Digi Control documentation
Security, integrity and safe repair
SELinux, permissions, checksums, trust, capabilities and drift.
What it covers
- The security view combines SELinux mode/contexts, permission baseline, module integrity, runtime-state checksums, trust, capabilities and access policy.
- The permission baseline shows expected owner/group/mode and drift; safe repair is allow-listed and supports dry-run.
- Important state is written atomically and has checksums; damaged state is preserved for recovery, not empty overwrite.
- Module integrity checks manifests, files, services/binaries and trust.
How to use it
- Run audit/dry-run.
- Review the exact drift.
- Apply safe repair.
- Re-evaluate integrity.
- Review audit.
Important rules
- Do not disable SELinux as a universal fix.
- Admin does not bypass confirmations/locks/source policy.
- Integrity failure can hide/block a module.