Blob Blame History Raw
<html>
<head>
<title>
 Security Enhanced Linux Reference Policy
 </title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
	
		<a href="admin.html">+&nbsp;
		admin</a></br/>
		<div id='subitem'>
		
		</div>
	
		<a href="apps.html">+&nbsp;
		apps</a></br/>
		<div id='subitem'>
		
		</div>
	
		<a href="kernel.html">+&nbsp;
		kernel</a></br/>
		<div id='subitem'>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_bootloader.html'>
			bootloader</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_corenetwork.html'>
			corenetwork</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_devices.html'>
			devices</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_filesystem.html'>
			filesystem</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_kernel.html'>
			kernel</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_selinux.html'>
			selinux</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_storage.html'>
			storage</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_terminal.html'>
			terminal</a><br/>
		
		</div>
	
		<a href="services.html">+&nbsp;
		services</a></br/>
		<div id='subitem'>
		
		</div>
	
		<a href="system.html">+&nbsp;
		system</a></br/>
		<div id='subitem'>
		
		</div>
	
	<br/><p/>
	<a href="interfaces.html">*&nbsp;Interface Index</a>
	<br/><p/>
	<a href="templates.html">*&nbsp;Template Index</a>
</div>

<div id="Content">
<a name="top":></a>
<h1>Layer: kernel</h1><p/>
<h2>Module: terminal</h2><p/>



<h3>Description:</h3>

<p>Policy for terminals.</p>


<a name="interfaces"></a>
<h3>Interfaces: </h3>

<div id="interface">


<div id="codeblock">

<b>term_create_pty</b>(
	
		
		
		
		domain
		
	
		
			,
		
		
		
		pty_type
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Create a pty in the /dev/pts directory.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process creating the pty.

</td><td>
No
</td></tr>

<tr><td>
pty_type
</td><td>

The type of the pty.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_dontaudit_getattr_all_user_ttys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Do not audit attempts to get the
attributes of any user tty
device nodes.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_dontaudit_list_ptys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Do not audit attempts to read the
/dev/pts directory to.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process to not audit.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_dontaudit_use_all_user_ptys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Do not audit attempts to read any
user ptys.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process to not audit.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_dontaudit_use_all_user_ttys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Do not audit attempts to read or write
any user ttys.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_dontaudit_use_console</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Do not audit attemtps to read from
or write to the console.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_dontaudit_use_generic_pty</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Dot not audit attempts to read and
write the generic pty type.  This is
generally only used in the targeted policy.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process to not audit.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_dontaudit_use_ptmx</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Do not audit attempts to read and
write the pty multiplexor (/dev/ptmx).
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process to not audit.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_dontaudit_use_unallocated_tty</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Do not audit attempts to read or
write unallocated ttys.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process to not audit.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_getattr_all_user_ptys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Get the attributes of all user
pty device nodes.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_getattr_all_user_ttys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Get the attributes of all user tty
device nodes.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_getattr_unallocated_ttys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Get the attributes of all unallocated
tty device nodes.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_list_ptys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Read the /dev/pts directory to
list all ptys.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_login_pty</b>(
	
		
		
		
		pty_type
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Transform specified type into a pty type
used by login programs, such as sshd.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
pty_type
</td><td>

An object type that will applied to a pty.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_pty</b>(
	
		
		
		
		pty_type
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Transform specified type into a pty type.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
pty_type
</td><td>

An object type that will applied to a pty.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_relabel_all_user_ptys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Relabel from and to all user
user pty device nodes.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_relabel_all_user_ttys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Relabel from and to all user
user tty device nodes.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_relabel_unallocated_ttys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Relabel from and to the unallocated
tty type.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_reset_tty_labels</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Relabel from all user tty types to
the unallocated tty type.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_setattr_all_user_ttys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Set the attributes of all user tty
device nodes.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_setattr_console</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Set the attributes of the console
device node.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_setattr_unallocated_ttys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Set the attributes of all unallocated
tty device nodes.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_tty</b>(
	
		
		
		
		tty_type
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Transform specified type into a tty type.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
tty_type
</td><td>

An object type that will applied to a tty.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_use_all_terms</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Read and write the console, all
ttys and all ptys.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_use_all_user_ptys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Read and write all user ptys.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_use_all_user_ttys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Read and write all user to all user ttys.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_use_console</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Read from and write to the console.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_use_controlling_term</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Read and write the controlling
terminal (/dev/tty).
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_use_generic_pty</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Read and write the generic pty
type.  This is generally only used in
the targeted policy.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_use_unallocated_tty</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Read and write unallocated ttys.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_user_pty</b>(
	
		
		
		
		userdomain
		
	
		
			,
		
		
		
		object_type
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Transform specified type into an user
pty type. This allows it to be relabeled via
type change by login programs such as ssh.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
userdomain
</td><td>

The type of the user domain associated with
this pty.

</td><td>
No
</td></tr>

<tr><td>
object_type
</td><td>

An object type that will applied to a pty.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_write_all_user_ttys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Write to all user ttys.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_write_console</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Write to the console.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>

<div id="interface">


<div id="codeblock">

<b>term_write_unallocated_ttys</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">


<h5>Description</h5>
<p>
Write to unallocated ttys.
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>

The type of the process performing this action.

</td><td>
No
</td></tr>

</table>
</div>
</div>


<a href=#top>Return</a>



</div>
</body>
</html>