Karl MacMillan 660bf7
<html>
Karl MacMillan 660bf7
<head>
Karl MacMillan 660bf7
<title>
Karl MacMillan 660bf7
 Security Enhanced Linux Reference Policy
Karl MacMillan 660bf7
 </title>
Karl MacMillan 660bf7
<style type="text/css" media="all">@import "style.css";</style>
Karl MacMillan 660bf7
</head>
Karl MacMillan 660bf7
<body>
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		admin
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		kernel
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		services
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		system
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			authlogin
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			clock
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			corecommands
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			domain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			files
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			getty
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			hostname
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			hotplug
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			init
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			iptables
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			libraries
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			locallogin
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			logging
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			lvm
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			miscfiles
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			modutils
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			mount
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			selinuxutil
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			sysnetwork
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			udev
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
			   - 
Karl MacMillan 660bf7
			userdomain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
	

Karl MacMillan 660bf7
	* Interface Index
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7

Layer: system

Karl MacMillan 660bf7

Module: userdomain

Karl MacMillan 660bf7

Description:

Karl MacMillan 660bf7
Karl MacMillan 660bf7

Policy for user domains

Karl MacMillan 660bf7
Karl MacMillan 660bf7

Interfaces:

Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
userdom_dontaudit_use_sysadm_terms(
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		domain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Description
Karl MacMillan 660bf7

Karl MacMillan 660bf7
	Do not audit attempts to use admin ttys and ptys.
Chris PeBenito 45d25f

Chris PeBenito 45d25f
Chris PeBenito 45d25f
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
	The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
userdom_dontaudit_use_unpriv_user_fd(
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		domain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Description
Karl MacMillan 660bf7

Karl MacMillan 660bf7
	Do not audit attempts to inherit the
Karl MacMillan 660bf7
	file descriptors from all user domains.
Chris PeBenito 45d25f

Chris PeBenito 45d25f
Chris PeBenito 45d25f
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
	The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
userdom_read_all_user_data(
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		domain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Description
Karl MacMillan 660bf7

Karl MacMillan 660bf7
	Read all files in all users home directories.
Chris PeBenito 45d25f

Chris PeBenito 45d25f
Chris PeBenito 45d25f
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
	The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
userdom_search_all_users_home(
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		domain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Description
Karl MacMillan 660bf7

Karl MacMillan 660bf7
	Search all users home directories.
Chris PeBenito 45d25f

Chris PeBenito 45d25f
Chris PeBenito 45d25f
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
	The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
userdom_shell_domtrans_sysadm(
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		domain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Description
Karl MacMillan 660bf7

Karl MacMillan 660bf7
	Execute a shell in the sysadm domain.
Chris PeBenito 45d25f

Chris PeBenito 45d25f
Chris PeBenito 45d25f
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
	The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
userdom_signal_all_users(
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		domain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Description
Karl MacMillan 660bf7

Karl MacMillan 660bf7
	Send general signals to all user domains.
Chris PeBenito 45d25f

Chris PeBenito 45d25f
Chris PeBenito 45d25f
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
	The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
userdom_spec_domtrans_all_users(
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		domain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Description
Karl MacMillan 660bf7

Karl MacMillan 660bf7
	Execute a shell in all user domains.  This
Karl MacMillan 660bf7
	is an explicit transition, requiring the
Karl MacMillan 660bf7
	caller to use setexeccon().
Chris PeBenito 45d25f

Chris PeBenito 45d25f
Chris PeBenito 45d25f
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
	The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
userdom_use_all_user_fd(
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		domain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Description
Karl MacMillan 660bf7

Karl MacMillan 660bf7
	Inherit the file descriptors from all user domains
Chris PeBenito 45d25f

Chris PeBenito 45d25f
Chris PeBenito 45d25f
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
	The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
userdom_use_sysadm_terms(
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		domain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Description
Karl MacMillan 660bf7

Karl MacMillan 660bf7
	Read and write administrative users
Karl MacMillan 660bf7
	physical and pseudo terminals.
Chris PeBenito 45d25f

Chris PeBenito 45d25f
Chris PeBenito 45d25f
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
	The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
userdom_use_unpriv_users_fd(
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
		domain
Karl MacMillan 660bf7
		
Karl MacMillan 660bf7
	
Karl MacMillan 660bf7
	)
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Chris PeBenito 45d25f
Description
Karl MacMillan 660bf7

Karl MacMillan 660bf7
	Inherit the file descriptors from all user domains.
Chris PeBenito 45d25f

Chris PeBenito 45d25f
Chris PeBenito 45d25f
Parameters
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Parameter:Description:Optional:
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
domain
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
	The type of the process performing this action.
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
No
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
Karl MacMillan 660bf7
</body>
Karl MacMillan 660bf7
</html>