Layer: roles

Module: unconfineduser

Tunables Interfaces

Description:

Unconfined user role

Tunables:

unconfined_chrome_sandbox_transition

Default value

false

Description

allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox

unconfined_login

Default value

true

Description

Allow a user to login as an unconfined domain

unconfined_mozilla_plugin_transition

Default value

false

Description

Allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container.

Return

Interfaces:

unconfined_attach_tun_iface(
	
		domain
		
	)

Summary

Allow domain to attach to TUN devices created by unconfined_t users.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_create_keys(
	
		domain
		
	)

Summary

Create keys for the unconfined domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_dbus_acquire_svc(
	
		domain
		
	)

Summary

Create communication channel with unconfined domain over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_dbus_chat(
	
		domain
		
	)

Summary

Send and receive messages from unconfined_t over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_dbus_connect(
	
		domain
		
	)

Summary

Connect to the the unconfined DBUS for service (acquire_svc).

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_dbus_send(
	
		domain
		
	)

Summary

Send messages to the unconfined domain over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_domtrans(
	
		domain
		
	)

Summary

Transition to the unconfined domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_domtrans_to(
	
		domain
		
			,
		
		entry_file
		
	)

Summary

Allow unconfined to execute the specified program in the specified domain.

Description

Allow unconfined to execute the specified program in the specified domain.

This is a interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters

Parameter:	Description:
domain	Domain to execute in.
entry_file	Domain entry point file.

unconfined_dontaudit_read_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to read unconfined domain unnamed pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_dontaudit_rw_packet_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to read or write unconfined domain packet sockets.

Description

Do not audit attempts to read or write unconfined domain packet sockets.

This interface was added due to a broken symptom.

Parameters

Parameter:	Description:
domain	Domain to not audit.

unconfined_dontaudit_rw_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to read and write unconfined domain unnamed pipes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

unconfined_dontaudit_rw_stream(
	
		domain
		
	)

Summary

Do not audit attempts to read and write unconfined domain stream.

Parameters

Parameter:	Description:
domain	Domain to not audit.

unconfined_dontaudit_rw_tcp_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to read or write unconfined domain tcp sockets.

Description

Do not audit attempts to read or write unconfined domain tcp sockets.

This interface was added due to a broken symptom in ldconfig.

Parameters

Parameter:	Description:
domain	Domain to not audit.

unconfined_dontaudit_write_state(
	
		domain
		
	)

Summary

Dontaudit write process information for unconfined process.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_getpgid(
	
		domain
		
	)

Summary

Get the process group of unconfined.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_ptrace(
	
		domain
		
	)

Summary

Allow ptrace of unconfined domain

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_read_pipes(
	
		domain
		
	)

Summary

Read unconfined domain unnamed pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_role_change(
	
		role
		
	)

Summary

Change to the unconfined role.

Parameters

Parameter:	Description:
role	Role allowed access.

unconfined_role_change_to(
	
		role
		
	)

Summary

Change from the unconfineduser role.

Description

Change from the unconfineduser role to the specified role.

This is an interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters

Parameter:	Description:
role	Role allowed access.

unconfined_run(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute specified programs in the unconfined domain.

Parameters

Parameter:	Description:
domain	The type of the process performing this action.
role	The role to allow the unconfined domain.

unconfined_run_to(
	
		domain
		
			,
		
		entry_file
		
	)

Summary

Allow unconfined to execute the specified program in the specified domain. Allow the specified domain the unconfined role and use of unconfined user terminals.

Description

Allow unconfined to execute the specified program in the specified domain. Allow the specified domain the unconfined role and use of unconfined user terminals.

This is a interface to support third party modules and its use is not allowed in upstream reference policy.

Parameters

Parameter:	Description:
domain	Domain to execute in.
entry_file	Domain entry point file.

unconfined_rw_pipes(
	
		domain
		
	)

Summary

Read and write unconfined domain unnamed pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_rw_shm(
	
		domain
		
	)

Summary

Read and write to unconfined shared memory.

Parameters

Parameter:	Description:
domain	The type of the process performing this action.

unconfined_set_rlimitnh(
	
		domain
		
	)

Summary

Allow apps to set rlimits on unconfined user

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_setsched(
	
		domain
		
	)

Summary

Allow apps to setsched on unconfined user

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_shell_domtrans(
	
		domain
		
	)

Summary

Transition to the unconfined domain by executing a shell.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_sigchld(
	
		domain
		
	)

Summary

Send a SIGCHLD signal to the unconfined domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_signal(
	
		domain
		
	)

Summary

Send generic signals to the unconfined domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_signull(
	
		domain
		
	)

Summary

Send a SIGNULL signal to the unconfined domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_stream_connect(
	
		domain
		
	)

Summary

Connect to the unconfined domain using a unix domain stream socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_stub_role(
	
		domain_prefix
		
	)

Summary

Stub unconfined role.

Parameters

Parameter:	Description:
domain_prefix	Domain allowed access.

unconfined_transition(
	
		domain
		
			,
		
		entrypoint
		
	)

Summary

Allow domain to transition to unconfined_t user

Parameters

Parameter:	Description:
domain	Domain allowed access.
entrypoint	Domain allowed access.

unconfined_typebounds(
	
		domain
		
	)

Summary

unconfined_t domain typebounds calling domain.

Parameters

Parameter:	Description:
domain	Domain to be typebound.

unconfined_use_fds(
	
		domain
		
	)

Summary

Inherit file descriptors from the unconfined domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

unconfined_write_keys(
	
		domain
		
	)

Summary

Write keys for the unconfined domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return