From 885e753682c881a0fdd47c6bd922ee9cafa73e12 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Dec 07 2005 15:46:38 +0000 Subject: update for release --- diff --git a/www/api-docs/admin.html b/www/api-docs/admin.html index 7d12965..32da35d 100644 --- a/www/api-docs/admin.html +++ b/www/api-docs/admin.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
@@ -121,6 +124,11 @@

Berkeley process accounting

+ + amanda +

Automated backup program.

+ + anaconda

Policy for the Anaconda installer.

diff --git a/www/api-docs/admin_acct.html b/www/api-docs/admin_acct.html index 30672e1..8f2a542 100644 --- a/www/api-docs/admin_acct.html +++ b/www/api-docs/admin_acct.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_amanda.html b/www/api-docs/admin_amanda.html new file mode 100644 index 0000000..cf9d616 --- /dev/null +++ b/www/api-docs/admin_amanda.html @@ -0,0 +1,335 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: admin

+

Module: amanda

+ +

Description:

+ +

Automated backup program.

+ + + + +

Interfaces:

+ + +
+ + +
+ +amanda_domtrans_recover( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute amrecover in the amanda_recover domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +amanda_dontaudit_read_dumpdates( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read /etc/dumpdates. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +amanda_run_recover( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+
+ +
Summary
+

+Execute amrecover in the amanda_recover domain, and +allow the specified role the amanda_recover domain. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+role + + +The role to be allowed the amanda_recover domain. + + +No +
+terminal + + +The type of the terminal allow the amanda_recover domain to use. + + +No +
+
+
+ + +
+ + +
+ +amanda_search_lib( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search amanda library directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/admin_anaconda.html b/www/api-docs/admin_anaconda.html index 55b58ae..9c55296 100644 --- a/www/api-docs/admin_anaconda.html +++ b/www/api-docs/admin_anaconda.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_consoletype.html b/www/api-docs/admin_consoletype.html index dbf7c29..bad02cd 100644 --- a/www/api-docs/admin_consoletype.html +++ b/www/api-docs/admin_consoletype.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_dmesg.html b/www/api-docs/admin_dmesg.html index 0da5752..40926f3 100644 --- a/www/api-docs/admin_dmesg.html +++ b/www/api-docs/admin_dmesg.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_dmidecode.html b/www/api-docs/admin_dmidecode.html index b2cfacd..898c5ad 100644 --- a/www/api-docs/admin_dmidecode.html +++ b/www/api-docs/admin_dmidecode.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_firstboot.html b/www/api-docs/admin_firstboot.html index 93e2019..a7b0372 100644 --- a/www/api-docs/admin_firstboot.html +++ b/www/api-docs/admin_firstboot.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_kudzu.html b/www/api-docs/admin_kudzu.html index 70fa937..846d2c4 100644 --- a/www/api-docs/admin_kudzu.html +++ b/www/api-docs/admin_kudzu.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_logrotate.html b/www/api-docs/admin_logrotate.html index d22f285..04574b2 100644 --- a/www/api-docs/admin_logrotate.html +++ b/www/api-docs/admin_logrotate.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_netutils.html b/www/api-docs/admin_netutils.html index 21a44f4..09d1d90 100644 --- a/www/api-docs/admin_netutils.html +++ b/www/api-docs/admin_netutils.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_quota.html b/www/api-docs/admin_quota.html index 863c9f7..70d4e6c 100644 --- a/www/api-docs/admin_quota.html +++ b/www/api-docs/admin_quota.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_rpm.html b/www/api-docs/admin_rpm.html index 928b257..c2695b3 100644 --- a/www/api-docs/admin_rpm.html +++ b/www/api-docs/admin_rpm.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
@@ -158,6 +161,49 @@ No + +
+ + +
+ +rpm_dontaudit_manage_db( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to create, read, +write, and delete the RPM package database. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+
diff --git a/www/api-docs/admin_su.html b/www/api-docs/admin_su.html index d645e0f..3028881 100644 --- a/www/api-docs/admin_su.html +++ b/www/api-docs/admin_su.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
@@ -261,6 +264,48 @@ No
+ +
+ + +
+ +su_restricted_domain_template( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ Return diff --git a/www/api-docs/admin_sudo.html b/www/api-docs/admin_sudo.html index 77d87d9..83b6769 100644 --- a/www/api-docs/admin_sudo.html +++ b/www/api-docs/admin_sudo.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_tmpreaper.html b/www/api-docs/admin_tmpreaper.html index dc8753e..27645cf 100644 --- a/www/api-docs/admin_tmpreaper.html +++ b/www/api-docs/admin_tmpreaper.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_updfstab.html b/www/api-docs/admin_updfstab.html index 249da55..aa1bd3b 100644 --- a/www/api-docs/admin_updfstab.html +++ b/www/api-docs/admin_updfstab.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/admin_usermanage.html b/www/api-docs/admin_usermanage.html index 89fa6df..c613425 100644 --- a/www/api-docs/admin_usermanage.html +++ b/www/api-docs/admin_usermanage.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
@@ -369,6 +372,86 @@ No + +
+ + +
+ +usermanage_run_admin_passwd( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+
+ +
Summary
+

+Execute passwd admin functions in the admin +passwd domain, and allow the specified role +the admin passwd domain. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+role + + +The role to be allowed the admin passwd domain. + + +No +
+terminal + + +The type of the terminal allow the admin passwd domain to use. + + +No +
+
+
+
diff --git a/www/api-docs/admin_vpn.html b/www/api-docs/admin_vpn.html index 5276de7..67af56e 100644 --- a/www/api-docs/admin_vpn.html +++ b/www/api-docs/admin_vpn.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
diff --git a/www/api-docs/global_booleans.html b/www/api-docs/global_booleans.html index 3ae081e..78bfbdc 100644 --- a/www/api-docs/global_booleans.html +++ b/www/api-docs/global_booleans.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
@@ -88,12 +91,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -127,12 +139,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -142,9 +160,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -154,6 +181,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -169,12 +202,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -184,6 +223,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -193,6 +235,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -202,9 +247,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -214,15 +265,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -241,6 +304,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -259,9 +325,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -277,15 +352,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -379,6 +445,30 @@ Enabling secure mode disallows programs, such asnewrole, from transitioning to a
+
+
secure_mode_insmod
+
+
Default value
+

false

+ +
Description
+

+Disable transitions to insmod.

+ +
+ +
+
secure_mode_policyload
+
+
Default value
+

false

+ +
Description
+

+boolean to determine whether the system permits loading policy, settingenforcing mode, and changing boolean values. Set this to true and youhave to reboot to set it back

+ +
+ diff --git a/www/api-docs/global_tunables.html b/www/api-docs/global_tunables.html index 64e2fc3..a418493 100644 --- a/www/api-docs/global_tunables.html +++ b/www/api-docs/global_tunables.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
@@ -88,12 +91,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -127,12 +139,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -142,9 +160,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -154,6 +181,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -169,12 +202,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -184,6 +223,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -193,6 +235,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -202,9 +247,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -214,15 +265,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -241,6 +304,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -259,9 +325,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -277,15 +352,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -428,6 +494,18 @@ Allow gpg executable stack

+
allow_gssd_read_tmp
+
+
Default value
+

true

+ +
Description
+

+Allow gssd to read temp directory.

+ +
+ +
allow_httpd_anon_write
Default value
@@ -464,6 +542,18 @@ Allow sysadm to ptrace all processes

+
allow_rsync_anon_write
+
+
Default value
+

false

+ +
Description
+

+Allow rsync to modify public filesused for public file transfer services.

+ +
+ +
allow_saslauthd_read_shadow
Default value
@@ -476,6 +566,18 @@ Allow sasl to read shadow

+
allow_smbd_anon_write
+
+
Default value
+

false

+ +
Description
+

+Allow samba to modify public filesused for public file transfer services.

+ +
+ +
allow_ssh_keysign
Default value
@@ -596,6 +698,18 @@ Allow httpd cgi support

+
httpd_enable_ftp_server
+
+
Default value
+

false

+ +
Description
+

+Allow httpd to act as a FTP server bylistening on the ftp port.

+ +
+ +
httpd_enable_homedirs
Default value
@@ -656,6 +770,30 @@ Allow BIND to write the master zone files.Generally this is used for dynamic DNS
+
nfs_export_all_ro
+
+
Default value
+

false

+ +
Description
+

+Allow nfs to be exported read only

+ +
+ +
+
nfs_export_all_rw
+
+
Default value
+

false

+ +
Description
+

+Allow nfs to be exported read/write.

+ +
+ +
pppd_can_insmod
Default value
@@ -716,6 +854,42 @@ Allow ssh to run from inetd instead of as a daemon.

+
samba_enable_home_dirs
+
+
Default value
+

false

+ +
Description
+

+Allow samba to export user home directories.

+ +
+ +
+
spamassasin_can_network
+
+
Default value
+

false

+ +
Description
+

+Allow spamassassin to do DNS lookups

+ +
+ +
+
spamassassin_can_network
+
+
Default value
+

false

+ +
Description
+

+Allow user spamassassin clients to use the network.

+ +
+ +
squid_connect_any
Default value
@@ -752,6 +926,18 @@ Allow staff_r users to search the sysadm homedir and read files (such as ~/.bash
+
stunnel_is_daemon
+
+
Default value
+

false

+ +
Description
+

+Configure stunnel to be a standalone daemon orinetd service.

+ +
+ +
use_nfs_home_dirs
Default value
@@ -831,7 +1017,7 @@ Control users use of ping and traceroute

Description

-Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)

+Allow user to r/w files on filesystemsthat do not have extended attributes (FAT, CDROM, FLOPPY)

diff --git a/www/api-docs/index.html b/www/api-docs/index.html index 81c9363..f88b88a 100644 --- a/www/api-docs/index.html +++ b/www/api-docs/index.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
@@ -88,12 +91,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -127,12 +139,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -142,9 +160,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -154,6 +181,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -169,12 +202,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -184,6 +223,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -193,6 +235,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -202,9 +247,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -214,15 +265,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -241,6 +304,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -259,9 +325,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -277,15 +352,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -382,6 +448,11 @@

Berkeley process accounting

+ + amanda +

Automated backup program.

+ + anaconda

Policy for the Anaconda installer.

@@ -506,6 +577,14 @@ Policy for kernel threads, proc filesystem,and unlabeled processes and objects.

Policy for the kernel modules, kernel image, and bootloader.

+ + corecommands +

+Core policy for shells, and generic programs +in /bin, /sbin, /usr/bin, and /usr/sbin. +

+ + corenetwork

Policy controlling access to network objects

@@ -518,6 +597,18 @@ Device nodes and interfaces for many basic system devices.

+ + domain +

Core policy for domains.

+ + + + files +

+Basic filesystem types and interfaces. +

+ + filesystem

Policy for filesystems.

@@ -637,26 +728,6 @@ Policy for kernel security interface, in particular, selinuxfs.

Policy for reading and setting the hardware clock.

- - corecommands -

-Core policy for shells, and generic programs -in /bin, /sbin, /usr/bin, and /usr/sbin. -

- - - - domain -

Core policy for domains.

- - - - files -

-Basic filesystem types and interfaces. -

- - fstools

Tools for filesystem management, such as mkfs and fsck.

@@ -806,6 +877,11 @@ connection and disconnection of devices at runtime.

Ethernet activity monitor.

+ + avahi +

mDNS/DNS-SD daemon implementing Apple ZeroConf architecture

+ + bind

Berkeley internet name domain DNS server.

@@ -816,6 +892,11 @@ connection and disconnection of devices at runtime.

Bluetooth tools and system services.

+ + canna +

Canna - kana-kanji conversion server

+ + comsat

Comsat, a biff server.

@@ -831,11 +912,26 @@ connection and disconnection of devices at runtime.

Periodic execution of scheduled commands.

+ + cups +

Common UNIX printing system

+ + cvs

Concurrent versions system

+ + cyrus +

Cyrus is an IMAP service intended to be run on sealed servers

+ + + + dbskk +

Dictionary server for the SKK Japanese input method system.

+ + dbus

Desktop messaging bus

@@ -851,6 +947,16 @@ connection and disconnection of devices at runtime.

Dictionary daemon

+ + distcc +

Distributed compiler daemon

+ + + + dovecot +

Dovecot POP and IMAP mail server

+ + finger

Finger user information service.

@@ -876,6 +982,11 @@ connection and disconnection of devices at runtime.

Port of Apple Rendezvous multicast DNS

+ + i18n_input +

IIIMF htt server

+ + inetd

Internet services daemon.

@@ -886,6 +997,11 @@ connection and disconnection of devices at runtime.

Internet News NNTP server

+ + irqbalance +

IRQ balancing daemon

+ + kerberos

MIT Kerberos admin and KDC

@@ -901,6 +1017,11 @@ connection and disconnection of devices at runtime.

OpenLDAP directory server

+ + lpd +

Line printer daemon

+ + mailman

Mailman is for managing electronic mail discussion and e-newsletter lists

@@ -916,6 +1037,11 @@ connection and disconnection of devices at runtime.

Policy for MySQL

+ + networkmanager +

Manager for dynamically switching between networks.

+ + nis

Policy for NIS (YP) servers and clients

@@ -931,11 +1057,21 @@ connection and disconnection of devices at runtime.

Network time protocol daemon

+ + pegasus +

The Open Group Pegasus CIM/WBEM Server.

+ + portmap

RPC port mapping service.

+ + postfix +

Postfix email server

+ + postgresql

PostgreSQL relational database

@@ -951,11 +1087,26 @@ connection and disconnection of devices at runtime.

Privacy enhancing web proxy.

+ + procmail +

Procmail mail delivery agent

+ + + + radius +

RADIUS authentication and accounting server.

+ + radvd

IPv6 router advertisement daemon

+ + rdisc +

Network router discovery daemon

+ + remotelogin

Policy for rshd, rlogind, and telnetd.

@@ -966,6 +1117,11 @@ connection and disconnection of devices at runtime.

Remote login daemon

+ + rpc +

Remote Procedure Call Daemon for managment of network based process communication

+ + rshd

Remote shell service.

@@ -1000,6 +1156,11 @@ from Windows NT servers.

Simple network management protocol services

+ + spamassassin +

Filter used for removing unsolicited email.

+ + squid

Squid caching http proxy server

@@ -1030,11 +1191,26 @@ from Windows NT servers.

Trivial file transfer protocol daemon

+ + timidity +

MIDI to WAV converter and player configured as a service

+ + uucp

Unix to Unix Copy

+ + xdm +

X windows login display manager

+ + + + xfs +

X Windows Font Server

+ + zebra

Zebra border gateway protocol network routing service

diff --git a/www/api-docs/interfaces.html b/www/api-docs/interfaces.html index ea502ad..05bc884 100644 --- a/www/api-docs/interfaces.html +++ b/www/api-docs/interfaces.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
@@ -88,12 +91,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -127,12 +139,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -142,9 +160,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -154,6 +181,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -169,12 +202,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -184,6 +223,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -193,6 +235,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -202,9 +247,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -214,15 +265,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -241,6 +304,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -259,9 +325,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -277,15 +352,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -472,6 +538,127 @@ Create, read, write, and delete process accounting data.
+Module: +amanda

+Layer: +admin

+

+ +amanda_domtrans_recover( + + + + + domain + + + )
+
+ +
+

+Execute amrecover in the amanda_recover domain. +

+
+ +
+ +
+Module: +amanda

+Layer: +admin

+

+ +amanda_dontaudit_read_dumpdates( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to read /etc/dumpdates. +

+
+ +
+ +
+Module: +amanda

+Layer: +admin

+

+ +amanda_run_recover( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+ +
+

+Execute amrecover in the amanda_recover domain, and +allow the specified role the amanda_recover domain. +

+
+ +
+ +
+Module: +amanda

+Layer: +admin

+

+ +amanda_search_lib( + + + + + domain + + + )
+
+ +
+

+Search amanda library directories. +

+
+ +
+ +
Module: apache

Layer: @@ -714,6 +901,33 @@ TCP sockets.

+Module: +apache

+Layer: +services

+

+ +apache_dontaudit_search_modules( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to search Apache +module directories. +

+
+ +
+ +
Module: apache

Layer: @@ -930,6 +1144,32 @@ specified role the dmidecode domain.

+Module: +apache

+Layer: +services

+

+ +apache_search_sys_script_state( + + + + + domain + + + )
+
+ +
+

+Search system script state directory. +

+
+ +
+ +
Module: apache

Layer: @@ -1086,6 +1326,32 @@ Read and write to an apm unix stream socket.

+Module: +apm

+Layer: +services

+

+ +apm_stream_connect( + + + + + domain + + + )
+
+ +
+

+Connect to apmd over an unix stream socket. +

+
+ +
+ +
Module: apm

Layer: @@ -1191,6 +1457,32 @@ Create arpwatch data files.

+Module: +arpwatch

+Layer: +services

+

+ +arpwatch_manage_tmp_files( + + + + + domain + + + )
+
+ +
+

+Read and write arpwatch temporary files. +

+
+ +
+ +
Module: arpwatch

Layer: @@ -1564,6 +1856,32 @@ of the shadow passwords file.

+Module: +authlogin

+Layer: +system

+

+ +auth_dontaudit_read_pam_pid( + + + + + domain + + + )
+
+ +
+

+Do not audit attemps to read PAM pid files. +

+
+ +
+ +
Module: authlogin

Layer: @@ -1838,13 +2156,13 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

-auth_read_lastlog( +auth_read_all_dirs_except_shadow( @@ -1852,56 +2170,16 @@ system

domain - )
-

- -
-

-Read the last logins log. -

-
- -
- -
-Module: -authlogin

-Layer: -system

-

- -auth_read_login_records( - - + , - ? - - )
-
- -
-

-Summary is missing! -

-
- -
- -
-Module: -authlogin

-Layer: -system

-

- -auth_read_pam_console_data( - + [ + exception_types - ? + ] )
@@ -1909,51 +2187,38 @@ system

-Summary is missing! +Read all directories on the filesystem, except +the shadow passwords and listed exceptions.

-Module: +Module: authlogin

Layer: system

-auth_read_pam_pid( +auth_read_all_files_except_shadow( - ? + domain - )
-
- -
-

-Summary is missing! -

-
- -
- -
-Module: -authlogin

-Layer: -system

-

- -auth_read_shadow( - + , - domain + + [ + + exception_types + + ] )
@@ -1961,20 +2226,190 @@ system

-Read the shadow passwords file (/etc/shadow) +Read all files on the filesystem, except +the shadow passwords and listed exceptions.

-Module: +Module: authlogin

Layer: system

-auth_relabel_all_files_except_shadow( +auth_read_all_symlinks_except_shadow( + + + + + domain + + + + , + + + + [ + + exception_types + + ] + + + )
+
+ +
+

+Read all symbolic links on the filesystem, except +the shadow passwords and listed exceptions. +

+
+ +
+ +
+Module: +authlogin

+Layer: +system

+

+ +auth_read_lastlog( + + + + + domain + + + )
+
+ +
+

+Read the last logins log. +

+
+ +
+ +
+Module: +authlogin

+Layer: +system

+

+ +auth_read_login_records( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
+Module: +authlogin

+Layer: +system

+

+ +auth_read_pam_console_data( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
+Module: +authlogin

+Layer: +system

+

+ +auth_read_pam_pid( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
+Module: +authlogin

+Layer: +system

+

+ +auth_read_shadow( + + + + + domain + + + )
+
+ +
+

+Read the shadow passwords file (/etc/shadow) +

+
+ +
+ +
+Module: +authlogin

+Layer: +system

+

+ +auth_relabel_all_files_except_shadow( @@ -2007,6 +2442,33 @@ the shadow passwords and listed exceptions.
+Module: +authlogin

+Layer: +system

+

+ +auth_relabel_shadow( + + + + + domain + + + )
+
+ +
+

+Relabel from and to the shadow +password file type. +

+
+ +
+ +
Module: authlogin

Layer: @@ -2018,7 +2480,7 @@ system

- ? + domain )
@@ -2026,7 +2488,8 @@ system

-Summary is missing! +Relabel to the shadow +password file type.

@@ -2221,6 +2684,33 @@ Read and write the shadow password file (/etc/shadow).
+Module: +authlogin

+Layer: +system

+

+ +auth_search_pam_console_data( + + + + + domain + + + )
+
+ +
+

+Search the contents of the +pam_console data directory. +

+
+ +
+ +
+Module: +avahi

+Layer: +services

+

+ +avahi_dbus_chat( + + + + + domain + + + )
+
+ +
+

+Send and receive messages from +avahi over dbus. +

+
+ +
+ +
+Module: +bind

+Layer: +services

+

+ +bind_manage_cache( + + + + + domain + + + )
+
+ +
+

+Create, read, write, and delete +BIND cache files. +

+
+ +
+ +
+Module: +bind

+Layer: +services

+

+ +bind_signal( + + + + + domain + + + )
+
+ +
+

+Send generic signals to BIND. +

+
+ +
+ +
+Module: +bluetooth

+Layer: +services

+

+ +bluetooth_dbus_chat( + + + + + domain + + + )
+
+ +
+

+Send and receive messages from +bluetooth over dbus. +

+
+ +
+ +
+Module: +bluetooth

+Layer: +services

+

+ +bluetooth_domtrans_helper( + + + + + domain + + + )
+
+ +
+

+Execute bluetooth_helper in the bluetooth_helper domain. +

+
+ +
+ +
+Module: +bluetooth

+Layer: +services

+

+ +bluetooth_dontaudit_read_helper_files( + + + + + domain + + + )
+
+ +
+

+Read bluetooth helper files. +

+
+ +
+ +
+Module: +bluetooth

+Layer: +services

+

+ +bluetooth_run_helper( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+ +
+

+Execute bluetooth_helper in the bluetooth_helper domain, and +allow the specified role the bluetooth_helper domain. +

+
+ +
+ +
+Module: +canna

+Layer: +services

+

+ +canna_stream_connect( + + + + + domain + + + )
+
+ +
+

+Connect to Canna using a unix domain stream socket. +

+
+ +
+ +
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

+

+ +corecmd_bin_alias( + + + + + domain + + + )
+
+ +
+

+Create a aliased type to generic bin files. +

+
+ +
+ +
+Module: +corecommands

+Layer: +kernel

corecmd_bin_domtrans( @@ -3329,10 +4073,36 @@ in the specified domain.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

+

+ +corecmd_check_exec_shell( + + + + + domain + + + )
+
+ +
+

+Check if a shell is executable (DAC-wise). +

+
+ +
+ +
+Module: +corecommands

+Layer: +kernel

corecmd_dontaudit_getattr_sbin_file( @@ -3355,10 +4125,37 @@ Summary is missing!
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

+

+ +corecmd_dontaudit_search_sbin( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to search +sbin directories. +

+
+ +
+ +
+Module: +corecommands

+Layer: +kernel

corecmd_exec_bin( @@ -3381,10 +4178,10 @@ Summary is missing!
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_exec_chroot( @@ -3407,10 +4204,10 @@ Summary is missing!
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_exec_ls( @@ -3433,10 +4230,10 @@ Summary is missing!
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_exec_sbin( @@ -3459,10 +4256,10 @@ Summary is missing!
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_exec_shell( @@ -3485,10 +4282,10 @@ Summary is missing!
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_getattr_bin_file( @@ -3511,10 +4308,10 @@ Get the attributes of files in bin directories.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_getattr_sbin_file( @@ -3537,10 +4334,10 @@ Summary is missing!
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_list_bin( @@ -3563,10 +4360,10 @@ Summary is missing!
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_list_sbin( @@ -3589,10 +4386,10 @@ Summary is missing!
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_read_bin_file( @@ -3615,10 +4412,10 @@ Read files in bin directories.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_read_bin_pipe( @@ -3641,10 +4438,10 @@ Read pipes in bin directories.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_read_bin_socket( @@ -3667,10 +4464,10 @@ Read named sockets in bin directories.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_read_bin_symlink( @@ -3693,10 +4490,10 @@ Read symbolic links in bin directories.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_read_sbin_file( @@ -3719,10 +4516,10 @@ Read files in sbin directories.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_read_sbin_pipe( @@ -3745,10 +4542,10 @@ Read named pipes in sbin directories.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_read_sbin_socket( @@ -3771,10 +4568,10 @@ Read named sockets in sbin directories.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_read_sbin_symlink( @@ -3797,10 +4594,10 @@ Read symbolic links in sbin directories.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_sbin_domtrans( @@ -3832,10 +4629,10 @@ in the specified domain.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_search_bin( @@ -3858,10 +4655,10 @@ Summary is missing!
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_search_sbin( @@ -3884,10 +4681,10 @@ Summary is missing!
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_shell_domtrans( @@ -3918,10 +4715,10 @@ Execute a shell in the specified domain.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_shell_entry_type( @@ -3944,10 +4741,10 @@ Make the shell an entrypoint for the specified domain.
-Module: +Module: corecommands

-Layer: -system

+Layer: +kernel

corecmd_shell_spec_domtrans( @@ -4059,6 +4856,60 @@ Do not audit attempts to bind UDP sockets to all reserved ports.
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_non_ipsec_sendrecv( + + + + + domain + + + )
+
+ +
+

+Send and receive messages on a +non-encrypted (no IPSEC) network +session. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_raw_bind_all_nodes( + + + + + domain + + + )
+
+ +
+

+Bind raw sockets to all nodes. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_bind_comsat_port( + + + + + domain + + + )
+
+ +
+

+Bind TCP sockets to the comsat port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_bind_distccd_port( + + + + + domain + + + )
+
+ +
+

+Bind TCP sockets to the distccd port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_bind_gatekeeper_port( + + + + + domain + + + )
+
+ +
+

+Bind TCP sockets to the gatekeeper port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_bind_i18n_input_port( + + + + + domain + + + )
+
+ +
+

+Bind TCP sockets to the i18n_input port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_bind_rlogind_port( + + + + + domain + + + )
+
+ +
+

+Bind TCP sockets to the rlogind port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_connect_comsat_port( + + + + + domain + + + )
+
+ +
+

+Make a TCP connection to the comsat port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_connect_distccd_port( + + + + + domain + + + )
+
+ +
+

+Make a TCP connection to the distccd port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_connect_gatekeeper_port( + + + + + domain + + + )
+
+ +
+

+Make a TCP connection to the gatekeeper port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_connect_i18n_input_port( + + + + + domain + + + )
+
+ +
+

+Make a TCP connection to the i18n_input port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_connect_rlogind_port( + + + + + domain + + + )
+
+ +
+

+Make a TCP connection to the rlogind port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_sendrecv_comsat_port( + + + + + domain + + + )
+
+ +
+

+Send and receive TCP traffic on the comsat port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_sendrecv_distccd_port( + + + + + domain + + + )
+
+ +
+

+Send and receive TCP traffic on the distccd port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_sendrecv_gatekeeper_port( + + + + + domain + + + )
+
+ +
+

+Send and receive TCP traffic on the gatekeeper port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_sendrecv_i18n_input_port( + + + + + domain + + + )
+
+ +
+

+Send and receive TCP traffic on the i18n_input port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_sendrecv_rlogind_port( + + + + + domain + + + )
+
+ +
+

+Send and receive TCP traffic on the rlogind port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_bind_comsat_port( + + + + + domain + + + )
+
+ +
+

+Bind UDP sockets to the comsat port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_bind_distccd_port( + + + + + domain + + + )
+
+ +
+

+Bind UDP sockets to the distccd port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_bind_gatekeeper_port( + + + + + domain + + + )
+
+ +
+

+Bind UDP sockets to the gatekeeper port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_bind_i18n_input_port( + + + + + domain + + + )
+
+ +
+

+Bind UDP sockets to the i18n_input port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_bind_rlogind_port( + + + + + domain + + + )
+
+ +
+

+Bind UDP sockets to the rlogind port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_receive_comsat_port( + + + + + domain + + + )
+
+ +
+

+Receive UDP traffic on the comsat port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_receive_distccd_port( + + + + + domain + + + )
+
+ +
+

+Receive UDP traffic on the distccd port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_receive_gatekeeper_port( + + + + + domain + + + )
+
+ +
+

+Receive UDP traffic on the gatekeeper port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_receive_i18n_input_port( + + + + + domain + + + )
+
+ +
+

+Receive UDP traffic on the i18n_input port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_receive_rlogind_port( + + + + + domain + + + )
+
+ +
+

+Receive UDP traffic on the rlogind port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_send_comsat_port( + + + + + domain + + + )
+
+ +
+

+Send UDP traffic on the comsat port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_send_distccd_port( + + + + + domain + + + )
+
+ +
+

+Send UDP traffic on the distccd port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_send_gatekeeper_port( + + + + + domain + + + )
+
+ +
+

+Send UDP traffic on the gatekeeper port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_send_i18n_input_port( + + + + + domain + + + )
+
+ +
+

+Send UDP traffic on the i18n_input port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_send_rlogind_port( + + + + + domain + + + )
+
+ +
+

+Send UDP traffic on the rlogind port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_sendrecv_comsat_port( + + + + + domain + + + )
+
+ +
+

+Send and receive UDP traffic on the comsat port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_sendrecv_distccd_port( + + + + + domain + + + )
+
+ +
+

+Send and receive UDP traffic on the distccd port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_sendrecv_gatekeeper_port( + + + + + domain + + + )
+
+ +
+

+Send and receive UDP traffic on the gatekeeper port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_sendrecv_i18n_input_port( + + + + + domain + + + )
+
+ +
+

+Send and receive UDP traffic on the i18n_input port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_sendrecv_rlogind_port( + + + + + domain + + + )
+
+ +
+

+Send and receive UDP traffic on the rlogind port. +

+
+ +
+ +
+Module: +cron

+Layer: +services

+

+ +cron_crw_tcp_socket( + + + + + domain + + + )
+
+ +
+

+Create, read, and write a cron daemon TCP socket. +

+
+ +
+ +
+Module: +cron

+Layer: +services

+

+ +cron_domtrans_anacron_system_job( + + + + + domain + + + )
+
+ +
+

+Execute APM in the apm domain. +

+
+ +
+ +
+Module: +cron

+Layer: +services

+

+ +cron_dontaudit_append_system_job_tmp_files( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to append temporary +files from the system cron jobs. +

+
+ +
+ +
+Module: +cron

+Layer: +services

+

+ +cron_rw_system_job_pipe( + + + + + domain + + + )
+
+ +
+

+Read and write a system cron job unnamed pipe. +

+
+ +
+ +
Module: cron

Layer: @@ -22397,7 +24263,218 @@ services

-Wrate a system cron job unnamed pipe. +Write a system cron job unnamed pipe. +

+
+ +
+ +
+Module: +cups

+Layer: +services

+

+ +cups_dbus_chat( + + + + + domain + + + )
+
+ +
+

+Send and receive messages from +cups over dbus. +

+
+ +
+ +
+Module: +cups

+Layer: +services

+

+ +cups_dbus_chat_config( + + + + + domain + + + )
+
+ +
+

+Send and receive messages from +cupsd_config over dbus. +

+
+ +
+ +
+Module: +cups

+Layer: +services

+

+ +cups_domtrans( + + + + + domain + + + )
+
+ +
+

+Execute cups in the cups domain. +

+
+ +
+ +
+Module: +cups

+Layer: +services

+

+ +cups_domtrans_config( + + + + + domain + + + )
+
+ +
+

+Execute cups_config in the cups_config domain. +

+
+ +
+ +
+Module: +cups

+Layer: +services

+

+ +cups_read_log( + + + + + domain + + + )
+
+ +
+

+Read cups log files. +

+
+ +
+ +
+Module: +cups

+Layer: +services

+

+ +cups_read_rw_config( + + + + + domain + + + )
+
+ +
+

+Read cups-writable configuration files. +

+
+ +
+ +
+Module: +cups

+Layer: +services

+

+ +cups_signal_config( + + + + + domain + + + )
+
+ +
+

+Send generic signals to the cups +configuration daemon. +

+
+ +
+ +
+Module: +cups

+Layer: +services

+

+ +cups_stream_connect_ptal( + + + + + domain + + + )
+
+ +
+

+Connect to ptal over an unix domain stream socket.

@@ -22430,6 +24507,33 @@ Read the CVS data and metadata.
+Module: +cyrus

+Layer: +services

+

+ +cyrus_manage_data( + + + + + domain + + + )
+
+ +
+

+Allow caller to create, read, write, +and delete cyrus data files. +

+
+ +
+ +
+Module: +dbus

+Layer: +services

+

+ +dbus_stub( + + + + + [ + + domain + + ] + + + )
+
+ +
+

+DBUS stub interface. No access allowed. +

+
+ +
+ +
+Module: +devices

+Layer: +kernel

+

+ +dev_append_printer( + + + + + domain + + + )
+
+ +
+

+Append the printer device. +

+
+ +
+ +
+Module: +devices

+Layer: +kernel

+

+ +dev_associate_usbfs( + + + + + domain + + + )
+
+ +
+

+Mount a usbfs filesystem. +

+
+ +
+ +
+Module: +devices

+Layer: +kernel

+

+ +dev_create_cardmgr( + + + + + domain + + + )
+
+ +
+

+Create, read, write, and delete +the PCMCIA card manager device +with the correct type. +

+
+ +
+ +
+Module: +devices

+Layer: +kernel

+

+ +dev_dontaudit_getattr_usbfs_dir( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get the attributes +of a directory in the usb filesystem. +

+
+ +
+ +
+Module: +devices

+Layer: +kernel

+

+ +dev_getattr_mtrr( + + + + + domain + + + )
+
+ +
+

+Get the attributes of the mtrr device. +

+
+ +
+ +
-Module: +Module: devices

Layer: kernel

-dev_manage_dev_nodes( +dev_manage_cardmgr( @@ -23935,20 +26202,21 @@ kernel

-Create, delete, read, and write device nodes in device directories. +Create, read, write, and delete +the PCMCIA card manager device.

-Module: +Module: devices

Layer: kernel

-dev_manage_generic_blk_file( +dev_manage_dev_nodes( @@ -23961,8 +26229,7 @@ kernel

-Allow read, write, create, and delete for generic -block files. +Create, delete, read, and write device nodes in device directories.

@@ -24621,6 +26888,32 @@ Read and write the apm bios.
+Module: +devices

+Layer: +kernel

+

+ +dev_rw_cardmgr( + + + + + domain + + + )
+
+ +
+

+Read and write the PCMCIA card manager device. +

+
+ +
+ +
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_base_type( @@ -25918,10 +28211,10 @@ Make the specified type usable as a basic domain.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_cron_exemption_source( @@ -25947,10 +28240,10 @@ constraints.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_cron_exemption_target( @@ -25976,10 +28269,63 @@ constraints.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

+

+ +domain_dontaudit_getattr_all_dgram_sockets( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get the attributes +of all domains unix datagram sockets. +

+
+ +
+ +
+Module: +domain

+Layer: +kernel

+

+ +domain_dontaudit_getattr_all_domains( + + + + + domain + + + )
+
+ +
+

+Get the attributes of all domains of all domains. +

+
+ +
+ +
+Module: +domain

+Layer: +kernel

domain_dontaudit_getattr_all_key_sockets( @@ -26003,13 +28349,13 @@ all domains IPSEC key management sockets.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

-domain_dontaudit_getattr_all_sockets( +domain_dontaudit_getattr_all_packet_sockets( @@ -26022,21 +28368,21 @@ system

-Do not audit attempts to get the attributes -of all domains sockets, for all socket types. +Do not audit attempts to get attribues of +all domains packet sockets.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

-domain_dontaudit_getattr_all_tcp_sockets( +domain_dontaudit_getattr_all_pipes( @@ -26050,20 +28396,47 @@ system

Do not audit attempts to get the attributes -of all domains TCP sockets. +of all domains unnamed pipes.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

-domain_dontaudit_getattr_all_udp_sockets( +domain_dontaudit_getattr_all_raw_sockets( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get attribues of +all domains raw sockets. +

+
+ +
+ +
+Module: +domain

+Layer: +kernel

+

+ +domain_dontaudit_getattr_all_sockets( @@ -26077,20 +28450,20 @@ system

Do not audit attempts to get the attributes -of all domains UDP sockets. +of all domains sockets, for all socket types.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

-domain_dontaudit_getattr_all_unix_dgram_sockets( +domain_dontaudit_getattr_all_stream_sockets( @@ -26111,13 +28484,13 @@ of all domains unix datagram sockets.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

-domain_dontaudit_getattr_all_unnamed_pipes( +domain_dontaudit_getattr_all_tcp_sockets( @@ -26131,17 +28504,44 @@ system

Do not audit attempts to get the attributes -of all domains unnamed pipes. +of all domains TCP sockets.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

+

+ +domain_dontaudit_getattr_all_udp_sockets( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get the attributes +of all domains UDP sockets. +

+
+ +
+ +
+Module: +domain

+Layer: +kernel

domain_dontaudit_getsession_all_domains( @@ -26165,10 +28565,10 @@ session ID of all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_dontaudit_list_all_domains_proc( @@ -26192,10 +28592,10 @@ directories of all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_dontaudit_ptrace_all_domains( @@ -26218,10 +28618,10 @@ Do not audit attempts to ptrace all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_dontaudit_ptrace_confined_domains( @@ -26244,10 +28644,10 @@ Do not audit attempts to ptrace confined domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_dontaudit_read_all_domains_state( @@ -26271,10 +28671,10 @@ state (/proc/pid) of all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_dontaudit_rw_all_key_sockets( @@ -26298,10 +28698,10 @@ all domains key sockets.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_dontaudit_rw_all_udp_sockets( @@ -26325,10 +28725,37 @@ all domains UDP sockets.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

+

+ +domain_dontaudit_search_all_domains_state( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to search the process +state directory (/proc/pid) of all domains. +

+
+ +
+ +
+Module: +domain

+Layer: +kernel

domain_dontaudit_use_wide_inherit_fd( @@ -26351,10 +28778,10 @@ Summary is missing!
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_dyntrans_type( @@ -26377,10 +28804,10 @@ Summary is missing!
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_entry_file( @@ -26412,10 +28839,10 @@ an entry point for the domain.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_exec_all_entry_files( @@ -26438,10 +28865,10 @@ Summary is missing!
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_getattr_all_domains( @@ -26464,10 +28891,10 @@ Get the attributes of all domains of all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_getattr_all_entry_files( @@ -26491,10 +28918,10 @@ files for all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_getattr_all_sockets( @@ -26518,10 +28945,10 @@ sockets, for all socket types.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_getattr_confined_domains( @@ -26544,10 +28971,10 @@ Get the attributes of all confined domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_getsession_all_domains( @@ -26570,10 +28997,10 @@ Get the session ID of all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_kill_all_domains( @@ -26596,10 +29023,10 @@ Send a kill signal to all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_obj_id_change_exempt( @@ -26623,10 +29050,10 @@ changing the user identity in object contexts.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_ptrace_all_domains( @@ -26649,10 +29076,10 @@ Ptrace all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_read_all_domains_state( @@ -26675,10 +29102,10 @@ Read the process state (/proc/pid) of all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_read_all_entry_files( @@ -26701,10 +29128,10 @@ Summary is missing!
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_read_confined_domains_state( @@ -26727,10 +29154,10 @@ Read the process state (/proc/pid) of all confined domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_role_change_exempt( @@ -26754,10 +29181,10 @@ changing of role.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_search_all_domains_state( @@ -26780,10 +29207,10 @@ Search the process state directory (/proc/pid) of all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_setpriority_all_domains( @@ -26806,10 +29233,10 @@ Summary is missing!
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_sigchld_all_domains( @@ -26832,10 +29259,10 @@ Send a child terminated signal to all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_sigchld_wide_inherit_fd( @@ -26859,10 +29286,10 @@ discriptors are widely inheritable.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_signal_all_domains( @@ -26885,10 +29312,10 @@ Send general signals to all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_signull_all_domains( @@ -26911,10 +29338,10 @@ Send a null signal to all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_sigstop_all_domains( @@ -26937,10 +29364,10 @@ Send a stop signal to all domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_subj_id_change_exempt( @@ -26964,10 +29391,10 @@ changing of user identity.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_system_change_exempt( @@ -26992,10 +29419,10 @@ identity and system role.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_type( @@ -27018,10 +29445,10 @@ Make the specified type usable as a domain.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_unconfined( @@ -27044,10 +29471,10 @@ Unconfined access to domains.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_use_wide_inherit_fd( @@ -27070,10 +29497,10 @@ Summary is missing!
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_user_exemption_target( @@ -27099,10 +29526,10 @@ constraints.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_wide_inherit_fd( @@ -27125,10 +29552,36 @@ Summary is missing!
-Module: +Module: +dovecot

+Layer: +services

+

+ +dovecot_manage_spool( + + + + + domain + + + )
+
+ +
+

+Create, read, write, and delete the dovecot spool files. +

+
+ +
+ +
+Module: files

-Layer: -system

+Layer: +kernel

files_associate_tmp( @@ -27153,10 +29606,37 @@ temporary directory (/tmp).
-Module: +Module: files

-Layer: -system

+Layer: +kernel

+

+ +files_config_file( + + + + + file_type + + + )
+
+ +
+

+Make the specified type a +configuration file. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

files_create_boot_flag( @@ -27179,10 +29659,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_create_etc_config( @@ -27205,10 +29685,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_create_home_dirs( @@ -27239,10 +29719,10 @@ Create home directories
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_create_lock( @@ -27265,10 +29745,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_create_pid( @@ -27291,10 +29771,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_create_root( @@ -27343,10 +29823,10 @@ default is file.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_create_tmp_files( @@ -27369,10 +29849,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_create_usr( @@ -27415,10 +29895,10 @@ Create objects in the /usr directory
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_create_var( @@ -27461,10 +29941,10 @@ Create objects in the /var directory
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_create_var_lib( @@ -27507,10 +29987,10 @@ Create objects in the /var/lib directory
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_delete_all_locks( @@ -27533,10 +30013,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_delete_all_pid_dirs( @@ -27559,10 +30039,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_delete_all_pids( @@ -27585,10 +30065,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_delete_etc_files( @@ -27611,10 +30091,10 @@ Delete system configuration files in /etc.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_delete_root_dir_entry( @@ -27637,10 +30117,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_all_dirs( @@ -27664,10 +30144,10 @@ of all directories.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_all_files( @@ -27691,10 +30171,10 @@ of all files.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_all_pipes( @@ -27718,10 +30198,10 @@ of all named pipes.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_all_sockets( @@ -27745,10 +30225,10 @@ of all named sockets.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_all_symlinks( @@ -27772,10 +30252,10 @@ of all symbolic links.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_default_dir( @@ -27799,10 +30279,10 @@ directories with the default file type.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_default_files( @@ -27826,10 +30306,10 @@ files with the default file type.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_home_dir( @@ -27854,10 +30334,10 @@ attributes of the home directories root
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_non_security_blk_dev( @@ -27881,10 +30361,10 @@ of non security block devices.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_non_security_chr_dev( @@ -27908,10 +30388,10 @@ of non security character devices.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_non_security_files( @@ -27935,10 +30415,10 @@ of non security files.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_non_security_pipes( @@ -27962,10 +30442,10 @@ of non security named pipes.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_non_security_sockets( @@ -27989,10 +30469,10 @@ of non security named sockets.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_non_security_symlinks( @@ -28016,10 +30496,10 @@ of non security symbolic links.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_pid_dir( @@ -28043,10 +30523,10 @@ of the /var/run directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_getattr_tmp_dir( @@ -28070,10 +30550,10 @@ attributes of the tmp directory (/tmp).
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_ioctl_all_pids( @@ -28096,10 +30576,10 @@ Do not audit attempts to ioctl daemon runtime data files.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_list_default( @@ -28123,10 +30603,10 @@ directories with the default file type.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_list_non_security( @@ -28150,10 +30630,10 @@ non security directories.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_read_default_files( @@ -28177,10 +30657,10 @@ with the default file type.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_read_etc_runtime_files( @@ -28205,10 +30685,10 @@ created on boot, such as mtab.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_read_root_file( @@ -28231,10 +30711,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_rw_root_chr_dev( @@ -28257,10 +30737,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_rw_root_file( @@ -28283,10 +30763,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_search_all_dirs( @@ -28309,10 +30789,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_search_home( @@ -28336,10 +30816,10 @@ home directories root (/home).
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_search_isid_type_dir( @@ -28363,10 +30843,10 @@ that have not yet been labeled.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_search_locks( @@ -28390,10 +30870,10 @@ locks directory (/var/lock).
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_search_pids( @@ -28417,10 +30897,10 @@ the /var/run directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_search_src( @@ -28443,10 +30923,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_search_var( @@ -28470,10 +30950,10 @@ the contents of /var.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_dontaudit_write_all_pids( @@ -28496,10 +30976,10 @@ Do not audit attempts to write to daemon runtime data files.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_exec_etc_files( @@ -28522,10 +31002,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_exec_usr_files( @@ -28548,10 +31028,10 @@ Execute generic programs in /usr in the caller domain.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_exec_usr_src_files( @@ -28574,10 +31054,10 @@ Execute programs in /usr/src in the caller domain.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_getattr_all_dirs( @@ -28600,10 +31080,37 @@ Get the attributes of all directories.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

+

+ +files_getattr_all_file_type_sockets( + + + + + domain + + + )
+
+ +
+

+Get the attributes of all sockets +with the type of a file. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

files_getattr_all_files( @@ -28626,10 +31133,10 @@ Get the attributes of all files.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_getattr_all_pipes( @@ -28652,10 +31159,10 @@ Get the attributes of all named pipes.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_getattr_all_sockets( @@ -28678,10 +31185,10 @@ Get the attributes of all named sockets.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_getattr_all_symlinks( @@ -28704,10 +31211,10 @@ Get the attributes of all symbolic links.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_getattr_generic_locks( @@ -28730,10 +31237,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_getattr_home_dir( @@ -28757,10 +31264,36 @@ Get the attributes of the home directories root
-Module: +Module: files

-Layer: -system

+Layer: +kernel

+

+ +files_getattr_tmp_dir( + + + + + domain + + + )
+
+ +
+

+Get the attributes of the tmp directory (/tmp). +

+
+ +
+ +
+Module: +files

+Layer: +kernel

files_getattr_usr_files( @@ -28783,10 +31316,10 @@ Get the attributes of files in /usr.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_getattr_var_lib_dir( @@ -28809,13 +31342,13 @@ Get the attributes of the /var/lib directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

-files_list_all_dirs( +files_list_all( @@ -28835,10 +31368,10 @@ List the contents of all directories.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_list_all_dirs( @@ -28861,10 +31394,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_list_default( @@ -28887,10 +31420,10 @@ List contents of directories with the default file type.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_list_etc( @@ -28913,10 +31446,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_list_home( @@ -28939,10 +31472,10 @@ Get listing of home directories.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_list_isid_type_dir( @@ -28966,10 +31499,10 @@ that have not yet been labeled.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_list_mnt( @@ -28992,10 +31525,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_list_pids( @@ -29018,10 +31551,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_list_root( @@ -29044,10 +31577,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_list_spool( @@ -29070,10 +31603,36 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

+

+ +files_list_tmp( + + + + + domain + + + )
+
+ +
+

+Read the tmp directory (/tmp). +

+
+ +
+ +
+Module: +files

+Layer: +kernel

files_list_usr( @@ -29097,10 +31656,10 @@ directories in /usr.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_list_var( @@ -29123,10 +31682,10 @@ List the contents of /var.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_list_var_lib( @@ -29149,10 +31708,10 @@ List the contents of the /var/lib directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_list_world_readable( @@ -29175,10 +31734,10 @@ List world-readable directories.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_lock_file( @@ -29201,10 +31760,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_all_files( @@ -29240,10 +31799,10 @@ the listed exceptions.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_etc_files( @@ -29266,10 +31825,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_etc_runtime_files( @@ -29294,10 +31853,10 @@ such as mtab.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_generic_locks( @@ -29320,10 +31879,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_generic_spool_dirs( @@ -29346,10 +31905,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_generic_spools( @@ -29372,10 +31931,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_isid_type_blk_node( @@ -29399,10 +31958,10 @@ on new filesystems that have not yet been labeled.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_isid_type_chr_node( @@ -29426,10 +31985,10 @@ on new filesystems that have not yet been labeled.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_isid_type_dir( @@ -29453,10 +32012,10 @@ on new filesystems that have not yet been labeled.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_isid_type_file( @@ -29480,10 +32039,10 @@ on new filesystems that have not yet been labeled.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_isid_type_symlink( @@ -29507,10 +32066,10 @@ on new filesystems that have not yet been labeled.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_lost_found( @@ -29534,10 +32093,10 @@ lost+found directories.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_mnt_dirs( @@ -29560,10 +32119,10 @@ Create, read, write, and delete directories in /mnt.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_mnt_files( @@ -29586,10 +32145,10 @@ Create, read, write, and delete files in /mnt.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_mnt_symlinks( @@ -29612,10 +32171,37 @@ Create, read, write, and delete symbolic links in /mnt.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

+

+ +files_manage_mounttab( + + + + + domain + + + )
+
+ +
+

+Allow domain to manage mount tables +necessary for rpcd, nfsd, etc. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

files_manage_urandom_seed( @@ -29638,10 +32224,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_var_dirs( @@ -29665,10 +32251,10 @@ in the /var directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_var_files( @@ -29691,10 +32277,10 @@ Create, read, write, and delete files in the /var directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_manage_var_symlinks( @@ -29718,10 +32304,10 @@ links in the /var directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_mount_all_file_type_fs( @@ -29744,10 +32330,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_mounton_all_mountpoints( @@ -29770,10 +32356,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_mounton_default( @@ -29796,10 +32382,10 @@ Mount a filesystem on a directory with the default file type.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_mounton_isid_type_dir( @@ -29823,10 +32409,10 @@ that has not yet been labeled.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_mounton_mnt( @@ -29849,10 +32435,10 @@ Mount a filesystem on /mnt.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_mountpoint( @@ -29875,10 +32461,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_pid_file( @@ -29901,10 +32487,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_poly( @@ -29928,10 +32514,10 @@ polyinstantiated directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_poly_member( @@ -29955,10 +32541,10 @@ polyinstantiation member directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_poly_member_tmp( @@ -29990,10 +32576,10 @@ type of polyinstantiated directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_poly_parent( @@ -30017,10 +32603,10 @@ of a polyinstantiated directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_purge_tmp( @@ -30043,10 +32629,101 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

+

+ +files_read_all_blk_nodes( + + + + + domain + + + )
+
+ +
+

+Read all block nodes with file types. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_read_all_chr_nodes( + + + + + domain + + + )
+
+ +
+

+Read all character nodes with file types. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_read_all_dirs_except( + + + + + domain + + + + , + + + + [ + + exception_types + + ] + + + )
+
+ +
+

+Read all directories on the filesystem, except +the listed exceptions. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

files_read_all_files( @@ -30069,10 +32746,49 @@ Read all files.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

+

+ +files_read_all_files_except( + + + + + domain + + + + , + + + + [ + + exception_types + + ] + + + )
+
+ +
+

+Read all files on the filesystem, except +the listed exceptions. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

files_read_all_pids( @@ -30095,10 +32811,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_all_symlinks( @@ -30121,10 +32837,49 @@ Read all symbolic links.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

+

+ +files_read_all_symlinks_except( + + + + + domain + + + + , + + + + [ + + exception_types + + ] + + + )
+
+ +
+

+Read all symbloic links on the filesystem, except +the listed exceptions. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

files_read_default_files( @@ -30147,10 +32902,10 @@ Read files with the default file type.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_default_pipes( @@ -30173,10 +32928,10 @@ Read named pipes with the default file type.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_default_sockets( @@ -30199,10 +32954,10 @@ Read sockets with the default file type.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_default_symlinks( @@ -30225,10 +32980,10 @@ Read symbolic links with the default file type.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_etc_files( @@ -30251,10 +33006,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_etc_runtime_files( @@ -30278,10 +33033,10 @@ created on boot, such as mtab.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_generic_spools( @@ -30304,10 +33059,62 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

+

+ +files_read_generic_tmp_files( + + + + + domain + + + )
+
+ +
+

+Read files in the tmp directory (/tmp). +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_read_generic_tmp_symlinks( + + + + + domain + + + )
+
+ +
+

+Read symbolic links in the tmp directory (/tmp). +

+
+ +
+ +
+Module: +files

+Layer: +kernel

files_read_isid_type_file( @@ -30331,10 +33138,10 @@ that have not yet been labeled.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_usr_files( @@ -30357,10 +33164,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_usr_src_files( @@ -30383,10 +33190,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_usr_symlinks( @@ -30409,10 +33216,10 @@ Read symbolic links in /usr.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_var_files( @@ -30435,10 +33242,10 @@ Read files in the /var directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_var_lib_files( @@ -30461,10 +33268,10 @@ Read generic files in /var/lib.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_var_lib_symlinks( @@ -30487,10 +33294,10 @@ Read generic symbolic links in /var/lib
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_var_symlink( @@ -30513,10 +33320,10 @@ Read symbolic links in the /var directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_world_readable_files( @@ -30539,10 +33346,10 @@ Read world-readable files.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_world_readable_pipes( @@ -30565,10 +33372,10 @@ Read world-readable named pipes.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_world_readable_sockets( @@ -30591,10 +33398,10 @@ Read world-readable sockets.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_read_world_readable_symlinks( @@ -30617,10 +33424,10 @@ Read world-readable symbolic links.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_relabel_all_files( @@ -30656,10 +33463,36 @@ the listed exceptions.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

+

+ +files_relabel_etc_files( + + + + + domain + + + )
+
+ +
+

+Relabel from and to generic files in /etc. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

files_relabelto_all_file_type_fs( @@ -30682,10 +33515,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_relabelto_usr_files( @@ -30708,10 +33541,10 @@ Relabel a file to the type used in /usr.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_rw_etc_files( @@ -30734,10 +33567,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_rw_etc_runtime_files( @@ -30761,10 +33594,10 @@ created on boot, such as mtab.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_rw_generic_pids( @@ -30787,10 +33620,36 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

+

+ +files_rw_generic_tmp_sockets( + + + + + domain + + + )
+
+ +
+

+Read and write generic named sockets in the tmp directory (/tmp). +

+
+ +
+ +
+Module: +files

+Layer: +kernel

files_rw_isid_type_blk_node( @@ -30814,10 +33673,10 @@ that have not yet been labeled.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_rw_isid_type_dir( @@ -30841,10 +33700,10 @@ that have not yet been labeled.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_rw_locks_dir( @@ -30868,10 +33727,10 @@ directories.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_all( @@ -30894,10 +33753,10 @@ Search all directories.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_all_dirs( @@ -30920,10 +33779,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_default( @@ -30946,10 +33805,10 @@ Search the contents of directories with the default file type.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_etc( @@ -30972,10 +33831,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_home( @@ -30998,10 +33857,10 @@ Search home directories root (/home).
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_locks( @@ -31024,10 +33883,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_mnt( @@ -31050,10 +33909,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_pids( @@ -31076,10 +33935,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_spool( @@ -31102,10 +33961,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_tmp( @@ -31128,10 +33987,10 @@ Search the tmp directory (/tmp).
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_usr( @@ -31154,10 +34013,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_var( @@ -31180,10 +34039,10 @@ Search the contents of /var.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_search_var_lib( @@ -31206,10 +34065,36 @@ Search the /var/lib directory.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

+

+ +files_search_var_lib_dir( + + + + + domain + + + )
+
+ +
+

+Search directories in /var/lib. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

files_security_file( @@ -31234,10 +34119,10 @@ browsing from user domains.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_setattr_all_tmp_dirs( @@ -31260,10 +34145,10 @@ Set the attributes of all tmp directories.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_setattr_etc_dir( @@ -31286,10 +34171,10 @@ Set the attributes of the /etc directories.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_tmp_file( @@ -31313,10 +34198,10 @@ used for temporary files.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_tmpfs_file( @@ -31340,10 +34225,10 @@ virtual memory filesystem (tmpfs).
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_type( @@ -31367,10 +34252,10 @@ in a filesystem.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_unconfined( @@ -31393,10 +34278,10 @@ Unconfined access to files.
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_unmount_all_file_type_fs( @@ -31419,10 +34304,10 @@ Summary is missing!
-Module: +Module: files

-Layer: -system

+Layer: +kernel

files_unmount_rootfs( @@ -32418,6 +35303,33 @@ attributes, such as ext3, JFS, or XFS.
+Module: +filesystem

+Layer: +kernel

+

+ +fs_getattr_all_dirs( + + + + + domain + + + )
+
+ +
+

+Get the attributes of all directories +with a filesystem type. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_getattr_rpc_dirs( + + + + + domain + + + )
+
+ +
+

+Read directories of RPC file system pipes. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_list_noxattr_fs( + + + + + domain + + + )
+
+ +
+

+Read all noxattrfs directories. +

+
+ +
+ +
-Module: +Module: filesystem

Layer: kernel

-fs_read_cifs_files( +fs_read_cifs_symlinks( @@ -33810,21 +36774,20 @@ kernel

-Do not audit attempts to read or -write files on a CIFS or SMB filesystems. +Read symbolic links on a CIFS or SMB filesystem.

-Module: +Module: filesystem

Layer: kernel

-fs_read_cifs_symlinks( +fs_read_nfs_files( @@ -33837,20 +36800,20 @@ kernel

-Read symbolic links on a CIFS or SMB filesystem. +Read files on a NFS filesystem.

-Module: +Module: filesystem

Layer: kernel

-fs_read_nfs_files( +fs_read_nfs_symlinks( @@ -33863,20 +36826,20 @@ kernel

-Read files on a NFS filesystem. +Read symbolic links on a NFS filesystem.

-Module: +Module: filesystem

Layer: kernel

-fs_read_nfs_symlinks( +fs_read_noxattr_fs_files( @@ -33889,7 +36852,137 @@ kernel

-Read symbolic links on a NFS filesystem. +Read all noxattrfs files. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_read_noxattr_fs_symlinks( + + + + + domain + + + )
+
+ +
+

+Read all noxattrfs symbolic links. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_read_rpc_dirs( + + + + + domain + + + )
+
+ +
+

+Read directories of RPC file system pipes. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_read_rpc_files( + + + + + domain + + + )
+
+ +
+

+Read files of RPC file system pipes. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_read_rpc_sockets( + + + + + domain + + + )
+
+ +
+

+Read sockets of RPC file system pipes. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_read_rpc_symlinks( + + + + + domain + + + )
+
+ +
+

+Read symbolic links of RPC file system pipes.

@@ -34388,6 +37481,84 @@ some mount options to be changed.
+Module: +filesystem

+Layer: +kernel

+

+ +fs_rw_nfsd_fs( + + + + + domain + + + )
+
+ +
+

+Read and write NFS server files. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_rw_ramfs_pipe( + + + + + domain + + + )
+
+ +
+

+Read and write a named pipe on a ramfs filesystem. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_rw_tmpfs_file( + + + + + domain + + + )
+
+ +
+

+Read and write generic tmpfs files. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_search_nfsd_fs( + + + + + domain + + + )
+
+ +
+

+Search NFS server directories. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_write_nfs_files( + + + + + domain + + + )
+
+ +
+

+Read files on a NFS filesystem. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_write_ramfs_pipe( + + + + + domain + + + )
+
+ +
+

+Write to named pipe on a ramfs filesystem. +

+
+ +
+ +
+Module: +hal

+Layer: +services

+

+ +hal_dbus_chat( + + + + + domain + + + )
+
+ +
+

+Send and receive messages from +hal over dbus. +

+
+ +
+ +
+Module: +hal

+Layer: +services

+

+ +hal_dbus_send( + + + + + domain + + + )
+
+ +
+

+Send a dbus message to hal. +

+
+ +
+ +
+Module: +hal

+Layer: +services

+

+ +hal_dgram_sendto( + + + + + domain + + + )
+
+ +
+

+Send to hal over a unix domain +datagram socket. +

+
+ +
+ +
+Module: +hal

+Layer: +services

+

+ +hal_domtrans( + + + + + domain + + + )
+
+ +
+

+Execute hal in the hal domain. +

+
+ +
+ +
+Module: +hal

+Layer: +services

+

+ +hal_stream_connect( + + + + + domain + + + )
+
+ +
+

+Send to hal over a unix domain +stream socket. +

+
+ +
+ +
+Module: +howl

+Layer: +services

+

+ +howl_signal( + + + + + domain + + + )
+
+ +
+

+Send generic signals to howl. +

+
+ +
+ +
+Module: +i18n_input

+Layer: +services

+

+ +i18n_use( + + + + + domain + + + )
+
+ +
+

+Use i18n_input over a TCP connection. +

+
+ +
+ +
+Module: +inetd

+Layer: +services

+

+ +inetd_rw_tcp_socket( + + + + + domain + + + )
+
+ +
+

+Read and write inetd TCP sockets. +

+
+ +
+ +
+Module: +init

+Layer: +system

+

+ +init_create_script_tmp( + + + + + domain + + + + , + + + + file_type + + + + , + + + + [ + + object_class + + ] + + + )
+
+ +
+

+Create files in a init script +temporary data directory. +

+
+ +
+ +
+Module: +init

+Layer: +system

+

+ +init_dbus_chat_script( + + + + + domain + + + )
+
+ +
+

+Send and receive messages from +init scripts over dbus. +

+
+ +
+ +
Module: init

Layer: @@ -36341,7 +39875,7 @@ system

- ? + domain )
@@ -36349,7 +39883,8 @@ system

-Summary is missing! +Do not audit attempts to read and +write the init script pty.

@@ -36512,6 +40047,58 @@ Summary is missing!
+Module: +init

+Layer: +system

+

+ +init_getattr_script_entry_file( + + + + + domain + + + )
+
+ +
+

+Get the attribute of init script entrypoint files. +

+
+ +
+ +
+Module: +init

+Layer: +system

+

+ +init_getattr_script_pids( + + + + + domain + + + )
+
+ +
+

+Get the attributes of init script process id files. +

+
+ +
+ +
-Module: +Module: init

Layer: system

-init_signull( +init_sigchld_script( @@ -36808,20 +40395,20 @@ system

-Send init a null signal. +Send SIGCHLD signals to init scripts.

-Module: +Module: init

Layer: system

-init_system_domain( +init_signal_script( @@ -36829,12 +40416,56 @@ system

domain + )
+

+ +
+

+Send generic signals to init scripts. +

+
+ +
+ +
+Module: +init

+Layer: +system

+

+ +init_signull( + - , + domain - entry_point + + )
+
+ +
+

+Send init a null signal. +

+
+ +
+ +
+Module: +init

+Layer: +system

+

+ +init_signull_script( + + + + + domain )
@@ -36842,21 +40473,20 @@ system

-Create a domain for short running processes -which can be started by init scripts. +Send null signals to init scripts.

-Module: +Module: init

Layer: system

-init_udp_sendto( +init_system_domain( @@ -36864,25 +40494,34 @@ system

domain + + , + + + + entry_point + + )

-Send UDP network traffic to init. +Create a domain for short running processes +which can be started by init scripts.

-Module: +Module: init

Layer: system

-init_udp_sendto_script( +init_udp_sendto( @@ -36895,20 +40534,20 @@ system

-Send UDP network traffic to init scripts. +Send UDP network traffic to init.

-Module: +Module: init

Layer: system

-init_unix_connect_script( +init_udp_sendto_script( @@ -36921,8 +40560,7 @@ system

-Allow the specified domain to connect to -init scripts with a unix domain stream socket. +Send UDP network traffic to init scripts.

@@ -37086,6 +40724,32 @@ Summary is missing!
+Module: +init

+Layer: +system

+

+ +init_write_script_pipe( + + + + + domain + + + )
+
+ +
+

+Write an init script unnamed pipe. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_dontaudit_getattr_unlabeled_chr_dev( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts by caller to get attributes for +unlabeled character devices. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_dontaudit_getattr_unlabeled_file( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts by caller to get the +attributes of an unlabeled file. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_dontaudit_getattr_unlabeled_pipes( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts by caller to get the +attributes of unlabeled named pipes. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_dontaudit_getattr_unlabeled_sockets( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts by caller to get the +attributes of unlabeled named sockets. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_dontaudit_getattr_unlabeled_symlinks( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts by caller to get the +attributes of unlabeled symbolic links. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_dontaudit_list_proc( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to list the +contents of directories in /proc. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_dontaudit_list_unlabeled( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to list unlabeled directories. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_dontaudit_read_proc_symlink( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts by caller to +read system state information in proc. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_dontaudit_read_unlabeled_file( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts by caller to +read an unlabeled file. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_getattr_proc_files( + + + + + domain + + + )
+
+ +
+

+Get the attributes of files in /proc. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_read_network_state_symlinks( + + + + + domain + + + )
+
+ +
+

+Allow caller to read the network state symbolic links. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_read_sysctl( + + + + + domain + + + )
+
+ +
+

+Allow access to read sysctl directories. +

+
+ +
+ +
-Module: +Module: kernel

Layer: kernel

-kernel_search_from( +kernel_search_network_state( - dir_type + domain )
@@ -39350,8 +43334,7 @@ kernel

-Allow the kernel to search the -specified directory. +Allow searching of network state directory.

@@ -39410,6 +43393,32 @@ Search directories in /proc.
+Module: +kernel

+Layer: +kernel

+

+ +kernel_search_vm_sysctl( + + + + + domain + + + )
+
+ +
+

+Allow caller to search virtual memory sysctls. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_sendrecv_unlabeled_association( + + + + + domain + + + )
+
+ +
+

+Send and receive messages from an +unlabeled IPSEC association. +

+
+ +
+ +
+Module: +libraries

+Layer: +system

+

+ +libs_use_lib( + + + + + domain + + + )
+
+ +
+

+Load and execute functions from generic +lib files as shared libraries. +

+
+ +
+ +
+Module: +logging

+Layer: +system

+

+ +logging_domtrans_auditctl( + + + + + domain + + + )
+
+ +
+

+Execute auditctl in the auditctl domain. +

+
+ +
+ +
+Module: +lpd

+Layer: +services

+

+ +lpd_domtrans_checkpc( + + + + + domain + + + )
+
+ +
+

+Execute lpd in the lpd domain. +

+
+ +
+ +
+Module: +lpd

+Layer: +services

+

+ +lpd_list_spool( + + + + + domain + + + )
+
+ +
+

+List the contents of the printer spool directories. +

+
+ +
+ +
+Module: +lpd

+Layer: +services

+

+ +lpd_manage_spool( + + + + + domain + + + )
+
+ +
+

+Create, read, write, and delete printer spool files. +

+
+ +
+ +
+Module: +lpd

+Layer: +services

+

+ +lpd_read_config( + + + + + domain + + + )
+
+ +
+

+List the contents of the printer spool directories. +

+
+ +
+ +
+Module: +lpd

+Layer: +services

+

+ +lpd_run_checkpc( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+ +
+

+Execute amrecover in the lpd domain, and +allow the specified role the lpd domain. +

+
+ +
+ +
+Module: +miscfiles

+Layer: +system

+

+ +miscfiles_dontaudit_search_man_pages( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to search man pages. +

+
+ +
+ +
+Module: +miscfiles

+Layer: +system

+

+ +miscfiles_manage_fonts( + + + + + domain + + + )
+
+ +
+

+Create, read, write, and delete fonts. +

+
+ +
+ +
+Module: +modutils

+Layer: +system

+

+ +modutils_domtrans_insmod_uncond( + + + + + domain + + + )
+
+ +
+

+Unconditionally execute insmod in the insmod domain. +

+
+ +
+ +
+Module: +mta

+Layer: +services

+

+ +mta_delete_spool( + + + + + domain + + + )
+
+ +
+

+Delete from the mail spool. +

+
+ +
+ +
+Module: +mta

+Layer: +services

+

+ +mta_dontaudit_rw_queue( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to read and +write the mail queue. +

+
+ +
+ +
+Module: +mta

+Layer: +services

+

+ +mta_read_config( + + + + + domain + + + )
+
+ +
+

+Read mail server configuration. +

+
+ +
+ +
+Module: +mta

+Layer: +services

+

+ +mta_read_sendmail_bin( + + + + + domain + + + )
+
+ +
+

+Read sendmail binary. +

+
+ +
+ +
+Module: +mta

+Layer: +services

+

+ +mta_rw_user_mail_stream_socket( + + + + + domain + + + )
+
+ +
+

+Read and write unix domain stream sockets +of user mail domains. +

+
+ +
+ +
Module: mta

Layer: @@ -43822,47 +48268,807 @@ admin

-Conditionally execute traceroute in the traceroute domain, and -allow the specified role the traceroute domain. +Conditionally execute traceroute in the traceroute domain, and +allow the specified role the traceroute domain. +

+
+ +
+ +
+Module: +networkmanager

+Layer: +services

+

+ +networkmanager_dbus_chat( + + + + + domain + + + )
+
+ +
+

+Send and receive messages from +NetworkManager over dbus. +

+
+ +
+ +
+Module: +networkmanager

+Layer: +services

+

+ +networkmanager_rw_packet_socket( + + + + + domain + + + )
+
+ +
+

+Read and write NetworkManager packet sockets. +

+
+ +
+ +
+Module: +networkmanager

+Layer: +services

+

+ +networkmanager_rw_routing_socket( + + + + + domain + + + )
+
+ +
+

+Read and write NetworkManager netlink +routing sockets. +

+
+ +
+ +
+Module: +networkmanager

+Layer: +services

+

+ +networkmanager_rw_udp_socket( + + + + + domain + + + )
+
+ +
+

+Read and write NetworkManager UDP sockets. +

+
+ +
+ +
+Module: +nis

+Layer: +services

+

+ +nis_delete_ypbind_pid( + + + + + domain + + + )
+
+ +
+

+Delete ypbind pid files. +

+
+ +
+ +
+Module: +nis

+Layer: +services

+

+ +nis_domtrans_ypbind( + + + + + domain + + + )
+
+ +
+

+Execute ypbind in the ypbind domain. +

+
+ +
+ +
+Module: +nis

+Layer: +services

+

+ +nis_list_var_yp( + + + + + domain + + + )
+
+ +
+

+List the contents of the NIS data directory. +

+
+ +
+ +
+Module: +nis

+Layer: +services

+

+ +nis_read_ypbind_pid( + + + + + domain + + + )
+
+ +
+

+Read ypbind pid files. +

+
+ +
+ +
+Module: +nis

+Layer: +services

+

+ +nis_read_ypserv_config( + + + + + domain + + + )
+
+ +
+

+Read ypserv configuration files. +

+
+ +
+ +
+Module: +nis

+Layer: +services

+

+ +nis_signal_ypbind( + + + + + domain + + + )
+
+ +
+

+Send generic signals to ypbind. +

+
+ +
+ +
+Module: +nis

+Layer: +services

+

+ +nis_tcp_connect_ypbind( + + + + + domain + + + )
+
+ +
+

+Connect to ypbind over TCP. +

+
+ +
+ +
+Module: +nis

+Layer: +services

+

+ +nis_udp_sendto_ypbind( + + + + + domain + + + )
+
+ +
+

+Send UDP network traffic to NIS clients. +

+
+ +
+ +
+Module: +nis

+Layer: +services

+

+ +nis_use_ypbind( + + + + + domain + + + )
+
+ +
+

+Use the ypbind service to access NIS services. +

+
+ +
+ +
+Module: +nis

+Layer: +services

+

+ +nis_use_ypbind_uncond( + + + + + domain + + + )
+
+ +
+

+Use the ypbind service to access NIS services +unconditionally. +

+
+ +
+ +
+Module: +nscd

+Layer: +services

+

+ +nscd_domtrans( + + + + + domain + + + )
+
+ +
+

+Execute NSCD in the nscd domain. +

+
+ +
+ +
+Module: +nscd

+Layer: +services

+

+ +nscd_read_pid( + + + + + domain + + + )
+
+ +
+

+Read NSCD pid file. +

+
+ +
+ +
+Module: +nscd

+Layer: +services

+

+ +nscd_unconfined( + + + + + domain + + + )
+
+ +
+

+Unconfined access to NSCD services. +

+
+ +
+ +
+Module: +nscd

+Layer: +services

+

+ +nscd_use_shared_mem( + + + + + domain + + + )
+
+ +
+

+Use NSCD services by mapping the database from +an inherited NSCD file descriptor. +

+
+ +
+ +
+Module: +nscd

+Layer: +services

+

+ +nscd_use_socket( + + + + + domain + + + )
+
+ +
+

+Use NSCD services by connecting using +a unix stream socket. +

+
+ +
+ +
+Module: +ntp

+Layer: +services

+

+ +ntp_domtrans( + + + + + domain + + + )
+
+ +
+

+Execute ntp server in the ntpd domain. +

+
+ +
+ +
+Module: +ntp

+Layer: +services

+

+ +ntp_domtrans_ntpdate( + + + + + domain + + + )
+
+ +
+

+Execute ntp server in the ntpd domain. +

+
+ +
+ +
+Module: +ntp

+Layer: +services

+

+ +ntp_stub( + + + + + [ + + domain + + ] + + + )
+
+ +
+

+NTP stub interface. No access allowed. +

+
+ +
+ +
+Module: +pcmcia

+Layer: +system

+

+ +pcmcia_domtrans_cardctl( + + + + + domain + + + )
+
+ +
+

+Execute cardctl in the cardmgr domain. +

+
+ +
+ +
+Module: +pcmcia

+Layer: +system

+

+ +pcmcia_domtrans_cardmgr( + + + + + domain + + + )
+
+ +
+

+Execute cardmgr in the cardmgr domain. +

+
+ +
+ +
+Module: +pcmcia

+Layer: +system

+

+ +pcmcia_manage_pid( + + + + + domain + + + )
+
+ +
+

+Create, read, write, and delete +cardmgr pid files. +

+
+ +
+ +
+Module: +pcmcia

+Layer: +system

+

+ +pcmcia_manage_runtime_chr( + + + + + domain + + + )
+
+ +
+

+Create, read, write, and delete +cardmgr runtime character nodes. +

+
+ +
+ +
+Module: +pcmcia

+Layer: +system

+

+ +pcmcia_read_pid( + + + + + domain + + + )
+
+ +
+

+Read cardmgr pid files. +

+
+ +
+ +
+Module: +pcmcia

+Layer: +system

+

+ +pcmcia_run_cardctl( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+ +
+

+Execute cardmgr in the cardctl domain, and +allow the specified role the cardmgr domain.

-Module: -nis

-Layer: -services

+Module: +pcmcia

+Layer: +system

-nis_list_var_yp( +pcmcia_stub( + [ + domain + ] + )

-Send UDP network traffic to NIS clients. +PCMCIA stub interface. No access allowed.

-Module: -nis

-Layer: -services

+Module: +pcmcia

+Layer: +system

-nis_signal_ypbind( +pcmcia_use_cardmgr_fd( @@ -43875,20 +49081,20 @@ services

-Send generic signals to ypbind. +Inherit and use file descriptors from cardmgr.

-Module: -nis

+Module: +portmap

Layer: services

-nis_udp_sendto_ypbind( +portmap_domtrans_helper( @@ -43901,20 +49107,20 @@ services

-Send UDP network traffic to NIS clients. +Execute portmap_helper in the helper domain.

-Module: -nis

+Module: +portmap

Layer: services

-nis_use_ypbind( +portmap_run_helper( @@ -43922,30 +49128,20 @@ services

domain - )
-

- -
-

-Use the ypbind service to access NIS services. -

-
- -
- -
-Module: -nis

-Layer: -services

-

- -nis_use_ypbind_uncond( + + , + + + + role + + , - domain + + terminal )
@@ -43953,21 +49149,22 @@ services

-Use the ypbind service to access NIS services -unconditionally. +Execute portmap helper in the helper domain, and +allow the specified role the helper domain. +Communicate with portmap.

-Module: -nscd

+Module: +portmap

Layer: services

-nscd_domtrans( +portmap_tcp_connect( @@ -43980,20 +49177,20 @@ services

-Execute NSCD in the nscd domain. +Connect to portmap over a TCP socket

-Module: -nscd

+Module: +portmap

Layer: services

-nscd_read_pid( +portmap_udp_sendrecv( @@ -44006,20 +49203,20 @@ services

-Read NSCD pid file. +Send and receive UDP network traffic from portmap.

-Module: -nscd

+Module: +portmap

Layer: services

-nscd_unconfined( +portmap_udp_sendto( @@ -44032,20 +49229,20 @@ services

-Unconfined access to NSCD services. +Send UDP network traffic to portmap.

-Module: -nscd

+Module: +postfix

Layer: services

-nscd_use_shared_mem( +postfix_create_config( @@ -44053,31 +49250,24 @@ services

domain - )
-

- -
-

-Use NSCD services by mapping the database from -an inherited NSCD file descriptor. -

-
- -
- -
-Module: -nscd

-Layer: -services

-

- -nscd_use_socket( + + , + + + + private type + + , + - domain + [ + + object + + ] )
@@ -44085,21 +49275,21 @@ services

-Use NSCD services by connecting using -a unix stream socket. +Create files with the specified type in +the postfix configuration directories.

-Module: -ntp

+Module: +postfix

Layer: services

-ntp_domtrans( +postfix_domtrans_map( @@ -44112,20 +49302,20 @@ services

-Execute ntp server in the ntpd domain. +Execute postfix_map in the postfix_map domain.

-Module: -ntp

+Module: +postfix

Layer: services

-ntp_domtrans_ntpdate( +postfix_domtrans_master( @@ -44138,50 +49328,48 @@ services

-Execute ntp server in the ntpd domain. +Execute the master postfix program in the +postfix_master domain.

-Module: -ntp

+Module: +postfix

Layer: services

-ntp_stub( +postfix_domtrans_user_mail_handler( - [ - domain - ] - )

-NTP stub interface. No access allowed. +Execute postfix user mail programs +in their respective domains.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_domtrans_cardctl( +postfix_dontaudit_rw_local_tcp_socket( @@ -44194,20 +49382,22 @@ system

-Execute cardctl in the cardmgr domain. +Do not audit attempts to read and +write postfix local delivery +TCP sockets.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_domtrans_cardmgr( +postfix_dontaudit_use_fd( @@ -44220,20 +49410,22 @@ system

-Execute cardmgr in the cardmgr domain. +Do not audit attempts to use +postfix master process file +file descriptors.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_manage_pid( +postfix_exec_master( @@ -44246,21 +49438,21 @@ system

-Create, read, write, and delete -cardmgr pid files. +Execute the master postfix program in the +caller domain.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_manage_runtime_chr( +postfix_list_spool( @@ -44273,21 +49465,20 @@ system

-Create, read, write, and delete -cardmgr runtime character nodes. +List postfix mail spool directories.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_read_pid( +postfix_read_config( @@ -44300,20 +49491,20 @@ system

-Read cardmgr pid files. +Read postfix configuration files.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_run_cardctl( +postfix_run_map( @@ -44342,21 +49533,21 @@ system

-Execute cardmgr in the cardctl domain, and -allow the specified role the cardmgr domain. +Execute postfix_map in the postfix_map domain, and +allow the specified role the postfix_map domain.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_use_cardmgr_fd( +postfix_search_spool( @@ -44369,46 +49560,50 @@ system

-Inherit and use file descriptors from cardmgr. +Search postfix mail spool directories.

-Module: -portmap

+Module: +postfix

Layer: services

-portmap_domtrans_helper( +postfix_stub( + [ + domain + ] + )

-Execute portmap_helper in the helper domain. +Postfix stub interface. No access allowed.

-Module: -portmap

+Module: +postgresql

Layer: services

-portmap_run_helper( +postgresql_domtrans( @@ -44416,20 +49611,30 @@ services

domain - - , - - - - role - + )
+

+ +
+

+Execute postgresql in the postgresql domain. +

+
+ +
+ +
+Module: +postgresql

+Layer: +services

+

+ +postgresql_manage_db( - , - - terminal + domain )
@@ -44437,22 +49642,20 @@ services

-Execute portmap helper in the helper domain, and -allow the specified role the helper domain. -Communicate with portmap. +Allow the specified domain to manage postgresql's database.

-Module: -portmap

+Module: +postgresql

Layer: services

-portmap_udp_sendto( +postgresql_read_config( @@ -44465,20 +49668,20 @@ services

-Send UDP network traffic to portmap. +Allow the specified domain to read postgresql's etc.

-Module: +Module: postgresql

Layer: services

-postgresql_domtrans( +postgresql_search_db_dir( @@ -44491,20 +49694,20 @@ services

-Execute postgresql in the postgresql domain. +Allow the specified domain to search postgresql's database directory.

-Module: +Module: postgresql

Layer: services

-postgresql_manage_db( +postgresql_tcp_connect( @@ -44517,20 +49720,20 @@ services

-Allow the specified domain to manage postgresql's database. +Allow the specified domain to connect to postgresql with a tcp socket.

-Module: +Module: postgresql

Layer: services

-postgresql_read_config( +postgresql_unix_connect( @@ -44543,20 +49746,20 @@ services

-Allow the specified domain to read postgresql's etc. +Allow the specified domain to connect to postgresql with a unix socket.

-Module: -postgresql

+Module: +ppp

Layer: services

-postgresql_search_db_dir( +ppp_domtrans( @@ -44569,20 +49772,20 @@ services

-Allow the specified domain to search postgresql's database directory. +Execute domain in the ppp domain.

-Module: -postgresql

+Module: +ppp

Layer: services

-postgresql_tcp_connect( +ppp_dontaudit_use_fd( @@ -44595,20 +49798,21 @@ services

-Allow the specified domain to connect to postgresql with a tcp socket. +Do not audit attempts to inherit +and use PPP file discriptors.

-Module: -postgresql

+Module: +ppp

Layer: services

-postgresql_unix_connect( +ppp_run( @@ -44621,20 +49825,20 @@ services

-Allow the specified domain to connect to postgresql with a unix socket. +Unconditionally execute ppp daemon on behalf of a user or staff type.

-Module: +Module: ppp

Layer: services

-ppp_domtrans( +ppp_run_cond( @@ -44647,20 +49851,20 @@ services

-Execute domain in the ppp domain. +Conditionally execute ppp daemon on behalf of a user or staff type.

-Module: +Module: ppp

Layer: services

-ppp_run( +ppp_sigchld( @@ -44673,20 +49877,20 @@ services

-Unconditionally execute ppp daemon on behalf of a user or staff type. +Send a SIGCHLD signal to PPP.

-Module: +Module: ppp

Layer: services

-ppp_run_cond( +ppp_signal( @@ -44699,20 +49903,20 @@ services

-Conditionally execute ppp daemon on behalf of a user or staff type. +Send a generic signal to PPP.

-Module: +Module: ppp

Layer: services

-ppp_sigchld( +ppp_use_fd( @@ -44725,20 +49929,20 @@ services

-Allow domain to send sigchld to parent of PPP domain type. +Use PPP file discriptors.

-Module: -ppp

+Module: +procmail

Layer: services

-ppp_signal( +procmail_domtrans( @@ -44751,20 +49955,20 @@ services

-Allow domain to send a signal to PPP domain type. +Execute procmail with a domain transition.

-Module: -ppp

+Module: +procmail

Layer: services

-ppp_use_fd( +procmail_exec( @@ -44777,7 +49981,7 @@ services

-Use PPP file discriptors. +Execute procmail in the caller domain.

@@ -44906,6 +50110,32 @@ allow the specified role the quota domain.
+Module: +radius

+Layer: +services

+

+ +radius_use( + + + + + domain + + + )
+
+ +
+

+Use radius over a UDP connection. +

+
+ +
+ +
+Module: +rpc

+Layer: +services

+

+ +rpc_domtrans_nfsd( + + + + + domain + + + )
+
+ +
+

+Execute domain in nfsd domain. +

+
+ +
+ +
+Module: +rpc

+Layer: +services

+

+ +rpc_dontaudit_getattr_exports( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get the attributes +of the NFS export file. +

+
+ +
+ +
+Module: +rpc

+Layer: +services

+

+ +rpc_manage_nfs_ro_content( + + + + + domain + + + )
+
+ +
+

+Allow domain to create read and write NFS directories. +

+
+ +
+ +
+Module: +rpc

+Layer: +services

+

+ +rpc_manage_nfs_rw_content( + + + + + domain + + + )
+
+ +
+

+Allow domain to create read and write NFS directories. +

+
+ +
+ +
+Module: +rpc

+Layer: +services

+

+ +rpc_read_exports( + + + + + domain + + + )
+
+ +
+

+Allow read access to exports. +

+
+ +
+ +
+Module: +rpc

+Layer: +services

+

+ +rpc_search_nfs_state_data( + + + + + domain + + + )
+
+ +
+

+Search NFS state data in /var/lib/nfs. +

+
+ +
+ +
+Module: +rpc

+Layer: +services

+

+ +rpc_udp_rw_nfs_sockets( + + + + + domain + + + )
+
+ +
+

+Allow domain to read and write to an NFS UDP socket. +

+
+ +
+ +
+Module: +rpc

+Layer: +services

+

+ +rpc_udp_sendto( + + + + + domain + + + )
+
+ +
+

+Send UDP network traffic to rpc and recieve UDP traffic from rpc. +

+
+ +
+ +
+Module: +rpc

+Layer: +services

+

+ +rpc_udp_sendto_nfs( + + + + + domain + + + )
+
+ +
+

+Allow NFS to send UDP network traffic +the specified domain and recieve from it. +

+
+ +
+ +
+Module: +rpc

+Layer: +services

+

+ +rpc_write_exports( + + + + + domain + + + )
+
+ +
+

+Allow write access to exports. +

+
+ +
+ +
+Module: +rpm

+Layer: +admin

+

+ +rpm_dontaudit_manage_db( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to create, read, +write, and delete the RPM package database. +

+
+ +
+ +
-Module: +Module: samba

Layer: services

-samba_domtrans_net( +samba_connect_winbind( @@ -45305,20 +50824,20 @@ services

-Execute samba net in the samba_net domain. +Connect to winbind.

-Module: +Module: samba

Layer: services

-samba_domtrans_smbmount( +samba_domtrans_net( @@ -45331,20 +50850,20 @@ services

-Execute smbmount in the smbmount domain. +Execute samba net in the samba_net domain.

-Module: +Module: samba

Layer: services

-samba_domtrans_winbind_helper( +samba_domtrans_smbmount( @@ -45357,20 +50876,20 @@ services

-Execute winbind_helper in the winbind_helper domain. +Execute smbmount in the smbmount domain.

-Module: +Module: samba

Layer: services

-samba_exec_log( +samba_domtrans_winbind_helper( @@ -45383,20 +50902,20 @@ services

-Execute samba log in the caller domain. +Execute winbind_helper in the winbind_helper domain.

-Module: +Module: samba

Layer: services

-samba_read_config( +samba_exec_log( @@ -45409,21 +50928,20 @@ services

-Allow the specified domain to read -samba configuration files. +Execute samba log in the caller domain.

-Module: +Module: samba

Layer: services

-samba_read_log( +samba_read_config( @@ -45436,20 +50954,21 @@ services

-Allow the specified domain to read samba's log files. +Allow the specified domain to read +samba configuration files.

-Module: +Module: samba

Layer: services

-samba_read_secrets( +samba_read_log( @@ -45462,20 +50981,20 @@ services

-Allow the specified domain to read samba's secrets. +Allow the specified domain to read samba's log files.

-Module: +Module: samba

Layer: services

-samba_read_winbind_pid( +samba_read_secrets( @@ -45488,7 +51007,7 @@ services

-Allow the specified domain to read the winbind pid files. +Allow the specified domain to read samba's secrets.

@@ -45660,6 +51179,60 @@ Allow the specified domain to read and write to smbmount tcp sockets.
+Module: +samba

+Layer: +services

+

+ +samba_rw_var_files( + + + + + domain + + + )
+
+ +
+

+Allow the specified domain to +read and write samba /var files. +

+
+ +
+ +
+Module: +samba

+Layer: +services

+

+ +samba_search_var( + + + + + domain + + + )
+
+ +
+

+Allow the specified domain to search +samba /var directories. +

+
+ +
+ +
+Module: +sasl

+Layer: +services

+

+ +sasl_connect( + + + + + domain + + + )
+
+ +
+

+Connect to SASL. +

+
+ +
+ +
+Module: +selinux

+Layer: +kernel

+

+ +selinux_dontaudit_read_fs( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to read +generic selinuxfs entries +

+
+ +
+ +
Module: selinux

Layer: @@ -45989,18 +51615,6 @@ kernel

domain - - , - - - - [ - - booltype - - ] - - )

@@ -46119,6 +51733,32 @@ Allows caller to validate security contexts.
+Module: +sendmail

+Layer: +services

+

+ +sendmail_create_log( + + + + + domain + + + )
+
+ +
+

+Create sendmail logs with the correct type. +

+
+ +
+ +
+Module: +sendmail

+Layer: +services

+

+ +sendmail_manage_log( + + + + + domain + + + )
+
+ +
+

+Create, read, write, and delete sendmail logs. +

+
+ +
+ +
+Module: +sendmail

+Layer: +services

+

+ +sendmail_rw_tcp_socket( + + + + + domain + + + )
+
+ +
+

+Read and write sendmail TCP sockets. +

+
+ +
+ +
+Module: +snmp

+Layer: +services

+

+ +snmp_use( + + + + + domain + + + )
+
+ +
+

+Use snmp over a TCP connection. +

+
+ +
+ +
+Module: +spamassassin

+Layer: +services

+

+ +spamassassin_exec( + + + + + domain + + + )
+
+ +
+

+Execute the standalone spamassassin +program in the caller directory. +

+
+ +
+ +
+Module: +spamassassin

+Layer: +services

+

+ +spamassassin_exec_client( + + + + + domain + + + )
+
+ +
+

+Execute the spamassassin client +program in the caller directory. +

+
+ +
+ +
+Module: +squid

+Layer: +services

+

+ +squid_append_log( + + + + + domain + + + )
+
+ +
+

+Append squid logs. +

+
+ +
+ +
+Module: +squid

+Layer: +services

+

+ +squid_read_log( + + + + + domain + + + )
+
+ +
+

+Append squid logs. +

+
+ +
+ +
-Module: -storage

-Layer: -kernel

-

- -storage_getattr_scsi_generic( - - - - - domain - - - )
-
- -
-

-Get attributes of the device nodes -for the SCSI generic inerface. -

-
- -
- -
+Module: +sysnetwork

+Layer: +system

+

+ +sysnet_dbus_chat_dhcpc( + + + + + domain + + + )
+
+ +
+

+Send and receive messages from +dhcpc over dbus. +

+
+ +
+ +
+Module: +sysnetwork

+Layer: +system

+

+ +sysnet_dontaudit_read_config( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to read network config files. +

+
+ +
+ +
+Module: +udev

+Layer: +system

+

+ +udev_helper_domtrans( + + + + + domain + + + )
+
+ +
+

+Execute a udev helper in the udev domain. +

+
+ +
+ +
+Module: +unconfined

+Layer: +system

+

+ +unconfined_alias_domain( + + + + + domain + + + )
+
+ +
+

+Add an alias type to the unconfined domain. +

+
+ +
+ +
+Module: +unconfined

+Layer: +system

+

+ +unconfined_dbus_send( + + + + + domain + + + )
+
+ +
+

+Send messages to the unconfined domain over dbus. +

+
+ +
+ +
+Module: +unconfined

+Layer: +system

+

+ +unconfined_dontaudit_read_pipe( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to read unconfined domain unnamed pipes. +

+
+ +
+ +
-Module: +Module: unconfined

Layer: system

-unconfined_role( +unconfined_read_pipe( @@ -50308,7 +56262,7 @@ system

-Add the unconfined domain to the specified role. +Read unconfined domain unnamed pipes.

@@ -50435,6 +56389,32 @@ Send a SIGCHLD signal to the unconfined domain.
+Module: +unconfined

+Layer: +system

+

+ +unconfined_signal( + + + + + domain + + + )
+
+ +
+

+Send generic signals to the unconfined domain. +

+
+ +
+ +
-Module: +Module: userdomain

Layer: system

-userdom_create_user_home( +userdom_create_generic_user_home( @@ -50526,13 +56506,13 @@ with automatic file type transition.
-Module: +Module: userdomain

Layer: system

-userdom_create_user_home_dir( +userdom_create_generic_user_home_dir( @@ -50553,6 +56533,126 @@ with automatic file type transition.
+Module: +userdomain

+Layer: +system

+

+ +userdom_create_sysadm_home( + + + + + domain + + + + , + + + + [ + + object_class + + ] + + + )
+
+ +
+

+Create objects in sysadm home directories +with automatic file type transition. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dbus_send_all_users( + + + + + domain + + + )
+
+ +
+

+Send a dbus message to all user domains. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_getattr_sysadm_home_dir( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get the +attributes of the sysadm users +home directory. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_getattr_sysadm_tty( + + + + + domain + + + )
+
+ +
+

+Do not audit attepts to get the attributes +of sysadm ttys. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_use_unpriv_user_pty( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to use unprivileged +user ptys. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_getattr_all_userdomains( + + + + + domain + + + )
+
+ +
+

+Get the attributes of all user domains. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_list_sysadm_home_dir( + + + + + domain + + + )
+
+ +
+

+List the sysadm users home directory. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_list_unpriv_user_tmp( + + + + + domain + + + )
+
+ +
+

+Read all unprivileged users temporary directories. +

+
+ +
+ +
-Module: +Module: userdomain

Layer: system

-userdom_manage_user_home_dir( +userdom_manage_generic_user_home_dir( @@ -50980,13 +57185,13 @@ generic user home directories.
-Module: +Module: userdomain

Layer: system

-userdom_manage_user_home_dirs( +userdom_manage_generic_user_home_dirs( @@ -51008,13 +57213,13 @@ home directories.
-Module: +Module: userdomain

Layer: system

-userdom_manage_user_home_files( +userdom_manage_generic_user_home_files( @@ -51035,13 +57240,13 @@ in generic user home directories.
-Module: +Module: userdomain

Layer: system

-userdom_manage_user_home_pipes( +userdom_manage_generic_user_home_pipes( @@ -51062,13 +57267,13 @@ pipes in generic user home directories.
-Module: +Module: userdomain

Layer: system

-userdom_manage_user_home_sockets( +userdom_manage_generic_user_home_sockets( @@ -51089,13 +57294,13 @@ sockets in generic user home directories.
-Module: +Module: userdomain

Layer: system

-userdom_manage_user_home_symlinks( +userdom_manage_generic_user_home_symlinks( @@ -51116,6 +57321,33 @@ links in generic user home directories.
+Module: +userdomain

+Layer: +system

+

+ +userdom_priveleged_home_dir_manager( + + + + + domain + + + )
+
+ +
+

+Make the specified domain a privileged +home directory manager. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_read_all_userdomains_state( + + + + + domain + + + )
+
+ +
+

+Read the process state of all user domains. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_read_unpriv_user_tmp_files( + + + + + domain + + + )
+
+ +
+

+Read all unprivileged users temporary files. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_read_unpriv_user_tmp_symlinks( + + + + + domain + + + )
+
+ +
+

+Read all unprivileged users temporary symbolic links. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_search_generic_user_home_dir( + + + + + domain + + + )
+
+ +
+

+Search generic user home directories. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_search_sysadm_home_subdirs( + + + + + domain + + + )
+
+ +
+

+Search the sysadm users home sub directories. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_setattr_unpriv_user_pty( + + + + + domain + + + )
+
+ +
+

+Set the attributes of user ptys. +

+
+ +
+ +
-Module: +Module: userdomain

Layer: system

-userdom_sigchld_sysadm( +userdom_sigchld_all_users( @@ -51396,20 +57784,20 @@ system

-Send a SIGCHLD signal to sysadm users. +Send a SIGCHLD signal to all user domains.

-Module: +Module: userdomain

Layer: system

-userdom_sigcld_all_users( +userdom_sigchld_sysadm( @@ -51422,7 +57810,7 @@ system

-Send a SIGCHLD signal to all user domains. +Send a SIGCHLD signal to sysadm users.

@@ -51693,6 +58081,32 @@ Read and write sysadm ttys.
+Module: +userdomain

+Layer: +system

+

+ +userdom_use_unpriv_user_pty( + + + + + domain + + + )
+
+ +
+

+Read and write unprivileged user ptys. +

+
+ +
+ +
+Module: +usermanage

+Layer: +admin

+

+ +usermanage_run_admin_passwd( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+ +
+

+Execute passwd admin functions in the admin +passwd domain, and allow the specified role +the admin passwd domain. +

+
+ +
+ +
+Module: +xfs

+Layer: +services

+

+ +xfs_read_socket( + + + + + domain + + + )
+
+ +
+

+Read a X font server named socket. +

+
+ +
+ +
Module: zebra

Layer: diff --git a/www/api-docs/kernel.html b/www/api-docs/kernel.html index 05604c7..5667144 100644 --- a/www/api-docs/kernel.html +++ b/www/api-docs/kernel.html @@ -28,12 +28,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -103,6 +112,14 @@ Policy for kernel threads, proc filesystem,and unlabeled processes and objects.

Policy for the kernel modules, kernel image, and bootloader.

+ + corecommands +

+Core policy for shells, and generic programs +in /bin, /sbin, /usr/bin, and /usr/sbin. +

+ + corenetwork

Policy controlling access to network objects

@@ -115,6 +132,18 @@ Device nodes and interfaces for many basic system devices.

+ + domain +

Core policy for domains.

+ + + + files +

+Basic filesystem types and interfaces. +

+ + filesystem

Policy for filesystems.

diff --git a/www/api-docs/kernel_bootloader.html b/www/api-docs/kernel_bootloader.html index 34cd583..5ec0660 100644 --- a/www/api-docs/kernel_bootloader.html +++ b/www/api-docs/kernel_bootloader.html @@ -28,12 +28,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
diff --git a/www/api-docs/kernel_corecommands.html b/www/api-docs/kernel_corecommands.html new file mode 100644 index 0000000..9068d76 --- /dev/null +++ b/www/api-docs/kernel_corecommands.html @@ -0,0 +1,1448 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: kernel

+

Module: corecommands

+ +

Description:

+ +

+Core policy for shells, and generic programs +in /bin, /sbin, /usr/bin, and /usr/sbin. +

+ + +

This module is required to be included in all policies.

+ + + +

Interfaces:

+ + +
+ + +
+ +corecmd_bin_alias( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create a aliased type to generic bin files. +

+ + +
Description
+

+

+Create a aliased type to generic bin files. +

+

+This is added to support targeted policy. Its +use should be limited. It has no effect +on the strict policy. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Alias type for bin_t. + + +No +
+
+
+ + +
+ + +
+ +corecmd_bin_domtrans( + + + + + domain + + + + , + + + + target_domain + + + )
+
+
+ +
Summary
+

+Execute a file in a bin directory +in the specified domain. +

+ + +
Description
+

+

+Execute a file in a bin directory +in the specified domain. This allows +the specified domain to execute any file +on these filesystems in the specified +domain. This is not suggested. +

+

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+

+This interface was added to handle +the ssh-agent policy. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+target_domain + + +The type of the new process. + + +No +
+
+
+ + +
+ + +
+ +corecmd_check_exec_shell( + + + + + domain + + + )
+
+
+ +
Summary
+

+Check if a shell is executable (DAC-wise). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +corecmd_dontaudit_getattr_sbin_file( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +corecmd_dontaudit_search_sbin( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to search +sbin directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +corecmd_exec_bin( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +corecmd_exec_chroot( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +corecmd_exec_ls( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +corecmd_exec_sbin( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +corecmd_exec_shell( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +corecmd_getattr_bin_file( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of files in bin directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +corecmd_getattr_sbin_file( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +corecmd_list_bin( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +corecmd_list_sbin( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +corecmd_read_bin_file( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read files in bin directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +corecmd_read_bin_pipe( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read pipes in bin directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +corecmd_read_bin_socket( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read named sockets in bin directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +corecmd_read_bin_symlink( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read symbolic links in bin directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +corecmd_read_sbin_file( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read files in sbin directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +corecmd_read_sbin_pipe( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read named pipes in sbin directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +corecmd_read_sbin_socket( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read named sockets in sbin directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +corecmd_read_sbin_symlink( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read symbolic links in sbin directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +corecmd_sbin_domtrans( + + + + + domain + + + + , + + + + target_domain + + + )
+
+
+ +
Summary
+

+Execute a file in a sbin directory +in the specified domain. +

+ + +
Description
+

+

+Execute a file in a sbin directory +in the specified domain. This allows +the specified domain to execute any file +on these filesystems in the specified +domain. This is not suggested. +

+

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+

+This interface was added to handle +the ssh-agent policy. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+target_domain + + +The type of the new process. + + +No +
+
+
+ + +
+ + +
+ +corecmd_search_bin( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +corecmd_search_sbin( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +corecmd_shell_domtrans( + + + + + domain + + + + , + + + + target_domain + + + )
+
+
+ +
Summary
+

+Execute a shell in the specified domain. +

+ + +
Description
+

+

+Execute a shell in the specified domain. +

+

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+target_domain + + +The type of the shell process. + + +No +
+
+
+ + +
+ + +
+ +corecmd_shell_entry_type( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make the shell an entrypoint for the specified domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The domain for which the shell is an entrypoint. + + +No +
+
+
+ + +
+ + +
+ +corecmd_shell_spec_domtrans( + + + + + domain + + + + , + + + + target_domain + + + )
+
+
+ +
Summary
+

+Execute a shell in the target domain. This +is an explicit transition, requiring the +caller to use setexeccon(). +

+ + +
Description
+

+

+Execute a shell in the target domain. This +is an explicit transition, requiring the +caller to use setexeccon(). +

+

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+target_domain + + +The type of the shell process. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/kernel_corenetwork.html b/www/api-docs/kernel_corenetwork.html index b535756..11e61b8 100644 --- a/www/api-docs/kernel_corenetwork.html +++ b/www/api-docs/kernel_corenetwork.html @@ -28,12 +28,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -221,6 +230,92 @@ No
+ +
+ + +
+ +corenet_non_ipsec_sendrecv( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive messages on a +non-encrypted (no IPSEC) network +session. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +corenet_raw_bind_all_nodes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind raw sockets to all nodes. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -2405,6 +2500,48 @@ No
+ +
+ + +
+ +corenet_tcp_bind_comsat_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind TCP sockets to the comsat port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -2657,6 +2794,48 @@ No
+ +
+ + +
+ +corenet_tcp_bind_distccd_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind TCP sockets to the distccd port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -2825,6 +3004,48 @@ No
+ +
+ + +
+ +corenet_tcp_bind_gatekeeper_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind TCP sockets to the gatekeeper port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -3161,6 +3382,48 @@ No
+ +
+ + +
+ +corenet_tcp_bind_i18n_input_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind TCP sockets to the i18n_input port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -4799,13 +5062,13 @@ No
- +
-corenet_tcp_bind_rndc_port( +corenet_tcp_bind_rlogind_port( @@ -4819,7 +5082,7 @@ No
Summary

-Bind TCP sockets to the rndc port. +Bind TCP sockets to the rlogind port.

@@ -4841,13 +5104,13 @@ No
- +
-corenet_tcp_bind_rsh_port( +corenet_tcp_bind_rndc_port( @@ -4861,7 +5124,7 @@ No
Summary

-Bind TCP sockets to the rsh port. +Bind TCP sockets to the rndc port.

@@ -4883,13 +5146,13 @@ No
- +
-corenet_tcp_bind_rsync_port( +corenet_tcp_bind_rsh_port( @@ -4903,7 +5166,7 @@ No
Summary

-Bind TCP sockets to the rsync port. +Bind TCP sockets to the rsh port.

@@ -4925,13 +5188,13 @@ No
- +
-corenet_tcp_bind_site_local_node( +corenet_tcp_bind_rsync_port( @@ -4945,7 +5208,49 @@ No
Summary

-Bind TCP sockets to node site_local. +Bind TCP sockets to the rsync port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +corenet_tcp_bind_site_local_node( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind TCP sockets to node site_local.

@@ -6269,6 +6574,48 @@ No
+ +
+ + +
+ +corenet_tcp_connect_comsat_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make a TCP connection to the comsat port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -6521,6 +6868,48 @@ No
+ +
+ + +
+ +corenet_tcp_connect_distccd_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make a TCP connection to the distccd port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -6689,6 +7078,48 @@ No
+ +
+ + +
+ +corenet_tcp_connect_gatekeeper_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make a TCP connection to the gatekeeper port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -6983,6 +7414,48 @@ No
+ +
+ + +
+ +corenet_tcp_connect_i18n_input_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make a TCP connection to the i18n_input port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -8411,6 +8884,48 @@ No
+ +
+ + +
+ +corenet_tcp_connect_rlogind_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make a TCP connection to the rlogind port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -9923,13 +10438,13 @@ No
- +
-corenet_tcp_sendrecv_cvs_port( +corenet_tcp_sendrecv_comsat_port( @@ -9943,7 +10458,7 @@ No
Summary

-Send and receive TCP traffic on the cvs port. +Send and receive TCP traffic on the comsat port.

@@ -9965,13 +10480,13 @@ No
- +
-corenet_tcp_sendrecv_dbskkd_port( +corenet_tcp_sendrecv_cvs_port( @@ -9985,7 +10500,7 @@ No
Summary

-Send and receive TCP traffic on the dbskkd port. +Send and receive TCP traffic on the cvs port.

@@ -10007,13 +10522,13 @@ No
- +
-corenet_tcp_sendrecv_dcc_port( +corenet_tcp_sendrecv_dbskkd_port( @@ -10027,7 +10542,7 @@ No
Summary

-Send and receive TCP traffic on the dcc port. +Send and receive TCP traffic on the dbskkd port.

@@ -10049,13 +10564,55 @@ No
- +
-corenet_tcp_sendrecv_dhcpc_port( +corenet_tcp_sendrecv_dcc_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive TCP traffic on the dcc port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +corenet_tcp_sendrecv_dhcpc_port( @@ -10175,6 +10732,48 @@ No
+ +
+ + +
+ +corenet_tcp_sendrecv_distccd_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive TCP traffic on the distccd port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -10343,6 +10942,48 @@ No
+ +
+ + +
+ +corenet_tcp_sendrecv_gatekeeper_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive TCP traffic on the gatekeeper port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -10721,6 +11362,48 @@ No
+ +
+ + +
+ +corenet_tcp_sendrecv_i18n_input_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive TCP traffic on the i18n_input port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -12359,6 +13042,48 @@ No
+ +
+ + +
+ +corenet_tcp_sendrecv_rlogind_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive TCP traffic on the rlogind port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -13877,7 +14602,133 @@ No
-corenet_udp_bind_compat_ipv4_node( +corenet_udp_bind_compat_ipv4_node( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind UDP sockets to the compat_ipv4 node. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +corenet_udp_bind_comsat_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind UDP sockets to the comsat port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +corenet_udp_bind_cvs_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind UDP sockets to the cvs port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +corenet_udp_bind_dbskkd_port( @@ -13891,7 +14742,7 @@ No
Summary

-Bind UDP sockets to the compat_ipv4 node. +Bind UDP sockets to the dbskkd port.

@@ -13913,13 +14764,13 @@ No
- +
-corenet_udp_bind_cvs_port( +corenet_udp_bind_dcc_port( @@ -13933,7 +14784,7 @@ No
Summary

-Bind UDP sockets to the cvs port. +Bind UDP sockets to the dcc port.

@@ -13955,13 +14806,13 @@ No
- +
-corenet_udp_bind_dbskkd_port( +corenet_udp_bind_dhcpc_port( @@ -13975,7 +14826,7 @@ No
Summary

-Bind UDP sockets to the dbskkd port. +Bind UDP sockets to the dhcpc port.

@@ -13997,13 +14848,13 @@ No
- +
-corenet_udp_bind_dcc_port( +corenet_udp_bind_dhcpd_port( @@ -14017,7 +14868,7 @@ No
Summary

-Bind UDP sockets to the dcc port. +Bind UDP sockets to the dhcpd port.

@@ -14039,13 +14890,13 @@ No
- +
-corenet_udp_bind_dhcpc_port( +corenet_udp_bind_dict_port( @@ -14059,7 +14910,7 @@ No
Summary

-Bind UDP sockets to the dhcpc port. +Bind UDP sockets to the dict port.

@@ -14081,13 +14932,13 @@ No
- +
-corenet_udp_bind_dhcpd_port( +corenet_udp_bind_distccd_port( @@ -14101,7 +14952,7 @@ No
Summary

-Bind UDP sockets to the dhcpd port. +Bind UDP sockets to the distccd port.

@@ -14123,13 +14974,13 @@ No
- +
-corenet_udp_bind_dict_port( +corenet_udp_bind_dns_port( @@ -14143,7 +14994,7 @@ No
Summary

-Bind UDP sockets to the dict port. +Bind UDP sockets to the dns port.

@@ -14165,13 +15016,13 @@ No
- +
-corenet_udp_bind_dns_port( +corenet_udp_bind_fingerd_port( @@ -14185,7 +15036,7 @@ No
Summary

-Bind UDP sockets to the dns port. +Bind UDP sockets to the fingerd port.

@@ -14207,13 +15058,13 @@ No
- +
-corenet_udp_bind_fingerd_port( +corenet_udp_bind_ftp_data_port( @@ -14227,7 +15078,7 @@ No
Summary

-Bind UDP sockets to the fingerd port. +Bind UDP sockets to the ftp_data port.

@@ -14249,13 +15100,13 @@ No
- +
-corenet_udp_bind_ftp_data_port( +corenet_udp_bind_ftp_port( @@ -14269,7 +15120,7 @@ No
Summary

-Bind UDP sockets to the ftp_data port. +Bind UDP sockets to the ftp port.

@@ -14291,13 +15142,13 @@ No
- +
-corenet_udp_bind_ftp_port( +corenet_udp_bind_gatekeeper_port( @@ -14311,7 +15162,7 @@ No
Summary

-Bind UDP sockets to the ftp port. +Bind UDP sockets to the gatekeeper port.

@@ -14669,6 +15520,48 @@ No
+ +
+ + +
+ +corenet_udp_bind_i18n_input_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind UDP sockets to the i18n_input port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -16307,6 +17200,48 @@ No
+ +
+ + +
+ +corenet_udp_bind_rlogind_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind UDP sockets to the rlogind port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -17903,6 +18838,48 @@ No
+ +
+ + +
+ +corenet_udp_receive_comsat_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Receive UDP traffic on the comsat port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -18155,13 +19132,97 @@ No
+ +
+ + +
+ +corenet_udp_receive_distccd_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Receive UDP traffic on the distccd port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
-corenet_udp_receive_dns_port( +corenet_udp_receive_dns_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Receive UDP traffic on the dns port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +corenet_udp_receive_fingerd_port( @@ -18175,7 +19236,7 @@ No
Summary

-Receive UDP traffic on the dns port. +Receive UDP traffic on the fingerd port.

@@ -18197,13 +19258,13 @@ No
- +
-corenet_udp_receive_fingerd_port( +corenet_udp_receive_ftp_data_port( @@ -18217,7 +19278,7 @@ No
Summary

-Receive UDP traffic on the fingerd port. +Receive UDP traffic on the ftp_data port.

@@ -18239,13 +19300,13 @@ No
- +
-corenet_udp_receive_ftp_data_port( +corenet_udp_receive_ftp_port( @@ -18259,7 +19320,7 @@ No
Summary

-Receive UDP traffic on the ftp_data port. +Receive UDP traffic on the ftp port.

@@ -18281,13 +19342,13 @@ No
- +
-corenet_udp_receive_ftp_port( +corenet_udp_receive_gatekeeper_port( @@ -18301,7 +19362,7 @@ No
Summary

-Receive UDP traffic on the ftp port. +Receive UDP traffic on the gatekeeper port.

@@ -18701,6 +19762,48 @@ No
+ +
+ + +
+ +corenet_udp_receive_i18n_input_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Receive UDP traffic on the i18n_input port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -20339,6 +21442,48 @@ No
+ +
+ + +
+ +corenet_udp_receive_rlogind_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Receive UDP traffic on the rlogind port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -21935,6 +23080,48 @@ No
+ +
+ + +
+ +corenet_udp_send_comsat_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send UDP traffic on the comsat port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -22187,6 +23374,48 @@ No
+ +
+ + +
+ +corenet_udp_send_distccd_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send UDP traffic on the distccd port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -22355,6 +23584,48 @@ No
+ +
+ + +
+ +corenet_udp_send_gatekeeper_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send UDP traffic on the gatekeeper port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -22565,13 +23836,55 @@ No
- + +
+ + +
+ +corenet_udp_send_howl_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send UDP traffic on the howl port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ +
-corenet_udp_send_howl_port( +corenet_udp_send_hplip_port( @@ -22585,7 +23898,7 @@ No
Summary

-Send UDP traffic on the howl port. +Send UDP traffic on the hplip port.

@@ -22607,13 +23920,13 @@ No
- +
-corenet_udp_send_hplip_port( +corenet_udp_send_http_cache_port( @@ -22627,7 +23940,7 @@ No
Summary

-Send UDP traffic on the hplip port. +Send UDP traffic on the http_cache port.

@@ -22649,13 +23962,13 @@ No
- +
-corenet_udp_send_http_cache_port( +corenet_udp_send_http_port( @@ -22669,7 +23982,7 @@ No
Summary

-Send UDP traffic on the http_cache port. +Send UDP traffic on the http port.

@@ -22691,13 +24004,13 @@ No
- +
-corenet_udp_send_http_port( +corenet_udp_send_i18n_input_port( @@ -22711,7 +24024,7 @@ No
Summary

-Send UDP traffic on the http port. +Send UDP traffic on the i18n_input port.

@@ -24371,6 +25684,48 @@ No
+ +
+ + +
+ +corenet_udp_send_rlogind_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send UDP traffic on the rlogind port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -25967,6 +27322,48 @@ No
+ +
+ + +
+ +corenet_udp_sendrecv_comsat_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive UDP traffic on the comsat port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -26219,6 +27616,48 @@ No
+ +
+ + +
+ +corenet_udp_sendrecv_distccd_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive UDP traffic on the distccd port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -26387,6 +27826,48 @@ No
+ +
+ + +
+ +corenet_udp_sendrecv_gatekeeper_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive UDP traffic on the gatekeeper port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -26765,6 +28246,48 @@ No
+ +
+ + +
+ +corenet_udp_sendrecv_i18n_input_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive UDP traffic on the i18n_input port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -28403,6 +29926,48 @@ No
+ +
+ + +
+ +corenet_udp_sendrecv_rlogind_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive UDP traffic on the rlogind port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
diff --git a/www/api-docs/kernel_devices.html b/www/api-docs/kernel_devices.html index 1e7104f..02f9001 100644 --- a/www/api-docs/kernel_devices.html +++ b/www/api-docs/kernel_devices.html @@ -28,12 +28,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -115,6 +124,134 @@ this module.

Interfaces:

+ +
+ + +
+ +dev_append_printer( + + + + + domain + + + )
+
+
+ +
Summary
+

+Append the printer device. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +dev_associate_usbfs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Mount a usbfs filesystem. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +dev_create_cardmgr( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete +the PCMCIA card manager device +with the correct type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -744,6 +881,49 @@ No
+ +
+ + +
+ +dev_dontaudit_getattr_usbfs_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of a directory in the usb filesystem. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+
@@ -1887,6 +2067,48 @@ No
+ +
+ + +
+ +dev_getattr_mtrr( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of the mtrr device. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -2391,13 +2613,13 @@ No
- +
-dev_manage_dev_nodes( +dev_manage_cardmgr( @@ -2411,7 +2633,8 @@ No
Summary

-Create, delete, read, and write device nodes in device directories. +Create, read, write, and delete +the PCMCIA card manager device.

@@ -2433,13 +2656,13 @@ No
- +
-dev_manage_generic_blk_file( +dev_manage_dev_nodes( @@ -2453,8 +2676,7 @@ No
Summary

-Allow read, write, create, and delete for generic -block files. +Create, delete, read, and write device nodes in device directories.

@@ -3528,6 +3750,48 @@ No
+ +
+ + +
+ +dev_rw_cardmgr( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write the PCMCIA card manager device. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
diff --git a/www/api-docs/kernel_domain.html b/www/api-docs/kernel_domain.html new file mode 100644 index 0000000..c72992b --- /dev/null +++ b/www/api-docs/kernel_domain.html @@ -0,0 +1,2509 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: kernel

+

Module: domain

+ +Interfaces +Templates + +

Description:

+ +

Core policy for domains.

+ + +

This module is required to be included in all policies.

+ + + +

Interfaces:

+ + +
+ + +
+ +domain_base_type( + + + + + type + + + )
+
+
+ +
Summary
+

+Make the specified type usable as a basic domain. +

+ + +
Description
+

+

+Make the specified type usable as a basic domain. +

+

+This is primarily used for kernel threads; +generally the domain_type() interface is +more appropriate for userland processes. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+type + + +Type to be used as a basic domain type. + + +No +
+
+
+ + +
+ + +
+ +domain_cron_exemption_source( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make the specified domain the source of +the cron domain exception of the +SELinux role and identity change +constraints. +

+ + +
Description
+

+

+Make the specified domain the source of +the cron domain exception of the +SELinux role and identity change +constraints. +

+

+This interface is needed to decouple +the cron domains from the base module. +It should not be used other than on +cron domains. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain target for user exemption. + + +No +
+
+
+ + +
+ + +
+ +domain_cron_exemption_target( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make the specified domain the target of +the cron domain exception of the +SELinux role and identity change +constraints. +

+ + +
Description
+

+

+Make the specified domain the target of +the cron domain exception of the +SELinux role and identity change +constraints. +

+

+This interface is needed to decouple +the cron domains from the base module. +It should not be used other than on +user cron jobs. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain target for user exemption. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_getattr_all_dgram_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of all domains unix datagram sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_getattr_all_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all domains of all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_getattr_all_key_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get attribues of +all domains IPSEC key management sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_getattr_all_packet_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get attribues of +all domains packet sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_getattr_all_pipes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of all domains unnamed pipes. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_getattr_all_raw_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get attribues of +all domains raw sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_getattr_all_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of all domains sockets, for all socket types. +

+ + +
Description
+

+

+Do not audit attempts to get the attributes +of all domains sockets, for all socket types. +

+

+This interface was added for PCMCIA cardmgr +and is probably excessive. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_getattr_all_stream_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of all domains unix datagram sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_getattr_all_tcp_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of all domains TCP sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_getattr_all_udp_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of all domains UDP sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_getsession_all_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the +session ID of all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_list_all_domains_proc( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read the process state +directories of all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_ptrace_all_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to ptrace all domains. +

+ + +
Description
+

+

+Do not audit attempts to ptrace all domains. +

+

+Generally this needs to be suppressed because procps tries to access +/proc/pid/environ and this now triggers a ptrace check in recent kernels +(2.4 and 2.6). +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_ptrace_confined_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to ptrace confined domains. +

+ + +
Description
+

+

+Do not audit attempts to ptrace confined domains. +

+

+Generally this needs to be suppressed because procps tries to access +/proc/pid/environ and this now triggers a ptrace check in recent kernels +(2.4 and 2.6). +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_read_all_domains_state( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read the process +state (/proc/pid) of all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_rw_all_key_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read or write +all domains key sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_rw_all_udp_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read or write +all domains UDP sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_search_all_domains_state( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to search the process +state directory (/proc/pid) of all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +domain_dontaudit_use_wide_inherit_fd( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +domain_dyntrans_type( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +domain_entry_file( + + + + + domain + + + + , + + + + type + + + )
+
+
+ +
Summary
+

+Make the specified type usable as +an entry point for the domain. +

+ + +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain to be entered. + + +No +
+type + + +Type of program used for entering +the domain. + + +No +
+
+
+ + +
+ + +
+ +domain_exec_all_entry_files( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +domain_getattr_all_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all domains of all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_getattr_all_entry_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of entry point +files for all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_getattr_all_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all domains +sockets, for all socket types. +

+ + +
Description
+

+

+Get the attributes of all domains +sockets, for all socket types. +

+

+This is commonly used for domains +that can use lsof on all domains. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_getattr_confined_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all confined domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_getsession_all_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the session ID of all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_kill_all_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send a kill signal to all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_obj_id_change_exempt( + + + + + domain + + + )
+
+
+ +
Summary
+

+Makes caller an exception to the constraint preventing +changing the user identity in object contexts. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The process type to make an exception to the constraint. + + +No +
+
+
+ + +
+ + +
+ +domain_ptrace_all_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Ptrace all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_read_all_domains_state( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read the process state (/proc/pid) of all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_read_all_entry_files( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +domain_read_confined_domains_state( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read the process state (/proc/pid) of all confined domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_role_change_exempt( + + + + + domain + + + )
+
+
+ +
Summary
+

+Makes caller an exception to the constraint preventing +changing of role. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The process type to make an exception to the constraint. + + +No +
+
+
+ + +
+ + +
+ +domain_search_all_domains_state( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search the process state directory (/proc/pid) of all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_setpriority_all_domains( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +domain_sigchld_all_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send a child terminated signal to all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_sigchld_wide_inherit_fd( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send a SIGCHLD signal to domains whose file +discriptors are widely inheritable. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_signal_all_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send general signals to all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_signull_all_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send a null signal to all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_sigstop_all_domains( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send a stop signal to all domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_subj_id_change_exempt( + + + + + domain + + + )
+
+
+ +
Summary
+

+Makes caller an exception to the constraint preventing +changing of user identity. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The process type to make an exception to the constraint. + + +No +
+
+
+ + +
+ + +
+ +domain_system_change_exempt( + + + + + domain + + + )
+
+
+ +
Summary
+

+Makes caller and execption to the constraint +preventing changing to the system user +identity and system role. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +domain_type( + + + + + type + + + )
+
+
+ +
Summary
+

+Make the specified type usable as a domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+type + + +Type to be used as a domain type. + + +No +
+
+
+ + +
+ + +
+ +domain_unconfined( + + + + + domain + + + )
+
+
+ +
Summary
+

+Unconfined access to domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +domain_use_wide_inherit_fd( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +domain_user_exemption_target( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make the specified domain the target of +the user domain exception of the +SELinux role and identity change +constraints. +

+ + +
Description
+

+

+Make the specified domain the target of +the user domain exception of the +SELinux role and identity change +constraints. +

+

+This interface is needed to decouple +the user domains from the base module. +It should not be used other than on +user domains. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain target for user exemption. + + +No +
+
+
+ + +
+ + +
+ +domain_wide_inherit_fd( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +Return + + + +

Templates:

+ + +
+ + +
+ +domain_auto_trans( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +domain_trans( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +Return + + + +
+ + diff --git a/www/api-docs/kernel_files.html b/www/api-docs/kernel_files.html new file mode 100644 index 0000000..4db3242 --- /dev/null +++ b/www/api-docs/kernel_files.html @@ -0,0 +1,7827 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: kernel

+

Module: files

+ +

Description:

+ +

+

+This module contains basic filesystem types and interfaces. This +includes: +

    +

  • The concept of different file types including basic +files, mount points, tmp files, etc.

  • +

  • Access to groups of files and all files.

  • +

  • Types and interfaces for the basic filesystem layout +(/, /etc, /tmp, /usr, etc.).

  • +

+

+

+ + +

This module is required to be included in all policies.

+ + + +

Interfaces:

+ + +
+ + +
+ +files_associate_tmp( + + + + + file_type + + + )
+
+
+ +
Summary
+

+Allow the specified type to associate +to a filesystem with the type of the +temporary directory (/tmp). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+file_type + + +Type of the file to associate. + + +No +
+
+
+ + +
+ + +
+ +files_config_file( + + + + + file_type + + + )
+
+
+ +
Summary
+

+Make the specified type a +configuration file. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+file_type + + +Type to be used as a configuration file. + + +No +
+
+
+ + +
+ + +
+ +files_create_boot_flag( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_create_etc_config( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_create_home_dirs( + + + + + domain + + + + , + + + + home_type + + + )
+
+
+ +
Summary
+

+Create home directories +

+ + +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+home_type + + +The type of the home directory + + +No +
+
+
+ + +
+ + +
+ +files_create_lock( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_create_pid( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_create_root( + + + + + domain + + + + , + + + + [ + + private type + + ] + + + + , + + + + [ + + object + + ] + + + )
+
+
+ +
Summary
+

+Create an object in the root directory, with a private +type. If no object class is specified, the +default is file. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+private type + + +The type of the object to be created. If no type +is specified, the type of the root directory will +be used. + + +yes +
+object + + +The object class of the object being created. If +no class is specified, file will be used. + + +yes +
+
+
+ + +
+ + +
+ +files_create_tmp_files( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_create_usr( + + + + + domain + + + + , + + + + file_type + + + + , + + + + [ + + object_class + + ] + + + )
+
+
+ +
Summary
+

+Create objects in the /usr directory +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+file_type + + +The type of the object to be created + + +No +
+object_class + + +The object class. If not specified, file is used. + + +yes +
+
+
+ + +
+ + +
+ +files_create_var( + + + + + domain + + + + , + + + + file_type + + + + , + + + + [ + + object_class + + ] + + + )
+
+
+ +
Summary
+

+Create objects in the /var directory +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+file_type + + +The type of the object to be created + + +No +
+object_class + + +The object class. If not specified, file is used. + + +yes +
+
+
+ + +
+ + +
+ +files_create_var_lib( + + + + + domain + + + + , + + + + file_type + + + + , + + + + [ + + object_class + + ] + + + )
+
+
+ +
Summary
+

+Create objects in the /var/lib directory +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+file_type + + +The type of the object to be created + + +No +
+object_class + + +The object class. If not specified, file is used. + + +yes +
+
+
+ + +
+ + +
+ +files_delete_all_locks( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_delete_all_pid_dirs( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_delete_all_pids( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_delete_etc_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Delete system configuration files in /etc. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_delete_root_dir_entry( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_all_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of all directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_all_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of all files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_all_pipes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of all named pipes. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_all_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of all named sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_all_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of all symbolic links. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_default_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes of +directories with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_default_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes of +files with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_home_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the +attributes of the home directories root +(/home). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_non_security_blk_dev( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of non security block devices. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_non_security_chr_dev( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of non security character devices. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_non_security_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of non security files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_non_security_pipes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of non security named pipes. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_non_security_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of non security named sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_non_security_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of non security symbolic links. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_pid_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of the /var/run directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_getattr_tmp_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the +attributes of the tmp directory (/tmp). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_ioctl_all_pids( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to ioctl daemon runtime data files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_list_default( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to list contents of +directories with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_list_non_security( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to list all +non security directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_read_default_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read files +with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_read_etc_runtime_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read files +in /etc that are dynamically +created on boot, such as mtab. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_read_root_file( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_rw_root_chr_dev( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_rw_root_file( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_search_all_dirs( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_search_home( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to search +home directories root (/home). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_search_isid_type_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to search directories on new filesystems +that have not yet been labeled. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_search_locks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to search the +locks directory (/var/lock). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_search_pids( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to search +the /var/run directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_search_src( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_search_var( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to search +the contents of /var. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +files_dontaudit_write_all_pids( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to write to daemon runtime data files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_exec_etc_files( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_exec_usr_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute generic programs in /usr in the caller domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_exec_usr_src_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute programs in /usr/src in the caller domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_getattr_all_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_getattr_all_file_type_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all sockets +with the type of a file. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_getattr_all_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_getattr_all_pipes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all named pipes. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_getattr_all_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all named sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_getattr_all_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all symbolic links. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_getattr_generic_locks( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_getattr_home_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of the home directories root +(/home). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_getattr_tmp_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of the tmp directory (/tmp). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_getattr_usr_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of files in /usr. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_getattr_var_lib_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of the /var/lib directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_list_all( + + + + + domain + + + )
+
+
+ +
Summary
+

+List the contents of all directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_list_all_dirs( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_list_default( + + + + + domain + + + )
+
+
+ +
Summary
+

+List contents of directories with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_list_etc( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_list_home( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get listing of home directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_list_isid_type_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+List the contents of directories on new filesystems +that have not yet been labeled. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_list_mnt( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_list_pids( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_list_root( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_list_spool( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_list_tmp( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read the tmp directory (/tmp). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_list_usr( + + + + + domain + + + )
+
+
+ +
Summary
+

+List the contents of generic +directories in /usr. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_list_var( + + + + + domain + + + )
+
+
+ +
Summary
+

+List the contents of /var. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_list_var_lib( + + + + + domain + + + )
+
+
+ +
Summary
+

+List the contents of the /var/lib directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_list_world_readable( + + + + + domain + + + )
+
+
+ +
Summary
+

+List world-readable directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_lock_file( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_manage_all_files( + + + + + domain + + + + , + + + + [ + + exception_types + + ] + + + )
+
+
+ +
Summary
+

+Manage all files on the filesystem, except +the listed exceptions. +

+ + +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain perfoming this action. + + +No +
+exception_types + + +The types to be excluded. Each type or attribute +must be negated by the caller. + + +yes +
+
+
+ + +
+ + +
+ +files_manage_etc_files( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_manage_etc_runtime_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete files in +/etc that are dynamically created on boot, +such as mtab. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_manage_generic_locks( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_manage_generic_spool_dirs( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_manage_generic_spools( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_manage_isid_type_blk_node( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete block device nodes +on new filesystems that have not yet been labeled. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_manage_isid_type_chr_node( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete character device nodes +on new filesystems that have not yet been labeled. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_manage_isid_type_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete directories +on new filesystems that have not yet been labeled. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_manage_isid_type_file( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete files +on new filesystems that have not yet been labeled. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_manage_isid_type_symlink( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete symbolic links +on new filesystems that have not yet been labeled. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_manage_lost_found( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete objects in +lost+found directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_manage_mnt_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete directories in /mnt. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_manage_mnt_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete files in /mnt. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_manage_mnt_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete symbolic links in /mnt. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_manage_mounttab( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow domain to manage mount tables +necessary for rpcd, nfsd, etc. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_manage_urandom_seed( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_manage_var_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete directories +in the /var directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_manage_var_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete files in the /var directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_manage_var_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete symbolic +links in the /var directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_mount_all_file_type_fs( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_mounton_all_mountpoints( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_mounton_default( + + + + + domain + + + )
+
+
+ +
Summary
+

+Mount a filesystem on a directory with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_mounton_isid_type_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Mount a filesystem on a directory on new filesystems +that has not yet been labeled. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_mounton_mnt( + + + + + domain + + + )
+
+
+ +
Summary
+

+Mount a filesystem on /mnt. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_mountpoint( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_pid_file( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_poly( + + + + + file_type + + + )
+
+
+ +
Summary
+

+Make the specified type a +polyinstantiated directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+file_type + + +Type of the file to be used as a +polyinstantiated directory. + + +No +
+
+
+ + +
+ + +
+ +files_poly_member( + + + + + file_type + + + )
+
+
+ +
Summary
+

+Make the specified type a +polyinstantiation member directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+file_type + + +Type of the file to be used as a +member directory. + + +No +
+
+
+ + +
+ + +
+ +files_poly_member_tmp( + + + + + domain + + + + , + + + + file_type + + + )
+
+
+ +
Summary
+

+Make the domain use the specified +type of polyinstantiated directory. +

+ + +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain using the polyinstantiated +directory. + + +No +
+file_type + + +Type of the file to be used as a +member directory. + + +No +
+
+
+ + +
+ + +
+ +files_poly_parent( + + + + + file_type + + + )
+
+
+ +
Summary
+

+Make the specified type a parent +of a polyinstantiated directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+file_type + + +Type of the file to be used as a +parent directory. + + +No +
+
+
+ + +
+ + +
+ +files_purge_tmp( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_read_all_blk_nodes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read all block nodes with file types. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_all_chr_nodes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read all character nodes with file types. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_all_dirs_except( + + + + + domain + + + + , + + + + [ + + exception_types + + ] + + + )
+
+
+ +
Summary
+

+Read all directories on the filesystem, except +the listed exceptions. +

+ + +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain perfoming this action. + + +No +
+exception_types + + +The types to be excluded. Each type or attribute +must be negated by the caller. + + +yes +
+
+
+ + +
+ + +
+ +files_read_all_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read all files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_all_files_except( + + + + + domain + + + + , + + + + [ + + exception_types + + ] + + + )
+
+
+ +
Summary
+

+Read all files on the filesystem, except +the listed exceptions. +

+ + +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain perfoming this action. + + +No +
+exception_types + + +The types to be excluded. Each type or attribute +must be negated by the caller. + + +yes +
+
+
+ + +
+ + +
+ +files_read_all_pids( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_read_all_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read all symbolic links. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_all_symlinks_except( + + + + + domain + + + + , + + + + [ + + exception_types + + ] + + + )
+
+
+ +
Summary
+

+Read all symbloic links on the filesystem, except +the listed exceptions. +

+ + +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain perfoming this action. + + +No +
+exception_types + + +The types to be excluded. Each type or attribute +must be negated by the caller. + + +yes +
+
+
+ + +
+ + +
+ +files_read_default_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read files with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_default_pipes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read named pipes with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_default_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read sockets with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_default_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read symbolic links with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_etc_files( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_read_etc_runtime_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read files in /etc that are dynamically +created on boot, such as mtab. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_generic_spools( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_read_generic_tmp_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read files in the tmp directory (/tmp). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_read_generic_tmp_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read symbolic links in the tmp directory (/tmp). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_read_isid_type_file( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read files on new filesystems +that have not yet been labeled. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_read_usr_files( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_read_usr_src_files( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_read_usr_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read symbolic links in /usr. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_var_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read files in the /var directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_read_var_lib_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read generic files in /var/lib. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_var_lib_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read generic symbolic links in /var/lib +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_var_symlink( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read symbolic links in the /var directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_world_readable_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read world-readable files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_world_readable_pipes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read world-readable named pipes. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_world_readable_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read world-readable sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_read_world_readable_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read world-readable symbolic links. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_relabel_all_files( + + + + + domain + + + + , + + + + [ + + exception_types + + ] + + + )
+
+
+ +
Summary
+

+Relabel all files on the filesystem, except +the listed exceptions. +

+ + +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain perfoming this action. + + +No +
+exception_types + + +The types to be excluded. Each type or attribute +must be negated by the caller. + + +yes +
+
+
+ + +
+ + +
+ +files_relabel_etc_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Relabel from and to generic files in /etc. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_relabelto_all_file_type_fs( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_relabelto_usr_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Relabel a file to the type used in /usr. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_rw_etc_files( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_rw_etc_runtime_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write files in /etc that are dynamically +created on boot, such as mtab. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_rw_generic_pids( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_rw_generic_tmp_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write generic named sockets in the tmp directory (/tmp). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_rw_isid_type_blk_node( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write block device nodes on new filesystems +that have not yet been labeled. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_rw_isid_type_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write directories on new filesystems +that have not yet been labeled. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_rw_locks_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Add and remove entries in the /var/lock +directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_search_all( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search all directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_search_all_dirs( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_search_default( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search the contents of directories with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_search_etc( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_search_home( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search home directories root (/home). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_search_locks( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_search_mnt( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_search_pids( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_search_spool( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_search_tmp( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search the tmp directory (/tmp). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_search_usr( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_search_var( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search the contents of /var. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_search_var_lib( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search the /var/lib directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_search_var_lib_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search directories in /var/lib. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_security_file( + + + + + file_type + + + )
+
+
+ +
Summary
+

+Make the specified type a file that +should not be dontaudited from +browsing from user domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+file_type + + +Type of the file to be used as a +member directory. + + +No +
+
+
+ + +
+ + +
+ +files_setattr_all_tmp_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Set the attributes of all tmp directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +files_setattr_etc_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Set the attributes of the /etc directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_tmp_file( + + + + + file_type + + + )
+
+
+ +
Summary
+

+Make the specified type a file +used for temporary files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+file_type + + +Type of the file to be used as a +temporary file. + + +No +
+
+
+ + +
+ + +
+ +files_tmpfs_file( + + + + + type + + + )
+
+
+ +
Summary
+

+Transform the type into a file, for use on a +virtual memory filesystem (tmpfs). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+type + + +The type to be transformed. + + +No +
+
+
+ + +
+ + +
+ +files_type( + + + + + type + + + )
+
+
+ +
Summary
+

+Make the specified type usable for files +in a filesystem. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+type + + +Type to be used for files. + + +No +
+
+
+ + +
+ + +
+ +files_unconfined( + + + + + domain + + + )
+
+
+ +
Summary
+

+Unconfined access to files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +files_unmount_all_file_type_fs( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +files_unmount_rootfs( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/kernel_filesystem.html b/www/api-docs/kernel_filesystem.html index 05db9d7..081f402 100644 --- a/www/api-docs/kernel_filesystem.html +++ b/www/api-docs/kernel_filesystem.html @@ -28,12 +28,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -1346,6 +1355,49 @@ No
+ +
+ + +
+ +fs_getattr_all_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all directories +with a filesystem type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -1912,6 +1964,48 @@ No
+ +
+ + +
+ +fs_getattr_rpc_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read directories of RPC file system pipes. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain reading the symbolic links. + + +No +
+
+
+
@@ -2162,7 +2256,49 @@ CIFS or SMB filesystem. domain -The type of the domain reading the files. +Domain allowed access. + + +No + + + +
+
+ + +
+ + +
+ +fs_list_noxattr_fs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read all noxattrfs directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. No @@ -3568,7 +3704,7 @@ Read files on a CIFS or SMB filesystem. domain -The type of the domain reading the files. +Domain allowed access. No @@ -3578,13 +3714,13 @@ No - +
-fs_read_cifs_files( +fs_read_cifs_symlinks( @@ -3598,8 +3734,7 @@ No
Summary

-Do not audit attempts to read or -write files on a CIFS or SMB filesystems. +Read symbolic links on a CIFS or SMB filesystem.

@@ -3611,7 +3746,7 @@ write files on a CIFS or SMB filesystems. domain
-The type of the domain to not audit. +The type of the domain reading the symbolic links. No @@ -3621,13 +3756,13 @@ No - +
-fs_read_cifs_symlinks( +fs_read_nfs_files( @@ -3641,7 +3776,7 @@ No
Summary

-Read symbolic links on a CIFS or SMB filesystem. +Read files on a NFS filesystem.

@@ -3653,7 +3788,7 @@ Read symbolic links on a CIFS or SMB filesystem. domain
-The type of the domain reading the symbolic links. +Domain allowed access. No @@ -3663,13 +3798,13 @@ No - +
-fs_read_nfs_files( +fs_read_nfs_symlinks( @@ -3683,7 +3818,7 @@ No
Summary

-Read files on a NFS filesystem. +Read symbolic links on a NFS filesystem.

@@ -3695,7 +3830,7 @@ Read files on a NFS filesystem. domain
-The type of the domain reading the files. +The type of the domain reading the symbolic links. No @@ -3705,13 +3840,13 @@ No - +
-fs_read_nfs_symlinks( +fs_read_noxattr_fs_files( @@ -3725,7 +3860,7 @@ No
Summary

-Read symbolic links on a NFS filesystem. +Read all noxattrfs files.

@@ -3737,7 +3872,7 @@ Read symbolic links on a NFS filesystem. domain
-The type of the domain reading the symbolic links. +Domain allowed access. No @@ -3747,13 +3882,13 @@ No - +
-fs_register_binary_executable_type( +fs_read_noxattr_fs_symlinks( @@ -3767,13 +3902,7 @@ No
Summary

-Register an interpreter for new binary -file types, using the kernel binfmt_misc -support. A common use for this is to -register a JVM as an interpreter for -Java byte code. Registered binaries -can be directly executed on a command line -without specifying the interpreter. +Read all noxattrfs symbolic links.

@@ -3785,8 +3914,7 @@ without specifying the interpreter. domain
-The type of the domain registering -the interpreter. +Domain allowed access. No @@ -3796,13 +3924,13 @@ No - +
-fs_relabel_tmpfs_blk_dev( +fs_read_rpc_dirs( @@ -3816,7 +3944,7 @@ No
Summary

-Relabel block nodes on tmpfs filesystems. +Read directories of RPC file system pipes.

@@ -3828,7 +3956,7 @@ Relabel block nodes on tmpfs filesystems. domain
-The type of the process performing this action. +The type of the domain reading the symbolic links. No @@ -3838,13 +3966,13 @@ No - +
-fs_relabel_tmpfs_chr_dev( +fs_read_rpc_files( @@ -3858,7 +3986,7 @@ No
Summary

-Relabel character nodes on tmpfs filesystems. +Read files of RPC file system pipes.

@@ -3870,7 +3998,7 @@ Relabel character nodes on tmpfs filesystems. domain
-The type of the process performing this action. +The type of the domain reading the symbolic links. No @@ -3880,13 +4008,13 @@ No - +
-fs_relabelfrom_all_fs( +fs_read_rpc_sockets( @@ -3900,7 +4028,7 @@ No
Summary

-Relabelfrom all filesystems. +Read sockets of RPC file system pipes.

@@ -3912,8 +4040,7 @@ Relabelfrom all filesystems. domain
-The type of the domain doing the -getattr on the filesystem. +The type of the domain reading the symbolic links. No @@ -3923,13 +4050,13 @@ No - +
-fs_relabelfrom_dos_fs( +fs_read_rpc_symlinks( @@ -3943,8 +4070,7 @@ No
Summary

-Allow changing of the label of a -DOS filesystem using the context= mount option. +Read symbolic links of RPC file system pipes.

@@ -3956,7 +4082,7 @@ DOS filesystem using the context= mount option. domain
-The type of the domain mounting the filesystem. +The type of the domain reading the symbolic links. No @@ -3966,13 +4092,13 @@ No - +
-fs_relabelfrom_xattr_fs( +fs_register_binary_executable_type( @@ -3986,9 +4112,13 @@ No
Summary

-Allow changing of the label of a -filesystem with extended attributes -using the context= mount option. +Register an interpreter for new binary +file types, using the kernel binfmt_misc +support. A common use for this is to +register a JVM as an interpreter for +Java byte code. Registered binaries +can be directly executed on a command line +without specifying the interpreter.

@@ -4000,7 +4130,8 @@ using the context= mount option. domain
-The type of the domain mounting the filesystem. +The type of the domain registering +the interpreter. No @@ -4010,13 +4141,13 @@ No - +
-fs_remount_all_fs( +fs_relabel_tmpfs_blk_dev( @@ -4030,8 +4161,7 @@ No
Summary

-Remount all filesystems. This -allows some mount options to be changed. +Relabel block nodes on tmpfs filesystems.

@@ -4043,7 +4173,7 @@ allows some mount options to be changed. domain
-The type of the domain mounting the filesystem. +The type of the process performing this action. No @@ -4053,13 +4183,13 @@ No - +
-fs_remount_autofs( +fs_relabel_tmpfs_chr_dev( @@ -4073,8 +4203,7 @@ No
Summary

-Remount an automount pseudo filesystem -This allows some mount options to be changed. +Relabel character nodes on tmpfs filesystems.

@@ -4086,7 +4215,7 @@ This allows some mount options to be changed. domain
-The type of the domain remounting the filesystem. +The type of the process performing this action. No @@ -4096,13 +4225,13 @@ No - +
-fs_remount_cifs( +fs_relabelfrom_all_fs( @@ -4116,8 +4245,7 @@ No
Summary

-Remount a CIFS or SMB network filesystem. -This allows some mount options to be changed. +Relabelfrom all filesystems.

@@ -4129,7 +4257,8 @@ This allows some mount options to be changed. domain
-The type of the domain mounting the filesystem. +The type of the domain doing the +getattr on the filesystem. No @@ -4139,13 +4268,13 @@ No - +
-fs_remount_dos_fs( +fs_relabelfrom_dos_fs( @@ -4159,9 +4288,8 @@ No
Summary

-Remount a DOS filesystem, such as -FAT32 or NTFS. This allows -some mount options to be changed. +Allow changing of the label of a +DOS filesystem using the context= mount option.

@@ -4173,7 +4301,7 @@ some mount options to be changed. domain
-The type of the domain remounting the filesystem. +The type of the domain mounting the filesystem. No @@ -4183,13 +4311,13 @@ No - +
-fs_remount_iso9660_fs( +fs_relabelfrom_xattr_fs( @@ -4203,9 +4331,9 @@ No
Summary

-Remount an iso9660 filesystem, which -is usually used on CDs. This allows -some mount options to be changed. +Allow changing of the label of a +filesystem with extended attributes +using the context= mount option.

@@ -4217,7 +4345,7 @@ some mount options to be changed. domain
-The type of the domain remounting the filesystem. +The type of the domain mounting the filesystem. No @@ -4227,13 +4355,230 @@ No - +
-fs_remount_nfs( +fs_remount_all_fs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Remount all filesystems. This +allows some mount options to be changed. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain mounting the filesystem. + + +No +
+
+
+ + +
+ + +
+ +fs_remount_autofs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Remount an automount pseudo filesystem +This allows some mount options to be changed. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain remounting the filesystem. + + +No +
+
+
+ + +
+ + +
+ +fs_remount_cifs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Remount a CIFS or SMB network filesystem. +This allows some mount options to be changed. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain mounting the filesystem. + + +No +
+
+
+ + +
+ + +
+ +fs_remount_dos_fs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Remount a DOS filesystem, such as +FAT32 or NTFS. This allows +some mount options to be changed. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain remounting the filesystem. + + +No +
+
+
+ + +
+ + +
+ +fs_remount_iso9660_fs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Remount an iso9660 filesystem, which +is usually used on CDs. This allows +some mount options to be changed. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain remounting the filesystem. + + +No +
+
+
+ + +
+ + +
+ +fs_remount_nfs( @@ -4529,6 +4874,133 @@ No
+ +
+ + +
+ +fs_rw_nfsd_fs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write NFS server files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain doing the +read or write on nfsd files. + + +No +
+
+
+ + +
+ + +
+ +fs_rw_ramfs_pipe( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write a named pipe on a ramfs filesystem. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +fs_rw_tmpfs_file( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write generic tmpfs files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
@@ -4646,7 +5118,7 @@ Search directories on a CIFS or SMB filesystem. domain
-The type of the domain reading the files. +Domain allowed access. No @@ -4688,7 +5160,50 @@ Search directories on a NFS filesystem. domain -The type of the domain reading the files. +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +fs_search_nfsd_fs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search NFS server directories. +

+ + +
Parameters
+ + + + - -
Parameter:Description:Optional:
+domain + + +The type of the domain doing the +search on nfsd directories. No @@ -5585,6 +6100,90 @@ No + +
+ + +
+ +fs_write_nfs_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read files on a NFS filesystem. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +fs_write_ramfs_pipe( + + + + + domain + + + )
+
+
+ +
Summary
+

+Write to named pipe on a ramfs filesystem. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
diff --git a/www/api-docs/kernel_kernel.html b/www/api-docs/kernel_kernel.html index 333c284..f1ab180 100644 --- a/www/api-docs/kernel_kernel.html +++ b/www/api-docs/kernel_kernel.html @@ -28,12 +28,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -128,7 +137,7 @@ Change the level of kernel messages logged to the console. domain
-The type of the process performing this action. +Domain allowed access. No @@ -266,13 +275,399 @@ No - + +
+ + +
+ +kernel_dontaudit_getattr_unlabeled_blk_dev( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts by caller to get attributes for +unlabeled block devices. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The process type not to audit. + + +No +
+
+
+ + +
+ + +
+ +kernel_dontaudit_getattr_unlabeled_chr_dev( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts by caller to get attributes for +unlabeled character devices. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The process type not to audit. + + +No +
+
+
+ + +
+ + +
+ +kernel_dontaudit_getattr_unlabeled_file( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts by caller to get the +attributes of an unlabeled file. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The process type not to audit. + + +No +
+
+
+ + +
+ + +
+ +kernel_dontaudit_getattr_unlabeled_pipes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts by caller to get the +attributes of unlabeled named pipes. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The process type not to audit. + + +No +
+
+
+ + +
+ + +
+ +kernel_dontaudit_getattr_unlabeled_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts by caller to get the +attributes of unlabeled named sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The process type not to audit. + + +No +
+
+
+ + +
+ + +
+ +kernel_dontaudit_getattr_unlabeled_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts by caller to get the +attributes of unlabeled symbolic links. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The process type not to audit. + + +No +
+
+
+ + +
+ + +
+ +kernel_dontaudit_list_proc( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to list the +contents of directories in /proc. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +kernel_dontaudit_list_unlabeled( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to list unlabeled directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +kernel_dontaudit_read_proc_symlink( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts by caller to +read system state information in proc. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The process type not to audit. + + +No +
+
+
+ +
-kernel_dontaudit_getattr_unlabeled_blk_dev( +kernel_dontaudit_read_ring_buffer( @@ -286,8 +681,7 @@ No
Summary

-Do not audit attempts by caller to get attributes for -unlabeled block devices. +Do not audit attempts to read the ring buffer.

@@ -299,7 +693,7 @@ unlabeled block devices. domain
-The process type not to audit. +The domain to not audit. No @@ -309,13 +703,13 @@ No - +
-kernel_dontaudit_read_ring_buffer( +kernel_dontaudit_read_system_state( @@ -329,7 +723,8 @@ No
Summary

-Do not audit attempts to read the ring buffer. +Do not audit attempts by caller to +read system state information in proc.

@@ -341,7 +736,7 @@ Do not audit attempts to read the ring buffer. domain
-The domain to not audit. +The process type not to audit. No @@ -351,13 +746,13 @@ No - +
-kernel_dontaudit_read_system_state( +kernel_dontaudit_read_unlabeled_file( @@ -372,7 +767,7 @@ No
Summary

Do not audit attempts by caller to -read system state information in proc. +read an unlabeled file.

@@ -384,7 +779,7 @@ read system state information in proc. domain
-The process type not to audit. +Domain to not audit. No @@ -860,6 +1255,48 @@ No + +
+ + +
+ +kernel_getattr_proc_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of files in /proc. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -892,7 +1329,7 @@ Send a kill signal to unlabeled processes. domain
-The type of the process performing this action. +Domain allowed access. No @@ -1145,7 +1582,7 @@ Allow caller to read all sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -1314,7 +1751,7 @@ Read filesystem sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -1356,7 +1793,7 @@ Read the hotplug sysctl. domain -The type of the process performing this action. +Domain allowed access. No @@ -1398,7 +1835,7 @@ Read IRQ sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -1440,7 +1877,7 @@ Read generic kernel sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -1525,7 +1962,7 @@ Read the modprobe sysctl. domain -The type of the process performing this action. +Domain allowed access. No @@ -1567,7 +2004,7 @@ Allow caller to read network sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -1619,6 +2056,48 @@ No + +
+ + +
+ +kernel_read_network_state_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow caller to read the network state symbolic links. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The process type reading the state. + + +No +
+
+
+
@@ -1787,6 +2266,48 @@ No
+ +
+ + +
+ +kernel_read_sysctl( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow access to read sysctl directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The process type to allow to read sysctl directories. + + +No +
+
+
+
@@ -1862,7 +2383,7 @@ socket sysctls. domain
-The type of the process performing this action. +Domain allowed access. No @@ -1904,7 +2425,7 @@ Allow caller to read virtual memory sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -2073,7 +2594,7 @@ Read and write all sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -2115,7 +2636,7 @@ Read and write device sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -2157,7 +2678,7 @@ Read and write fileystem sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -2199,7 +2720,7 @@ Read and write the hotplug sysctl. domain -The type of the process performing this action. +Domain allowed access. No @@ -2241,7 +2762,7 @@ Read and write IRQ sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -2283,7 +2804,7 @@ Read and write generic kernel sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -2325,7 +2846,7 @@ Read and write the modprobe sysctl. domain -The type of the process performing this action. +Domain allowed access. No @@ -2367,7 +2888,7 @@ Allow caller to modiry contents of sysctl network files. domain -The type of the process performing this action. +Domain allowed access. No @@ -2578,7 +3099,7 @@ socket sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -2662,7 +3183,7 @@ Read and write virtual memory sysctls. domain -The type of the process performing this action. +Domain allowed access. No @@ -2757,18 +3278,18 @@ No - +
-kernel_search_from( +kernel_search_network_state( - dir_type + domain )
@@ -2777,8 +3298,7 @@ No
Summary

-Allow the kernel to search the -specified directory. +Allow searching of network state directory.

@@ -2787,10 +3307,10 @@ specified directory.
Parameter:Description:Optional:
-dir_type +domain -Directory type to search. +The process type reading the state. No @@ -2884,6 +3404,48 @@ No + +
+ + +
+ +kernel_search_vm_sysctl( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow caller to search virtual memory sysctls. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -2947,6 +3509,65 @@ No
+ +
+ + +
+ +kernel_sendrecv_unlabeled_association( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive messages from an +unlabeled IPSEC association. +

+ + +
Description
+

+

+Send and receive messages from an +unlabeled IPSEC association. Network +connections that are not protected +by IPSEC have use an unlabeled +assocation. +

+

+The corenetwork interface +corenet_sendrecv_no_ipsec() should +be used instead of this one. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -3234,7 +3855,7 @@ Send a child terminated signal to unlabeled processes. domain
-The type of the process performing this action. +Domain allowed access. No @@ -3318,7 +3939,7 @@ Send general signals to unlabeled processes. domain -The type of the process performing this action. +Domain allowed access. No @@ -3360,7 +3981,7 @@ Send a null signal to unlabeled processes. domain -The type of the process performing this action. +Domain allowed access. No @@ -3402,7 +4023,7 @@ Send a stop signal to unlabeled processes. domain -The type of the process performing this action. +Domain allowed access. No diff --git a/www/api-docs/kernel_mls.html b/www/api-docs/kernel_mls.html index efc603d..c8c820b 100644 --- a/www/api-docs/kernel_mls.html +++ b/www/api-docs/kernel_mls.html @@ -28,12 +28,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
diff --git a/www/api-docs/kernel_selinux.html b/www/api-docs/kernel_selinux.html index bfaec7c..de51cbf 100644 --- a/www/api-docs/kernel_selinux.html +++ b/www/api-docs/kernel_selinux.html @@ -28,12 +28,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -361,6 +370,49 @@ No + +
+ + +
+ +selinux_dontaudit_read_fs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read +generic selinuxfs entries +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+
@@ -586,18 +638,6 @@ No domain - - , - - - - [ - - booltype - - ] - - )
@@ -635,16 +675,6 @@ The process type allowed to set the Boolean. No
-booltype - - -The type of Booleans the caller is allowed to set. - - -yes -
diff --git a/www/api-docs/kernel_storage.html b/www/api-docs/kernel_storage.html index 06855d5..0996017 100644 --- a/www/api-docs/kernel_storage.html +++ b/www/api-docs/kernel_storage.html @@ -28,12 +28,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -563,49 +572,6 @@ No
- -
- - -
- -storage_getattr_scsi_generic( - - - - - domain - - - )
-
-
- -
Summary
-

-Get attributes of the device nodes -for the SCSI generic inerface. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
-
diff --git a/www/api-docs/kernel_terminal.html b/www/api-docs/kernel_terminal.html index 8cdb17d..eb5f4fc 100644 --- a/www/api-docs/kernel_terminal.html +++ b/www/api-docs/kernel_terminal.html @@ -28,12 +28,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -188,7 +197,7 @@ device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -232,7 +241,7 @@ device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -318,7 +327,7 @@ of all unallocated tty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -490,7 +499,7 @@ any user ttys. domain -The type of the process performing this action. +Domain allowed access. No @@ -533,7 +542,7 @@ or write to the console. domain -The type of the process performing this action. +Domain allowed access. No @@ -706,7 +715,7 @@ pty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -749,7 +758,7 @@ device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -792,7 +801,7 @@ tty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -834,7 +843,7 @@ ioctl of generic pty types. domain -The type of the process performing this action. +Domain allowed access. No @@ -877,7 +886,7 @@ list all ptys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1005,7 +1014,7 @@ user pty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -1048,7 +1057,7 @@ user tty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -1091,7 +1100,7 @@ tty type. domain -The type of the process performing this action. +Domain allowed access. No @@ -1133,7 +1142,7 @@ Relabel to all user ptys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1176,7 +1185,7 @@ the unallocated tty type. domain -The type of the process performing this action. +Domain allowed access. No @@ -1218,7 +1227,7 @@ Search the contents of the /dev/pts directory. domain -The type of the process performing this action. +Domain allowed access. No @@ -1261,7 +1270,7 @@ pty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -1304,7 +1313,7 @@ device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -1347,7 +1356,7 @@ device node. domain -The type of the process performing this action. +Domain allowed access. No @@ -1390,7 +1399,7 @@ tty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -1475,7 +1484,7 @@ ttys and all ptys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1517,7 +1526,7 @@ Read and write all user ptys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1559,7 +1568,7 @@ Read and write all user to all user ttys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1601,7 +1610,7 @@ Read from and write to the console. domain -The type of the process performing this action. +Domain allowed access. No @@ -1644,7 +1653,7 @@ terminal (/dev/tty). domain -The type of the process performing this action. +Domain allowed access. No @@ -1688,7 +1697,7 @@ the targeted policy. domain -The type of the process performing this action. +Domain allowed access. No @@ -1772,7 +1781,7 @@ Read and write unallocated ttys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1877,7 +1886,7 @@ Write to all user ttys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1919,7 +1928,7 @@ Write to the console. domain -The type of the process performing this action. +Domain allowed access. No @@ -1961,7 +1970,7 @@ Write to unallocated ttys. domain -The type of the process performing this action. +Domain allowed access. No diff --git a/www/api-docs/services.html b/www/api-docs/services.html index dc4fdea..f034e1a 100644 --- a/www/api-docs/services.html +++ b/www/api-docs/services.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -237,6 +300,11 @@

Ethernet activity monitor.

+ + avahi +

mDNS/DNS-SD daemon implementing Apple ZeroConf architecture

+ + bind

Berkeley internet name domain DNS server.

@@ -247,6 +315,11 @@

Bluetooth tools and system services.

+ + canna +

Canna - kana-kanji conversion server

+ + comsat

Comsat, a biff server.

@@ -262,11 +335,26 @@

Periodic execution of scheduled commands.

+ + cups +

Common UNIX printing system

+ + cvs

Concurrent versions system

+ + cyrus +

Cyrus is an IMAP service intended to be run on sealed servers

+ + + + dbskk +

Dictionary server for the SKK Japanese input method system.

+ + dbus

Desktop messaging bus

@@ -282,6 +370,16 @@

Dictionary daemon

+ + distcc +

Distributed compiler daemon

+ + + + dovecot +

Dovecot POP and IMAP mail server

+ + finger

Finger user information service.

@@ -307,6 +405,11 @@

Port of Apple Rendezvous multicast DNS

+ + i18n_input +

IIIMF htt server

+ + inetd

Internet services daemon.

@@ -317,6 +420,11 @@

Internet News NNTP server

+ + irqbalance +

IRQ balancing daemon

+ + kerberos

MIT Kerberos admin and KDC

@@ -332,6 +440,11 @@

OpenLDAP directory server

+ + lpd +

Line printer daemon

+ + mailman

Mailman is for managing electronic mail discussion and e-newsletter lists

@@ -347,6 +460,11 @@

Policy for MySQL

+ + networkmanager +

Manager for dynamically switching between networks.

+ + nis

Policy for NIS (YP) servers and clients

@@ -362,11 +480,21 @@

Network time protocol daemon

+ + pegasus +

The Open Group Pegasus CIM/WBEM Server.

+ + portmap

RPC port mapping service.

+ + postfix +

Postfix email server

+ + postgresql

PostgreSQL relational database

@@ -382,11 +510,26 @@

Privacy enhancing web proxy.

+ + procmail +

Procmail mail delivery agent

+ + + + radius +

RADIUS authentication and accounting server.

+ + radvd

IPv6 router advertisement daemon

+ + rdisc +

Network router discovery daemon

+ + remotelogin

Policy for rshd, rlogind, and telnetd.

@@ -397,6 +540,11 @@

Remote login daemon

+ + rpc +

Remote Procedure Call Daemon for managment of network based process communication

+ + rshd

Remote shell service.

@@ -431,6 +579,11 @@ from Windows NT servers.

Simple network management protocol services

+ + spamassassin +

Filter used for removing unsolicited email.

+ + squid

Squid caching http proxy server

@@ -461,11 +614,26 @@ from Windows NT servers.

Trivial file transfer protocol daemon

+ + timidity +

MIDI to WAV converter and player configured as a service

+ + uucp

Unix to Unix Copy

+ + xdm +

X windows login display manager

+ + + + xfs +

X Windows Font Server

+ + zebra

Zebra border gateway protocol network routing service

diff --git a/www/api-docs/services_apache.html b/www/api-docs/services_apache.html index 5e06d09..fbc55f3 100644 --- a/www/api-docs/services_apache.html +++ b/www/api-docs/services_apache.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -601,6 +664,49 @@ No
+ +
+ + +
+ +apache_dontaudit_search_modules( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to search Apache +module directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+
@@ -959,6 +1065,48 @@ No
+ +
+ + +
+ +apache_search_sys_script_state( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search system script state directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+
diff --git a/www/api-docs/services_apm.html b/www/api-docs/services_apm.html index 2bd681f..77943dd 100644 --- a/www/api-docs/services_apm.html +++ b/www/api-docs/services_apm.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -338,6 +401,48 @@ No
+ +
+ + +
+ +apm_stream_connect( + + + + + domain + + + )
+
+
+ +
Summary
+

+Connect to apmd over an unix stream socket. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
diff --git a/www/api-docs/services_arpwatch.html b/www/api-docs/services_arpwatch.html index 6958f7c..383ae0c 100644 --- a/www/api-docs/services_arpwatch.html +++ b/www/api-docs/services_arpwatch.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -297,6 +360,48 @@ No
+ +
+ + +
+ +arpwatch_manage_tmp_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write arpwatch temporary files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
diff --git a/www/api-docs/services_avahi.html b/www/api-docs/services_avahi.html new file mode 100644 index 0000000..beb9fbf --- /dev/null +++ b/www/api-docs/services_avahi.html @@ -0,0 +1,329 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: avahi

+ +

Description:

+ +

mDNS/DNS-SD daemon implementing Apple ZeroConf architecture

+ + + + +

Interfaces:

+ + +
+ + +
+ +avahi_dbus_chat( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive messages from +avahi over dbus. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/services_bind.html b/www/api-docs/services_bind.html index 1459d3c..7e4e3dc 100644 --- a/www/api-docs/services_bind.html +++ b/www/api-docs/services_bind.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -296,6 +359,49 @@ No
+ +
+ + +
+ +bind_manage_cache( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete +BIND cache files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -545,6 +651,48 @@ No
+ +
+ + +
+ +bind_signal( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send generic signals to BIND. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
diff --git a/www/api-docs/services_bluetooth.html b/www/api-docs/services_bluetooth.html index 6b003f0..68cb976 100644 --- a/www/api-docs/services_bluetooth.html +++ b/www/api-docs/services_bluetooth.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -209,9 +272,219 @@ + +

Interfaces:

+ + +
+ + +
+ +bluetooth_dbus_chat( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive messages from +bluetooth over dbus. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +bluetooth_domtrans_helper( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute bluetooth_helper in the bluetooth_helper domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +bluetooth_dontaudit_read_helper_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read bluetooth helper files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +bluetooth_run_helper( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+
+ +
Summary
+

+Execute bluetooth_helper in the bluetooth_helper domain, and +allow the specified role the bluetooth_helper domain. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+role + + +The role to be allowed the bluetooth_helper domain. + + +No +
+terminal + + +The type of the terminal allow the bluetooth_helper domain to use. + + +No +
+
+
+ + +Return -

No interfaces or templates.

diff --git a/www/api-docs/services_canna.html b/www/api-docs/services_canna.html new file mode 100644 index 0000000..265c4af --- /dev/null +++ b/www/api-docs/services_canna.html @@ -0,0 +1,328 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: canna

+ +

Description:

+ +

Canna - kana-kanji conversion server

+ + + + +

Interfaces:

+ + +
+ + +
+ +canna_stream_connect( + + + + + domain + + + )
+
+
+ +
Summary
+

+Connect to Canna using a unix domain stream socket. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/services_comsat.html b/www/api-docs/services_comsat.html index 40c2848..67bb85a 100644 --- a/www/api-docs/services_comsat.html +++ b/www/api-docs/services_comsat.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_cpucontrol.html b/www/api-docs/services_cpucontrol.html index 7dbd1ab..4efe63b 100644 --- a/www/api-docs/services_cpucontrol.html +++ b/www/api-docs/services_cpucontrol.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_cron.html b/www/api-docs/services_cron.html index a8447e4..2c5558d 100644 --- a/www/api-docs/services_cron.html +++ b/www/api-docs/services_cron.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -215,6 +278,133 @@

Interfaces:

+ +
+ + +
+ +cron_crw_tcp_socket( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, and write a cron daemon TCP socket. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +cron_domtrans_anacron_system_job( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute APM in the apm domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +cron_dontaudit_append_system_job_tmp_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to append temporary +files from the system cron jobs. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+
@@ -341,6 +531,48 @@ No
+ +
+ + +
+ +cron_rw_system_job_pipe( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write a system cron job unnamed pipe. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -592,7 +824,7 @@ No
Summary

-Wrate a system cron job unnamed pipe. +Write a system cron job unnamed pipe.

diff --git a/www/api-docs/services_cups.html b/www/api-docs/services_cups.html new file mode 100644 index 0000000..a05da6c --- /dev/null +++ b/www/api-docs/services_cups.html @@ -0,0 +1,625 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: cups

+ +

Description:

+ +

Common UNIX printing system

+ + + + +

Interfaces:

+ + +
+ + +
+ +cups_dbus_chat( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive messages from +cups over dbus. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +cups_dbus_chat_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive messages from +cupsd_config over dbus. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +cups_domtrans( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute cups in the cups domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +cups_domtrans_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute cups_config in the cups_config domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +cups_read_log( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read cups log files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +cups_read_rw_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read cups-writable configuration files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +cups_signal_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send generic signals to the cups +configuration daemon. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +cups_stream_connect_ptal( + + + + + domain + + + )
+
+
+ +
Summary
+

+Connect to ptal over an unix domain stream socket. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/services_cvs.html b/www/api-docs/services_cvs.html index a5a28d9..fced0b6 100644 --- a/www/api-docs/services_cvs.html +++ b/www/api-docs/services_cvs.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_cyrus.html b/www/api-docs/services_cyrus.html new file mode 100644 index 0000000..92eeb12 --- /dev/null +++ b/www/api-docs/services_cyrus.html @@ -0,0 +1,329 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: cyrus

+ +

Description:

+ +

Cyrus is an IMAP service intended to be run on sealed servers

+ + + + +

Interfaces:

+ + +
+ + +
+ +cyrus_manage_data( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow caller to create, read, write, +and delete cyrus data files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/services_dbskk.html b/www/api-docs/services_dbskk.html new file mode 100644 index 0000000..3a0af0f --- /dev/null +++ b/www/api-docs/services_dbskk.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: dbskk

+ +

Description:

+ +

Dictionary server for the SKK Japanese input method system.

+ + + + + +

No interfaces or templates.

+ + +
+ + diff --git a/www/api-docs/services_dbus.html b/www/api-docs/services_dbus.html index 55874d9..fc7d228 100644 --- a/www/api-docs/services_dbus.html +++ b/www/api-docs/services_dbus.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -300,6 +363,52 @@ No
+ +
+ + +
+ +dbus_stub( + + + + + [ + + domain + + ] + + + )
+
+
+ +
Summary
+

+DBUS stub interface. No access allowed. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +N/A + + +yes +
+
+
+
diff --git a/www/api-docs/services_dhcp.html b/www/api-docs/services_dhcp.html index 2f9a4fc..9779a73 100644 --- a/www/api-docs/services_dhcp.html +++ b/www/api-docs/services_dhcp.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_dictd.html b/www/api-docs/services_dictd.html index 1ca1e06..037b857 100644 --- a/www/api-docs/services_dictd.html +++ b/www/api-docs/services_dictd.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_distcc.html b/www/api-docs/services_distcc.html new file mode 100644 index 0000000..2bd0e00 --- /dev/null +++ b/www/api-docs/services_distcc.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: distcc

+ +

Description:

+ +

Distributed compiler daemon

+ + + + + +

No interfaces or templates.

+ + +
+ + diff --git a/www/api-docs/services_dovecot.html b/www/api-docs/services_dovecot.html new file mode 100644 index 0000000..de3dd85 --- /dev/null +++ b/www/api-docs/services_dovecot.html @@ -0,0 +1,328 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: dovecot

+ +

Description:

+ +

Dovecot POP and IMAP mail server

+ + + + +

Interfaces:

+ + +
+ + +
+ +dovecot_manage_spool( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete the dovecot spool files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/services_finger.html b/www/api-docs/services_finger.html index 2fbae3d..cc8a528 100644 --- a/www/api-docs/services_finger.html +++ b/www/api-docs/services_finger.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_ftp.html b/www/api-docs/services_ftp.html index d6f8396..a468326 100644 --- a/www/api-docs/services_ftp.html +++ b/www/api-docs/services_ftp.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -203,6 +266,9 @@

Layer: services

Module: ftp

+Interfaces +Templates +

Description:

File transfer protocol service

@@ -384,6 +450,69 @@ No Return + +

Templates:

+ + +
+ + +
+ +ftp_per_userdomain_template( + + + + + userdomain_prefix + + + )
+
+
+ +
Summary
+

+The per user domain template for the ftp module. +

+ + +
Description
+

+

+This template allows ftpd to manage files in +a user home directory, creating files with the +correct type. +

+

+This template is invoked automatically for each user, and +generally does not need to be invoked directly +by policy writers. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+userdomain_prefix + + +The prefix of the user domain (e.g., user +is the prefix for user_t). + + +No +
+
+
+ + +Return +
diff --git a/www/api-docs/services_gpm.html b/www/api-docs/services_gpm.html index 31570fb..d858df8 100644 --- a/www/api-docs/services_gpm.html +++ b/www/api-docs/services_gpm.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_hal.html b/www/api-docs/services_hal.html index 06979a0..29df8e3 100644 --- a/www/api-docs/services_hal.html +++ b/www/api-docs/services_hal.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -209,9 +272,226 @@ + +

Interfaces:

+ + +
+ + +
+ +hal_dbus_chat( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive messages from +hal over dbus. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +hal_dbus_send( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send a dbus message to hal. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +hal_dgram_sendto( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send to hal over a unix domain +datagram socket. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +hal_domtrans( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute hal in the hal domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +hal_stream_connect( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send to hal over a unix domain +stream socket. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return -

No interfaces or templates.

diff --git a/www/api-docs/services_howl.html b/www/api-docs/services_howl.html index 9e679ab..c190610 100644 --- a/www/api-docs/services_howl.html +++ b/www/api-docs/services_howl.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -209,9 +272,55 @@ + +

Interfaces:

+ + +
+ + +
+ +howl_signal( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send generic signals to howl. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return -

No interfaces or templates.

diff --git a/www/api-docs/services_i18n_input.html b/www/api-docs/services_i18n_input.html new file mode 100644 index 0000000..f5e836d --- /dev/null +++ b/www/api-docs/services_i18n_input.html @@ -0,0 +1,328 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: i18n_input

+ +

Description:

+ +

IIIMF htt server

+ + + + +

Interfaces:

+ + +
+ + +
+ +i18n_use( + + + + + domain + + + )
+
+
+ +
Summary
+

+Use i18n_input over a TCP connection. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/services_inetd.html b/www/api-docs/services_inetd.html index a0392db..66dee8c 100644 --- a/www/api-docs/services_inetd.html +++ b/www/api-docs/services_inetd.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -323,6 +386,48 @@ No
+ +
+ + +
+ +inetd_rw_tcp_socket( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write inetd TCP sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
diff --git a/www/api-docs/services_inn.html b/www/api-docs/services_inn.html index acfa596..d38ac30 100644 --- a/www/api-docs/services_inn.html +++ b/www/api-docs/services_inn.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_irqbalance.html b/www/api-docs/services_irqbalance.html new file mode 100644 index 0000000..ca2a6ff --- /dev/null +++ b/www/api-docs/services_irqbalance.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: irqbalance

+ +

Description:

+ +

IRQ balancing daemon

+ + + + + +

No interfaces or templates.

+ + +
+ + diff --git a/www/api-docs/services_kerberos.html b/www/api-docs/services_kerberos.html index bf1a47b..e0fac65 100644 --- a/www/api-docs/services_kerberos.html +++ b/www/api-docs/services_kerberos.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_ktalk.html b/www/api-docs/services_ktalk.html index f88e605..c7a8ce2 100644 --- a/www/api-docs/services_ktalk.html +++ b/www/api-docs/services_ktalk.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_ldap.html b/www/api-docs/services_ldap.html index 3209036..220f195 100644 --- a/www/api-docs/services_ldap.html +++ b/www/api-docs/services_ldap.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_lpd.html b/www/api-docs/services_lpd.html new file mode 100644 index 0000000..46f63e4 --- /dev/null +++ b/www/api-docs/services_lpd.html @@ -0,0 +1,533 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: lpd

+ +

Description:

+ +

Line printer daemon

+ + + + +

Interfaces:

+ + +
+ + +
+ +lpd_domtrans_checkpc( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute lpd in the lpd domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +lpd_list_spool( + + + + + domain + + + )
+
+
+ +
Summary
+

+List the contents of the printer spool directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +lpd_manage_spool( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete printer spool files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +lpd_read_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+List the contents of the printer spool directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +lpd_run_checkpc( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+
+ +
Summary
+

+Execute amrecover in the lpd domain, and +allow the specified role the lpd domain. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+role + + +The role to be allowed the lpd domain. + + +No +
+terminal + + +The type of the terminal allow the lpd domain to use. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/services_mailman.html b/www/api-docs/services_mailman.html index f9b6256..67db042 100644 --- a/www/api-docs/services_mailman.html +++ b/www/api-docs/services_mailman.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_mta.html b/www/api-docs/services_mta.html index 3417eef..76b2468 100644 --- a/www/api-docs/services_mta.html +++ b/www/api-docs/services_mta.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -257,6 +320,48 @@ No
+ +
+ + +
+ +mta_delete_spool( + + + + + domain + + + )
+
+
+ +
Summary
+

+Delete from the mail spool. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -343,6 +448,49 @@ No
+ +
+ + +
+ +mta_dontaudit_rw_queue( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read and +write the mail queue. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+
@@ -725,6 +873,90 @@ No
+ +
+ + +
+ +mta_read_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read mail server configuration. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +mta_read_sendmail_bin( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read sendmail binary. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -809,6 +1041,49 @@ No
+ +
+ + +
+ +mta_rw_user_mail_stream_socket( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write unix domain stream sockets +of user mail domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -1023,6 +1298,124 @@ No

Templates:

+ +
+ + +
+ +mta_admin_template( + + + + + userdomain_prefix + + + + , + + + + user_domain + + + )
+
+
+ +
Summary
+

+Provide extra permissions for admin users +mail domain. +

+ + +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + + +The prefix of the user domain (e.g., user +is the prefix for user_t). + + +No +
+user_domain + + +The type of the user domain. + + +No +
+
+
+ + +
+ + +
+ +mta_base_mail_template( + + + + + domain_prefix + + + )
+
+
+ +
Summary
+

+Basic mail transfer agent domain template. +

+ + +
Description
+

+

+This template creates a derived domain which is +a email transfer agent, which sends mail on +behalf of the user. +

+

+This is the basic types and rules, common +to the system agent and user agents. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain_prefix + + +The prefix of the domain (e.g., user +is the prefix for user_t). + + +No +
+
+
+
diff --git a/www/api-docs/services_mysql.html b/www/api-docs/services_mysql.html index bb9f9f9..be814d6 100644 --- a/www/api-docs/services_mysql.html +++ b/www/api-docs/services_mysql.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_networkmanager.html b/www/api-docs/services_networkmanager.html new file mode 100644 index 0000000..cf5fac4 --- /dev/null +++ b/www/api-docs/services_networkmanager.html @@ -0,0 +1,456 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: networkmanager

+ +

Description:

+ +

Manager for dynamically switching between networks.

+ + + + +

Interfaces:

+ + +
+ + +
+ +networkmanager_dbus_chat( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive messages from +NetworkManager over dbus. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +networkmanager_rw_packet_socket( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write NetworkManager packet sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +networkmanager_rw_routing_socket( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write NetworkManager netlink +routing sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +networkmanager_rw_udp_socket( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write NetworkManager UDP sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/services_nis.html b/www/api-docs/services_nis.html index cf599a4..8d9cacc 100644 --- a/www/api-docs/services_nis.html +++ b/www/api-docs/services_nis.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -212,6 +275,90 @@

Interfaces:

+ +
+ + +
+ +nis_delete_ypbind_pid( + + + + + domain + + + )
+
+
+ +
Summary
+

+Delete ypbind pid files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +nis_domtrans_ypbind( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute ypbind in the ypbind domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -232,7 +379,7 @@
Summary

-Send UDP network traffic to NIS clients. +List the contents of the NIS data directory.

@@ -254,6 +401,90 @@ No
+ +
+ + +
+ +nis_read_ypbind_pid( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read ypbind pid files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +nis_read_ypserv_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read ypserv configuration files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -296,6 +527,48 @@ No
+ +
+ + +
+ +nis_tcp_connect_ypbind( + + + + + domain + + + )
+
+
+ +
Summary
+

+Connect to ypbind over TCP. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
diff --git a/www/api-docs/services_nscd.html b/www/api-docs/services_nscd.html index be6ae3f..871381a 100644 --- a/www/api-docs/services_nscd.html +++ b/www/api-docs/services_nscd.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_ntp.html b/www/api-docs/services_ntp.html index e335128..71a41ce 100644 --- a/www/api-docs/services_ntp.html +++ b/www/api-docs/services_ntp.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_pegasus.html b/www/api-docs/services_pegasus.html new file mode 100644 index 0000000..b316f92 --- /dev/null +++ b/www/api-docs/services_pegasus.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: pegasus

+ +

Description:

+ +

The Open Group Pegasus CIM/WBEM Server.

+ + + + + +

No interfaces or templates.

+ + +
+ + diff --git a/www/api-docs/services_portmap.html b/www/api-docs/services_portmap.html index 545536c..8101355 100644 --- a/www/api-docs/services_portmap.html +++ b/www/api-docs/services_portmap.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -334,6 +397,90 @@ No
+ +
+ + +
+ +portmap_tcp_connect( + + + + + domain + + + )
+
+
+ +
Summary
+

+Connect to portmap over a TCP socket +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +portmap_udp_sendrecv( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive UDP network traffic from portmap. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
diff --git a/www/api-docs/services_postfix.html b/www/api-docs/services_postfix.html new file mode 100644 index 0000000..8e67eed --- /dev/null +++ b/www/api-docs/services_postfix.html @@ -0,0 +1,1099 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: postfix

+ +Interfaces +Templates + +

Description:

+ +

Postfix email server

+ + + + +

Interfaces:

+ + +
+ + +
+ +postfix_create_config( + + + + + domain + + + + , + + + + private type + + + + , + + + + [ + + object + + ] + + + )
+
+
+ +
Summary
+

+Create files with the specified type in +the postfix configuration directories. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+private type + + +The type of the object to be created. + + +No +
+object + + +The object class of the object being created. If +no class is specified, file will be used. + + +yes +
+
+
+ + +
+ + +
+ +postfix_domtrans_map( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute postfix_map in the postfix_map domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +postfix_domtrans_master( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute the master postfix program in the +postfix_master domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +postfix_domtrans_user_mail_handler( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute postfix user mail programs +in their respective domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +postfix_dontaudit_rw_local_tcp_socket( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read and +write postfix local delivery +TCP sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +postfix_dontaudit_use_fd( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to use +postfix master process file +file descriptors. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+ + +
+ + +
+ +postfix_exec_master( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute the master postfix program in the +caller domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +postfix_list_spool( + + + + + domain + + + )
+
+
+ +
Summary
+

+List postfix mail spool directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +postfix_read_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read postfix configuration files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +postfix_run_map( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+
+ +
Summary
+

+Execute postfix_map in the postfix_map domain, and +allow the specified role the postfix_map domain. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+role + + +The role to be allowed the postfix_map domain. + + +No +
+terminal + + +The type of the terminal allow the postfix_map domain to use. + + +No +
+
+
+ + +
+ + +
+ +postfix_search_spool( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search postfix mail spool directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +postfix_stub( + + + + + [ + + domain + + ] + + + )
+
+
+ +
Summary
+

+Postfix stub interface. No access allowed. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +N/A + + +yes +
+
+
+ + +Return + + + +

Templates:

+ + +
+ + +
+ +postfix_domain_template( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +postfix_per_userdomain_template( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +postfix_public_domain_template( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +postfix_server_domain_template( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +
+ + +
+ +postfix_user_domain_template( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + + +Parameter descriptions are missing! + + +No +
+
+
+ + +Return + + + +
+ + diff --git a/www/api-docs/services_postgresql.html b/www/api-docs/services_postgresql.html index adfeb36..0ffd0a9 100644 --- a/www/api-docs/services_postgresql.html +++ b/www/api-docs/services_postgresql.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_ppp.html b/www/api-docs/services_ppp.html index 0ff8334..876852e 100644 --- a/www/api-docs/services_ppp.html +++ b/www/api-docs/services_ppp.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -254,6 +317,49 @@ No
+ +
+ + +
+ +ppp_dontaudit_use_fd( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to inherit +and use PPP file discriptors. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+
@@ -358,7 +464,7 @@ No
Summary

-Allow domain to send sigchld to parent of PPP domain type. +Send a SIGCHLD signal to PPP.

@@ -400,7 +506,7 @@ No
Summary

-Allow domain to send a signal to PPP domain type. +Send a generic signal to PPP.

diff --git a/www/api-docs/services_privoxy.html b/www/api-docs/services_privoxy.html index 39d6e34..a0bc64d 100644 --- a/www/api-docs/services_privoxy.html +++ b/www/api-docs/services_privoxy.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_procmail.html b/www/api-docs/services_procmail.html new file mode 100644 index 0000000..25e4ada --- /dev/null +++ b/www/api-docs/services_procmail.html @@ -0,0 +1,370 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: procmail

+ +

Description:

+ +

Procmail mail delivery agent

+ + + + +

Interfaces:

+ + +
+ + +
+ +procmail_domtrans( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute procmail with a domain transition. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +procmail_exec( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute procmail in the caller domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/services_radius.html b/www/api-docs/services_radius.html new file mode 100644 index 0000000..e3c2d6b --- /dev/null +++ b/www/api-docs/services_radius.html @@ -0,0 +1,328 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: radius

+ +

Description:

+ +

RADIUS authentication and accounting server.

+ + + + +

Interfaces:

+ + +
+ + +
+ +radius_use( + + + + + domain + + + )
+
+
+ +
Summary
+

+Use radius over a UDP connection. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/services_radvd.html b/www/api-docs/services_radvd.html index ccdb103..41b66e6 100644 --- a/www/api-docs/services_radvd.html +++ b/www/api-docs/services_radvd.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_rdisc.html b/www/api-docs/services_rdisc.html new file mode 100644 index 0000000..362bf2e --- /dev/null +++ b/www/api-docs/services_rdisc.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: rdisc

+ +

Description:

+ +

Network router discovery daemon

+ + + + + +

No interfaces or templates.

+ + +
+ + diff --git a/www/api-docs/services_remotelogin.html b/www/api-docs/services_remotelogin.html index 6281f28..760c912 100644 --- a/www/api-docs/services_remotelogin.html +++ b/www/api-docs/services_remotelogin.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_rlogin.html b/www/api-docs/services_rlogin.html index c65af2d..292758b 100644 --- a/www/api-docs/services_rlogin.html +++ b/www/api-docs/services_rlogin.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_rpc.html b/www/api-docs/services_rpc.html new file mode 100644 index 0000000..f455008 --- /dev/null +++ b/www/api-docs/services_rpc.html @@ -0,0 +1,767 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: rpc

+ +Interfaces +Templates + +

Description:

+ +

Remote Procedure Call Daemon for managment of network based process communication

+ + + + +

Interfaces:

+ + +
+ + +
+ +rpc_domtrans_nfsd( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute domain in nfsd domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +rpc_dontaudit_getattr_exports( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of the NFS export file. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +rpc_manage_nfs_ro_content( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow domain to create read and write NFS directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +rpc_manage_nfs_rw_content( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow domain to create read and write NFS directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +rpc_read_exports( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow read access to exports. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +rpc_search_nfs_state_data( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search NFS state data in /var/lib/nfs. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +rpc_udp_rw_nfs_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow domain to read and write to an NFS UDP socket. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +rpc_udp_sendto( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send UDP network traffic to rpc and recieve UDP traffic from rpc. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +
+ + +
+ +rpc_udp_sendto_nfs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow NFS to send UDP network traffic +the specified domain and recieve from it. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the receiving domain. + + +No +
+
+
+ + +
+ + +
+ +rpc_write_exports( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow write access to exports. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+ + +Return + + + +

Templates:

+ + +
+ + +
+ +rpc_domain_template( + + + + + userdomain_prefix + + + )
+
+
+ +
Summary
+

+The template to define a rpc domain. +

+ + +
Description
+

+

+This template creates a domain to be used for +a new rpc daemon. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+userdomain_prefix + + +The type of daemon to be used. + + +No +
+
+
+ + +Return + + + +
+ + diff --git a/www/api-docs/services_rshd.html b/www/api-docs/services_rshd.html index 8bb06e7..949f13c 100644 --- a/www/api-docs/services_rshd.html +++ b/www/api-docs/services_rshd.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_rsync.html b/www/api-docs/services_rsync.html index 1f68855..ca7a406 100644 --- a/www/api-docs/services_rsync.html +++ b/www/api-docs/services_rsync.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_samba.html b/www/api-docs/services_samba.html index f2e7a4f..62b0a11 100644 --- a/www/api-docs/services_samba.html +++ b/www/api-docs/services_samba.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -219,13 +282,13 @@ from Windows NT servers.

Interfaces:

- +
-samba_domtrans_net( +samba_connect_winbind( @@ -239,7 +302,7 @@ from Windows NT servers.
Summary

-Execute samba net in the samba_net domain. +Connect to winbind.

@@ -251,7 +314,7 @@ Execute samba net in the samba_net domain. domain -The type of the process performing this action. +Domain allowed access. No @@ -261,13 +324,13 @@ No
- +
-samba_domtrans_smbmount( +samba_domtrans_net( @@ -281,7 +344,7 @@ No
Summary

-Execute smbmount in the smbmount domain. +Execute samba net in the samba_net domain.

@@ -303,13 +366,13 @@ No
- +
-samba_domtrans_winbind_helper( +samba_domtrans_smbmount( @@ -323,7 +386,7 @@ No
Summary

-Execute winbind_helper in the winbind_helper domain. +Execute smbmount in the smbmount domain.

@@ -345,13 +408,13 @@ No
- +
-samba_exec_log( +samba_domtrans_winbind_helper( @@ -365,7 +428,7 @@ No
Summary

-Execute samba log in the caller domain. +Execute winbind_helper in the winbind_helper domain.

@@ -387,13 +450,13 @@ No
- +
-samba_read_config( +samba_exec_log( @@ -407,8 +470,7 @@ No
Summary

-Allow the specified domain to read -samba configuration files. +Execute samba log in the caller domain.

@@ -420,7 +482,7 @@ samba configuration files. domain -Domain allowed access. +The type of the process performing this action. No @@ -430,13 +492,13 @@ No
- +
-samba_read_log( +samba_read_config( @@ -450,7 +512,8 @@ No
Summary

-Allow the specified domain to read samba's log files. +Allow the specified domain to read +samba configuration files.

@@ -472,13 +535,13 @@ No
- +
-samba_read_secrets( +samba_read_log( @@ -492,7 +555,7 @@ No
Summary

-Allow the specified domain to read samba's secrets. +Allow the specified domain to read samba's log files.

@@ -514,13 +577,13 @@ No
- +
-samba_read_winbind_pid( +samba_read_secrets( @@ -534,7 +597,7 @@ No
Summary

-Allow the specified domain to read the winbind pid files. +Allow the specified domain to read samba's secrets.

@@ -841,6 +904,92 @@ No
+ +
+ + +
+ +samba_rw_var_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow the specified domain to +read and write samba /var files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +samba_search_var( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow the specified domain to search +samba /var directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
diff --git a/www/api-docs/services_sasl.html b/www/api-docs/services_sasl.html index 9e7df34..83a2abc 100644 --- a/www/api-docs/services_sasl.html +++ b/www/api-docs/services_sasl.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -209,9 +272,55 @@ + +

Interfaces:

+ + +
+ + +
+ +sasl_connect( + + + + + domain + + + )
+
+
+ +
Summary
+

+Connect to SASL. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return -

No interfaces or templates.

diff --git a/www/api-docs/services_sendmail.html b/www/api-docs/services_sendmail.html index ff9ef8c..ad39a7b 100644 --- a/www/api-docs/services_sendmail.html +++ b/www/api-docs/services_sendmail.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -212,6 +275,48 @@

Interfaces:

+ +
+ + +
+ +sendmail_create_log( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create sendmail logs with the correct type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -244,7 +349,91 @@ Domain transition to sendmail. domain -The type of the process performing this action. +Domain allowed access. + + +No + + + +
+
+ + +
+ + +
+ +sendmail_manage_log( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete sendmail logs. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +sendmail_rw_tcp_socket( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write sendmail TCP sockets. +

+ + +
Parameters
+ + + + - - - - - - - - - diff --git a/www/api-docs/system_authlogin.html b/www/api-docs/system_authlogin.html index 5f55eaa..8353f14 100644 --- a/www/api-docs/system_authlogin.html +++ b/www/api-docs/system_authlogin.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -669,6 +660,48 @@ No + +
+ + +
+ +auth_dontaudit_read_pam_pid( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attemps to read PAM pid files. +

+ + +
Parameters
+
Parameter:Description:Optional:
+domain + + +Domain allowed access. No diff --git a/www/api-docs/services_snmp.html b/www/api-docs/services_snmp.html index 025ce65..22cd908 100644 --- a/www/api-docs/services_snmp.html +++ b/www/api-docs/services_snmp.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -209,9 +272,55 @@ + +

Interfaces:

+ + +
+ + +
+ +snmp_use( + + + + + domain + + + )
+
+
+ +
Summary
+

+Use snmp over a TCP connection. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return -

No interfaces or templates.

diff --git a/www/api-docs/services_spamassassin.html b/www/api-docs/services_spamassassin.html new file mode 100644 index 0000000..e5ccfe8 --- /dev/null +++ b/www/api-docs/services_spamassassin.html @@ -0,0 +1,472 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: spamassassin

+ +Interfaces +Templates + +

Description:

+ +

Filter used for removing unsolicited email.

+ + + + +

Interfaces:

+ + +
+ + +
+ +spamassassin_exec( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute the standalone spamassassin +program in the caller directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +spamassassin_exec_client( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute the spamassassin client +program in the caller directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return + + + +

Templates:

+ + +
+ + +
+ +spamassassin_per_userdomain_template( + + + + + userdomain_prefix + + + + , + + + + user_domain + + + + , + + + + user_role + + + )
+
+
+ +
Summary
+

+The per user domain template for the spamassassin module. +

+ + +
Description
+

+

+The per user domain template for the spamassassin module. +

+

+This template is invoked automatically for each user, and +generally does not need to be invoked directly +by policy writers. +

+

+ +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + + +The prefix of the user domain (e.g., user +is the prefix for user_t). + + +No +
+user_domain + + +The type of the user domain. + + +No +
+user_role + + +The role associated with the user domain. + + +No +
+
+
+ + +Return + + + +
+ + diff --git a/www/api-docs/services_squid.html b/www/api-docs/services_squid.html index 1d48ff7..574ea67 100644 --- a/www/api-docs/services_squid.html +++ b/www/api-docs/services_squid.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -212,6 +275,48 @@

Interfaces:

+ +
+ + +
+ +squid_append_log( + + + + + domain + + + )
+
+
+ +
Summary
+

+Append squid logs. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -339,6 +444,48 @@ No
+ +
+ + +
+ +squid_read_log( + + + + + domain + + + )
+
+
+ +
Summary
+

+Append squid logs. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
diff --git a/www/api-docs/services_ssh.html b/www/api-docs/services_ssh.html index d665fc0..788c409 100644 --- a/www/api-docs/services_ssh.html +++ b/www/api-docs/services_ssh.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_stunnel.html b/www/api-docs/services_stunnel.html index 10e796c..57b27b4 100644 --- a/www/api-docs/services_stunnel.html +++ b/www/api-docs/services_stunnel.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_tcpd.html b/www/api-docs/services_tcpd.html index f3b1852..ccb75f1 100644 --- a/www/api-docs/services_tcpd.html +++ b/www/api-docs/services_tcpd.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_telnet.html b/www/api-docs/services_telnet.html index 060ba45..51bdaba 100644 --- a/www/api-docs/services_telnet.html +++ b/www/api-docs/services_telnet.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_tftp.html b/www/api-docs/services_tftp.html index 3afbbca..af6d73a 100644 --- a/www/api-docs/services_tftp.html +++ b/www/api-docs/services_tftp.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_timidity.html b/www/api-docs/services_timidity.html new file mode 100644 index 0000000..1fb3ea6 --- /dev/null +++ b/www/api-docs/services_timidity.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: timidity

+ +

Description:

+ +

MIDI to WAV converter and player configured as a service

+ + + + + +

No interfaces or templates.

+ + +
+ + diff --git a/www/api-docs/services_uucp.html b/www/api-docs/services_uucp.html index cde0bf4..0a5a55c 100644 --- a/www/api-docs/services_uucp.html +++ b/www/api-docs/services_uucp.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/services_xdm.html b/www/api-docs/services_xdm.html new file mode 100644 index 0000000..669cdac --- /dev/null +++ b/www/api-docs/services_xdm.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: xdm

+ +

Description:

+ +

X windows login display manager

+ + + + + +

No interfaces or templates.

+ + +
+ + diff --git a/www/api-docs/services_xfs.html b/www/api-docs/services_xfs.html new file mode 100644 index 0000000..eaf906a --- /dev/null +++ b/www/api-docs/services_xfs.html @@ -0,0 +1,328 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: xfs

+ +

Description:

+ +

X Windows Font Server

+ + + + +

Interfaces:

+ + +
+ + +
+ +xfs_read_socket( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read a X font server named socket. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/services_zebra.html b/www/api-docs/services_zebra.html index 66bf7b7..93f3d18 100644 --- a/www/api-docs/services_zebra.html +++ b/www/api-docs/services_zebra.html @@ -40,12 +40,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -55,9 +61,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -67,6 +82,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -82,12 +103,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -97,6 +124,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -106,6 +136,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -115,9 +148,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -127,15 +166,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -154,6 +205,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -172,9 +226,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
diff --git a/www/api-docs/system.html b/www/api-docs/system.html index 7ba1ca2..e55ad68 100644 --- a/www/api-docs/system.html +++ b/www/api-docs/system.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -165,26 +156,6 @@

Policy for reading and setting the hardware clock.

- - corecommands

-Core policy for shells, and generic programs -in /bin, /sbin, /usr/bin, and /usr/sbin. -

- - domain

Core policy for domains.

- - files

-Basic filesystem types and interfaces. -

fstools

Tools for filesystem management, such as mkfs and fsck.

+ + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+
@@ -1114,6 +1147,204 @@ No
+ +
+ + +
+ +auth_read_all_dirs_except_shadow( + + + + + domain + + + + , + + + + [ + + exception_types + + ] + + + )
+
+
+ +
Summary
+

+Read all directories on the filesystem, except +the shadow passwords and listed exceptions. +

+ + +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain perfoming this action. + + +No +
+exception_types + + +The types to be excluded. Each type or attribute +must be negated by the caller. + + +yes +
+
+
+ + +
+ + +
+ +auth_read_all_files_except_shadow( + + + + + domain + + + + , + + + + [ + + exception_types + + ] + + + )
+
+
+ +
Summary
+

+Read all files on the filesystem, except +the shadow passwords and listed exceptions. +

+ + +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain perfoming this action. + + +No +
+exception_types + + +The types to be excluded. Each type or attribute +must be negated by the caller. + + +yes +
+
+
+ + +
+ + +
+ +auth_read_all_symlinks_except_shadow( + + + + + domain + + + + , + + + + [ + + exception_types + + ] + + + )
+
+
+ +
Summary
+

+Read all symbolic links on the filesystem, except +the shadow passwords and listed exceptions. +

+ + +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + + +The type of the domain perfoming this action. + + +No +
+exception_types + + +The types to be excluded. Each type or attribute +must be negated by the caller. + + +yes +
+
+
+
@@ -1390,6 +1621,49 @@ yes
+ +
+ + +
+ +auth_relabel_shadow( + + + + + domain + + + )
+
+
+ +
Summary
+

+Relabel from and to the shadow +password file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -1401,7 +1675,7 @@ yes - ? + domain )
@@ -1410,7 +1684,8 @@ yes
Summary

-Summary is missing! +Relabel to the shadow +password file type.

@@ -1419,10 +1694,10 @@ Summary is missing! Parameter:Description:Optional: -? +domain -Parameter descriptions are missing! +Domain allowed access. No @@ -1756,6 +2031,49 @@ No
+ +
+ + +
+ +auth_search_pam_console_data( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search the contents of the +pam_console data directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
diff --git a/www/api-docs/system_clock.html b/www/api-docs/system_clock.html index 71d7400..f43a44b 100644 --- a/www/api-docs/system_clock.html +++ b/www/api-docs/system_clock.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
diff --git a/www/api-docs/system_corecommands.html b/www/api-docs/system_corecommands.html deleted file mode 100644 index ff33bb5..0000000 --- a/www/api-docs/system_corecommands.html +++ /dev/null @@ -1,1351 +0,0 @@ - - - - Security Enhanced Linux Reference Policy - - - - - - - -
- -

Layer: system

-

Module: corecommands

- -

Description:

- -

-Core policy for shells, and generic programs -in /bin, /sbin, /usr/bin, and /usr/sbin. -

- - -

This module is required to be included in all policies.

- - - -

Interfaces:

- - -
- - -
- -corecmd_bin_domtrans( - - - - - domain - - - - , - - - - target_domain - - - )
-
-
- -
Summary
-

-Execute a file in a bin directory -in the specified domain. -

- - -
Description
-

-

-Execute a file in a bin directory -in the specified domain. This allows -the specified domain to execute any file -on these filesystems in the specified -domain. This is not suggested. -

-

-No interprocess communication (signals, pipes, -etc.) is provided by this interface since -the domains are not owned by this module. -

-

-This interface was added to handle -the ssh-agent policy. -

-

- -
Parameters
- - - - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-target_domain - - -The type of the new process. - - -No -
-
-
- - -
- - -
- -corecmd_dontaudit_getattr_sbin_file( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -corecmd_exec_bin( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -corecmd_exec_chroot( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -corecmd_exec_ls( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -corecmd_exec_sbin( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -corecmd_exec_shell( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -corecmd_getattr_bin_file( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of files in bin directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -corecmd_getattr_sbin_file( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -corecmd_list_bin( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -corecmd_list_sbin( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -corecmd_read_bin_file( - - - - - domain - - - )
-
-
- -
Summary
-

-Read files in bin directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -corecmd_read_bin_pipe( - - - - - domain - - - )
-
-
- -
Summary
-

-Read pipes in bin directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -corecmd_read_bin_socket( - - - - - domain - - - )
-
-
- -
Summary
-

-Read named sockets in bin directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -corecmd_read_bin_symlink( - - - - - domain - - - )
-
-
- -
Summary
-

-Read symbolic links in bin directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -corecmd_read_sbin_file( - - - - - domain - - - )
-
-
- -
Summary
-

-Read files in sbin directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -corecmd_read_sbin_pipe( - - - - - domain - - - )
-
-
- -
Summary
-

-Read named pipes in sbin directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -corecmd_read_sbin_socket( - - - - - domain - - - )
-
-
- -
Summary
-

-Read named sockets in sbin directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -corecmd_read_sbin_symlink( - - - - - domain - - - )
-
-
- -
Summary
-

-Read symbolic links in sbin directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -corecmd_sbin_domtrans( - - - - - domain - - - - , - - - - target_domain - - - )
-
-
- -
Summary
-

-Execute a file in a sbin directory -in the specified domain. -

- - -
Description
-

-

-Execute a file in a sbin directory -in the specified domain. This allows -the specified domain to execute any file -on these filesystems in the specified -domain. This is not suggested. -

-

-No interprocess communication (signals, pipes, -etc.) is provided by this interface since -the domains are not owned by this module. -

-

-This interface was added to handle -the ssh-agent policy. -

-

- -
Parameters
- - - - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-target_domain - - -The type of the new process. - - -No -
-
-
- - -
- - -
- -corecmd_search_bin( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -corecmd_search_sbin( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -corecmd_shell_domtrans( - - - - - domain - - - - , - - - - target_domain - - - )
-
-
- -
Summary
-

-Execute a shell in the specified domain. -

- - -
Description
-

-

-Execute a shell in the specified domain. -

-

-No interprocess communication (signals, pipes, -etc.) is provided by this interface since -the domains are not owned by this module. -

-

- -
Parameters
- - - - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-target_domain - - -The type of the shell process. - - -No -
-
-
- - -
- - -
- -corecmd_shell_entry_type( - - - - - domain - - - )
-
-
- -
Summary
-

-Make the shell an entrypoint for the specified domain. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The domain for which the shell is an entrypoint. - - -No -
-
-
- - -
- - -
- -corecmd_shell_spec_domtrans( - - - - - domain - - - - , - - - - target_domain - - - )
-
-
- -
Summary
-

-Execute a shell in the target domain. This -is an explicit transition, requiring the -caller to use setexeccon(). -

- - -
Description
-

-

-Execute a shell in the target domain. This -is an explicit transition, requiring the -caller to use setexeccon(). -

-

-No interprocess communication (signals, pipes, -etc.) is provided by this interface since -the domains are not owned by this module. -

-

- -
Parameters
- - - - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-target_domain - - -The type of the shell process. - - -No -
-
-
- - -Return - - - - -
- - diff --git a/www/api-docs/system_domain.html b/www/api-docs/system_domain.html deleted file mode 100644 index c4ab57d..0000000 --- a/www/api-docs/system_domain.html +++ /dev/null @@ -1,2337 +0,0 @@ - - - - Security Enhanced Linux Reference Policy - - - - - - - -
- -

Layer: system

-

Module: domain

- -Interfaces -Templates - -

Description:

- -

Core policy for domains.

- - -

This module is required to be included in all policies.

- - - -

Interfaces:

- - -
- - -
- -domain_base_type( - - - - - type - - - )
-
-
- -
Summary
-

-Make the specified type usable as a basic domain. -

- - -
Description
-

-

-Make the specified type usable as a basic domain. -

-

-This is primarily used for kernel threads; -generally the domain_type() interface is -more appropriate for userland processes. -

-

- -
Parameters
- - - - - -
Parameter:Description:Optional:
-type - - -Type to be used as a basic domain type. - - -No -
-
-
- - -
- - -
- -domain_cron_exemption_source( - - - - - domain - - - )
-
-
- -
Summary
-

-Make the specified domain the source of -the cron domain exception of the -SELinux role and identity change -constraints. -

- - -
Description
-

-

-Make the specified domain the source of -the cron domain exception of the -SELinux role and identity change -constraints. -

-

-This interface is needed to decouple -the cron domains from the base module. -It should not be used other than on -cron domains. -

-

- -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain target for user exemption. - - -No -
-
-
- - -
- - -
- -domain_cron_exemption_target( - - - - - domain - - - )
-
-
- -
Summary
-

-Make the specified domain the target of -the cron domain exception of the -SELinux role and identity change -constraints. -

- - -
Description
-

-

-Make the specified domain the target of -the cron domain exception of the -SELinux role and identity change -constraints. -

-

-This interface is needed to decouple -the cron domains from the base module. -It should not be used other than on -user cron jobs. -

-

- -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain target for user exemption. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_getattr_all_key_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get attribues of -all domains IPSEC key management sockets. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_getattr_all_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of all domains sockets, for all socket types. -

- - -
Description
-

-

-Do not audit attempts to get the attributes -of all domains sockets, for all socket types. -

-

-This interface was added for PCMCIA cardmgr -and is probably excessive. -

-

- -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_getattr_all_tcp_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of all domains TCP sockets. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_getattr_all_udp_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of all domains UDP sockets. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_getattr_all_unix_dgram_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of all domains unix datagram sockets. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_getattr_all_unnamed_pipes( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of all domains unnamed pipes. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_getsession_all_domains( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the -session ID of all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_list_all_domains_proc( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to read the process state -directories of all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_ptrace_all_domains( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to ptrace all domains. -

- - -
Description
-

-

-Do not audit attempts to ptrace all domains. -

-

-Generally this needs to be suppressed because procps tries to access -/proc/pid/environ and this now triggers a ptrace check in recent kernels -(2.4 and 2.6). -

-

- -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_ptrace_confined_domains( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to ptrace confined domains. -

- - -
Description
-

-

-Do not audit attempts to ptrace confined domains. -

-

-Generally this needs to be suppressed because procps tries to access -/proc/pid/environ and this now triggers a ptrace check in recent kernels -(2.4 and 2.6). -

-

- -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_read_all_domains_state( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to read the process -state (/proc/pid) of all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_rw_all_key_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to read or write -all domains key sockets. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_rw_all_udp_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to read or write -all domains UDP sockets. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_dontaudit_use_wide_inherit_fd( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -domain_dyntrans_type( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -domain_entry_file( - - - - - domain - - - - , - - - - type - - - )
-
-
- -
Summary
-

-Make the specified type usable as -an entry point for the domain. -

- - -
Parameters
- - - - - - - -
Parameter:Description:Optional:
-domain - - -Domain to be entered. - - -No -
-type - - -Type of program used for entering -the domain. - - -No -
-
-
- - -
- - -
- -domain_exec_all_entry_files( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -domain_getattr_all_domains( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of all domains of all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -domain_getattr_all_entry_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of entry point -files for all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -domain_getattr_all_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of all domains -sockets, for all socket types. -

- - -
Description
-

-

-Get the attributes of all domains -sockets, for all socket types. -

-

-This is commonly used for domains -that can use lsof on all domains. -

-

- -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -domain_getattr_confined_domains( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of all confined domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -domain_getsession_all_domains( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the session ID of all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_kill_all_domains( - - - - - domain - - - )
-
-
- -
Summary
-

-Send a kill signal to all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_obj_id_change_exempt( - - - - - domain - - - )
-
-
- -
Summary
-

-Makes caller an exception to the constraint preventing -changing the user identity in object contexts. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The process type to make an exception to the constraint. - - -No -
-
-
- - -
- - -
- -domain_ptrace_all_domains( - - - - - domain - - - )
-
-
- -
Summary
-

-Ptrace all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -domain_read_all_domains_state( - - - - - domain - - - )
-
-
- -
Summary
-

-Read the process state (/proc/pid) of all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -domain_read_all_entry_files( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -domain_read_confined_domains_state( - - - - - domain - - - )
-
-
- -
Summary
-

-Read the process state (/proc/pid) of all confined domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -domain_role_change_exempt( - - - - - domain - - - )
-
-
- -
Summary
-

-Makes caller an exception to the constraint preventing -changing of role. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The process type to make an exception to the constraint. - - -No -
-
-
- - -
- - -
- -domain_search_all_domains_state( - - - - - domain - - - )
-
-
- -
Summary
-

-Search the process state directory (/proc/pid) of all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -domain_setpriority_all_domains( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -domain_sigchld_all_domains( - - - - - domain - - - )
-
-
- -
Summary
-

-Send a child terminated signal to all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_sigchld_wide_inherit_fd( - - - - - domain - - - )
-
-
- -
Summary
-

-Send a SIGCHLD signal to domains whose file -discriptors are widely inheritable. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -domain_signal_all_domains( - - - - - domain - - - )
-
-
- -
Summary
-

-Send general signals to all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_signull_all_domains( - - - - - domain - - - )
-
-
- -
Summary
-

-Send a null signal to all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_sigstop_all_domains( - - - - - domain - - - )
-
-
- -
Summary
-

-Send a stop signal to all domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_subj_id_change_exempt( - - - - - domain - - - )
-
-
- -
Summary
-

-Makes caller an exception to the constraint preventing -changing of user identity. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The process type to make an exception to the constraint. - - -No -
-
-
- - -
- - -
- -domain_system_change_exempt( - - - - - domain - - - )
-
-
- -
Summary
-

-Makes caller and execption to the constraint -preventing changing to the system user -identity and system role. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -domain_type( - - - - - type - - - )
-
-
- -
Summary
-

-Make the specified type usable as a domain. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-type - - -Type to be used as a domain type. - - -No -
-
-
- - -
- - -
- -domain_unconfined( - - - - - domain - - - )
-
-
- -
Summary
-

-Unconfined access to domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -domain_use_wide_inherit_fd( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -domain_user_exemption_target( - - - - - domain - - - )
-
-
- -
Summary
-

-Make the specified domain the target of -the user domain exception of the -SELinux role and identity change -constraints. -

- - -
Description
-

-

-Make the specified domain the target of -the user domain exception of the -SELinux role and identity change -constraints. -

-

-This interface is needed to decouple -the user domains from the base module. -It should not be used other than on -user domains. -

-

- -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain target for user exemption. - - -No -
-
-
- - -
- - -
- -domain_wide_inherit_fd( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -Return - - - -

Templates:

- - -
- - -
- -domain_auto_trans( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -domain_trans( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -Return - - - -
- - diff --git a/www/api-docs/system_files.html b/www/api-docs/system_files.html deleted file mode 100644 index 75d1af1..0000000 --- a/www/api-docs/system_files.html +++ /dev/null @@ -1,7164 +0,0 @@ - - - - Security Enhanced Linux Reference Policy - - - - - - - -
- -

Layer: system

-

Module: files

- -

Description:

- -

-

-This module contains basic filesystem types and interfaces. This -includes: -

    -

  • The concept of different file types including basic -files, mount points, tmp files, etc.

  • -

  • Access to groups of files and all files.

  • -

  • Types and interfaces for the basic filesystem layout -(/, /etc, /tmp, /usr, etc.).

  • -

-

-

- - -

This module is required to be included in all policies.

- - - -

Interfaces:

- - -
- - -
- -files_associate_tmp( - - - - - file_type - - - )
-
-
- -
Summary
-

-Allow the specified type to associate -to a filesystem with the type of the -temporary directory (/tmp). -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-file_type - - -Type of the file to associate. - - -No -
-
-
- - -
- - -
- -files_create_boot_flag( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_create_etc_config( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_create_home_dirs( - - - - - domain - - - - , - - - - home_type - - - )
-
-
- -
Summary
-

-Create home directories -

- - -
Parameters
- - - - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-home_type - - -The type of the home directory - - -No -
-
-
- - -
- - -
- -files_create_lock( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_create_pid( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_create_root( - - - - - domain - - - - , - - - - [ - - private type - - ] - - - - , - - - - [ - - object - - ] - - - )
-
-
- -
Summary
-

-Create an object in the root directory, with a private -type. If no object class is specified, the -default is file. -

- - -
Parameters
- - - - - - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-private type - - -The type of the object to be created. If no type -is specified, the type of the root directory will -be used. - - -yes -
-object - - -The object class of the object being created. If -no class is specified, file will be used. - - -yes -
-
-
- - -
- - -
- -files_create_tmp_files( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_create_usr( - - - - - domain - - - - , - - - - file_type - - - - , - - - - [ - - object_class - - ] - - - )
-
-
- -
Summary
-

-Create objects in the /usr directory -

- - -
Parameters
- - - - - - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-file_type - - -The type of the object to be created - - -No -
-object_class - - -The object class. If not specified, file is used. - - -yes -
-
-
- - -
- - -
- -files_create_var( - - - - - domain - - - - , - - - - file_type - - - - , - - - - [ - - object_class - - ] - - - )
-
-
- -
Summary
-

-Create objects in the /var directory -

- - -
Parameters
- - - - - - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-file_type - - -The type of the object to be created - - -No -
-object_class - - -The object class. If not specified, file is used. - - -yes -
-
-
- - -
- - -
- -files_create_var_lib( - - - - - domain - - - - , - - - - file_type - - - - , - - - - [ - - object_class - - ] - - - )
-
-
- -
Summary
-

-Create objects in the /var/lib directory -

- - -
Parameters
- - - - - - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-file_type - - -The type of the object to be created - - -No -
-object_class - - -The object class. If not specified, file is used. - - -yes -
-
-
- - -
- - -
- -files_delete_all_locks( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_delete_all_pid_dirs( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_delete_all_pids( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_delete_etc_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Delete system configuration files in /etc. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_delete_root_dir_entry( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_all_dirs( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of all directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_all_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of all files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_all_pipes( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of all named pipes. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_all_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of all named sockets. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_all_symlinks( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of all symbolic links. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_default_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes of -directories with the default file type. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_default_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes of -files with the default file type. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_home_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the -attributes of the home directories root -(/home). -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_non_security_blk_dev( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of non security block devices. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_non_security_chr_dev( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of non security character devices. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_non_security_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of non security files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_non_security_pipes( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of non security named pipes. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_non_security_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of non security named sockets. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_non_security_symlinks( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of non security symbolic links. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_pid_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the attributes -of the /var/run directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_getattr_tmp_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get the -attributes of the tmp directory (/tmp). -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_dontaudit_ioctl_all_pids( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to ioctl daemon runtime data files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_dontaudit_list_default( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to list contents of -directories with the default file type. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_list_non_security( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to list all -non security directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_read_default_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to read files -with the default file type. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_read_etc_runtime_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to read files -in /etc that are dynamically -created on boot, such as mtab. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_read_root_file( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_dontaudit_rw_root_chr_dev( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_dontaudit_rw_root_file( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_dontaudit_search_all_dirs( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_dontaudit_search_home( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to search -home directories root (/home). -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_search_isid_type_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to search directories on new filesystems -that have not yet been labeled. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_dontaudit_search_locks( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to search the -locks directory (/var/lock). -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_search_pids( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to search -the /var/run directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_search_src( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_dontaudit_search_var( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to search -the contents of /var. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -files_dontaudit_write_all_pids( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to write to daemon runtime data files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_exec_etc_files( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_exec_usr_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Execute generic programs in /usr in the caller domain. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_exec_usr_src_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Execute programs in /usr/src in the caller domain. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_getattr_all_dirs( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of all directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_getattr_all_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of all files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_getattr_all_pipes( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of all named pipes. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_getattr_all_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of all named sockets. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_getattr_all_symlinks( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of all symbolic links. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_getattr_generic_locks( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_getattr_home_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of the home directories root -(/home). -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_getattr_usr_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of files in /usr. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_getattr_var_lib_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of the /var/lib directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_list_all_dirs( - - - - - domain - - - )
-
-
- -
Summary
-

-List the contents of all directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_list_all_dirs( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_list_default( - - - - - domain - - - )
-
-
- -
Summary
-

-List contents of directories with the default file type. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_list_etc( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_list_home( - - - - - domain - - - )
-
-
- -
Summary
-

-Get listing of home directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_list_isid_type_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-List the contents of directories on new filesystems -that have not yet been labeled. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_list_mnt( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_list_pids( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_list_root( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_list_spool( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_list_usr( - - - - - domain - - - )
-
-
- -
Summary
-

-List the contents of generic -directories in /usr. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_list_var( - - - - - domain - - - )
-
-
- -
Summary
-

-List the contents of /var. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_list_var_lib( - - - - - domain - - - )
-
-
- -
Summary
-

-List the contents of the /var/lib directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_list_world_readable( - - - - - domain - - - )
-
-
- -
Summary
-

-List world-readable directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_lock_file( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_manage_all_files( - - - - - domain - - - - , - - - - [ - - exception_types - - ] - - - )
-
-
- -
Summary
-

-Manage all files on the filesystem, except -the listed exceptions. -

- - -
Parameters
- - - - - - - -
Parameter:Description:Optional:
-domain - - -The type of the domain perfoming this action. - - -No -
-exception_types - - -The types to be excluded. Each type or attribute -must be negated by the caller. - - -yes -
-
-
- - -
- - -
- -files_manage_etc_files( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_manage_etc_runtime_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete files in -/etc that are dynamically created on boot, -such as mtab. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_manage_generic_locks( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_manage_generic_spool_dirs( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_manage_generic_spools( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_manage_isid_type_blk_node( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete block device nodes -on new filesystems that have not yet been labeled. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_manage_isid_type_chr_node( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete character device nodes -on new filesystems that have not yet been labeled. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_manage_isid_type_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete directories -on new filesystems that have not yet been labeled. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_manage_isid_type_file( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete files -on new filesystems that have not yet been labeled. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_manage_isid_type_symlink( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete symbolic links -on new filesystems that have not yet been labeled. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_manage_lost_found( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete objects in -lost+found directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_manage_mnt_dirs( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete directories in /mnt. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_manage_mnt_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete files in /mnt. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_manage_mnt_symlinks( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete symbolic links in /mnt. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_manage_urandom_seed( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_manage_var_dirs( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete directories -in the /var directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_manage_var_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete files in the /var directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_manage_var_symlinks( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete symbolic -links in the /var directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_mount_all_file_type_fs( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_mounton_all_mountpoints( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_mounton_default( - - - - - domain - - - )
-
-
- -
Summary
-

-Mount a filesystem on a directory with the default file type. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_mounton_isid_type_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Mount a filesystem on a directory on new filesystems -that has not yet been labeled. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_mounton_mnt( - - - - - domain - - - )
-
-
- -
Summary
-

-Mount a filesystem on /mnt. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_mountpoint( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_pid_file( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_poly( - - - - - file_type - - - )
-
-
- -
Summary
-

-Make the specified type a -polyinstantiated directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-file_type - - -Type of the file to be used as a -polyinstantiated directory. - - -No -
-
-
- - -
- - -
- -files_poly_member( - - - - - file_type - - - )
-
-
- -
Summary
-

-Make the specified type a -polyinstantiation member directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-file_type - - -Type of the file to be used as a -member directory. - - -No -
-
-
- - -
- - -
- -files_poly_member_tmp( - - - - - domain - - - - , - - - - file_type - - - )
-
-
- -
Summary
-

-Make the domain use the specified -type of polyinstantiated directory. -

- - -
Parameters
- - - - - - - -
Parameter:Description:Optional:
-domain - - -Domain using the polyinstantiated -directory. - - -No -
-file_type - - -Type of the file to be used as a -member directory. - - -No -
-
-
- - -
- - -
- -files_poly_parent( - - - - - file_type - - - )
-
-
- -
Summary
-

-Make the specified type a parent -of a polyinstantiated directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-file_type - - -Type of the file to be used as a -parent directory. - - -No -
-
-
- - -
- - -
- -files_purge_tmp( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_read_all_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Read all files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_all_pids( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_read_all_symlinks( - - - - - domain - - - )
-
-
- -
Summary
-

-Read all symbolic links. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_default_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Read files with the default file type. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_default_pipes( - - - - - domain - - - )
-
-
- -
Summary
-

-Read named pipes with the default file type. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_default_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Read sockets with the default file type. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_default_symlinks( - - - - - domain - - - )
-
-
- -
Summary
-

-Read symbolic links with the default file type. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_etc_files( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_read_etc_runtime_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Read files in /etc that are dynamically -created on boot, such as mtab. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_generic_spools( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_read_isid_type_file( - - - - - domain - - - )
-
-
- -
Summary
-

-Read files on new filesystems -that have not yet been labeled. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_read_usr_files( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_read_usr_src_files( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_read_usr_symlinks( - - - - - domain - - - )
-
-
- -
Summary
-

-Read symbolic links in /usr. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_var_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Read files in the /var directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_read_var_lib_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Read generic files in /var/lib. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_var_lib_symlinks( - - - - - domain - - - )
-
-
- -
Summary
-

-Read generic symbolic links in /var/lib -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_var_symlink( - - - - - domain - - - )
-
-
- -
Summary
-

-Read symbolic links in the /var directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_world_readable_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Read world-readable files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_world_readable_pipes( - - - - - domain - - - )
-
-
- -
Summary
-

-Read world-readable named pipes. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_world_readable_sockets( - - - - - domain - - - )
-
-
- -
Summary
-

-Read world-readable sockets. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_read_world_readable_symlinks( - - - - - domain - - - )
-
-
- -
Summary
-

-Read world-readable symbolic links. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_relabel_all_files( - - - - - domain - - - - , - - - - [ - - exception_types - - ] - - - )
-
-
- -
Summary
-

-Relabel all files on the filesystem, except -the listed exceptions. -

- - -
Parameters
- - - - - - - -
Parameter:Description:Optional:
-domain - - -The type of the domain perfoming this action. - - -No -
-exception_types - - -The types to be excluded. Each type or attribute -must be negated by the caller. - - -yes -
-
-
- - -
- - -
- -files_relabelto_all_file_type_fs( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_relabelto_usr_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Relabel a file to the type used in /usr. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_rw_etc_files( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_rw_etc_runtime_files( - - - - - domain - - - )
-
-
- -
Summary
-

-Read and write files in /etc that are dynamically -created on boot, such as mtab. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_rw_generic_pids( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_rw_isid_type_blk_node( - - - - - domain - - - )
-
-
- -
Summary
-

-Read and write block device nodes on new filesystems -that have not yet been labeled. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_rw_isid_type_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Read and write directories on new filesystems -that have not yet been labeled. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_rw_locks_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Add and remove entries in the /var/lock -directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_search_all( - - - - - domain - - - )
-
-
- -
Summary
-

-Search all directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_search_all_dirs( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_search_default( - - - - - domain - - - )
-
-
- -
Summary
-

-Search the contents of directories with the default file type. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_search_etc( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_search_home( - - - - - domain - - - )
-
-
- -
Summary
-

-Search home directories root (/home). -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_search_locks( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_search_mnt( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_search_pids( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_search_spool( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_search_tmp( - - - - - domain - - - )
-
-
- -
Summary
-

-Search the tmp directory (/tmp). -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_search_usr( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_search_var( - - - - - domain - - - )
-
-
- -
Summary
-

-Search the contents of /var. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_search_var_lib( - - - - - domain - - - )
-
-
- -
Summary
-

-Search the /var/lib directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_security_file( - - - - - file_type - - - )
-
-
- -
Summary
-

-Make the specified type a file that -should not be dontaudited from -browsing from user domains. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-file_type - - -Type of the file to be used as a -member directory. - - -No -
-
-
- - -
- - -
- -files_setattr_all_tmp_dirs( - - - - - domain - - - )
-
-
- -
Summary
-

-Set the attributes of all tmp directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -files_setattr_etc_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Set the attributes of the /etc directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_tmp_file( - - - - - file_type - - - )
-
-
- -
Summary
-

-Make the specified type a file -used for temporary files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-file_type - - -Type of the file to be used as a -temporary file. - - -No -
-
-
- - -
- - -
- -files_tmpfs_file( - - - - - type - - - )
-
-
- -
Summary
-

-Transform the type into a file, for use on a -virtual memory filesystem (tmpfs). -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-type - - -The type to be transformed. - - -No -
-
-
- - -
- - -
- -files_type( - - - - - type - - - )
-
-
- -
Summary
-

-Make the specified type usable for files -in a filesystem. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-type - - -Type to be used for files. - - -No -
-
-
- - -
- - -
- -files_unconfined( - - - - - domain - - - )
-
-
- -
Summary
-

-Unconfined access to files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -files_unmount_all_file_type_fs( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -files_unmount_rootfs( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -Return - - - - -
- - diff --git a/www/api-docs/system_fstools.html b/www/api-docs/system_fstools.html index 89b7e2d..fcf6588 100644 --- a/www/api-docs/system_fstools.html +++ b/www/api-docs/system_fstools.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
diff --git a/www/api-docs/system_getty.html b/www/api-docs/system_getty.html index e1ff804..3db5f53 100644 --- a/www/api-docs/system_getty.html +++ b/www/api-docs/system_getty.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
diff --git a/www/api-docs/system_hostname.html b/www/api-docs/system_hostname.html index 254a954..986c052 100644 --- a/www/api-docs/system_hostname.html +++ b/www/api-docs/system_hostname.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
diff --git a/www/api-docs/system_hotplug.html b/www/api-docs/system_hotplug.html index 19b6540..b07fb79 100644 --- a/www/api-docs/system_hotplug.html +++ b/www/api-docs/system_hotplug.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
diff --git a/www/api-docs/system_init.html b/www/api-docs/system_init.html index e2753aa..28bd1f5 100644 --- a/www/api-docs/system_init.html +++ b/www/api-docs/system_init.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -143,6 +134,89 @@

Interfaces:

+ +
+ + +
+ +init_create_script_tmp( + + + + + domain + + + + , + + + + file_type + + + + , + + + + [ + + object_class + + ] + + + )
+
+
+ +
Summary
+

+Create files in a init script +temporary data directory. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+file_type + + +The type of the object to be created + + +No +
+object_class + + +The object class. If not specified, file is used. + + +yes +
+
+
+
@@ -204,6 +278,49 @@ No
+ +
+ + +
+ +init_dbus_chat_script( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive messages from +init scripts over dbus. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -612,7 +729,7 @@ No - ? + domain )
@@ -621,7 +738,8 @@ No
Summary

-Summary is missing! +Do not audit attempts to read and +write the init script pty.

@@ -630,10 +748,10 @@ Summary is missing! Parameter:Description:Optional: -? +domain -Parameter descriptions are missing! +Domain to not audit. No @@ -895,6 +1013,90 @@ No
+ +
+ + +
+ +init_getattr_script_entry_file( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attribute of init script entrypoint files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +init_getattr_script_pids( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of init script process id files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -1012,7 +1214,7 @@ Read init scripts. domain -The type of the process performing this action. +Domain allowed access. No @@ -1096,7 +1298,7 @@ Read the process state (/proc/pid) of the init scripts. domain -The type of the process performing this action. +Domain allowed access. No @@ -1163,7 +1365,7 @@ style, and do not require run_init. domain -The type of the process performing this action. +Domain allowed access. No @@ -1267,7 +1469,7 @@ Read and write init script unnamed pipes. domain -The type of the process performing this action. +Domain allowed access. No @@ -1309,7 +1511,7 @@ Read and write init script temporary data. domain -The type of the process performing this action. +Domain allowed access. No @@ -1361,13 +1563,13 @@ No
- +
-init_signull( +init_sigchld_script( @@ -1381,7 +1583,7 @@ No
Summary

-Send init a null signal. +Send SIGCHLD signals to init scripts.

@@ -1403,13 +1605,13 @@ No
- +
-init_system_domain( +init_signal_script( @@ -1417,12 +1619,46 @@ No domain - - , + )
+
+
+ +
Summary
+

+Send generic signals to init scripts. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +init_signull( + - entry_point + domain )
@@ -1431,8 +1667,7 @@ No
Summary

-Create a domain for short running processes -which can be started by init scripts. +Send init a null signal.

@@ -1444,17 +1679,49 @@ which can be started by init scripts. domain -Type to be used as a domain. +Domain allowed access. No + +
+
+ + +
+ + +
+ +init_signull_script( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send null signals to init scripts. +

+ + +
Parameters
+ + + + + + +
Parameter:Description:Optional:
-entry_point +domain -Type of the program to be used as an entry point to this domain. +Domain allowed access. No @@ -1464,13 +1731,13 @@ No - +
-init_udp_sendto( +init_system_domain( @@ -1478,13 +1745,22 @@ No domain + + , + + + + entry_point + + )
Summary

-Send UDP network traffic to init. +Create a domain for short running processes +which can be started by init scripts.

@@ -1496,7 +1772,17 @@ Send UDP network traffic to init. domain
-The type of the process performing this action. +Type to be used as a domain. + + +No +
+entry_point + + +Type of the program to be used as an entry point to this domain. No @@ -1506,13 +1792,13 @@ No - +
-init_udp_sendto_script( +init_udp_sendto( @@ -1526,7 +1812,7 @@ No
Summary

-Send UDP network traffic to init scripts. +Send UDP network traffic to init.

@@ -1538,7 +1824,7 @@ Send UDP network traffic to init scripts. domain
-The type of the process performing this action. +Domain allowed access. No @@ -1548,13 +1834,13 @@ No - +
-init_unix_connect_script( +init_udp_sendto_script( @@ -1568,8 +1854,7 @@ No
Summary

-Allow the specified domain to connect to -init scripts with a unix domain stream socket. +Send UDP network traffic to init scripts.

@@ -1803,7 +2088,7 @@ the administrator terminal. domain
-The type of the process performing this action. +Domain allowed access. No @@ -1855,6 +2140,48 @@ No + +
+ + +
+ +init_write_script_pipe( + + + + + domain + + + )
+
+
+ +
Summary
+

+Write an init script unnamed pipe. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ Return diff --git a/www/api-docs/system_ipsec.html b/www/api-docs/system_ipsec.html index c2e783e..2b72ca4 100644 --- a/www/api-docs/system_ipsec.html +++ b/www/api-docs/system_ipsec.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
diff --git a/www/api-docs/system_iptables.html b/www/api-docs/system_iptables.html index 122ef72..c06158e 100644 --- a/www/api-docs/system_iptables.html +++ b/www/api-docs/system_iptables.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
diff --git a/www/api-docs/system_libraries.html b/www/api-docs/system_libraries.html index 83150d7..4240751 100644 --- a/www/api-docs/system_libraries.html +++ b/www/api-docs/system_libraries.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -646,6 +637,49 @@ No + +
+ + +
+ +libs_use_lib( + + + + + domain + + + )
+
+
+ +
Summary
+

+Load and execute functions from generic +lib files as shared libraries. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
diff --git a/www/api-docs/system_locallogin.html b/www/api-docs/system_locallogin.html index 858f2d7..36811c3 100644 --- a/www/api-docs/system_locallogin.html +++ b/www/api-docs/system_locallogin.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
diff --git a/www/api-docs/system_logging.html b/www/api-docs/system_logging.html index 77f1e5c..fb90882 100644 --- a/www/api-docs/system_logging.html +++ b/www/api-docs/system_logging.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -227,6 +218,48 @@ No
+ +
+ + +
+ +logging_domtrans_auditctl( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute auditctl in the auditctl domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
diff --git a/www/api-docs/system_lvm.html b/www/api-docs/system_lvm.html index e04dfe3..305a7db 100644 --- a/www/api-docs/system_lvm.html +++ b/www/api-docs/system_lvm.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
diff --git a/www/api-docs/system_miscfiles.html b/www/api-docs/system_miscfiles.html index 17e6d2e..7606e11 100644 --- a/www/api-docs/system_miscfiles.html +++ b/www/api-docs/system_miscfiles.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -185,6 +176,48 @@ No
+ +
+ + +
+ +miscfiles_dontaudit_search_man_pages( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to search man pages. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+
@@ -269,6 +302,48 @@ No
+ +
+ + +
+ +miscfiles_manage_fonts( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete fonts. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
diff --git a/www/api-docs/system_modutils.html b/www/api-docs/system_modutils.html index 44d0e72..1311505 100644 --- a/www/api-docs/system_modutils.html +++ b/www/api-docs/system_modutils.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -227,6 +218,48 @@ No
+ +
+ + +
+ +modutils_domtrans_insmod_uncond( + + + + + domain + + + )
+
+
+ +
Summary
+

+Unconditionally execute insmod in the insmod domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
diff --git a/www/api-docs/system_mount.html b/www/api-docs/system_mount.html index 68abe9c..8e81b44 100644 --- a/www/api-docs/system_mount.html +++ b/www/api-docs/system_mount.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
diff --git a/www/api-docs/system_pcmcia.html b/www/api-docs/system_pcmcia.html index a555aa3..84ae1f4 100644 --- a/www/api-docs/system_pcmcia.html +++ b/www/api-docs/system_pcmcia.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -434,6 +425,52 @@ No
+ +
+ + +
+ +pcmcia_stub( + + + + + [ + + domain + + ] + + + )
+
+
+ +
Summary
+

+PCMCIA stub interface. No access allowed. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +N/A + + +yes +
+
+
+
diff --git a/www/api-docs/system_raid.html b/www/api-docs/system_raid.html index cceeaa7..fd92e07 100644 --- a/www/api-docs/system_raid.html +++ b/www/api-docs/system_raid.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
diff --git a/www/api-docs/system_selinuxutil.html b/www/api-docs/system_selinuxutil.html index af6d10d..40781ae 100644 --- a/www/api-docs/system_selinuxutil.html +++ b/www/api-docs/system_selinuxutil.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
diff --git a/www/api-docs/system_sysnetwork.html b/www/api-docs/system_sysnetwork.html index 36727ab..a3379d9 100644 --- a/www/api-docs/system_sysnetwork.html +++ b/www/api-docs/system_sysnetwork.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -280,6 +271,49 @@ yes
+ +
+ + +
+ +sysnet_dbus_chat_dhcpc( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive messages from +dhcpc over dbus. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -448,6 +482,48 @@ No
+ +
+ + +
+ +sysnet_dontaudit_read_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read network config files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain to not audit. + + +No +
+
+
+
diff --git a/www/api-docs/system_udev.html b/www/api-docs/system_udev.html index 58b3003..cc9f68a 100644 --- a/www/api-docs/system_udev.html +++ b/www/api-docs/system_udev.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -271,6 +262,48 @@ No
+ +
+ + +
+ +udev_helper_domtrans( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute a udev helper in the udev domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +The type of the process performing this action. + + +No +
+
+
+
diff --git a/www/api-docs/system_unconfined.html b/www/api-docs/system_unconfined.html index d3bdf9e..15013f1 100644 --- a/www/api-docs/system_unconfined.html +++ b/www/api-docs/system_unconfined.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -146,6 +137,102 @@

Interfaces:

+ +
+ + +
+ +unconfined_alias_domain( + + + + + domain + + + )
+
+
+ +
Summary
+

+Add an alias type to the unconfined domain. +

+ + +
Description
+

+

+Add an alias type to the unconfined domain. +

+

+This is added to support targeted policy. Its +use should be limited. It has no effect +on the strict policy. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +New alias of the unconfined domain. + + +No +
+
+
+ + +
+ + +
+ +unconfined_dbus_send( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send messages to the unconfined domain over dbus. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -188,6 +275,48 @@ No
+ +
+ + +
+ +unconfined_dontaudit_read_pipe( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read unconfined domain unnamed pipes. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
@@ -243,13 +372,13 @@ No
- +
-unconfined_role( +unconfined_read_pipe( @@ -263,7 +392,7 @@ No
Summary

-Add the unconfined domain to the specified role. +Read unconfined domain unnamed pipes.

@@ -489,6 +618,48 @@ No
+ +
+ + +
+ +unconfined_signal( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send generic signals to the unconfined domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+
diff --git a/www/api-docs/system_userdomain.html b/www/api-docs/system_userdomain.html index 3ec650f..7b07959 100644 --- a/www/api-docs/system_userdomain.html +++ b/www/api-docs/system_userdomain.html @@ -43,15 +43,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -146,13 +137,13 @@

Interfaces:

- +
-userdom_create_user_home( +userdom_create_generic_user_home( @@ -212,13 +203,13 @@ yes
- +
-userdom_create_user_home_dir( +userdom_create_generic_user_home_dir( @@ -255,13 +246,13 @@ No
- +
-userdom_dontaudit_list_sysadm_home_dir( +userdom_create_sysadm_home( @@ -269,14 +260,26 @@ No domain + + , + + + + [ + + object_class + + ] + + )
Summary

-Do not audit attempts to list the sysadm -users home directory. +Create objects in sysadm home directories +with automatic file type transition.

@@ -288,23 +291,34 @@ users home directory. domain
-Domain to not audit. +Domain allowed access. No
+object_class + + +The class of the object to be created. +If not specified, file is used. + + +yes +
- +
-userdom_dontaudit_search_all_users_home( +userdom_dbus_send_all_users( @@ -318,7 +332,7 @@ No
Summary

-Do not audit attempts to search all users home directories. +Send a dbus message to all user domains.

@@ -330,7 +344,7 @@ Do not audit attempts to search all users home directories. domain -Domain to not audit. +Domain allowed access. No @@ -340,13 +354,13 @@ No
- +
-userdom_dontaudit_search_staff_home_dir( +userdom_dontaudit_getattr_sysadm_home_dir( @@ -360,8 +374,9 @@ No
Summary

-Do not audit attempts to search the staff -users home directory. +Do not audit attempts to get the +attributes of the sysadm users +home directory.

@@ -383,13 +398,13 @@ No
- +
-userdom_dontaudit_search_sysadm_home_dir( +userdom_dontaudit_getattr_sysadm_tty( @@ -403,7 +418,50 @@ No
Summary

-Do not audit attempts to search the sysadm +Do not audit attepts to get the attributes +of sysadm ttys. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_dontaudit_list_sysadm_home_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to list the sysadm users home directory.

@@ -426,13 +484,13 @@ No
- +
-userdom_dontaudit_search_user_home_dirs( +userdom_dontaudit_search_all_users_home( @@ -446,7 +504,7 @@ No
Summary

-Don't audit search on the user home subdirectory. +Do not audit attempts to search all users home directories.

@@ -458,7 +516,7 @@ Don't audit search on the user home subdirectory. domain -Domain allowed access. +Domain to not audit. No @@ -468,13 +526,13 @@ No
- +
-userdom_dontaudit_use_all_user_fd( +userdom_dontaudit_search_staff_home_dir( @@ -488,8 +546,8 @@ No
Summary

-Do not audit attempts to inherit the file -descriptors from any user domains. +Do not audit attempts to search the staff +users home directory.

@@ -511,13 +569,13 @@ No
- +
-userdom_dontaudit_use_sysadm_pty( +userdom_dontaudit_search_sysadm_home_dir( @@ -531,7 +589,8 @@ No
Summary

-Dont audit attempts to read and write sysadm ptys. +Do not audit attempts to search the sysadm +users home directory.

@@ -553,13 +612,13 @@ No
- +
-userdom_dontaudit_use_sysadm_terms( +userdom_dontaudit_search_user_home_dirs( @@ -573,7 +632,7 @@ No
Summary

-Do not audit attempts to use sysadm ttys and ptys. +Don't audit search on the user home subdirectory.

@@ -585,7 +644,7 @@ Do not audit attempts to use sysadm ttys and ptys. domain -Domain to not audit. +Domain allowed access. No @@ -595,13 +654,13 @@ No
- +
-userdom_dontaudit_use_sysadm_tty( +userdom_dontaudit_use_all_user_fd( @@ -615,7 +674,8 @@ No
Summary

-Do not audit attempts to use sysadm ttys. +Do not audit attempts to inherit the file +descriptors from any user domains.

@@ -637,13 +697,13 @@ No
- +
-userdom_dontaudit_use_unpriv_user_fd( +userdom_dontaudit_use_sysadm_pty( @@ -657,8 +717,7 @@ No
Summary

-Do not audit attempts to inherit the -file descriptors from all user domains. +Dont audit attempts to read and write sysadm ptys.

@@ -670,7 +729,7 @@ file descriptors from all user domains. domain -The type of the process performing this action. +Domain to not audit. No @@ -680,13 +739,13 @@ No
- +
-userdom_dontaudit_use_unpriv_user_tty( +userdom_dontaudit_use_sysadm_terms( @@ -700,8 +759,7 @@ No
Summary

-Do not audit attempts to use unprivileged -user ttys. +Do not audit attempts to use sysadm ttys and ptys.

@@ -713,7 +771,7 @@ user ttys. domain -The type of the process performing this action. +Domain to not audit. No @@ -723,13 +781,13 @@ No
- +
-userdom_getattr_sysadm_home_dir( +userdom_dontaudit_use_sysadm_tty( @@ -743,8 +801,7 @@ No
Summary

-Get the attributes of the sysadm users -home directory. +Do not audit attempts to use sysadm ttys.

@@ -766,13 +823,13 @@ No
- +
-userdom_manage_all_user_dirs( +userdom_dontaudit_use_unpriv_user_fd( @@ -786,8 +843,8 @@ No
Summary

-Create, read, write, and delete all directories -in all users home directories. +Do not audit attempts to inherit the +file descriptors from all user domains.

@@ -799,7 +856,7 @@ in all users home directories. domain -The type of the process performing this action. +Domain allowed access. No @@ -809,13 +866,13 @@ No
- +
-userdom_manage_all_user_files( +userdom_dontaudit_use_unpriv_user_pty( @@ -829,8 +886,8 @@ No
Summary

-Create, read, write, and delete all files -in all users home directories. +Do not audit attempts to use unprivileged +user ptys.

@@ -842,7 +899,7 @@ in all users home directories. domain -The type of the process performing this action. +Domain to not audit. No @@ -852,13 +909,13 @@ No
- +
-userdom_manage_all_user_symlinks( +userdom_dontaudit_use_unpriv_user_tty( @@ -872,8 +929,8 @@ No
Summary

-Create, read, write, and delete all symlinks -in all users home directories. +Do not audit attempts to use unprivileged +user ttys.

@@ -885,7 +942,7 @@ in all users home directories. domain -The type of the process performing this action. +Domain allowed access. No @@ -895,13 +952,13 @@ No
- +
-userdom_manage_user_home_dir( +userdom_getattr_all_userdomains( @@ -915,8 +972,7 @@ No
Summary

-Create, read, write, and delete -generic user home directories. +Get the attributes of all user domains.

@@ -938,13 +994,13 @@ No
- +
-userdom_manage_user_home_dirs( +userdom_getattr_sysadm_home_dir( @@ -958,9 +1014,8 @@ No
Summary

-Create, read, write, and delete -subdirectories of generic user -home directories. +Get the attributes of the sysadm users +home directory.

@@ -982,13 +1037,13 @@ No
- +
-userdom_manage_user_home_files( +userdom_list_sysadm_home_dir( @@ -1002,8 +1057,7 @@ No
Summary

-Create, read, write, and delete files -in generic user home directories. +List the sysadm users home directory.

@@ -1025,13 +1079,13 @@ No
- +
-userdom_manage_user_home_pipes( +userdom_list_unpriv_user_tmp( @@ -1045,8 +1099,7 @@ No
Summary

-Create, read, write, and delete named -pipes in generic user home directories. +Read all unprivileged users temporary directories.

@@ -1068,13 +1121,13 @@ No
- +
-userdom_manage_user_home_sockets( +userdom_manage_all_user_dirs( @@ -1088,8 +1141,8 @@ No
Summary

-Create, read, write, and delete named -sockets in generic user home directories. +Create, read, write, and delete all directories +in all users home directories.

@@ -1111,13 +1164,13 @@ No
- +
-userdom_manage_user_home_symlinks( +userdom_manage_all_user_files( @@ -1131,8 +1184,8 @@ No
Summary

-Create, read, write, and delete symbolic -links in generic user home directories. +Create, read, write, and delete all files +in all users home directories.

@@ -1154,13 +1207,13 @@ No
- +
-userdom_read_all_user_files( +userdom_manage_all_user_symlinks( @@ -1174,7 +1227,8 @@ No
Summary

-Read all files in all users home directories. +Create, read, write, and delete all symlinks +in all users home directories.

@@ -1186,7 +1240,7 @@ Read all files in all users home directories. domain -The type of the process performing this action. +Domain allowed access. No @@ -1196,13 +1250,13 @@ No
- +
-userdom_read_staff_home_files( +userdom_manage_generic_user_home_dir( @@ -1216,7 +1270,8 @@ No
Summary

-Read files in the staff users home directory. +Create, read, write, and delete +generic user home directories.

@@ -1228,7 +1283,7 @@ Read files in the staff users home directory. domain -The type of the process performing this action. +Domain allowed access. No @@ -1238,13 +1293,13 @@ No
- +
-userdom_read_sysadm_home_files( +userdom_manage_generic_user_home_dirs( @@ -1258,7 +1313,9 @@ No
Summary

-Read files in the sysadm users home directory. +Create, read, write, and delete +subdirectories of generic user +home directories.

@@ -1270,7 +1327,7 @@ Read files in the sysadm users home directory. domain -The type of the process performing this action. +Domain allowed access. No @@ -1280,13 +1337,13 @@ No
- +
-userdom_read_unpriv_user_home_files( +userdom_manage_generic_user_home_files( @@ -1300,8 +1357,8 @@ No
Summary

-Read all unprivileged users home directory -files. +Create, read, write, and delete files +in generic user home directories.

@@ -1323,13 +1380,617 @@ No
- + +
+ + +
+ +userdom_manage_generic_user_home_pipes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete named +pipes in generic user home directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_manage_generic_user_home_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete named +sockets in generic user home directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_manage_generic_user_home_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete symbolic +links in generic user home directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_priveleged_home_dir_manager( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make the specified domain a privileged +home directory manager. +

+ + +
Description
+

+

+Make the specified domain a privileged +home directory manager. This domain will be +able to manage the contents of all users +general home directory content, and create +files with the correct context. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_read_all_user_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read all files in all users home directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_read_all_userdomains_state( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read the process state of all user domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_read_staff_home_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read files in the staff users home directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_read_sysadm_home_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read files in the sysadm users home directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_read_unpriv_user_home_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read all unprivileged users home directory +files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_read_unpriv_user_tmp_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read all unprivileged users temporary files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_read_unpriv_user_tmp_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read all unprivileged users temporary symbolic links. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_rw_sysadm_pipe( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write sysadm user unnamed pipes. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_search_all_users_home( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search all users home directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_search_generic_user_home_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search generic user home directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. + + +No +
+
+
+ +
-userdom_rw_sysadm_pipe( +userdom_search_staff_home_dir( @@ -1343,7 +2004,7 @@ No
Summary

-Read and write sysadm user unnamed pipes. +Search the staff users home directory.

@@ -1355,7 +2016,7 @@ Read and write sysadm user unnamed pipes. domain -The type of the process performing this action. +Domain to not audit. No @@ -1365,13 +2026,13 @@ No
- +
-userdom_search_all_users_home( +userdom_search_sysadm_home_dir( @@ -1385,7 +2046,7 @@ No
Summary

-Search all users home directories. +Search the sysadm users home directory.

@@ -1397,7 +2058,7 @@ Search all users home directories. domain -The type of the process performing this action. +Domain to not audit. No @@ -1407,13 +2068,13 @@ No
- +
-userdom_search_staff_home_dir( +userdom_search_sysadm_home_subdirs( @@ -1427,7 +2088,7 @@ No
Summary

-Search the staff users home directory. +Search the sysadm users home sub directories.

@@ -1449,13 +2110,13 @@ No
- +
-userdom_search_sysadm_home_dir( +userdom_search_unpriv_user_home_dirs( @@ -1469,7 +2130,7 @@ No
Summary

-Search the sysadm users home directory. +Search all unprivileged users home directories.

@@ -1481,7 +2142,7 @@ Search the sysadm users home directory. domain -Domain to not audit. +Domain allowed access. No @@ -1491,13 +2152,13 @@ No
- +
-userdom_search_unpriv_user_home_dirs( +userdom_setattr_unpriv_user_pty( @@ -1511,7 +2172,7 @@ No
Summary

-Search all unprivileged users home directories. +Set the attributes of user ptys.

@@ -1565,7 +2226,7 @@ Execute a shell in the sysadm domain. domain -The type of the process performing this action. +Domain allowed access. No @@ -1575,13 +2236,13 @@ No
- +
-userdom_sigchld_sysadm( +userdom_sigchld_all_users( @@ -1595,7 +2256,7 @@ No
Summary

-Send a SIGCHLD signal to sysadm users. +Send a SIGCHLD signal to all user domains.

@@ -1607,7 +2268,7 @@ Send a SIGCHLD signal to sysadm users. domain -The type of the process performing this action. +Domain allowed access. No @@ -1617,13 +2278,13 @@ No
- +
-userdom_sigcld_all_users( +userdom_sigchld_sysadm( @@ -1637,7 +2298,7 @@ No
Summary

-Send a SIGCHLD signal to all user domains. +Send a SIGCHLD signal to sysadm users.

@@ -1691,7 +2352,7 @@ Send general signals to all user domains. domain -The type of the process performing this action. +Domain allowed access. No @@ -1733,7 +2394,7 @@ Send general signals to unprivileged user domains. domain -The type of the process performing this action. +Domain allowed access. No @@ -1777,7 +2438,7 @@ caller to use setexeccon(). domain -The type of the process performing this action. +Domain allowed access. No @@ -1821,7 +2482,7 @@ caller to use setexeccon(). domain -The type of the process performing this action. +Domain allowed access. No @@ -1905,7 +2566,7 @@ Inherit the file descriptors from all user domains domain -The type of the process performing this action. +Domain allowed access. No @@ -1947,7 +2608,7 @@ Inherit and use sysadm file descriptors domain -The type of the process performing this action. +Domain allowed access. No @@ -1989,7 +2650,7 @@ Read and write sysadm ptys. domain -The type of the process performing this action. +Domain allowed access. No @@ -2031,7 +2692,7 @@ Read and write sysadm ttys and ptys. domain -The type of the process performing this action. +Domain allowed access. No @@ -2073,7 +2734,49 @@ Read and write sysadm ttys. domain -The type of the process performing this action. +Domain allowed access. + + +No + + + +
+
+ + +
+ + +
+ +userdom_use_unpriv_user_pty( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write unprivileged user ptys. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + + +Domain allowed access. No @@ -2115,7 +2818,7 @@ Inherit the file descriptors from unprivileged user domains. domain -The type of the process performing this action. +Domain allowed access. No @@ -2157,7 +2860,7 @@ Write all unprivileged users files in /tmp domain -The type of the process performing this action. +Domain allowed access. No @@ -2384,6 +3087,18 @@ No ] + + , + + + + [ + + private_type + + ] + + )
@@ -2425,7 +3140,7 @@ No domain
-The type of the process performing this action. +Domain allowed access. No @@ -2442,6 +3157,18 @@ specified, file is used. yes
+private_type + + +The type of the object to create. If this is +not specified, the regular home directory +type is used. + + +yes +
@@ -2508,7 +3235,82 @@ No domain -The type of the process performing this action. +Domain allowed access. + + +No + + + +
+
+ + +
+ + +
+ +userdom_home_file( + + + + + userdomain_prefix + + + + , + + + + type + + + )
+
+
+ +
Summary
+

+Make the specified type usable in a +user home directory. +

+ + +
Description
+

+

+Make the specified type usable in a +user home directory. +

+

+This is a templated interface, and should only +be called from a per-userdomain template. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + + +The prefix of the user domain (e.g., user +is the prefix for user_t). + + +No +
+type + + +Type to be used as a file in the +user home directory. No @@ -2582,7 +3384,7 @@ No domain -The type of the process performing this action. +Domain allowed access. No @@ -2656,7 +3458,7 @@ No domain -The type of the process performing this action. +Domain allowed access. No @@ -2730,7 +3532,7 @@ No domain -The type of the process performing this action. +Domain allowed access. No @@ -2804,7 +3606,81 @@ No domain -The type of the process performing this action. +Domain allowed access. + + +No +
+
+
+ + +
+ + +
+ +userdom_manage_user_home_subdirs( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+
+ +
Summary
+

+Create, read, write, and delete symbolic links +in a user home subdirectory. +

+ + +
Description
+

+

+Create, read, write, and delete symbolic links +in a user home subdirectory. +

+

+This is a templated interface, and should only +be called from a per-userdomain template. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+userdomain_prefix + + +The prefix of the user domain (e.g., user +is the prefix for user_t). + + +No +
+domain + + +Domain allowed access. No @@ -2878,7 +3754,7 @@ No domain -The type of the process performing this action. +Domain allowed access. No @@ -2952,7 +3828,7 @@ No domain -The type of the process performing this action. +Domain allowed access. No @@ -3026,7 +3902,7 @@ No domain -The type of the process performing this action. +Domain allowed access. No @@ -3100,7 +3976,7 @@ No domain -The type of the process performing this action. +Domain allowed access. No @@ -3174,7 +4050,7 @@ No domain -The type of the process performing this action. +Domain allowed access. No @@ -3246,7 +4122,7 @@ No domain -The type of the process performing this action. +Domain allowed access. No @@ -3318,7 +4194,7 @@ No domain -The type of the process performing this action. +Domain allowed access. No @@ -3390,7 +4266,7 @@ No domain -The type of the process performing this action. +Domain allowed access. No diff --git a/www/api-docs/templates.html b/www/api-docs/templates.html index 4a5a514..35a8a0f 100644 --- a/www/api-docs/templates.html +++ b/www/api-docs/templates.html @@ -16,6 +16,9 @@    -  acct
+    -  + amanda
+    -  anaconda
@@ -88,12 +91,21 @@    -  bootloader
+    -  + corecommands
+    -  corenetwork
   -  devices
+    -  + domain
+ +    -  + files
+    -  filesystem
@@ -127,12 +139,18 @@    -  arpwatch
+    -  + avahi
+    -  bind
   -  bluetooth
+    -  + canna
+    -  comsat
@@ -142,9 +160,18 @@    -  cron
+    -  + cups
+    -  cvs
+    -  + cyrus
+ +    -  + dbskk
+    -  dbus
@@ -154,6 +181,12 @@    -  dictd
+    -  + distcc
+ +    -  + dovecot
+    -  finger
@@ -169,12 +202,18 @@    -  howl
+    -  + i18n_input
+    -  inetd
   -  inn
+    -  + irqbalance
+    -  kerberos
@@ -184,6 +223,9 @@    -  ldap
+    -  + lpd
+    -  mailman
@@ -193,6 +235,9 @@    -  mysql
+    -  + networkmanager
+    -  nis
@@ -202,9 +247,15 @@    -  ntp
+    -  + pegasus
+    -  portmap
+    -  + postfix
+    -  postgresql
@@ -214,15 +265,27 @@    -  privoxy
+    -  + procmail
+ +    -  + radius
+    -  radvd
+    -  + rdisc
+    -  remotelogin
   -  rlogin
+    -  + rpc
+    -  rshd
@@ -241,6 +304,9 @@    -  snmp
+    -  + spamassassin
+    -  squid
@@ -259,9 +325,18 @@    -  tftp
+    -  + timidity
+    -  uucp
+    -  + xdm
+ +    -  + xfs
+    -  zebra
@@ -277,15 +352,6 @@    -  clock
-    -  - corecommands
- -    -  - domain
- -    -  - files
-    -  fstools
@@ -712,10 +778,10 @@ the system DBUS.
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_auto_trans( @@ -738,10 +804,10 @@ Summary is missing!
-Module: +Module: domain

-Layer: -system

+Layer: +kernel

domain_trans( @@ -764,6 +830,32 @@ Summary is missing!
+Module: +ftp

+Layer: +services

+

+ +ftp_per_userdomain_template( + + + + + userdomain_prefix + + + )
+
+ +
+

+The per user domain template for the ftp module. +

+
+ +
+ +
+Module: +mta

+Layer: +services

+

+ +mta_admin_template( + + + + + userdomain_prefix + + + + , + + + + user_domain + + + )
+
+ +
+

+Provide extra permissions for admin users +mail domain. +

+
+ +
+ +
+Module: +mta

+Layer: +services

+

+ +mta_base_mail_template( + + + + + domain_prefix + + + )
+
+ +
+

+Basic mail transfer agent domain template. +

+
+ +
+ +
+Module: +postfix

+Layer: +services

+

+ +postfix_domain_template( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
+Module: +postfix

+Layer: +services

+

+ +postfix_per_userdomain_template( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
+Module: +postfix

+Layer: +services

+

+ +postfix_public_domain_template( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
+Module: +postfix

+Layer: +services

+

+ +postfix_server_domain_template( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
+Module: +postfix

+Layer: +services

+

+ +postfix_user_domain_template( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
+Module: +rpc

+Layer: +services

+

+ +rpc_domain_template( + + + + + userdomain_prefix + + + )
+
+ +
+

+The template to define a rpc domain. +

+
+ +
+ +
+Module: +spamassassin

+Layer: +services

+

+ +spamassassin_per_userdomain_template( + + + + + userdomain_prefix + + + + , + + + + user_domain + + + + , + + + + user_role + + + )
+
+ +
+

+The per user domain template for the spamassassin module. +

+
+ +
+ +
+Module: +su

+Layer: +admin

+

+ +su_restricted_domain_template( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
Module: sudo

Layer: @@ -1138,6 +1515,18 @@ system

] + + , + + + + [ + + private_type + + ] + + )

@@ -1184,6 +1573,41 @@ Execute user home files.
+Module: +userdomain

+Layer: +system

+

+ +userdom_home_file( + + + + + userdomain_prefix + + + + , + + + + type + + + )
+
+ +
+

+Make the specified type usable in a +user home directory. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_manage_user_home_subdirs( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+ +
+

+Create, read, write, and delete symbolic links +in a user home subdirectory. +

+
+ +
+ +
Module: userdomain

Layer: