Policy for user domains
false
Allow users to connect to the local mysql server
false
Allow users to connect to PostgreSQL
false
Allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)
false
Allow user music sharing
false
Allow user to use ssh chroot environment.
Dontaudit getattr on user tmp sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create objects in the /root directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Append files in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to attach to TUN devices created by administrative users.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
The interface allowing the user basic network permissions
Parameter: | Description: |
---|---|
userdomain |
The user domain |
Execute bin_t in the unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Read and write userdomain stream.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create keys for all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create a user pty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create a user tmp sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a dbus message to all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete admin home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all files in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all directories in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all files in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all sock files in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all symbolic links in a user home directory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all user temporary content.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete directories in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete files in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete sock files in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete symbolic links in a user home directory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete all users files in /tmp
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Delete user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Destroy unpriviledged user SysV shared memory segments.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a message to unpriv users over a unix domain datagram socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute a file in a user home directory in the specified domain.
Execute a file in a user home directory in the specified domain.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
target_domain |
The type of the new process. |
Execute a file in a user tmp directory in the specified domain.
Execute a file in a user tmp directory in the specified domain.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
target_domain |
The type of the new process. |
Do not audit attempts to check the access on user content files
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Dontaudit append files inherited from the admin home dir.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to append user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to append users temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
dontaudit create dirs /root
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to delete users temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to execute user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
dontaudit Search getatrr /root files
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to getattr user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to get the attributes of user home directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to get the attributes of a user domain tty.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
dontaudit list /root
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to list user home subdirectories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to list user temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
dontaudit manage dirs /root
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to create, read, write, and delete directories in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Create user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to manage users temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to manage users temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to open user ptys.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
dontaudit read /root files
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
dontaudit read /root lnk files
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read all user home content files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read all user tmp content files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Dontaudit Read files inherited from the admin home dir.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read users temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to write user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to relabel files from user pty types.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read and write unserdomain datagram socket.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read and write userdomain stream.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read/write users temporary fifo files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
dontaudit Search /root
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Dontaudit search of user bin dirs.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to search user home content directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to search user home directories.
Do not audit attempts to search user home directories. This will supress SELinux denial messages when the specified domain is denied the permission to search these directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to search user temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to set the attributes of user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Dontaudit attempt to set attributes on user temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Dontaudit attempt to set attributes on user temporary file system files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to set the attributes of a user domain tty.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to inherit the file descriptors from any user domains.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to inherit the file descriptors from unprivileged user domains.
Do not audit attempts to inherit the file descriptors from unprivileged user domains. This will supress SELinux denial messages when the specified domain is denied the permission to inherit these file descriptors.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to use user ptys.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to read and write a user domain tty and pty.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to use user ttys.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Dontaudit getattr on user tmp sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Do not audit attempts to write all user home content files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to write all user tmp content files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Dontaudit Write system SSL certificates in the users homedir.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to write user home files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Do not audit attempts to write users temporary files.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Allow domain dyntrans to admin userdomain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain dyntrans to unpriv userdomain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute all entrypoint files in unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute admin home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute user bin files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute user home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
The execute access user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow execmod on files in homedirectory
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
File name transition for generic home content files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Transition to userdom named content
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Get the attributes of all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Get the attributes of user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Get attributes of user domain tty and pty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Getattr user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Get the attributes of a user domain tty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create directories in the home dir root with the user home directory type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
name |
The name of the object being created. |
Make the specified type able to manage content in user home dirs
Parameter: | Description: |
---|---|
type |
Domain allowed access. |
Make the specified type able to read content in user home dirs
Parameter: | Description: |
---|---|
type |
Domain allowed access. |
Append files inherited in the /root directory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Append files inherited in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Append files inherited in a user tmp files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send kill signals to all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to list /root
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List all users home content directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List all user temporary content.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List contents of users home directory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
List user temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Add caller login userdomain attribute.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage all dirs in the homedir
Parameter: | Description: |
---|---|
userdomain |
The user domain |
Manage all files in the homedir
Parameter: | Description: |
---|---|
userdomain |
The user domain |
Manage all user temporary content.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage all user tmpfs content.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage keys for all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage system SSL certificates in the users homedir.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow a home directory for which the role has full access.
Allow a home directory for which the role has full access.
This does not allow execute access.
Parameter: | Description: |
---|---|
role |
The user role |
userdomain |
The user domain |
Manage texlive content in the users homedir.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage user temporary directories
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage user temporary files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage user temporary files
Parameter: | Description: |
---|---|
role |
Role allowed access. |
domain |
Domain allowed access. |
Manage user temporary sockets
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage user temporary file system files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Role access for the user tmpfs type that the user has full access.
Role access for the user tmpfs type that the user has full access.
This does not allow execute access.
Parameter: | Description: |
---|---|
role |
Role allowed access. |
domain |
Domain allowed access. |
Manage unpriviledged user SysV sempaphores.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage unpriviledged user SysV shared memory segments.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage all files/directories in the homedir
Parameter: | Description: |
---|---|
userdomain |
The user domain |
Create, read, write, and delete directories in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete files in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named pipes in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete named sockets in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete symbolic links in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary blk files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary chr files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary named pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary named sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Mmap user home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage user temporary directories
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow caller noatsecure permission.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Ptrace user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read admin home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read keys for all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read the process state of all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read audio files in the users homedir.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read system SSL certificates in the users homedir.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read files inherited in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read all inherited users files in /tmp
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user home subdirectory symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user temporary symbolic links.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Relabel user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Relabel user home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Relabel user tmp files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Relabel user tmp files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Relabel to user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Relabel to user home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Relabel files to unprivileged user pty types.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow a home directory for which the role has read-only access.
Allow a home directory for which the role has read-only access.
This does not allow execute access.
Parameter: | Description: |
---|---|
role |
The user role |
userdomain |
The user domain |
Read and write keys for all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read/Write files inherited in a user home subdirectory.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write all inherited users home files
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow domain to read/write inherited users fifo files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read/write all inherited users files in /tmp
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create, read, write, and delete user temporary named pipes.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read/Write inherited user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
RW unpriviledged user SysV sempaphores.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write userdomain stream.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write unpriviledged user SysV sempaphores.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read/Write unpriviledged user SysV shared memory segments.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write user temporary files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read/Write user tmpfs files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow Search /root
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search users home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Search user tmp directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow apps to set rlimits on userdomain
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Set the attributes of all user home directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Set the attributes of user home files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Set the attributes of a user pty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Set the attributes of user tmp files.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Set the attributes of a user domain tty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send a SIGCHLD signal to all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow caller to send sigchld to login userdomain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send general signals to all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send general signals to unprivileged user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send signull to all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Send signull to unprivileged user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute a shell in all user domains. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Execute a shell in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Connect to users over a unix stream socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create objects in the temporary directory with an automatic type transition to the user temporary type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects in the temporary filesystem directory with an automatic type transition to the user temporary filesystem type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects in the temporary filesystem directory with an automatic type transition to the user temporary filesystem type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
name |
The name of the object being created. |
Allow caller to transition to any userdomain
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow caller to transition to login userdomain.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Inherit the file descriptors from all user domains
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write a inherited user domain pty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write a inherited user TTYs and PTYs.
Allow the specified domain to read and write inherited user TTYs and PTYs. This will allow the domain to interact with the user via the terminal. Typically all interactive applications will require this access.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write a inherited user domain tty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Inherit the file descriptors from unprivileged user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write a user domain pty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Allow attempts to read and write a user domain tty and pty.
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Read and write a user domain tty.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Make the specified type usable as a user application domain.
Parameter: | Description: |
---|---|
type |
Type to be used as a user application domain. |
type |
Type to be used as the domain entry point. |
Make the specified type usable as a user application domain type.
Parameter: | Description: |
---|---|
type |
Type to be used as a user application domain. |
Make the specified type usable in a user home directory.
Parameter: | Description: |
---|---|
type |
Type to be used as a file in the user home directory. |
Create objects in a user home directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects in a user home directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Create objects in a user home directory with an automatic type transition to the user home file type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
object_class |
The class of the object to be created. |
Create objects in a user home directory with an automatic type transition to the user home file type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Do a domain transition to the specified domain when executing a program in the user home directory.
Do a domain transition to the specified domain when executing a program in the user home directory.
No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.
Parameter: | Description: |
---|---|
source_domain |
Domain allowed to transition. |
target_domain |
Domain to transition to. |
Make the specified type usable as user temporary content.
Parameter: | Description: |
---|---|
type |
Type to be used as a file in the generic temporary directory. |
Make the specified type usable as a user temporary file.
Parameter: | Description: |
---|---|
type |
Type to be used as a file in the temporary directories. |
Create objects in a user temporary directory with an automatic type transition to a specified private type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
private_type |
The type of the object to create. |
object_class |
The class of the object to be created. |
name |
The name of the object being created. |
Make the specified type usable in a generic tmpfs_t directory.
Parameter: | Description: |
---|---|
type |
Type to be used as a file in the generic temporary directory. |
Make the specified type usable as a user tmpfs file.
Parameter: | Description: |
---|---|
type |
Type to be used as a file in tmpfs directories. |
Send a message to users over a unix domain datagram socket.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write keys for all user domains.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write all inherited users files in /tmp
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write all users files in /tmp
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write all users files in /tmp
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Write to user temporary named sockets.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
The template for creating an administrative user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
The privileges given to administrative users are:
Raw disk access
Set all sysctls
All kernel ring buffer controls
Create, read, write, and delete all files but shadow
Manage source and binary format SELinux policy
Run insmod
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., sysadm is the prefix for sysadm_t). |
The template containing the most basic rules common to all users.
The template containing the most basic rules common to all users.
This template creates a user domain, types, and rules for the user's tty and pty.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for allowing the user to change passwords.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template containing rules common to unprivileged users and administrative users.
This template creates a user domain, types, and rules for the user's tty, pty, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template containing the most basic rules common to confined admin.
The template containing the most basic rules common to all users.
This template creates a user domain, types, and rules for the user's tty and pty.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for creating a login user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for creating a unprivileged login user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
The template for creating a unprivileged xwindows login user.
The template for creating a unprivileged xwindows login user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
Allow user to run as a secadm
Create objects in a user home directory with an automatic type transition to a specified private type.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
role |
The role of the object to create. |
Allow user to run as a secadm
Create objects in a user home directory with an automatic type transition to a specified private type.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
role |
The role of the object to create. |
Define this type as a Allow apps to set rlimits on userdomain
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
The template for creating a unprivileged user roughly equivalent to a regular linux user.
The template for creating a unprivileged user roughly equivalent to a regular linux user.
This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
Define this type as a Allow apps to set rlimits on userdomain
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |
domain |
Domain allowed access. |
The template for creating a user xwindows client. (Deprecated)
Parameter: | Description: |
---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). |