Layer: system

Module: systemd

Description:

SELinux policy for systemd components

Interfaces:

systemd_allow_mount_dir(
	
		domain
		
	)

Summary

Allow process to mount directory configured in a systemd unit as ReadWriteDirectory or ReadOnlyDirectory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_config_all_services(
	
		domain
		
	)

Summary

Allow the specified domain to modify the systemd configuration of all systemd services

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_config_generic_services(
	
		domain
		
	)

Summary

Configure generic unit files domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

systemd_config_power_services(
	
		domain
		
	)

Summary

Configure power unit files domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

systemd_config_systemd_services(
	
		domain
		
	)

Summary

Allow the specified domain to modify the systemd configuration of all systemd services

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_coredump_domtrans(
	
		domain
		
	)

Summary

Execute a domain transition to run systemd-coredump.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_create_unit_dirs(
	
		domain
		
	)

Summary

Allow domain to list systemd unit dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_create_unit_file_dirs(
	
		domain
		
	)

Summary

Create a directory in the /usr/lib/systemd/system directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_create_unit_file_lnk(
	
		domain
		
	)

Summary

Create a link in the /usr/lib/systemd/system directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_dbus_chat_hostnamed(
	
		domain
		
	)

Summary

Send and receive messages from systemd hostnamed over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_dbus_chat_localed(
	
		domain
		
	)

Summary

Send and receive messages from systemd localed over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_dbus_chat_logind(
	
		domain
		
	)

Summary

Send and receive messages from systemd logind over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_dbus_chat_machined(
	
		domain
		
	)

Summary

Send and receive messages from systemd machined over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_dbus_chat_timedated(
	
		domain
		
	)

Summary

Send and receive messages from systemd timedated over dbus.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_domtrans_sysctl(
	
		domain
		
	)

Summary

Execute a domain transition to run systemd-sysctl.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_dontaudit_dbus_chat(
	
		domain
		
	)

Summary

Dontaudit attempts to send dbus domains chat messages

Parameters

Parameter:	Description:
domain	Domain to not audit.

systemd_dontaudit_read_unit_files(
	
		domain
		
	)

Summary

Dontaudit domain to read all systemd unit files.

Parameters

Parameter:	Description:
domain	Domain to not audit.

systemd_dontaudit_write_inherited_logind_sessions_pipes(
	
		domain
		
	)

Summary

Dontaudit attempts to write inherited logind sessions pipes.

Parameters

Parameter:	Description:
domain	Domain to not audit.

systemd_exec_sysctl(
	
		domain
		
	)

Summary

Allow a domain to execute systemd-sysctl in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_exec_systemctl(
	
		domain
		
	)

Summary

Execute systemctl in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_filetrans_home_content(
	
		domain
		
	)

Summary

Transition to systemd named content

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_filetrans_named_content(
	
		domain
		
	)

Summary

Transition to systemd named content

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_filetrans_named_hostname(
	
		domain
		
	)

Summary

Transition to systemd named content for /etc/hostname

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_getattr_unit_dirs(
	
		domain
		
	)

Summary

Allow domain to getattr all systemd unit directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_getattr_unit_files(
	
		domain
		
	)

Summary

Allow domain to getattr all systemd unit files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_hostnamed_manage_config(
	
		domain
		
	)

Summary

Allow process to manage hostname config file.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_hostnamed_read_config(
	
		domain
		
	)

Summary

Allow process to read hostname config file.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_hwdb_manage_config(
	
		domain
		
	)

Summary

Allow process to manage hwdb config file.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_hwdb_read_config(
	
		domain
		
	)

Summary

Allow process to read hwdb config file.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_list_unit_dirs(
	
		domain
		
	)

Summary

Allow domain to list systemd unit dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_localed_domtrans(
	
		domain
		
	)

Summary

Execute a domain transition to run systemd-localed.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_logger_stream_connect(
	
		domain
		
	)

Summary

Allow the specified domain to connect to systemd_logger with a unix socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_login_filetrans_pid_files(
	
		domain
		
	)

Summary

Read systemd_login PID files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_login_halt(
	
		domain
		
	)

Summary

Tell systemd_login to halt the system.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_login_list_pid_dirs(
	
		domain
		
	)

Summary

Read systemd_login PID files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_login_manage_pid_files(
	
		domain
		
	)

Summary

Read systemd_login PID files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_login_read_pid_files(
	
		domain
		
	)

Summary

Read systemd_login PID files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_login_reboot(
	
		domain
		
	)

Summary

Tell systemd_login to reboot the system.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_login_signull(
	
		domain
		
	)

Summary

Send systemd_login a null signal.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_login_status(
	
		domain
		
	)

Summary

Get the system status information from systemd_login

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_login_undefined(
	
		domain
		
	)

Summary

Tell systemd_login to do an unknown access.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_machined_list_pid_dirs(
	
		domain
		
	)

Summary

List systemd-machined PID files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_machined_manage_lib_files(
	
		domain
		
	)

Summary

Manage systemd-machined lib files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_machined_manage_pid_files(
	
		domain
		
	)

Summary

Manage systemd-machined PID files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_machined_read_lib_files(
	
		domain
		
	)

Summary

Read systemd-machined lib files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_machined_read_pid_files(
	
		domain
		
	)

Summary

Read systemd-machined PID files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_machined_search_lib(
	
		domain
		
	)

Summary

Search systemd-machined lib directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_manage_all_unit_files(
	
		domain
		
	)

Summary

manage all systemd unit files

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_manage_all_unit_lnk_files(
	
		domain
		
	)

Summary

manage all systemd unit lnk_files

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_manage_home_content(
	
		domain
		
	)

Summary

Manage systemd homedir content

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_manage_passwd_run(
	
		domain
		
	)

Summary

Send generic signals to systemd_passwd_agent processes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_manage_random_seed(
	
		domain
		
	)

Summary

manage all systemd random seed file

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_manage_unit_dirs(
	
		domain
		
	)

Summary

manage systemd unit dirs

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_manage_unit_symlinks(
	
		domain
		
	)

Summary

manage systemd unit link files

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_mount_dir(
	
		type
		
	)

Summary

Mark the following type as mountable by systemd.

Parameters

Parameter:	Description:
type	Type to be authorized to be mounted

systemd_notify_domtrans(
	
		domain
		
	)

Summary

Execute a domain transition to run systemd_notify.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_passwd_agent_dev_template(
	
		userdomain_prefix
		
	)

Summary

Template for temporary sockets and files in /dev/.systemd/ask-password which are used by systemd-passwd-agent

Parameters

Parameter:	Description:
userdomain_prefix	The prefix of the domain (e.g., user is the prefix for user_t).

systemd_passwd_agent_domtrans(
	
		domain
		
	)

Summary

Execute a domain transition to run systemd-tty-ask-password-agent.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_passwd_agent_exec(
	
		domain
		
	)

Summary

Execute systemd-tty-ask-password-agent in the caller domain

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_passwd_agent_role(
	
		role
		
			,
		
		domain
		
	)

Summary

Role access for systemd_passwd_agent

Parameters

Parameter:	Description:
role	Role allowed access
domain	User domain for the role

systemd_passwd_agent_run(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute systemd-tty-ask-password-agent in the systemd_passwd_agent domain, and allow the specified role the systemd_passwd_agent domain.

Parameters

Parameter:	Description:
domain	Domain allowed access
role	The role to be allowed the systemd_passwd_agent domain.

systemd_read_fifo_file_passwd_run(
	
		domain
		
	)

Summary

Allow to domain to read systemd-passwd pipe

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_read_home_content(
	
		domain
		
	)

Summary

read systemd homedir content

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_read_logind_sessions_files(
	
		domain
		
	)

Summary

Read logind sessions files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_read_unit_files(
	
		domain
		
	)

Summary

Allow domain to read all systemd unit files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_relabel_unit_dirs(
	
		script_file
		
	)

Summary

Relabel systemd unit directories

Parameters

Parameter:	Description:
script_file	Domain allowed access.

systemd_relabel_unit_files(
	
		script_file
		
	)

Summary

Relabel systemd unit files

Parameters

Parameter:	Description:
script_file	Domain allowed access.

systemd_relabelto_fifo_file_passwd_run(
	
		domain
		
	)

Summary

Relabel to user home directories.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_reload_all_services(
	
		domain
		
	)

Summary

Allow the specified domain to reload all systemd services.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_reload_systemd_services(
	
		domain
		
	)

Summary

Allow the specified domain to reload all systemd services.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_rw_coredump_tmpfs_files(
	
		domain
		
	)

Summary

Read and write to systemd-coredump temporary file system.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_search_unit_dirs(
	
		domain
		
	)

Summary

Allow domain to search systemd unit dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_signal_passwd_agent(
	
		domain
		
	)

Summary

Send generic signals to systemd_passwd_agent processes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_start_all_services(
	
		domain
		
	)

Summary

Allow the specified domain to start all systemd services.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_start_all_unit_files(
	
		domain
		
	)

Summary

Start power unit files domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

systemd_start_power_services(
	
		domain
		
	)

Summary

Start power unit files domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

systemd_start_systemd_services(
	
		domain
		
	)

Summary

Allow the specified domain to start systemd services.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_status_all_unit_files(
	
		domain
		
	)

Summary

Start power unit files domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

systemd_status_power_services(
	
		domain
		
	)

Summary

Status power unit files domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

systemd_stub_unit_file(
	
		domain_prefix
		
	)

Summary

Create a domain for processes which are started exuting systemctl.

Parameters

Parameter:	Description:
domain_prefix	Domain allowed access.

systemd_systemctl_domain(
	
		domain_prefix
		
	)

Summary

Create a domain for processes which are started exuting systemctl.

Parameters

Parameter:	Description:
domain_prefix	Domain allowed access.

systemd_tmpfiles_domtrans(
	
		domain
		
	)

Summary

Execute a domain transition to run systemd-tmpfiles.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_tmpfiles_run(
	
		domain
		
			,
		
		role
		
	)

Summary

Execute systemd-tmpfiles in the systemd_tmpfiles_t domain, and allow the specified role the systemd_tmpfiles domain.

Parameters

Parameter:	Description:
domain	Domain allowed access
role	The role to be allowed the systemd_tmpfiles domain.

systemd_unit_file(
	
		script_file
		
	)

Summary

Create a file type used for systemd unit files.

Parameters

Parameter:	Description:
script_file	Type to be used for an unit file.

systemd_unit_file_filetrans(
	
		domain
		
			,
		
		private_type
		
			,
		
		object_class
		
			,
		
		name
		
	)

Summary

Create objects in /run/systemd/generator directory with an automatic type transition to a specified private type.

Parameters

Parameter:	Description:
domain	Domain allowed access.
private_type	The type of the object to create.
object_class	The class of the object to be created.
name	The name of the object being created.

systemd_use_fds_logind(
	
		domain
		
	)

Summary

Use and and inherited systemd logind file descriptors.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_write_inherited_logind_sessions_pipes(
	
		domain
		
	)

Summary

Write inherited logind sessions pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

systemd_write_inhibit_pipes(
	
		domain
		
	)

Summary

Write systemd inhibit pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return

Templates:

systemd_domain_template(
	
		prefix
		
	)

Summary

Creates types and rules for a basic systemd domains.

Parameters

Parameter:	Description:
prefix	Prefix for the domain.

Return