Unconfined user role
false
allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox
true
Allow a user to login as an unconfined domain
false
Allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container.
Allow domain to attach to TUN devices created by unconfined_t users.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create keys for the unconfined domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create communication channel with unconfined domain over dbus.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send and receive messages from unconfined_t over dbus.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Connect to the the unconfined DBUS for service (acquire_svc).
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send messages to the unconfined domain over dbus.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Transition to the unconfined domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow unconfined to execute the specified program in the specified domain.
Allow unconfined to execute the specified program in the specified domain.
This is a interface to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
domain |
Domain to execute in. |
entry_file |
Domain entry point file. |
Do not audit attempts to read unconfined domain unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to read or write unconfined domain packet sockets.
Do not audit attempts to read or write unconfined domain packet sockets.
This interface was added due to a broken symptom.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read and write unconfined domain unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read and write unconfined domain stream.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read or write unconfined domain tcp sockets.
Do not audit attempts to read or write unconfined domain tcp sockets.
This interface was added due to a broken symptom in ldconfig.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Dontaudit write process information for unconfined process.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Get the process group of unconfined.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow ptrace of unconfined domain
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read unconfined domain unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Change to the unconfined role.
Parameter: | Description: |
---|---|
role |
Role allowed access. |
Change from the unconfineduser role.
Change from the unconfineduser role to the specified role.
This is an interface to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
role |
Role allowed access. |
Execute specified programs in the unconfined domain.
Parameter: | Description: |
---|---|
domain |
The type of the process performing this action. |
role |
The role to allow the unconfined domain. |
Allow unconfined to execute the specified program in the specified domain. Allow the specified domain the unconfined role and use of unconfined user terminals.
Allow unconfined to execute the specified program in the specified domain. Allow the specified domain the unconfined role and use of unconfined user terminals.
This is a interface to support third party modules and its use is not allowed in upstream reference policy.
Parameter: | Description: |
---|---|
domain |
Domain to execute in. |
entry_file |
Domain entry point file. |
Read and write unconfined domain unnamed pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write to unconfined shared memory.
Parameter: | Description: |
---|---|
domain |
The type of the process performing this action. |
Allow apps to set rlimits on unconfined user
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow apps to setsched on unconfined user
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Transition to the unconfined domain by executing a shell.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a SIGCHLD signal to the unconfined domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send generic signals to the unconfined domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a SIGNULL signal to the unconfined domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Connect to the unconfined domain using a unix domain stream socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Stub unconfined role.
Parameter: | Description: |
---|---|
domain_prefix |
Domain allowed access. |
Allow domain to transition to unconfined_t user
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
entrypoint |
Domain allowed access. |
unconfined_t domain typebounds calling domain.
Parameter: | Description: |
---|---|
domain |
Domain to be typebound. |
Inherit file descriptors from the unconfined domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write keys for the unconfined domain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |