rpms / selinux-policy

Clone
Source Code
GIT

Blame www/api-docs/system_userdomain.html

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   8b1125a766728853b6a0f468dbbde2f59fb70829
  2.   www
  3.   api-docs
  4.   system_userdomain.html
Blob History Raw
Karl MacMillan 660bf7 
<html>
Karl MacMillan 660bf7 
<head>
Karl MacMillan 660bf7 
<title>
Karl MacMillan 660bf7 
 Security Enhanced Linux Reference Policy
Karl MacMillan 660bf7 
 </title>
Karl MacMillan 660bf7 
<style type="text/css" media="all">@import "style.css";</style>
Karl MacMillan 660bf7 
</head>
Karl MacMillan 660bf7 
<body>
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		admin
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		apps
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		kernel
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		services
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		system
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			authlogin
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			clock
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			corecommands
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			files
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
			   - 
Chris PeBenito e3a8e3 
			fstools
Chris PeBenito e3a8e3
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			getty
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			hostname
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			hotplug
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			init
Karl MacMillan 660bf7
Chris PeBenito 8b1125 
			   - 
Chris PeBenito 8b1125 
			ipsec
Chris PeBenito 8b1125
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			iptables
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			libraries
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			locallogin
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			logging
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			lvm
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			miscfiles
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			modutils
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			mount
Karl MacMillan 660bf7
Chris PeBenito 8b1125 
			   - 
Chris PeBenito 8b1125 
			pcmcia
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
			   - 
Chris PeBenito 8b1125 
			raid
Chris PeBenito 8b1125
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			selinuxutil
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			sysnetwork
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			udev
Karl MacMillan 660bf7
Chris PeBenito 767266 
			   - 
Chris PeBenito 767266 
			unconfined
Chris PeBenito 767266
Karl MacMillan 660bf7 
			   - 
Karl MacMillan 660bf7 
			userdomain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125 
	* Global Booleans 
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
	* Global Tunables 
Chris PeBenito 8b1125

Chris PeBenito 8b1125 
	* Layer Index
Chris PeBenito e3a8e3
Chris PeBenito 8b1125 
	* Interface Index
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
	* Template Index
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3
Karl MacMillan 660bf7 
Layer: system
Karl MacMillan 660bf7 
Module: userdomain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Interfaces
Chris PeBenito e3a8e3 
Templates
Chris PeBenito e3a8e3
Karl MacMillan 660bf7 
Description:
Karl MacMillan 660bf7
Chris PeBenito 767266 
Policy for user domains
Chris PeBenito 767266
Karl MacMillan 660bf7
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Karl MacMillan 660bf7 
Interfaces:
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
userdom_dontaudit_search_all_users_home(
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
		domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
	)
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Summary
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Do not audit attempts to search all users home directories.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameters
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameter:Description:Optional:
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Domain to not audit.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
No
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
userdom_dontaudit_search_staff_home_dir(
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
		domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
	)
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Summary
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Do not audit attempts to search the staff
Chris PeBenito 8b1125 
users home directory.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameters
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameter:Description:Optional:
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Domain to not audit.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
No
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
userdom_dontaudit_search_sysadm_home_dir(
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
		domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
	)
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Summary
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Do not audit attempts to search the sysadm
Chris PeBenito 8b1125 
users home directory.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameters
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameter:Description:Optional:
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Domain to not audit.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
No
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
userdom_dontaudit_use_sysadm_terms(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Summary
Karl MacMillan 660bf7
Chris PeBenito 8b1125 
Do not audit attempts to use sysadm ttys and ptys.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito e3a8e3
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125 
Domain to not audit.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
No
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
userdom_dontaudit_use_sysadm_tty(
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
		domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
	)
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Summary
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Do not audit attempts to use sysadm ttys.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameters
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameter:Description:Optional:
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Domain to not audit.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
userdom_dontaudit_use_unpriv_user_fd(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Summary
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Do not audit attempts to inherit the
Chris PeBenito e3a8e3 
file descriptors from all user domains.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
The type of the process performing this action.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
userdom_dontaudit_use_unpriv_user_tty(
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Do not audit attempts to use unprivileged
Chris PeBenito e3a8e3 
user ttys.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito e3a8e3
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
userdom_read_all_user_files(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Summary
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Read all files in all users home directories.
Chris PeBenito e3a8e3
Chris PeBenito 45d25f
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
The type of the process performing this action.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
userdom_read_staff_home_files(
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Read files in the staff users home directory.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito e3a8e3
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
userdom_read_sysadm_home_files(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Summary
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Read files in the sysadm users home directory.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
The type of the process performing this action.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
userdom_rw_sysadm_pipe(
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Read and write sysadm user unnamed pipes.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito e3a8e3
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
userdom_search_all_users_home(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Summary
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Search all users home directories.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
The type of the process performing this action.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
userdom_search_staff_home_dir(
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
		domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
	)
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Summary
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Search the staff users home directory.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameters
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameter:Description:Optional:
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Domain to not audit.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
No
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
userdom_search_sysadm_home_dir(
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
		domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
	)
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Summary
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Search the sysadm users home directory.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameters
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Parameter:Description:Optional:
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
domain
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
Domain to not audit.
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
No
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
userdom_shell_domtrans_sysadm(
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Execute a shell in the sysadm domain.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito e3a8e3
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
userdom_signal_all_users(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Summary
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Send general signals to all user domains.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
The type of the process performing this action.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
userdom_signal_unpriv_users(
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Send general signals to unprivileged user domains.
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito e3a8e3
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
userdom_spec_domtrans_all_users(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Execute a shell in all user domains.  This
Chris PeBenito e3a8e3 
is an explicit transition, requiring the
Chris PeBenito e3a8e3 
caller to use setexeccon().
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito e3a8e3
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
userdom_spec_domtrans_unpriv_users(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Execute a shell in all unprivileged user domains.  This
Chris PeBenito e3a8e3 
is an explicit transition, requiring the
Chris PeBenito e3a8e3 
caller to use setexeccon().
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito e3a8e3
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 767266 
userdom_unconfined(
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
		domain
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
	)
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
Summary
Chris PeBenito 767266
Chris PeBenito 767266 
Unconfined access to user domains.
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
Parameters
Chris PeBenito 767266
Chris PeBenito 767266 
Parameter:Description:Optional:
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
domain
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
Domain allowed access.
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266 
No
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 8b1125
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito 767266
Chris PeBenito e3a8e3 
userdom_use_all_user_fd(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Inherit the file descriptors from all user domains
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito e3a8e3
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
userdom_use_sysadm_fd(
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
		domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito e3a8e3 
Summary
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
Inherit and use sysadm file descriptors
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito e3a8e3
Chris PeBenito 45d25f 
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito e3a8e3 
The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7 
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
userdom_use_sysadm_pty(
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Summary
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Read and write sysadm ptys.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
The type of the process performing this action.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
userdom_use_sysadm_terms(
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Summary
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Read and write sysadm ttys and ptys.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
The type of the process performing this action.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
userdom_use_sysadm_tty(
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Summary
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Read and write sysadm ttys.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
The type of the process performing this action.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
userdom_use_unpriv_users_fd(
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Summary
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Inherit the file descriptors from unprivileged user domains.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
The type of the process performing this action.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
userdom_write_unpriv_user_tmp(
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Summary
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Write all unprivileged users files in /tmp
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameters
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Parameter:Description:Optional:
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
domain
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
The type of the process performing this action.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
No
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Return
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Templates:
Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
admin_user_template(
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
		userdomain_prefix
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
	)
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Summary
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
The template for creating an administrative user.
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
Description
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3
Chris PeBenito e3a8e3 
This template creates a user domain, types, and
Chris PeBenito e3a8e3 
rules for the user's tty, pty, home directories,
Chris PeBenito e3a8e3 
tmp, and tmpfs files.
Chris PeBenito e3a8e3
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
The privileges given to administrative users are:
Chris PeBenito 8b1125
Chris PeBenito 8b1125 
	
  • Raw disk access
    		•
    Chris PeBenito 8b1125 
    	
  • Set all sysctls
    		•
    Chris PeBenito 8b1125 
    	
  • All kernel ring buffer controls
    		•
    Chris PeBenito 8b1125 
    	
  • Set SELinux enforcement mode (enforcing/permissive)
    		•
    Chris PeBenito 8b1125 
    	
  • Set SELinux booleans
    		•
    Chris PeBenito 8b1125 
    	
  • Relabel all files but shadow
    		•
    Chris PeBenito 8b1125 
    	
  • Create, read, write, and delete all files but shadow
    		•
    Chris PeBenito 8b1125 
    	
  • Manage source and binary format SELinux policy
    		•
    Chris PeBenito 8b1125 
    	
  • Run insmod
    		•
    Chris PeBenito 8b1125
    Chris PeBenito 8b1125
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    Parameters
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    Parameter:Description:Optional:
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    userdomain_prefix
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    The prefix of the user domain (e.g., sysadm
    Chris PeBenito e3a8e3 
    is the prefix for sysadm_t).
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    No
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito 8b1125
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    base_user_template(
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    		userdomain_prefix
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    	)
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    Summary
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    The template containing rules common to unprivileged
    Chris PeBenito e3a8e3 
    users and administrative users.
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    Description
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    This template creates a user domain, types, and
    Chris PeBenito e3a8e3 
    rules for the user's tty, pty, home directories,
    Chris PeBenito e3a8e3 
    tmp, and tmpfs files.
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    This generally should not be used, rather the
    Chris PeBenito e3a8e3 
    unpriv_user_template or admin_user_template should
    Chris PeBenito e3a8e3 
    be used.
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    Parameters
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    Parameter:Description:Optional:
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    userdomain_prefix
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    The prefix of the user domain (e.g., user
    Chris PeBenito e3a8e3 
    is the prefix for user_t).
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    No
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito 8b1125
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    unpriv_user_template(
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    		userdomain_prefix
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    	)
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    Summary
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    The template for creating a unprivileged user.
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    Description
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    This template creates a user domain, types, and
    Chris PeBenito e3a8e3 
    rules for the user's tty, pty, home directories,
    Chris PeBenito e3a8e3 
    tmp, and tmpfs files.
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    Parameters
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    Parameter:Description:Optional:
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    userdomain_prefix
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    The prefix of the user domain (e.g., user
    Chris PeBenito e3a8e3 
    is the prefix for user_t).
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    No
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3
    Chris PeBenito e3a8e3 
    Return
    Karl MacMillan 660bf7
    Karl MacMillan 660bf7
    Karl MacMillan 660bf7
    Karl MacMillan 660bf7 
    </body>
    Karl MacMillan 660bf7 
    </html>

    Powered by Pagure 5.14.1

    SSH Hostkey/Fingerprint | Documentation