Blob Blame History Raw
<html>
<head>
<title>
 Security Enhanced Linux Reference Policy
 </title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
	
		<a href="admin.html">+&nbsp;
		admin</a></br/>
		<div id='subitem'>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
			acct</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_alsa.html'>
			alsa</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_amanda.html'>
			amanda</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_anaconda.html'>
			anaconda</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
			consoletype</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_ddcprobe.html'>
			ddcprobe</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
			dmesg</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmidecode.html'>
			dmidecode</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
			firstboot</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_kudzu.html'>
			kudzu</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
			logrotate</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logwatch.html'>
			logwatch</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
			netutils</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_prelink.html'>
			prelink</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
			quota</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_readahead.html'>
			readahead</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
			rpm</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
			su</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
			sudo</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
			tmpreaper</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
			updfstab</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usbmodules.html'>
			usbmodules</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
			usermanage</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_vbetool.html'>
			vbetool</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_vpn.html'>
			vpn</a><br/>
		
		</div>
	
		<a href="apps.html">+&nbsp;
		apps</a></br/>
		<div id='subitem'>
		
		</div>
	
		<a href="kernel.html">+&nbsp;
		kernel</a></br/>
		<div id='subitem'>
		
		</div>
	
		<a href="services.html">+&nbsp;
		services</a></br/>
		<div id='subitem'>
		
		</div>
	
		<a href="system.html">+&nbsp;
		system</a></br/>
		<div id='subitem'>
		
		</div>
	
	<br/><p/>
	<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
	<br/><p/>
	<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
	<p/><br/><p/>
	<a href="index.html">*&nbsp;Layer Index</a>
	<br/><p/>
	<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
	<br/><p/>
	<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>

<div id="Content">
<a name="top":></a>
<h1>Layer: admin</h1><p/>
<h2>Module: su</h2><p/>

<a href=#interfaces>Interfaces</a>
<a href=#templates>Templates</a>

<h3>Description:</h3>

<p><p>Run shells with substitute user and group</p></p>



<a name="interfaces"></a>
<h3>Interfaces: </h3>

<a name="link_su_exec"></a>
<div id="interface">


<div id="codeblock">

<b>su_exec</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Execute su in the caller domain.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

Domain allowed access.

</td><td>
No
</td></tr>

</table>
</div>
</div>


<a href=#top>Return</a>


<a name="templates"></a>
<h3>Templates: </h3>

<a name="link_su_per_userdomain_template"></a>
<div id="template">


<div id="codeblock">

<b>su_per_userdomain_template</b>(
	
		
		
		
		userdomain_prefix
		
	
		
			,
		
		
		
		user_domain
		
	
		
			,
		
		
		
		user_role
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
The per user domain template for the su module.
</p>


<h5>Description</h5>
<p>
</p><p>
This template creates a derived domain which is allowed
to change the linux user id, to run shells as a different
user.
</p><p>
</p><p>
This template is invoked automatically for each user, and
generally does not need to be invoked directly
by policy writers.
</p><p>
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
userdomain_prefix
</td><td>

The prefix of the user domain (e.g., user
is the prefix for user_t).

</td><td>
No
</td></tr>

<tr><td>
user_domain
</td><td>

The type of the user domain.

</td><td>
No
</td></tr>

<tr><td>
user_role
</td><td>

The role associated with the user domain.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_su_restricted_domain_template"></a>
<div id="template">


<div id="codeblock">

<b>su_restricted_domain_template</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>

Parameter descriptions are missing!

</td><td>
No
</td></tr>

</table>
</div>
</div>


<a href=#top>Return</a>



</div>
</body>
</html>