Security-Enhanced Linux secures the ricci processes via flexible mandatory access control.
If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd serve for the ricci_modstorage_t, ricci_modcluster_t, ricci_modclusterd_t, ricci_t, you must turn on the authlogin_nsswitch_use_ldap boolean.
setsebool -P authlogin_nsswitch_use_ldap 1
If you want to allow confined applications to run with kerberos for the ricci_modstorage_t, ricci_modcluster_t, ricci_modclusterd_t, ricci_t, you must turn on the kerberos_enabled boolean.
setsebool -P kerberos_enabled 1
You can see the context of a file using the -Z option to lsP Policy governs the access confined processes have to these files. SELinux ricci policy is very flexible allowing users to setup their ricci processes in as secure a method as possible.
The following file types are defined for ricci:
ricci_exec_t
- Set files with the ricci_exec_t type, if you want to transition an executable to the ricci_t domain.
ricci_initrc_exec_t
- Set files with the ricci_initrc_exec_t type, if you want to transition an executable to the ricci_initrc_t domain.
ricci_modcluster_exec_t
- Set files with the ricci_modcluster_exec_t type, if you want to transition an executable to the ricci_modcluster_t domain.
ricci_modcluster_var_lib_t
- Set files with the ricci_modcluster_var_lib_t type, if you want to store the ricci modcluster files under the /var/lib directory.
ricci_modcluster_var_log_t
- Set files with the ricci_modcluster_var_log_t type, if you want to treat the data as ricci modcluster var log data, usually stored under the /var/log directory.
ricci_modcluster_var_run_t
- Set files with the ricci_modcluster_var_run_t type, if you want to store the ricci modcluster files under the /run directory.
ricci_modclusterd_exec_t
- Set files with the ricci_modclusterd_exec_t type, if you want to transition an executable to the ricci_modclusterd_t domain.
ricci_modclusterd_tmpfs_t
- Set files with the ricci_modclusterd_tmpfs_t type, if you want to store ricci modclusterd files on a tmpfs file system.
ricci_modlog_exec_t
- Set files with the ricci_modlog_exec_t type, if you want to transition an executable to the ricci_modlog_t domain.
ricci_modrpm_exec_t
- Set files with the ricci_modrpm_exec_t type, if you want to transition an executable to the ricci_modrpm_t domain.
ricci_modservice_exec_t
- Set files with the ricci_modservice_exec_t type, if you want to transition an executable to the ricci_modservice_t domain.
ricci_modstorage_exec_t
- Set files with the ricci_modstorage_exec_t type, if you want to transition an executable to the ricci_modstorage_t domain.
ricci_modstorage_lock_t
- Set files with the ricci_modstorage_lock_t type, if you want to treat the files as ricci modstorage lock data, stored under the /var/lock directory
ricci_tmp_t
- Set files with the ricci_tmp_t type, if you want to store ricci temporary files in the /tmp directories.
ricci_var_lib_t
- Set files with the ricci_var_lib_t type, if you want to store the ricci files under the /var/lib directory.
ricci_var_log_t
- Set files with the ricci_var_log_t type, if you want to treat the data as ricci var log data, usually stored under the /var/log directory.
ricci_var_run_t
- Set files with the ricci_var_run_t type, if you want to store the