_t "/var/lib/salt/state(/.*)?"
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The above example marks the \fI/var/lib/salt/state\fP location as the location where
+the Salt state files (\fB*.sls\fP) are stored (identified through the
+\fBsalt_sls_t\fP type).
+.INDENT 0.0
+.TP
+.B salt_sls_t
+is used for the Salt state files (\fI/srv/salt\fP)
+.TP
+.B salt_pki_t
+is used as the parent directory in which the master and minion keys are stored
+(\fI/etc/salt/pki\fP)
+.TP
+.B salt_master_pki_t
+is used for the private and public keys managed by the Salt master
+(\fI/etc/salt/pki/master\fP)
+.TP
+.B salt_minion_pki_t
+is used for the private and public keys managed by the Salt minion
+(\fI/etc/salt/pki/minion\fP)
+.UNINDENT
+.SS EXEUTABLES
+.INDENT 0.0
+.TP
+.B salt_master_exec_t
+is used as entry point for the Salt master (\fBsalt_master_t\fP)
+.TP
+.B salt_minion_exec_t
+is used as entry point for the Salt minion (\fBsalt_minion_t\fP)
+.TP
+.B salt_master_initrc_exec_t
+is used for the init script to launch the salt master
+.TP
+.B salt_minion_initrc_exec_t
+is used for the init script to launch the salt minion
+.UNINDENT
+.SS DAEMON FILES
+.INDENT 0.0
+.TP
+.B salt_cache_t
+is used for the parent directory for Salt caches (\fI/var/cache/salt\fP)
+.TP
+.B salt_master_cache_t
+is used to store the Salt master cache (\fI/var/cache/salt/master\fP)
+.TP
+.B salt_minion_cache_t
+is used to store the Salt minion cache (\fI/var/cache/salt/minion\fP)
+.TP
+.B salt_log_t
+is used for the parent directory for Salt log files (\fI/var/log/salt\fP)
+.TP
+.B salt_master_log_t
+is used for the Salt master log file (\fI/var/log/salt/master\fP)
+.TP
+.B salt_minion_log_t
+is used for the Salt minion log file (\fI/var/log/salt/minion\fP)
+.TP
+.B salt_var_run_t
+is used for the parent directory for Salt run\-time files (\fI/var/run/salt\fP)
+.TP
+.B salt_master_var_run_t
+is used for the Salt master variable run\-time files (\fI/var/run/salt/master\fP)
+.TP
+.B salt_minion_var_run_t
+is used for the Salt minion variable run\-time files (\fI/var/run/salt/minion\fP)
+.UNINDENT
+.SS CONFIGURATION FILES
+.INDENT 0.0
+.TP
+.B salt_etc_t
+is used for the Salt configuration (\fI/etc/salt\fP)
+.UNINDENT
+.SH POLICY
+.sp
+The following interfaces can be used to enhance the default policy with
+Salt\-related provileges. More details on these interfaces can be found in the
+interface HTML documentation, we will not list all available interfaces here.
+.SS Role interfaces
+.sp
+The following role interfaces allow users and roles access to the specified
+domains. Only to be used for user domains and roles.
+.INDENT 0.0
+.TP
+.B salt_admin_master
+is used for user domains to allow administration of a Salt master environment
+.TP
+.B salt_minion_master
+is used for user domains to allow administration of a Salt minion environment
+.UNINDENT
+.SH SEE ALSO
+.INDENT 0.0
+.IP \(bu 2
+Gentoo and SELinux at \fI\%https://wiki.gentoo.org/wiki/SELinux\fP
+.IP \(bu 2
+Gentoo Hardened SELinux Project at
+\fI\%https://wiki.gentoo.org/wiki/Project:Hardened\fP
+.UNINDENT
+.SH AUTHOR
+Sven Vermeulen <swift@gentoo.org>
+.\" Generated by docutils manpage writer.
+.

[gentoo-commits] proj/hardened-refpolicy:master commit in: man/man8/

[Jason Zaman]

commit:     48404931bf20ba7c2efb775ce22a86d63a30a930
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri Aug 15 16:11:26 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Fri Aug 15 16:11:26 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=48404931

Add salt_selinux manual page

---
 man/man8/salt_selinux.8 | 195 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 195 insertions(+)

diff --git a/man/man8/salt_selinux.8 b/man/man8/salt_selinux.8
new file mode 100644
index 0000000..eada9f2
--- /dev/null
+++ b/man/man8/salt_selinux.8
@@ -0,0 +1,195 @@
+.\" Man page generated from reStructuredText.
+.
+.TH SALT_SELINUX 8 "2013-04-11" "" "SELinux"
+.SH NAME
+salt_selinux \- SELinux policy module for Salt
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.SH DESCRIPTION
+.sp
+The \fBsalt\fP SELinux module supports the Salt configuration management (as
+offered by Saltstack) tools and resources.
+.SH BOOLEANS
+.sp
+The following booleans are defined through the \fBsalt\fP SELinux policy module.
+They can be toggled using \fBsetsebool\fP, like so:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+setsebool \-P salt_master_read_nfs on
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B salt_master_read_nfs
+Should be enabled if the Salt state files (SLS) are stored on an NFS mount
+.TP
+.B salt_minion_manage_nfs
+Should be enabled if the Salt minion needs manage privileges on NFS mounts
+.UNINDENT
+.SH DOMAINS
+.SS salt_master_t
+.sp
+The \fBsalt_master_t\fP domain is used by the Salt master. It is usually launched
+by the init script \fBsalt\-master\fP although it can also be launched through the
+command line command \fBsalt\-master \-d\fP.
+.sp
+This domain is responsible for servicing the Salt minions. Unlike the Salt
+minion domain (\fBsalt_minion_t\fP) the master domain is not very privileged as it
+only provides access to the Salt state files.
+.SS salt_minion_t
+.sp
+The \fBsalt_minion_t\fP domain is used by the Salt minion. It is usually launched
+by the init script \fBsalt\-minion\fP although it can also be launched through the
+command line command \fBsalt\-minion \-d\fP.
+.sp
+This domain is responsible for enforcing the state as provided by the Salt
+master on the system. This makes the \fBsalt_minion_t\fP domain a \fIvery
+privileged\fP domain.
+.SH LOCATIONS
+.SS FUNCTIONAL
+.sp
+The following list of locations identify file resources that are used by the
+Salt domains. They are by default allocated towards the default locations for
+Salt, so if you use a different location, you will need to properly address
+this. You can do so through \fBsemanage\fP, like so:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+semanage fcontext \-a \-t salt_sls_t "/var/lib/salt/state(/.*)?"
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The above example marks the \fI/var/lib/salt/state\fP location as the location where
+the Salt state files (\fB*.sls\fP) are stored (identified through the
+\fBsalt_sls_t\fP type).
+.INDENT 0.0
+.TP
+.B salt_sls_t
+is used for the Salt state files (\fI/srv/salt\fP)
+.TP
+.B salt_pki_t
+is used as the parent directory in which the master and minion keys are stored
+(\fI/etc/salt/pki\fP)
+.TP
+.B salt_master_pki_t
+is used for the private and public keys managed by the Salt master
+(\fI/etc/salt/pki/master\fP)
+.TP
+.B salt_minion_pki_t
+is used for the private and public keys managed by the Salt minion
+(\fI/etc/salt/pki/minion\fP)
+.UNINDENT
+.SS EXEUTABLES
+.INDENT 0.0
+.TP
+.B salt_master_exec_t
+is used as entry point for the Salt master (\fBsalt_master_t\fP)
+.TP
+.B salt_minion_exec_t
+is used as entry point for the Salt minion (\fBsalt_minion_t\fP)
+.TP
+.B salt_master_initrc_exec_t
+is used for the init script to launch the salt master
+.TP
+.B salt_minion_initrc_exec_t
+is used for the init script to launch the salt minion
+.UNINDENT
+.SS DAEMON FILES
+.INDENT 0.0
+.TP
+.B salt_cache_t
+is used for the parent directory for Salt caches (\fI/var/cache/salt\fP)
+.TP
+.B salt_master_cache_t
+is used to store the Salt master cache (\fI/var/cache/salt/master\fP)
+.TP
+.B salt_minion_cache_t
+is used to store the Salt minion cache (\fI/var/cache/salt/minion\fP)
+.TP
+.B salt_log_t
+is used for the parent directory for Salt log files (\fI/var/log/salt\fP)
+.TP
+.B salt_master_log_t
+is used for the Salt master log file (\fI/var/log/salt/master\fP)
+.TP
+.B salt_minion_log_t
+is used for the Salt minion log file (\fI/var/log/salt/minion\fP)
+.TP
+.B salt_var_run_t
+is used for the parent directory for Salt run\-time files (\fI/var/run/salt\fP)
+.TP
+.B salt_master_var_run_t
+is used for the Salt master variable run\-time files (\fI/var/run/salt/master\fP)
+.TP
+.B salt_minion_var_run_t
+is used for the Salt minion variable run\-time files (\fI/var/run/salt/minion\fP)
+.UNINDENT
+.SS CONFIGURATION FILES
+.INDENT 0.0
+.TP
+.B salt_etc_t
+is used for the Salt configuration (\fI/etc/salt\fP)
+.UNINDENT
+.SH POLICY
+.sp
+The following interfaces can be used to enhance the default policy with
+Salt\-related provileges. More details on these interfaces can be found in the
+interface HTML documentation, we will not list all available interfaces here.
+.SS Role interfaces
+.sp
+The following role interfaces allow users and roles access to the specified
+domains. Only to be used for user domains and roles.
+.INDENT 0.0
+.TP
+.B salt_admin_master
+is used for user domains to allow administration of a Salt master environment
+.TP
+.B salt_minion_master
+is used for user domains to allow administration of a Salt minion environment
+.UNINDENT
+.SH SEE ALSO
+.INDENT 0.0
+.IP \(bu 2
+Gentoo and SELinux at \fI\%https://wiki.gentoo.org/wiki/SELinux\fP
+.IP \(bu 2
+Gentoo Hardened SELinux Project at
+\fI\%https://wiki.gentoo.org/wiki/Project:Hardened\fP
+.UNINDENT
+.SH AUTHOR
+Sven Vermeulen <swift@gentoo.org>
+.\" Generated by docutils manpage writer.
+.

[gentoo-commits] proj/hardened-refpolicy:master commit in: man/man8/

[Jason Zaman]

commit:     9127acb6b3ccf559c18c3cf06f64649553ab3c3b
Author:     Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Mon Jan 18 22:47:56 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Jan 30 17:16:57 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9127acb6

man: Spelling fixes

These typos have been initially reported as a GitHub Pull Request
(https://github.com/TresysTechnology/refpolicy/pull/7) but the original
author closed the PR without waiting for it to be merged.

 man/man8/git_selinux.8   | 2 +-
 man/man8/httpd_selinux.8 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/man/man8/git_selinux.8 b/man/man8/git_selinux.8
index e9c43b1..c2142e0 100644
--- a/man/man8/git_selinux.8
+++ b/man/man8/git_selinux.8
@@ -64,7 +64,7 @@ To allow the Git System daemon mass hosting of users personal repositories you c
 sudo setsebool -P git_session_bind_all_unreserved_ports 1
 .EE
 .SH GIT_SHELL
-The Git policy by default provides a restricted user environment to be used with "Git shell". This default git_shell_u SELinux user can modify and execute generic Git system content (generic system shared respositories with type git_system_content_t).
+The Git policy by default provides a restricted user environment to be used with "Git shell". This default git_shell_u SELinux user can modify and execute generic Git system content (generic system shared repositories with type git_system_content_t).
 .PP
 To add a new Linux user and map him to this Git shell user domain automatically:
 .EX

diff --git a/man/man8/httpd_selinux.8 b/man/man8/httpd_selinux.8
index 16e8b13..93c4a0a 100644
--- a/man/man8/httpd_selinux.8
+++ b/man/man8/httpd_selinux.8
@@ -88,7 +88,7 @@ setsebool -P httpd_unified 0
 .EE
 
 .PP
-SELinu policy for httpd can be configured to turn on sending email. This is a security feature, since it would prevent a vulnerabiltiy in http from causing a spam attack.  I certain situations, you may want http modules to send mail.  You can turn on the httpd_send_mail boolean.
+SELinux policy for httpd can be configured to turn on sending email. This is a security feature, since it would prevent a vulnerability in http from causing a spam attack.  I certain situations, you may want http modules to send mail.  You can turn on the httpd_send_mail boolean.
 
 .EX
 setsebool -P httpd_can_sendmail 1