Layer: kernel

Module: filesystem

Description:

Policy for filesystems.

This module is required to be included in all policies.

Interfaces:

fs_append_cifs_files(
	
		domain
		
	)

Summary

Append files on a CIFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_append_nfs_files(
	
		domain
		
	)

Summary

Append files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_associate(
	
		file_type
		
	)

Summary

Associate the specified file type to persistent filesystems with extended attributes. This allows a file of this type to be created on a filesystem such as ext3, JFS, and XFS.

Parameters

Parameter:	Description:
file_type	The type of the to be associated.

fs_associate_hugetlbfs(
	
		type
		
	)

Summary

Allow the type to associate to hugetlbfs filesystems.

Parameters

Parameter:	Description:
type	The type of the object to be associated.

fs_associate_noxattr(
	
		file_type
		
	)

Summary

Associate the specified file type to filesystems which lack extended attributes support. This allows a file of this type to be created on a filesystem such as FAT32, and NFS.

Parameters

Parameter:	Description:
file_type	The type of the to be associated.

fs_associate_proc(
	
		type
		
	)

Summary

Allow the type to associate to proc filesystems.

Parameters

Parameter:	Description:
type	The type of the object to be associated.

fs_associate_ramfs(
	
		type
		
	)

Summary

Allow the type to associate to ramfs filesystems.

Parameters

Parameter:	Description:
type	The type of the object to be associated.

fs_associate_tmpfs(
	
		type
		
	)

Summary

Allow the type to associate to tmpfs filesystems.

Parameters

Parameter:	Description:
type	The type of the object to be associated.

fs_cifs_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file on a CIFS or SMB filesystem in the specified domain.

Description

Execute a file on a CIFS or SMB filesystem in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle home directories on CIFS/SMB filesystems, in particular used by the ssh-agent policy.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
target_domain	The type of the new process.

fs_cifs_entry_type(
	
		domain
		
	)

Summary

Make general progams in cifs an entrypoint for the specified domain.

Parameters

Parameter:	Description:
domain	The domain for which cifs_t is an entrypoint.

fs_cifs_entrypoint(
	
		domain
		
	)

Summary

Make general progams in CIFS an entrypoint for the specified domain.

Parameters

Parameter:	Description:
domain	The domain for which cifs_t is an entrypoint.

fs_delete_cgroup_dirs(
	
		domain
		
	)

Summary

Delete cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_delete_kdbus_dirs(
	
		domain
		
	)

Summary

Delete kdbusfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_delete_tmpfs_files(
	
		domain
		
	)

Summary

Delete generic files in tmpfs directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_dontaudit_all_access_check(
	
		domain
		
	)

Summary

Do not audit attempts to check the access on all filesystems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_append_cifs_files(
	
		domain
		
	)

Summary

Do not audit attempts to append files on a CIFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_append_ecryptfs_files(
	
		domain
		
	)

Summary

Dontaudit append files on ecrypt filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_dontaudit_append_nfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to append files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_create_tmpfs_chr_dev(
	
		domain
		
	)

Summary

Do not audit attempts to create character nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_all_dirs(
	
		domain
		
	)

Summary

Dontaudit Get the attributes of all directories with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_dontaudit_getattr_all_files(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all files with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_all_fs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes all filesystems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_all_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all named pipes with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_all_sockets(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all named sockets with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_all_symlinks(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of all symbolic links with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_tmpfs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_tmpfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to getattr generic tmpfs files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_getattr_xattr_fs(
	
		domain
		
	)

Summary

Do not audit attempts to get the attributes of a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_leaks(
	
		domain
		
	)

Summary

Do not audit attempts to read or write all leaked filesystems files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_auto_mountpoints(
	
		domain
		
	)

Summary

Do not audit attempts to list directories of automatically mounted filesystems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_cifs(
	
		domain
		
	)

Summary

Do not audit attempts to list the contents of directories on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_cifs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to read dirs on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_fusefs(
	
		domain
		
	)

Summary

Do not audit attempts to list the contents of directories on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_inotifyfs(
	
		domain
		
	)

Summary

Do not audit attempts to list inotifyfs filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_nfs(
	
		domain
		
	)

Summary

Do not audit attempts to list the contents of directories on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_noxattr_fs(
	
		domain
		
	)

Summary

Do not audit attempts to list all noxattrfs directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_removable(
	
		domain
		
	)

Summary

Do not audit attempts to list removable storage directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_list_tmpfs(
	
		domain
		
	)

Summary

Do not audit attempts to list the contents of generic tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_cifs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete directories on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_cifs_files(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete files on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_ecryptfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete files on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_fusefs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete directories on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_fusefs_files(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete files on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_nfs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete directories on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_nfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_xenfs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete directories on a XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_manage_xenfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to create, read, write, and delete files on a XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_cifs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read files on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_nfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_nfs_symlinks(
	
		domain
		
	)

Summary

Do not audit attempts to read symbolic links on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_noxattr_fs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read all noxattrfs files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_ramfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read on a ramfs files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_ramfs_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to read on a ramfs fifo_files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_removable_files(
	
		domain
		
	)

Summary

Do not audit attempts to read removable storage files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_tmpfs_blk_dev(
	
		domain
		
	)

Summary

Do not audit attempts to dontaudit read block nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_read_tmpfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read files on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_remount_tmpfs(
	
		domain
		
	)

Summary

Dontaudit remount a tmpfs filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_rw_anon_inodefs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read or write files on anon_inodefs file systems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_rw_cgroup_files(
	
		domain
		
	)

Summary

Do not audit attempts to open, get attributes, read and write cgroup files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_rw_cifs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read or write files on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_rw_kdbus_files(
	
		domain
		
	)

Summary

Do not audit attempts to open, get attributes, read and write cgroup files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_rw_nfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read or write files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_rw_tmpfs_files(
	
		domain
		
	)

Summary

Do not audit attempts to read or write generic tmpfs files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_search_cgroup_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to search cgroup directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_search_kdbus_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to search kdbusfs directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_search_ramfs(
	
		domain
		
	)

Summary

Do not audit attempts to search directories on a ramfs

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_use_tmpfs_chr_dev(
	
		domain
		
	)

Summary

Do not audit attempts to read and write character nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_write_configfs_dirs(
	
		domain
		
	)

Summary

dontaudit write dirs on a configfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_dontaudit_write_noxattr_fs_files(
	
		domain
		
	)

Summary

Dont audit attempts to write to noxattrfs files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_write_ramfs_pipes(
	
		domain
		
	)

Summary

Do not audit attempts to write to named pipes on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_dontaudit_write_removable_files(
	
		domain
		
	)

Summary

Do not audit attempts to write removable storage files.

Parameters

Parameter:	Description:
domain	Domain not to audit.

fs_dontaudit_write_tmpfs_dirs(
	
		domain
		
	)

Summary

Do not audit attempts to write tmpfs directories

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_ecryptfs_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file on a FUSE filesystem in the specified domain.

Description

Execute a file on a FUSE filesystem in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle home directories on FUSE filesystems, in particular used by the ssh-agent policy.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
target_domain	The type of the new process.

fs_exec_cifs_files(
	
		domain
		
	)

Summary

Execute files on a CIFS or SMB network filesystem, in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_exec_fusefs_files(
	
		domain
		
	)

Summary

Execute files on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_exec_hugetlbfs_files(
	
		domain
		
	)

Summary

Execute hugetlbfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_exec_nfs_files(
	
		domain
		
	)

Summary

Execute files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_exec_noxattr(
	
		domain
		
	)

Summary

Execute files on a filesystem that does not support extended attributes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_exec_tmpfs_files(
	
		domain
		
	)

Summary

Execute files on a tmpfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_fusefs_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file on a FUSE filesystem in the specified domain.

Description

Execute a file on a FUSE filesystem in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle home directories on FUSE filesystems, in particular used by the ssh-agent policy.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
target_domain	The type of the new process.

fs_fusefs_entry_type(
	
		domain
		
	)

Summary

Make general progams in FUSEFS an entrypoint for the specified domain.

Parameters

Parameter:	Description:
domain	The domain for which fusefs_t is an entrypoint.

fs_fusefs_entrypoint(
	
		domain
		
	)

Summary

Make general progams in FUSEFS an entrypoint for the specified domain.

Parameters

Parameter:	Description:
domain	The domain for which fusefs_t is an entrypoint.

fs_get_all_fs_quotas(
	
		domain
		
	)

Summary

Get the quotas of all filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_get_xattr_fs_quotas(
	
		domain
		
	)

Summary

Get the filesystem quotas of a filesystem with extended attributes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_blk_files(
	
		domain
		
	)

Summary

Get the attributes of all block device nodes with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_chr_files(
	
		domain
		
	)

Summary

Get the attributes of all character device nodes with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_dirs(
	
		domain
		
	)

Summary

Get the attributes of all directories with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_files(
	
		domain
		
	)

Summary

Get the attributes of all files with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_fs(
	
		domain
		
	)

Summary

Get the attributes of all filesystems.

Description

Allow the specified domain to get the attributes of all filesystems. Example attributes:

Type of the file system (e.g., ext3)

Size of the file system

Available space on the file system

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_pipes(
	
		domain
		
	)

Summary

Get the attributes of all named pipes with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_sockets(
	
		domain
		
	)

Summary

Get the attributes of all named sockets with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_all_symlinks(
	
		domain
		
	)

Summary

Get the attributes of all symbolic links with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_autofs(
	
		domain
		
	)

Summary

Get the attributes of an automount pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_binfmt_misc_dirs(
	
		domain
		
	)

Summary

Get the attributes of directories on binfmt_misc filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_cgroup(
	
		domain
		
	)

Summary

Get attributes of cgroup filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_cgroup_files(
	
		domain
		
	)

Summary

Get attributes of cgroup files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_cifs(
	
		domain
		
	)

Summary

Get the attributes of a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_dos_fs(
	
		domain
		
	)

Summary

Get the attributes of a DOS filesystem, such as FAT32 or NTFS.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_fusefs(
	
		domain
		
	)

Summary

Get the attributes of a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_hugetlbfs(
	
		domain
		
	)

Summary

Get the attributes of an hugetlbfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_iso9660_files(
	
		domain
		
	)

Summary

Read files on an iso9660 filesystem, which is usually used on CDs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_iso9660_fs(
	
		domain
		
	)

Summary

Get the attributes of an iso9660 filesystem, which is usually used on CDs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_kdbus(
	
		domain
		
	)

Summary

Get attributes of kdbus filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_nfs(
	
		domain
		
	)

Summary

Get the attributes of a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_nfsd_files(
	
		domain
		
	)

Summary

Getattr files on an nfsd filesystem

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_nfsd_fs(
	
		domain
		
	)

Summary

Get the attributes of a NFS server pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_noxattr_fs(
	
		domain
		
	)

Summary

Get the attributes of filesystems that do not have extended attribute support.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_nsfs_files(
	
		domain
		
	)

Summary

Getattr files on an nsfs filesystem

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_oracleasmfs(
	
		domain
		
	)

Summary

Get the attributes of an oracleasmfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_oracleasmfs_fs(
	
		domain
		
	)

Summary

Get the attributes of an oracleasmfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_ramfs(
	
		domain
		
	)

Summary

Get the attributes of a RAM filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_romfs(
	
		domain
		
	)

Summary

Get the attributes of a ROM filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_rpc_dirs(
	
		domain
		
	)

Summary

Read directories of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_rpc_pipefs(
	
		domain
		
	)

Summary

Get the attributes of a RPC pipe filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_tmpfs(
	
		domain
		
	)

Summary

Get the attributes of a tmpfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_tmpfs_blk_file(
	
		domain
		
	)

Summary

Relabel block nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_tmpfs_dirs(
	
		domain
		
	)

Summary

Get the attributes of tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_getattr_xattr_fs(
	
		domain
		
	)

Summary

Get the attributes of persistent filesystems which have extended attributes, such as ext3, JFS, or XFS.

Description

Allow the specified domain to get the attributes of a persistent filesystems which have extended attributes, such as ext3, JFS, or XFS. Example attributes:

Type of the file system (e.g., ext3)

Size of the file system

Available space on the file system

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_hugetlbfs_filetrans(
	
		domain
		
			,
		
		private type
		
			,
		
		object
		
			,
		
		name
		
	)

Summary

Create an object in a hugetlbfs filesystem, with a private type using a type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private type	The type of the object to be created.
object	The object class of the object being created.
name	The name of the object being created.

fs_list_all(
	
		domain
		
	)

Summary

List all directories with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_auto_mountpoints(
	
		domain
		
	)

Summary

Read directories of automatically mounted filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_cgroup_dirs(
	
		domain
		
	)

Summary

list cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_cifs(
	
		domain
		
	)

Summary

List the contents of directories on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_dos(
	
		domain
		
	)

Summary

List dirs DOS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_hugetlbfs(
	
		domain
		
	)

Summary

List hugetlbfs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_inotifyfs(
	
		domain
		
	)

Summary

List inotifyfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_kdbus_dirs(
	
		domain
		
	)

Summary

List kdbusfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_nfs(
	
		domain
		
	)

Summary

List NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_nfsd_fs(
	
		domain
		
	)

Summary

List NFS server directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_noxattr_fs(
	
		domain
		
	)

Summary

Read all noxattrfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_oracleasmfs(
	
		domain
		
	)

Summary

List oracleasmfs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_pstore(
	
		domain
		
	)

Summary

Do not audit attempts to list removable storage directories.

Parameters

Parameter:	Description:
domain	Domain to not audit.

fs_list_pstorefs(
	
		domain
		
	)

Summary

Do not audit attempts to list removable storage directories.

Description

Do not audit attempts to list removable storage directories

This interface has been deprecated, and will be removed in the future.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_rpc(
	
		domain
		
	)

Summary

Read directories of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_list_tmpfs(
	
		domain
		
	)

Summary

List the contents of generic tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_auto_mountpoints(
	
		domain
		
	)

Summary

Create, read, write, and delete auto moutpoints.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_autofs_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links on an autofs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cgroup_dirs(
	
		domain
		
	)

Summary

Manage cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cgroup_files(
	
		domain
		
	)

Summary

Manage cgroup files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cifs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cifs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cifs_named_pipes(
	
		domain
		
	)

Summary

Create, read, write, and delete named pipes on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cifs_named_sockets(
	
		domain
		
	)

Summary

Create, read, write, and delete named sockets on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_cifs_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_configfs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete dirs on a configfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_configfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a configfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_dos_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete dirs on a DOS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_dos_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a DOS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ecryptfs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ecryptfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ecryptfs_symlinks(
	
		domain
		
	)

Summary

Manage symbolic links on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_fusefs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_fusefs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_fusefs_symlinks(
	
		domain
		
	)

Summary

Manage symbolic links on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_hugetlbfs_dirs(
	
		domain
		
	)

Summary

Manage hugetlbfs dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_hugetlbfs_files(
	
		domain
		
	)

Summary

Manage hugetlbfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_kdbus_dirs(
	
		domain
		
	)

Summary

Manage kdbusfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_kdbus_files(
	
		domain
		
	)

Summary

Manage kdbusfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_nfs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_nfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_nfs_named_pipes(
	
		domain
		
	)

Summary

Create, read, write, and delete named pipes on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_nfs_named_sockets(
	
		domain
		
	)

Summary

Create, read, write, and delete named sockets on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_nfs_symlinks(
	
		domain
		
	)

Summary

Create, read, write, and delete symbolic links on a NFS network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_nfsd_fs(
	
		domain
		
	)

Summary

Manage NFS server files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_noxattr_fs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete all noxattrfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_noxattr_fs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete all noxattrfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_oracleasm(
	
		domain
		
	)

Summary

Read and write the oracleasm device.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ramfs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on a ramfs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ramfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ramfs_pipes(
	
		domain
		
	)

Summary

Create, read, write, and delete named pipes on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_ramfs_sockets(
	
		domain
		
	)

Summary

Create, read, write, and delete named sockets on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tmpfs_blk_files(
	
		domain
		
	)

Summary

Read and write, create and delete block nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tmpfs_chr_files(
	
		domain
		
	)

Summary

Read and write, create and delete character nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tmpfs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete tmpfs directories

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tmpfs_files(
	
		domain
		
	)

Summary

Read and write, create and delete generic files on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tmpfs_sockets(
	
		domain
		
	)

Summary

Read and write, create and delete socket files on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tmpfs_symlinks(
	
		domain
		
	)

Summary

Read and write, create and delete symbolic links on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_tracefs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete dirs labeled as tracefs_t.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_xenfs_dirs(
	
		domain
		
	)

Summary

Create, read, write, and delete directories on a XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_manage_xenfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_all_fs(
	
		domain
		
	)

Summary

Mount all filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_autofs(
	
		domain
		
	)

Summary

Mount an automount pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_cgroup(
	
		domain
		
	)

Summary

Mount cgroup filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_cifs(
	
		domain
		
	)

Summary

Mount a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_dos_fs(
	
		domain
		
	)

Summary

Mount a DOS filesystem, such as FAT32 or NTFS.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_fusefs(
	
		domain
		
	)

Summary

Mount a FUSE filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_iso9660_fs(
	
		domain
		
	)

Summary

Mount an iso9660 filesystem, which is usually used on CDs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_kdbus(
	
		domain
		
	)

Summary

Mount kdbus filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_nfs(
	
		domain
		
	)

Summary

Mount a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_nfsd_fs(
	
		domain
		
	)

Summary

Mount a NFS server pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_ramfs(
	
		domain
		
	)

Summary

Mount a RAM filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_romfs(
	
		domain
		
	)

Summary

Mount a ROM filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_rpc_pipefs(
	
		domain
		
	)

Summary

Mount a RPC pipe filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_tmpfs(
	
		domain
		
	)

Summary

Mount a tmpfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_tracefs(
	
		domain
		
	)

Summary

Mount tracefs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_xattr_fs(
	
		domain
		
	)

Summary

Mount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mount_xenfs(
	
		domain
		
	)

Summary

Mount a XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_cgroup(
	
		domain
		
	)

Summary

Mount on cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_cifs(
	
		domain
		
	)

Summary

Mounton a CIFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_fusefs(
	
		domain
		
	)

Summary

Mounton a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_kdbus(
	
		domain
		
	)

Summary

Mount on kdbusfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_nfs(
	
		domain
		
	)

Summary

Mounton a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_nfsd_fs(
	
		domain
		
	)

Summary

Mount on nfsd_fs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_mounton_tmpfs(
	
		domain
		
	)

Summary

Mount on tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_nfs_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file on a NFS filesystem in the specified domain.

Description

Execute a file on a NFS filesystem in the specified domain. This allows the specified domain to execute any file on a NFS filesystem in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle home directories on NFS filesystems, in particular used by the ssh-agent policy.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.
target_domain	The type of the new process.

fs_nfs_entry_type(
	
		domain
		
	)

Summary

Make general progams in nfs an entrypoint for the specified domain.

Parameters

Parameter:	Description:
domain	The domain for which nfs_t is an entrypoint.

fs_nfs_entrypoint(
	
		domain
		
	)

Summary

Make general progams in NFS an entrypoint for the specified domain.

Parameters

Parameter:	Description:
domain	The domain for which nfs_t is an entrypoint.

fs_noxattr_type(
	
		domain
		
	)

Summary

Transform specified type into a filesystem type which does not have extended attribute support.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_anon_inodefs_files(
	
		domain
		
	)

Summary

Read files on anon_inodefs file systems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_cgroup_files(
	
		domain
		
	)

Summary

Read cgroup files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_cifs_files(
	
		domain
		
	)

Summary

Read files on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_cifs_named_pipes(
	
		domain
		
	)

Summary

Read named pipes on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_cifs_named_sockets(
	
		domain
		
	)

Summary

Read named pipes on a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_cifs_symlinks(
	
		domain
		
	)

Summary

Read symbolic links on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_dos_files(
	
		domain
		
	)

Summary

Read files on a DOS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_ecryptfs_files(
	
		domain
		
	)

Summary

Create, read, write, and delete files on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_ecryptfs_symlinks(
	
		domain
		
	)

Summary

Read symbolic links on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_efivarfs_files(
	
		domain
		
	)

Summary

Read files in efivarfs - contains Linux Kernel configuration options for UEFI systems

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_eventpollfs(
	
		domain
		
	)

Summary

Read eventpollfs files.

Description

Read eventpollfs files

This interface has been deprecated, and will be removed in the future.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_fusefs_files(
	
		domain
		
	)

Summary

Read, a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_fusefs_symlinks(
	
		domain
		
	)

Summary

Read symbolic links on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_hugetlbfs_files(
	
		domain
		
	)

Summary

Read hugetlbfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_inherited_cifs_files(
	
		domain
		
	)

Summary

Read inherited files on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_inherited_nfs_files(
	
		domain
		
	)

Summary

Read inherited files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_iso9660_files(
	
		domain
		
	)

Summary

Read files on an iso9660 filesystem, which is usually used on CDs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_kdbus_files(
	
		domain
		
	)

Summary

Read kdbusfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_nfs_files(
	
		domain
		
	)

Summary

Read files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_nfs_named_pipes(
	
		domain
		
	)

Summary

Read named pipes on a NFS network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_nfs_named_sockets(
	
		domain
		
	)

Summary

Read named sockets on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_nfs_symlinks(
	
		domain
		
	)

Summary

Read symbolic links on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_nfsd_files(
	
		domain
		
	)

Summary

read files on an nfsd filesystem

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_noxattr_fs_files(
	
		domain
		
	)

Summary

Read all noxattrfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_noxattr_fs_symlinks(
	
		domain
		
	)

Summary

Read all noxattrfs symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_nsfs_files(
	
		domain
		
	)

Summary

Read nsfs inodes (e.g. /proc/pid/ns/uts)

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_removable_blk_files(
	
		domain
		
	)

Summary

Read block nodes on removable filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_removable_files(
	
		domain
		
	)

Summary

Read removable storage files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_removable_symlinks(
	
		domain
		
	)

Summary

Read removable storage symbolic links.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_rpc_files(
	
		domain
		
	)

Summary

Read files of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_rpc_sockets(
	
		domain
		
	)

Summary

Read sockets of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_rpc_symlinks(
	
		domain
		
	)

Summary

Read symbolic links of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_tmpfs_files(
	
		domain
		
	)

Summary

Read generic tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_tmpfs_symlinks(
	
		domain
		
	)

Summary

Read tmpfs link files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_read_xenfs_files(
	
		domain
		
	)

Summary

Read files on a XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_register_binary_executable_type(
	
		domain
		
	)

Summary

Description

A common use for this is to register a JVM as an interpreter for Java byte code. Registered binaries can be directly executed on a command line without specifying the interpreter.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_cgroup_dirs(
	
		domain
		
	)

Summary

Relabel cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_kdbus_dirs(
	
		domain
		
	)

Summary

Relabel kdbusfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_pstore_dirs(
	
		domain
		
	)

Summary

Relabel directory on removable storage.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_tmpfs_blk_file(
	
		domain
		
	)

Summary

Relabel block nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_tmpfs_chr_file(
	
		domain
		
	)

Summary

Relabel character nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_tmpfs_dirs(
	
		domain
		
	)

Summary

Relabel directory on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_tmpfs_fifo_files(
	
		domain
		
	)

Summary

Relabel fifo_file on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_tmpfs_files(
	
		domain
		
	)

Summary

Relabel files on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabel_tmpfs_sock_file(
	
		domain
		
	)

Summary

Relabel sock nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabelfrom_all_fs(
	
		domain
		
	)

Summary

Relabelfrom all filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabelfrom_dos_fs(
	
		domain
		
	)

Summary

Allow changing of the label of a DOS filesystem using the context= mount option.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabelfrom_noxattr_fs(
	
		domain
		
	)

Summary

Relabel all objets from filesystems that do not support extended attributes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_relabelfrom_tmpfs(
	
		type
		
	)

Summary

Relabel from tmpfs filesystem.

Parameters

Parameter:	Description:
type	Domain allowed access.

fs_relabelfrom_xattr_fs(
	
		domain
		
	)

Summary

Allow changing of the label of a filesystem with extended attributes using the context= mount option.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_all_fs(
	
		domain
		
	)

Summary

Remount all filesystems. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_autofs(
	
		domain
		
	)

Summary

Remount an automount pseudo filesystem This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_cgroup(
	
		domain
		
	)

Summary

Remount cgroup filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_cifs(
	
		domain
		
	)

Summary

Remount a CIFS or SMB network filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_dos_fs(
	
		domain
		
	)

Summary

Remount a DOS filesystem, such as FAT32 or NTFS. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_iso9660_fs(
	
		domain
		
	)

Summary

Remount an iso9660 filesystem, which is usually used on CDs. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_kdbus(
	
		domain
		
	)

Summary

Remount kdbus filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_nfs(
	
		domain
		
	)

Summary

Remount a NFS filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_nfsd_fs(
	
		domain
		
	)

Summary

Mount a NFS server pseudo filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_ramfs(
	
		domain
		
	)

Summary

Remount a RAM filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_romfs(
	
		domain
		
	)

Summary

Remount a ROM filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_rpc_pipefs(
	
		domain
		
	)

Summary

Remount a RPC pipe filesystem. This allows some mount option to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_tmpfs(
	
		domain
		
	)

Summary

Remount a tmpfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_tracefs(
	
		domain
		
	)

Summary

Remount tracefs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_remount_xattr_fs(
	
		domain
		
	)

Summary

Remount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS. This allows some mount options to be changed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_anon_inodefs_files(
	
		domain
		
	)

Summary

Read and write files on anon_inodefs file systems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_cephfs_files(
	
		domain
		
	)

Summary

Read and write ceph files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_cgroup_files(
	
		domain
		
	)

Summary

Read and write cgroup files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_hugetlbfs_files(
	
		domain
		
	)

Summary

Read and write hugetlbfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_inherited_cifs_files(
	
		domain
		
	)

Summary

Read/Write inherited files on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_inherited_nfs_files(
	
		domain
		
	)

Summary

Read/write inherited files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_inherited_noxattr_fs_files(
	
		domain
		
	)

Summary

Read/Write all inherited noxattrfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_inherited_tmpfs_files(
	
		domain
		
	)

Summary

Read and write generic tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_kdbus_files(
	
		domain
		
	)

Summary

Read and write kdbusfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_nfsd_fs(
	
		domain
		
	)

Summary

Read and write NFS server files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_nsfs_files(
	
		domain
		
	)

Summary

Read and write nsfs inodes (e.g. /proc/pid/ns/uts)

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_onload_sockets(
	
		domain
		
	)

Summary

Read and write sockets of ONLOAD file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_ramfs_pipes(
	
		domain
		
	)

Summary

Read and write a named pipe on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_removable_blk_files(
	
		domain
		
	)

Summary

Read and write block nodes on removable filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_rpc_named_pipes(
	
		domain
		
	)

Summary

Read and write RPC pipe filesystem named pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_rpc_sockets(
	
		domain
		
	)

Summary

Read and write sockets of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_tmpfs_blk_files(
	
		domain
		
	)

Summary

Read and write block nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_tmpfs_chr_files(
	
		domain
		
	)

Summary

Read and write character nodes on tmpfs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_tmpfs_files(
	
		domain
		
	)

Summary

Read and write generic tmpfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_rw_tracefs_files(
	
		domain
		
	)

Summary

Read and write tracefs_t files

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_all(
	
		domain
		
	)

Summary

Search all directories with a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_auto_mountpoints(
	
		domain
		
	)

Summary

Search automount filesystem to use automatically mounted filesystems.

Description

Allow the specified domain to search mount points that have filesystems that are mounted by the automount service. Generally this will be required for any domain that accesses objects on these filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_cgroup_dirs(
	
		domain
		
	)

Summary

Search cgroup directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_cifs(
	
		domain
		
	)

Summary

Search directories on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_dos(
	
		domain
		
	)

Summary

Search dosfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_ecryptfs(
	
		domain
		
	)

Summary

Search directories on a ecrypt filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_fusefs(
	
		domain
		
	)

Summary

Search directories on a FUSEFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_inotifyfs(
	
		domain
		
	)

Summary

Search inotifyfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_kdbus_dirs(
	
		domain
		
	)

Summary

Search kdbusfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_nfs(
	
		domain
		
	)

Summary

Search directories on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_nfsd_fs(
	
		domain
		
	)

Summary

Search NFS server directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_ramfs(
	
		domain
		
	)

Summary

Search directories on a ramfs

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_removable(
	
		domain
		
	)

Summary

Search removable storage directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_rpc(
	
		domain
		
	)

Summary

Search directories of RPC file system pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_tmpfs(
	
		domain
		
	)

Summary

Search tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_search_xenfs(
	
		domain
		
	)

Summary

Search the XENFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_set_all_quotas(
	
		domain
		
	)

Summary

Set the quotas of all filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_set_xattr_fs_quotas(
	
		domain
		
	)

Summary

Set the filesystem quotas of a filesystem with extended attributes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_setattr_cifs_dirs(
	
		domain
		
	)

Summary

Set the attributes of cifs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_setattr_nfs_dirs(
	
		domain
		
	)

Summary

Set the attributes of nfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_setattr_oracleasmfs(
	
		domain
		
	)

Summary

Get the attributes of an oracleasmfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_setattr_oracleasmfs_dirs(
	
		domain
		
	)

Summary

Get the attributes of an oracleasmfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_setattr_tmpfs_dirs(
	
		domain
		
	)

Summary

Set the attributes of tmpfs directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_tmpfs_filetrans(
	
		domain
		
			,
		
		private type
		
			,
		
		object
		
			,
		
		name
		
	)

Summary

Create an object in a tmpfs filesystem, with a private type using a type transition.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private type	The type of the object to be created.
object	The object class of the object being created.
name	The name of the object being created.

fs_tmpfs_filetrans_named_content(
	
		domain
		
	)

Summary

Transition named content in tmpfs_t directory

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_type(
	
		domain
		
	)

Summary

Transform specified type into a filesystem type.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unconfined(
	
		domain
		
	)

Summary

Unconfined access to filesystems

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_all_fs(
	
		domain
		
	)

Summary

Unmount all filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_autofs(
	
		domain
		
	)

Summary

Unmount an automount pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_cgroup(
	
		domain
		
	)

Summary

Unmount cgroup filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_cifs(
	
		domain
		
	)

Summary

Unmount a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_configfs(
	
		domain
		
	)

Summary

Unmount a configfs filesystem

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_dos_fs(
	
		domain
		
	)

Summary

Unmount a DOS filesystem, such as FAT32 or NTFS.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_fusefs(
	
		domain
		
	)

Summary

Unmount a FUSE filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_iso9660_fs(
	
		domain
		
	)

Summary

Unmount an iso9660 filesystem, which is usually used on CDs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_kdbus(
	
		domain
		
	)

Summary

Unmount kdbus filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_nfs(
	
		domain
		
	)

Summary

Unmount a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_nfsd_fs(
	
		domain
		
	)

Summary

Unmount a NFS server pseudo filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_ramfs(
	
		domain
		
	)

Summary

Unmount a RAM filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_romfs(
	
		domain
		
	)

Summary

Unmount a ROM filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_rpc_pipefs(
	
		domain
		
	)

Summary

Unmount a RPC pipe filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_tmpfs(
	
		domain
		
	)

Summary

Unmount a tmpfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_tracefs(
	
		domain
		
	)

Summary

Unmount tracefs filesystems.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_unmount_xattr_fs(
	
		domain
		
	)

Summary

Unmount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_write_cgroup_files(
	
		domain
		
	)

Summary

Write cgroup files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_write_kdbus_files(
	
		domain
		
	)

Summary

Write kdbusfs files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_write_nfs_files(
	
		domain
		
	)

Summary

Read files on a NFS filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_write_ramfs_pipes(
	
		domain
		
	)

Summary

Write to named pipe on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

fs_write_ramfs_sockets(
	
		domain
		
	)

Summary

Write to named socket on a ramfs filesystem.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return