Layer: system

Module: userdomain

Tunables Interfaces Templates

Description:

Policy for user domains

Tunables:

selinuxuser_mysql_connect_enabled

Default value

false

Description

Allow users to connect to the local mysql server

selinuxuser_postgresql_connect_enabled

Default value

false

Description

Allow users to connect to PostgreSQL

selinuxuser_rw_noexattrfile

Default value

false

Description

Allow user to r/w files on filesystems that do not have extended attributes (FAT, CDROM, FLOPPY)

selinuxuser_share_music

Default value

false

Description

Allow user music sharing

selinuxuser_use_ssh_chroot

Default value

false

Description

Allow user to use ssh chroot environment.

Return

Interfaces:

usedom_dontaudit_user_getattr_tmp_sockets(
	
		domain
		
	)

Summary

Dontaudit getattr on user tmp sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_admin_home_dir_filetrans(
	
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in the /root directory with an automatic type transition to a specified private type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private_type	The type of the object to create.
object_class	The class of the object to be created.
name	The name of the object being created.

userdom_append_user_home_content_files(
	
		domain
		
	)

Summary

Append files in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_append_user_tmp_files(
	
		domain
		
	)

Summary

Read user temporary files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_attach_admin_tun_iface(
	
		domain
		
	)

Summary

Allow domain to attach to TUN devices created by administrative users.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_basic_networking(
	
		userdomain
		
	)

Summary

The interface allowing the user basic network permissions

Parameters

Parameter:	Description:
userdomain	The user domain

userdom_bin_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute bin_t in the unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

userdom_connectto_stream(
	
		domain
		
	)

Summary

Read and write userdomain stream.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_create_all_users_keys(
	
		domain
		
	)

Summary

Create keys for all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_create_user_home_dirs(
	
		domain
		
	)

Summary

Create user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_create_user_pty(
	
		domain
		
	)

Summary

Create a user pty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_create_user_tmp_sockets(
	
		domain
		
	)

Summary

Create a user tmp sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_dbus_send_all_users(
	
		domain
		
	)

Summary

Send a dbus message to all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_admin_home_files(
	
		domain
		
	)

Summary

Delete admin home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_all_user_home_content(
	
		domain
		
	)

Summary

Delete all files in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_all_user_home_content_dirs(
	
		domain
		
	)

Summary

Delete all directories in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_all_user_home_content_files(
	
		domain
		
	)

Summary

Delete all files in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_all_user_home_content_sock_files(
	
		domain
		
	)

Summary

Delete all sock files in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_all_user_home_content_symlinks(
	
		domain
		
	)

Summary

Delete all symbolic links in a user home directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_all_user_tmp_content(
	
		domain
		
	)

Summary

Delete all user temporary content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_user_home_content_dirs(
	
		domain
		
	)

Summary

Delete directories in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_user_home_content_files(
	
		domain
		
	)

Summary

Delete files in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_user_home_content_sock_files(
	
		domain
		
	)

Summary

Delete sock files in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_user_home_content_symlinks(
	
		domain
		
	)

Summary

Delete symbolic links in a user home directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_user_tmp_files(
	
		domain
		
	)

Summary

Delete all users files in /tmp

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_delete_user_tmpfs_files(
	
		domain
		
	)

Summary

Delete user tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_destroy_unpriv_user_shared_mem(
	
		domain
		
	)

Summary

Destroy unpriviledged user SysV shared memory segments.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_dgram_send(
	
		domain
		
	)

Summary

Send a message to unpriv users over a unix domain datagram socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_domtrans_user_home(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file in a user home directory in the specified domain.

Description

Execute a file in a user home directory in the specified domain.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters

Parameter:	Description:
domain	Domain allowed access.
target_domain	The type of the new process.

userdom_domtrans_user_tmp(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file in a user tmp directory in the specified domain.

Description

Execute a file in a user tmp directory in the specified domain.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters

Parameter:	Description:
domain	Domain allowed access.
target_domain	The type of the new process.

userdom_dontaudit_access_check_user_content(
	
		domain
		
	)

Summary

Do not audit attempts to check the access on user content files

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_append_inherited_admin_home_file(
	
		domain
		
	)

Summary

Dontaudit append files inherited from the admin home dir.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_append_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to append user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_append_user_tmp_files(
	
		domain
		
	)

Summary

Do not audit attempts to append users temporary files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_create_admin_dir(
	
		domain
		
	)

Summary

dontaudit create dirs /root

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_delete_user_tmp_files(
	
		domain
		
	)

Summary

Do not audit attempts to delete users temporary files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_exec_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to execute user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_getattr_admin_home_files(
	
		domain
		
	)

Summary

dontaudit Search getatrr /root files

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_getattr_user_home_content(
	
		domain
		
	)

Summary

Do not audit attempts to getattr user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_getattr_user_home_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of user home directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_getattr_user_ttys(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of a user domain tty.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_list_admin_dir(
	
		domain
		
	)

Summary

dontaudit list /root

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_list_user_home_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to list user home subdirectories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_list_user_tmp(
	
		domain
		
	)

Summary

Do not audit attempts to list user temporary directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_manage_admin_dir(
	
		domain
		
	)

Summary

dontaudit manage dirs /root

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_manage_user_home_content_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete directories in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_manage_user_home_dirs(
	
		domain
		
	)

Summary

Create user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_dontaudit_manage_user_tmp_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to manage users temporary directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_manage_user_tmp_files(
	
		domain
		
	)

Summary

Do not audit attempts to manage users temporary files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_open_user_ptys(
	
		domain
		
	)

Summary

Do not audit attempts to open user ptys.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_read_admin_home_files(
	
		domain
		
	)

Summary

dontaudit read /root files

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_read_admin_home_lnk_files(
	
		domain
		
	)

Summary

dontaudit read /root lnk files

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_read_all_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to read all user home content files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_read_all_user_tmp_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to read all user tmp content files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_read_inherited_admin_home_files(
	
		domain
		
	)

Summary

Dontaudit Read files inherited from the admin home dir.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_read_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to read user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_read_user_tmp_files(
	
		domain
		
	)

Summary

Do not audit attempts to read users temporary files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_relabel_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to write user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_relabelfrom_user_ptys(
	
		domain
		
	)

Summary

Do not audit attempts to relabel files from user pty types.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_rw_dgram_socket(
	
		domain
		
	)

Summary

Do not audit attempts to read and write unserdomain datagram socket.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_rw_stream(
	
		domain
		
	)

Summary

Do not audit attempts to read and write userdomain stream.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_rw_user_tmp_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to read/write users temporary fifo files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_search_admin_dir(
	
		domain
		
	)

Summary

dontaudit Search /root

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_search_user_bin_dirs(
	
		domain
		
	)

Summary

Dontaudit search of user bin dirs.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_search_user_home_content(
	
		domain
		
	)

Summary

Do not audit attempts to search user home content directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_search_user_home_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to search user home directories.

Description

Do not audit attempts to search user home directories. This will supress SELinux denial messages when the specified domain is denied the permission to search these directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_search_user_tmp(
	
		domain
		
	)

Summary

Do not audit attempts to search user temporary directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_setattr_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to set the attributes of user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_setattr_user_tmp(
	
		domain
		
	)

Summary

Dontaudit attempt to set attributes on user temporary directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_setattr_user_tmpfs(
	
		domain
		
	)

Summary

Dontaudit attempt to set attributes on user temporary file system files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_setattr_user_ttys(
	
		domain
		
	)

Summary

Do not audit attempts to set the attributes of a user domain tty.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_use_all_users_fds(
	
		domain
		
	)

Summary

Do not audit attempts to inherit the file descriptors from any user domains.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_use_unpriv_user_fds(
	
		domain
		
	)

Summary

Do not audit attempts to inherit the file descriptors from unprivileged user domains.

Description

Do not audit attempts to inherit the file descriptors from unprivileged user domains. This will supress SELinux denial messages when the specified domain is denied the permission to inherit these file descriptors.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_use_user_ptys(
	
		domain
		
	)

Summary

Do not audit attempts to use user ptys.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_use_user_terminals(
	
		domain
		
	)

Summary

Do not audit attempts to read and write a user domain tty and pty.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_use_user_ttys(
	
		domain
		
	)

Summary

Do not audit attempts to use user ttys.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_user_getattr_tmp_sockets(
	
		domain
		
	)

Summary

Dontaudit getattr on user tmp sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_dontaudit_write_all_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to write all user home content files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_write_all_user_tmp_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to write all user tmp content files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_write_home_certs(
	
		domain
		
	)

Summary

Dontaudit Write system SSL certificates in the users homedir.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_write_user_home_content_files(
	
		domain
		
	)

Summary

Do not audit attempts to write user home files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dontaudit_write_user_tmp_files(
	
		domain
		
	)

Summary

Do not audit attempts to write users temporary files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_dyntransition_admin_users(
	
		domain
		
	)

Summary

Allow domain dyntrans to admin userdomain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_dyntransition_unpriv_users(
	
		domain
		
	)

Summary

Allow domain dyntrans to unpriv userdomain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_entry_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute all entrypoint files in unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_exec_admin_home_files(
	
		domain
		
	)

Summary

Execute admin home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_exec_user_bin_files(
	
		domain
		
	)

Summary

Execute user bin files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_exec_user_home_content_files(
	
		domain
		
	)

Summary

Execute user home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_exec_user_tmp_files(
	
		domain
		
	)

Summary

The execute access user temporary files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_execmod_user_home_files(
	
		domain
		
	)

Summary

Allow execmod on files in homedirectory

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_execute_user_tmp_files(
	
		domain
		
	)

Summary

Execute user tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_execute_user_tmpfs_files(
	
		domain
		
	)

Summary

Execute user tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_filetrans_generic_home_content(
	
		domain
		
	)

Summary

File name transition for generic home content files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_filetrans_home_content(
	
		domain
		
	)

Summary

Transition to userdom named content

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_filetrans_named_user_tmp_files(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_getattr_all_users(
	
		domain
		
	)

Summary

Get the attributes of all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_getattr_user_home_dirs(
	
		domain
		
	)

Summary

Get the attributes of user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_getattr_user_terminals(
	
		domain
		
	)

Summary

Get attributes of user domain tty and pty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_getattr_user_tmp_files(
	
		domain
		
	)

Summary

Read user temporary files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_getattr_user_tmpfs_files(
	
		domain
		
	)

Summary

Getattr user tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_getattr_user_ttys(
	
		domain
		
	)

Summary

Get the attributes of a user domain tty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_home_filetrans_user_home_dir(
	
		domain
		
			,
		
		name
		
	)

Summary

Create directories in the home dir root with the user home directory type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
name	The name of the object being created.

userdom_home_manager(
	
		type
		
	)

Summary

Make the specified type able to manage content in user home dirs

Parameters

Parameter:	Description:
type	Domain allowed access.

userdom_home_reader(
	
		type
		
	)

Summary

Make the specified type able to read content in user home dirs

Parameters

Parameter:	Description:
type	Domain allowed access.

userdom_inherit_append_admin_home_files(
	
		domain
		
	)

Summary

Append files inherited in the /root directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_inherit_append_user_home_content_files(
	
		domain
		
	)

Summary

Append files inherited in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_inherit_append_user_tmp_files(
	
		domain
		
	)

Summary

Append files inherited in a user tmp files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_kill_all_users(
	
		domain
		
	)

Summary

Send kill signals to all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_list_admin_dir(
	
		domain
		
	)

Summary

Allow domain to list /root

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_list_all_user_home_content(
	
		domain
		
	)

Summary

List all users home content directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_list_all_user_tmp_content(
	
		domain
		
	)

Summary

List all user temporary content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_list_user_home_content(
	
		domain
		
	)

Summary

List contents of users home directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_list_user_home_dirs(
	
		domain
		
	)

Summary

List user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_list_user_tmp(
	
		domain
		
	)

Summary

List user temporary directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_login_userdomain(
	
		domain
		
	)

Summary

Add caller login userdomain attribute.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_all_user_home_type_dirs(
	
		userdomain
		
	)

Summary

Manage all dirs in the homedir

Parameters

Parameter:	Description:
userdomain	The user domain

userdom_manage_all_user_home_type_files(
	
		userdomain
		
	)

Summary

Manage all files in the homedir

Parameters

Parameter:	Description:
userdomain	The user domain

userdom_manage_all_user_tmp_content(
	
		domain
		
	)

Summary

Manage all user temporary content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_all_user_tmpfs_content(
	
		domain
		
	)

Summary

Manage all user tmpfs content.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_all_users_keys(
	
		domain
		
	)

Summary

Manage keys for all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_home_certs(
	
		domain
		
	)

Summary

Manage system SSL certificates in the users homedir.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_home_role(
	
		role
		
			,
		
		userdomain
		
	)

Summary

Allow a home directory for which the role has full access.

Description

Allow a home directory for which the role has full access.

This does not allow execute access.

Parameters

Parameter:	Description:
role	The user role
userdomain	The user domain

userdom_manage_home_texlive(
	
		domain
		
	)

Summary

Manage texlive content in the users homedir.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_tmp_dirs(
	
		domain
		
	)

Summary

Manage user temporary directories

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_tmp_files(
	
		domain
		
	)

Summary

Manage user temporary files

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_tmp_role(
	
		role
		
			,
		
		domain
		
	)

Summary

Manage user temporary files

Parameters

Parameter:	Description:
role	Role allowed access.
domain	Domain allowed access.

userdom_manage_tmp_sockets(
	
		domain
		
	)

Summary

Manage user temporary sockets

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_tmpfs_files(
	
		domain
		
	)

Summary

Manage user temporary file system files

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_tmpfs_role(
	
		role
		
			,
		
		domain
		
	)

Summary

Role access for the user tmpfs type that the user has full access.

Description

Role access for the user tmpfs type that the user has full access.

This does not allow execute access.

Parameters

Parameter:	Description:
role	Role allowed access.
domain	Domain allowed access.

userdom_manage_unpriv_user_semaphores(
	
		domain
		
	)

Summary

Manage unpriviledged user SysV sempaphores.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_unpriv_user_shared_mem(
	
		domain
		
	)

Summary

Manage unpriviledged user SysV shared memory segments.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_home_content(
	
		userdomain
		
	)

Summary

Manage all files/directories in the homedir

Parameters

Parameter:	Description:
userdomain	The user domain

userdom_manage_user_home_content_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_home_content_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_home_content_pipes(
	
		domain
		
	)

Summary

Create, read, write, and delete named pipes in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_home_content_sockets(
	
		domain
		
	)

Summary

Create, read, write, and delete named sockets in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_home_content_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_home_dirs(
	
		domain
		
	)

Summary

Create user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmp_blk_files(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary blk files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmp_chr_files(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary chr files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmp_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmp_files(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmp_pipes(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary named pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmp_sockets(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary named sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmp_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_manage_user_tmpfs_files(
	
		domain
		
	)

Summary

Manage user tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_mmap_user_home_content_files(
	
		domain
		
	)

Summary

Mmap user home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_mounton_tmp_dirs(
	
		domain
		
	)

Summary

Manage user temporary directories

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_noatsecure_login_userdomain(
	
		domain
		
	)

Summary

Allow caller noatsecure permission.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_ptrace_all_users(
	
		domain
		
	)

Summary

Ptrace user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_admin_home_files(
	
		domain
		
	)

Summary

Read admin home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_all_users_keys(
	
		domain
		
	)

Summary

Read keys for all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_all_users_state(
	
		domain
		
	)

Summary

Read the process state of all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_home_audio_files(
	
		domain
		
	)

Summary

Read audio files in the users homedir.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_home_certs(
	
		domain
		
	)

Summary

Read system SSL certificates in the users homedir.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_inherited_user_home_content_files(
	
		domain
		
	)

Summary

Read files inherited in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_inherited_user_tmp_files(
	
		domain
		
	)

Summary

Read all inherited users files in /tmp

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_user_home_content_files(
	
		domain
		
	)

Summary

Read user home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_user_home_content_symlinks(
	
		domain
		
	)

Summary

Read user home subdirectory symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_user_tmp_files(
	
		domain
		
	)

Summary

Read user temporary files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_user_tmp_symlinks(
	
		domain
		
	)

Summary

Read user temporary symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_read_user_tmpfs_files(
	
		domain
		
	)

Summary

Read user tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_relabel_user_home_dirs(
	
		domain
		
	)

Summary

Relabel user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_relabel_user_home_files(
	
		domain
		
	)

Summary

Relabel user home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_relabel_user_tmp_dirs(
	
		domain
		
	)

Summary

Relabel user tmp files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_relabel_user_tmp_files(
	
		domain
		
	)

Summary

Relabel user tmp files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_relabelto_user_home_dirs(
	
		domain
		
	)

Summary

Relabel to user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_relabelto_user_home_files(
	
		domain
		
	)

Summary

Relabel to user home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_relabelto_user_ptys(
	
		domain
		
	)

Summary

Relabel files to unprivileged user pty types.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_ro_home_role(
	
		role
		
			,
		
		userdomain
		
	)

Summary

Allow a home directory for which the role has read-only access.

Description

Allow a home directory for which the role has read-only access.

This does not allow execute access.

Parameters

Parameter:	Description:
role	The user role
userdomain	The user domain

userdom_rw_all_users_keys(
	
		domain
		
	)

Summary

Read and write keys for all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_inherited_user_home_content_files(
	
		domain
		
	)

Summary

Read/Write files inherited in a user home subdirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_inherited_user_home_sock_files(
	
		domain
		
	)

Summary

Write all inherited users home files

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_inherited_user_pipes(
	
		domain
		
	)

Summary

Allow domain to read/write inherited users fifo files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_inherited_user_tmp_files(
	
		domain
		
	)

Summary

Read/write all inherited users files in /tmp

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_inherited_user_tmp_pipes(
	
		domain
		
	)

Summary

Create, read, write, and delete user temporary named pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_inherited_user_tmpfs_files(
	
		domain
		
	)

Summary

Read/Write inherited user tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_semaphores(
	
		domain
		
	)

Summary

RW unpriviledged user SysV sempaphores.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_stream(
	
		domain
		
	)

Summary

Read and write userdomain stream.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_unpriv_user_semaphores(
	
		domain
		
	)

Summary

Read and write unpriviledged user SysV sempaphores.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_unpriv_user_shared_mem(
	
		domain
		
	)

Summary

Read/Write unpriviledged user SysV shared memory segments.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_user_tmp_files(
	
		domain
		
	)

Summary

Read and write user temporary files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_user_tmp_sock_files(
	
		domain
		
	)

Summary

Read and write user temporary files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_rw_user_tmpfs_files(
	
		domain
		
	)

Summary

Read/Write user tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_search_admin_dir(
	
		domain
		
	)

Summary

Allow Search /root

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_search_user_home_content(
	
		domain
		
	)

Summary

Search users home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_search_user_home_dirs(
	
		domain
		
	)

Summary

Search user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_search_user_tmp_dirs(
	
		domain
		
	)

Summary

Search user tmp directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_set_rlimitnh(
	
		domain
		
	)

Summary

Allow apps to set rlimits on userdomain

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_setattr_all_user_home_content_dirs(
	
		domain
		
	)

Summary

Set the attributes of all user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_setattr_user_home_content_files(
	
		domain
		
	)

Summary

Set the attributes of user home files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_setattr_user_ptys(
	
		domain
		
	)

Summary

Set the attributes of a user pty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_setattr_user_tmp_files(
	
		domain
		
	)

Summary

Set the attributes of user tmp files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_setattr_user_ttys(
	
		domain
		
	)

Summary

Set the attributes of a user domain tty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_sigchld_all_users(
	
		domain
		
	)

Summary

Send a SIGCHLD signal to all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_sigchld_login_userdomain(
	
		domain
		
	)

Summary

Allow caller to send sigchld to login userdomain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_signal_all_users(
	
		domain
		
	)

Summary

Send general signals to all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_signal_unpriv_users(
	
		domain
		
	)

Summary

Send general signals to unprivileged user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_signull_all_users(
	
		domain
		
	)

Summary

Send signull to all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_signull_unpriv_users(
	
		domain
		
	)

Summary

Send signull to unprivileged user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_spec_domtrans_all_users(
	
		domain
		
	)

Summary

Execute a shell in all user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

userdom_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute a shell in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

userdom_stream_connect(
	
		domain
		
	)

Summary

Connect to users over a unix stream socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_tmp_filetrans_user_tmp(
	
		domain
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in the temporary directory with an automatic type transition to the user temporary type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
object_class	The class of the object to be created.
name	The name of the object being created.

userdom_tmpfs_filetrans(
	
		domain
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in the temporary filesystem directory with an automatic type transition to the user temporary filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
object_class	The class of the object to be created.
name	The name of the object being created.

userdom_tmpfs_filetrans_to(
	
		domain
		
			,
		
		object_class
		
			,
		
		name
		
			,
		
		name
		
	)

Summary

Create objects in the temporary filesystem directory with an automatic type transition to the user temporary filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
object_class	The class of the object to be created.
name	The name of the object being created.
name	The name of the object being created.

userdom_transition(
	
		domain
		
	)

Summary

Allow caller to transition to any userdomain

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_transition_login_userdomain(
	
		domain
		
	)

Summary

Allow caller to transition to login userdomain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_use_all_users_fds(
	
		domain
		
	)

Summary

Inherit the file descriptors from all user domains

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_use_inherited_user_ptys(
	
		domain
		
	)

Summary

Read and write a inherited user domain pty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_use_inherited_user_terminals(
	
		domain
		
	)

Summary

Read and write a inherited user TTYs and PTYs.

Description

Allow the specified domain to read and write inherited user TTYs and PTYs. This will allow the domain to interact with the user via the terminal. Typically all interactive applications will require this access.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_use_inherited_user_ttys(
	
		domain
		
	)

Summary

Read and write a inherited user domain tty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_use_unpriv_users_fds(
	
		domain
		
	)

Summary

Inherit the file descriptors from unprivileged user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_use_user_ptys(
	
		domain
		
	)

Summary

Read and write a user domain pty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_use_user_terminals(
	
		domain
		
	)

Summary

Allow attempts to read and write a user domain tty and pty.

Parameters

Parameter:	Description:
domain	Domain to not audit.

userdom_use_user_ttys(
	
		domain
		
	)

Summary

Read and write a user domain tty.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_user_application_domain(
	
		type
		
			,
		
		type
		
	)

Summary

Make the specified type usable as a user application domain.

Parameters

Parameter:	Description:
type	Type to be used as a user application domain.
type	Type to be used as the domain entry point.

userdom_user_application_type(
	
		type
		
	)

Summary

Make the specified type usable as a user application domain type.

Parameters

Parameter:	Description:
type	Type to be used as a user application domain.

userdom_user_home_content(
	
		type
		
	)

Summary

Make the specified type usable in a user home directory.

Parameters

Parameter:	Description:
type	Type to be used as a file in the user home directory.

userdom_user_home_content_filetrans(
	
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in a user home directory with an automatic type transition to a specified private type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private_type	The type of the object to create.
object_class	The class of the object to be created.
name	The name of the object being created.

userdom_user_home_dir_filetrans(
	
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in a user home directory with an automatic type transition to a specified private type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private_type	The type of the object to create.
object_class	The class of the object to be created.
name	The name of the object being created.

userdom_user_home_dir_filetrans_pattern(
	
		domain
		
			,
		
		object_class
		
	)

Summary

Create objects in a user home directory with an automatic type transition to the user home file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
object_class	The class of the object to be created.

userdom_user_home_dir_filetrans_user_home_content(
	
		domain
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in a user home directory with an automatic type transition to the user home file type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
object_class	The class of the object to be created.
name	The name of the object being created.

userdom_user_home_domtrans(
	
		source_domain
		
			,
		
		target_domain
		
	)

Summary

Do a domain transition to the specified domain when executing a program in the user home directory.

Description

Do a domain transition to the specified domain when executing a program in the user home directory.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters

Parameter:	Description:
source_domain	Domain allowed to transition.
target_domain	Domain to transition to.

userdom_user_tmp_content(
	
		type
		
	)

Summary

Make the specified type usable as user temporary content.

Parameters

Parameter:	Description:
type	Type to be used as a file in the generic temporary directory.

userdom_user_tmp_file(
	
		type
		
	)

Summary

Make the specified type usable as a user temporary file.

Parameters

Parameter:	Description:
type	Type to be used as a file in the temporary directories.

userdom_user_tmp_filetrans(
	
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in a user temporary directory with an automatic type transition to a specified private type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private_type	The type of the object to create.
object_class	The class of the object to be created.
name	The name of the object being created.

userdom_user_tmpfs_content(
	
		type
		
	)

Summary

Make the specified type usable in a generic tmpfs_t directory.

Parameters

Parameter:	Description:
type	Type to be used as a file in the generic temporary directory.

userdom_user_tmpfs_file(
	
		type
		
	)

Summary

Make the specified type usable as a user tmpfs file.

Parameters

Parameter:	Description:
type	Type to be used as a file in tmpfs directories.

userdom_users_dgram_send(
	
		domain
		
	)

Summary

Send a message to users over a unix domain datagram socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_write_all_users_keys(
	
		domain
		
	)

Summary

Write keys for all user domains.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_write_inherited_user_tmp_files(
	
		domain
		
	)

Summary

Write all inherited users files in /tmp

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_write_user_tmp_dirs(
	
		domain
		
	)

Summary

Write all users files in /tmp

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_write_user_tmp_files(
	
		domain
		
	)

Summary

Write all users files in /tmp

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_write_user_tmp_sockets(
	
		domain
		
	)

Summary

Write to user temporary named sockets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_xsession_spec_domtrans_all_users(
	
		domain
		
	)

Summary

Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

userdom_xsession_spec_domtrans_unpriv_users(
	
		domain
		
	)

Summary

Execute an Xserver session in all unprivileged user domains. This is an explicit transition, requiring the caller to use setexeccon().

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

Return

Templates:

userdom_admin_user_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating an administrative user.

Description

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

The privileges given to administrative users are:

Raw disk access

Set all sysctls

All kernel ring buffer controls

Create, read, write, and delete all files but shadow

Manage source and binary format SELinux policy

Run insmod

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., sysadm is the prefix for sysadm_t).

userdom_base_user_template(
	
		userdomain_prefix
		
	)

Summary

The template containing the most basic rules common to all users.

Description

The template containing the most basic rules common to all users.

This template creates a user domain, types, and rules for the user's tty and pty.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_change_password_template(
	
		userdomain_prefix
		
	)

Summary

The template for allowing the user to change passwords.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_common_user_template(
	
		userdomain_prefix
		
	)

Summary

The template containing rules common to unprivileged users and administrative users.

Description

This template creates a user domain, types, and rules for the user's tty, pty, tmp, and tmpfs files.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_confined_admin_template(
	
		userdomain_prefix
		
	)

Summary

The template containing the most basic rules common to confined admin.

Description

The template containing the most basic rules common to all users.

This template creates a user domain, types, and rules for the user's tty and pty.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_login_user_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating a login user.

Description

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_restricted_user_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating a unprivileged login user.

Description

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_restricted_xwindows_user_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating a unprivileged xwindows login user.

Description

The template for creating a unprivileged xwindows login user.

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_security_admin(
	
		domain
		
			,
		
		role
		
	)

Summary

Allow user to run as a secadm

Description

Create objects in a user home directory with an automatic type transition to a specified private type.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:
domain	Domain allowed access.
role	The role of the object to create.

userdom_security_admin_template(
	
		domain
		
			,
		
		role
		
	)

Summary

Allow user to run as a secadm

Description

Create objects in a user home directory with an automatic type transition to a specified private type.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters

Parameter:	Description:
domain	Domain allowed access.
role	The role of the object to create.

userdom_unpriv_type(
	
		domain
		
	)

Summary

Define this type as a Allow apps to set rlimits on userdomain

Parameters

Parameter:	Description:
domain	Domain allowed access.

userdom_unpriv_user_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating a unprivileged user roughly equivalent to a regular linux user.

Description

The template for creating a unprivileged user roughly equivalent to a regular linux user.

This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

userdom_unpriv_usertype(
	
		userdomain_prefix
		
			,
		
		domain
		
	)

Summary

Define this type as a Allow apps to set rlimits on userdomain

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).
domain	Domain allowed access.

userdom_xwindows_client_template(
	
		userdomain_prefix
		
	)

Summary

The template for creating a user xwindows client. (Deprecated)

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the user domain (e.g., user is the prefix for user_t).

Return