LMI_SELinuxService¶
Class reference¶
Subclass of CIM_Service
SELinux on the managed system.
SELinux can be in the following states:
Enforcing - SELinux security policy is enforced.
Permissive - SELinux prints warnings instead of enforcing.
Disabled - No SELinux policy is loaded.
Key properties¶
Local properties¶
uint16 SELinuxState
Current system-wide state of SELinux.
ValueMap Values 0 Disabled 1 Permissive 2 Enforcing
uint16 SELinuxDefaultState
SELinux system-wide state on next system boot.
ValueMap Values 0 Disabled 1 Permissive 2 Enforcing
uint32 PolicyVersion
Current version of the SELinux system policy.
string PolicyType
SELinux policy type.
Local methods¶
uint32 SetSELinuxState (uint16 NewState, boolean MakeDefault, LMI_SELinuxJob Job)
Set SELinux state.
ValueMap Values 0 Job Completed with No Error 1 Not Supported 2 Unknown 3 Timeout 4 Failed 5 Invalid Parameter 6 In Use 4096 Method Parameters Checked - Job Started Parameters
- IN uint16 NewState
New state value.
ValueMap Values 0 Disabled 1 Permissive 2 Enforcing - IN boolean MakeDefault
- If set to True, makes the new state persistent.
OUT LMI_SELinuxJob Job
uint32 RestoreLabels (LMI_UnixFile Target, uint16 Action, boolean Recursively, LMI_SELinuxJob Job)
Restore default SELinux security contexts on files.
There are two actions that can be taken on the specified files:
Report: List files whose SELinux label is different than the one specified by the policy.
Restore: Restore SELinux label on files to the respective values specified by the policy.
ValueMap Values 0 Job Completed with No Error 1 Not Supported 2 Unknown 3 Timeout 4 Failed 5 Invalid Parameter 6 In Use 4096 Method Parameters Checked - Job Started Parameters
- IN, OUT LMI_UnixFile Target
- SELinux file to change. If it’s not a directory, the Recursively parameter has no effect.
- IN uint16 Action
Action to take on mislabeled files.
ValueMap Values 0 Report 1 Restore OpenLMI Reserved - IN boolean Recursively
- If True, restore labels recursively in case Target is a directory. If Target is not a directory, this value is ignored.
OUT LMI_SELinuxJob Job
uint32 SetFileLabel (LMI_UnixFile Target, string Label, LMI_SELinuxJob Job)
Set label on an SELinux file.
ValueMap Values 0 Job Completed with No Error 1 Not Supported 2 Unknown 3 Timeout 4 Failed 5 Invalid Parameter 6 In Use 4096 Method Parameters Checked - Job Started Parameters
- IN LMI_UnixFile Target
- An SELinux file to change.
- IN string Label
- New label.
OUT LMI_SELinuxJob Job
uint32 SetPortLabel (LMI_SELinuxPort Target, string PortRange, LMI_SELinuxJob Job)
Set label on an SELinux port.
ValueMap Values 0 Job Completed with No Error 1 Not Supported 2 Unknown 3 Timeout 4 Failed 5 Invalid Parameter 6 In Use 4096 Method Parameters Checked - Job Started Parameters
- IN LMI_SELinuxPort Target
- An SELinux port to change.
- IN string PortRange
- Network ports to change. Can be specified as a single port or as range, for example 1024-2048’.
OUT LMI_SELinuxJob Job
uint32 SetBoolean (LMI_SELinuxBoolean Target, boolean Value, boolean MakeDefault, LMI_SELinuxJob Job)
Set a new value of an SELinux boolean.
ValueMap Values 0 Job Completed with No Error 1 Not Supported 2 Unknown 3 Timeout 4 Failed 5 Invalid Parameter 6 In Use 4096 Method Parameters Checked - Job Started Parameters
- IN LMI_SELinuxBoolean Target
- An SELinux boolean to change.
- IN boolean Value
- New value.
- IN boolean MakeDefault
- If True, makes the new state persistent.
OUT LMI_SELinuxJob Job