rpms / selinux-policy

Clone
Source Code
GIT

Blame www/api-docs/kernel_selinux.html

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   5777606093d05464cd0571e2de83372f0d807716
  2.   www
  3.   api-docs
  4.   kernel_selinux.html
Blob History Raw
Karl MacMillan 660bf7 
<html>
Karl MacMillan 660bf7 
<head>
Karl MacMillan 660bf7 
<title>
Karl MacMillan 660bf7 
 Security Enhanced Linux Reference Policy
Karl MacMillan 660bf7 
 </title>
Karl MacMillan 660bf7 
<style type="text/css" media="all">@import "style.css";</style>
Karl MacMillan 660bf7 
</head>
Karl MacMillan 660bf7 
<body>
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		admin
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		apps
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		kernel
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			bootloader
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			corenetwork
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			devices
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			filesystem
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			kernel
Karl MacMillan 660bf7
Chris PeBenito 862a1e 
			   - 
Chris PeBenito 862a1e 
			mls
Chris PeBenito 862a1e
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			selinux
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			storage
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			terminal
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		services
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		system
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125 
	* Global Booleans 
Chris PeBenito e3a8e3
Chris PeBenito 8b1125 
	* Global Tunables 
Chris PeBenito 8b1125

Chris PeBenito 8b1125 
	* Layer Index
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
	* Interface Index
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
	* Template Index
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3
Karl MacMillan 660bf7 
Layer: kernel
Karl MacMillan 660bf7 
Module: selinux
Chris PeBenito e3a8e3
Karl MacMillan 660bf7 
Description:
Karl MacMillan 660bf7
Chris PeBenito 767266
Karl MacMillan 660bf7 
Policy for kernel security interface, in particular, selinuxfs.
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
This module is required to be included in all policies.
Karl MacMillan 660bf7
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Karl MacMillan 660bf7 
Interfaces:
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
selinux_compute_access_vector(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 8b1125 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Allows caller to compute an access vector.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 8b1125
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The process type allowed to compute an access vector.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
selinux_compute_create_context(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 8b1125 
Summary
Karl MacMillan 660bf7
Chris PeBenito c2ecf0 
Calculate the default type for object creation.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 8b1125
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito c2ecf0 
Domain allowed access.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2 
selinux_compute_member(
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2 
		domain
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2 
	)
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2 
Summary
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2 
Allows caller to compute polyinstatntiated
Chris PeBenito 44a4c2 
directory members.
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2 
Parameters
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2 
Parameter:Description:Optional:
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2 
domain
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2 
Domain allowed access.
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2 
No
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 44a4c2
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
selinux_compute_relabel_context(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 8b1125 
Summary
Karl MacMillan 660bf7
Chris PeBenito c2ecf0 
Calculate the context for relabeling objects.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 8b1125
Chris PeBenito c2ecf0 
Description
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0 
Calculate the context for relabeling objects.
Chris PeBenito c2ecf0 
This is determined by using the type_change
Chris PeBenito c2ecf0 
rules in the policy, and is generally used
Chris PeBenito c2ecf0 
for determining the context for relabeling
Chris PeBenito c2ecf0 
a terminal when a user logs in.
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito c2ecf0 
Domain allowed access.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
selinux_compute_user_contexts(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 8b1125 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Allows caller to compute possible contexts for a user.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 8b1125
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The process type allowed to compute user contexts.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad 
selinux_dontaudit_getattr_dir(
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad 
		domain
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad 
	)
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad 
Summary
Chris PeBenito e376ad
Chris PeBenito e376ad 
Do not audit attempts to get the
Chris PeBenito e376ad 
attributes of the selinuxfs directory.
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad 
Parameters
Chris PeBenito e376ad
Chris PeBenito e376ad 
Parameter:Description:Optional:
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad 
domain
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad 
Domain to not audit.
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad 
No
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito e376ad
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125 
selinux_dontaudit_search_fs(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 8b1125 
Summary
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Do not audit attempts to search selinuxfs.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameters
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameter:Description:Optional:
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Domain to not audit.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
No
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 45d25f
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
selinux_get_enforce_mode(
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
		domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
	)
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Allows the caller to get the mode of policy enforcement
Chris PeBenito e3a8e3 
(enforcing or permissive mode).
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 8b1125
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The process type to allow to get the enforcing mode.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
selinux_get_fs_mount(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 8b1125 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Gets the caller the mountpoint of the selinuxfs filesystem.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 8b1125
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The process type requesting the selinuxfs mountpoint.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
selinux_load_policy(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 8b1125 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Allow caller to load the policy into the kernel.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 8b1125
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The process type that will load the policy.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e 
selinux_search_fs(
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e 
		domain
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e 
	)
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e 
Summary
Chris PeBenito 862a1e
Chris PeBenito 862a1e 
Search selinuxfs.
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e 
Parameters
Chris PeBenito 862a1e
Chris PeBenito 862a1e 
Parameter:Description:Optional:
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e 
domain
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e 
Domain allowed access.
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e 
No
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 862a1e
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
selinux_set_boolean(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			,
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			[
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		booltype
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			]
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 8b1125 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Allow caller to set the state of Booleans to
Chris PeBenito e3a8e3 
enable or disable conditional portions of the policy.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 8b1125
Chris PeBenito c2ecf0 
Description
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0 
Allow caller to set the state of Booleans to
Chris PeBenito c2ecf0 
enable or disable conditional portions of the policy.
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0 
Since this is a security event, this action is
Chris PeBenito c2ecf0 
always audited.
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The process type allowed to set the Boolean.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
booltype
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The type of Booleans the caller is allowed to set.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
yes
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
selinux_set_enforce_mode(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 8b1125 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Allow caller to set the mode of policy enforcement
Chris PeBenito e3a8e3 
(enforcing or permissive mode).
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 8b1125
Chris PeBenito c2ecf0 
Description
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0 
Allow caller to set the mode of policy enforcement
Chris PeBenito c2ecf0 
(enforcing or permissive mode).
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0 
Since this is a security event, this action is
Chris PeBenito c2ecf0 
always audited.
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The process type to allow to set the enforcement mode.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
selinux_set_parameters(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 8b1125 
Summary
Karl MacMillan 660bf7
Chris PeBenito c2ecf0 
Allow caller to set SELinux access vector cache parameters.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 8b1125
Chris PeBenito c2ecf0 
Description
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0 
Allow caller to set SELinux access vector cache parameters.
Chris PeBenito c2ecf0 
The allows the domain to set performance related parameters
Chris PeBenito c2ecf0 
of the AVC, such as cache threshold.
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0 
Since this is a security event, this action is
Chris PeBenito c2ecf0 
always audited.
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito c2ecf0
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The process type to allow to set security parameters.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 767266 
selinux_unconfined(
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
		domain
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
	)
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 8b1125 
Summary
Chris PeBenito 767266
Chris PeBenito c2ecf0 
Unconfined access to the SELinux kernel security server.
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 8b1125
Chris PeBenito 767266 
Parameters
Chris PeBenito 767266
Chris PeBenito 767266 
Parameter:Description:Optional:
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
domain
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
Domain allowed access.
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
No
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 8b1125
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Karl MacMillan 660bf7 
selinux_validate_context(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 8b1125 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Allows caller to validate security contexts.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 8b1125
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The process type permitted to validate contexts.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Return
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Karl MacMillan 660bf7
Chris PeBenito e376ad
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
</body>
Karl MacMillan 660bf7 
</html>

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation