From af3dd8da28a6650cfb84a2bf2b5f0c89a59da4bd Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mar 07 2006 14:35:03 +0000 Subject: update api docs --- diff --git a/www/api-docs/admin.html b/www/api-docs/admin.html index 6c9412c..aa379ca 100644 --- a/www/api-docs/admin.html +++ b/www/api-docs/admin.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -160,6 +172,16 @@

Policy for the Anaconda installer.

+ + bootloader +

Policy for the kernel modules, kernel image, and bootloader.

+ + + + certwatch +

Digital Certificate Tracking

+ + consoletype

@@ -205,11 +227,24 @@ after installation of Red Hat/Fedora systems.

System log analyzer and reporter

+ + mrtg +

Network traffic graphing

+ + netutils

Network analysis utilities

+ + portage +

+Portage Package Management System. The primary package management and +distribution system for Gentoo. +

+ + prelink

Prelink ELF shared library mappings.

diff --git a/www/api-docs/admin_acct.html b/www/api-docs/admin_acct.html index f24e86d..fb672e8 100644 --- a/www/api-docs/admin_acct.html +++ b/www/api-docs/admin_acct.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Transition to the accounting management domain. domain - +

Domain allowed access. - +

No @@ -213,9 +225,9 @@ Execute accounting management tools in the caller domain. domain - +

The type of the process performing this action. - +

No @@ -255,9 +267,9 @@ Execute accounting management data in the caller domain. domain - +

The type of the process performing this action. - +

No @@ -297,9 +309,9 @@ Create, read, write, and delete process accounting data. domain - +

The type of the process performing this action. - +

No diff --git a/www/api-docs/admin_alsa.html b/www/api-docs/admin_alsa.html index adc1e6f..5186dd9 100644 --- a/www/api-docs/admin_alsa.html +++ b/www/api-docs/admin_alsa.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Domain transition to alsa domain - +

Domain allowed access. - +

No @@ -213,9 +225,9 @@ Allow read and write access to alsa semaphores. domain - +

Domain allowed access. - +

No @@ -255,9 +267,9 @@ Allow read and write access to alsa shared memory. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/admin_amanda.html b/www/api-docs/admin_amanda.html index a5add6d..f34c1ac 100644 --- a/www/api-docs/admin_amanda.html +++ b/www/api-docs/admin_amanda.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -140,6 +152,48 @@

Interfaces:

+ +
+ + +
+ +amanda_append_log_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow read/writing amanda logs +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain to allow +

+		 +No +
+
+
+
@@ -171,9 +225,9 @@ Execute amrecover in the amanda_recover domain. domain - +

The type of the process performing this action. - +

No @@ -213,9 +267,9 @@ Do not audit attempts to read /etc/dumpdates. domain - +

Domain to not audit. - +

No @@ -272,9 +326,9 @@ allow the specified role the amanda_recover domain. domain - +

The type of the process performing this action. - +

No @@ -282,9 +336,9 @@ No role - +

The role to be allowed the amanda_recover domain. - +

No @@ -292,9 +346,51 @@ No terminal - +

The type of the terminal allow the amanda_recover domain to use. +

+ +No + + +
+ + + +
+ + +
+ +amanda_rw_dumpdates_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow read/writing /etc/dumpdates. +

+ + +
Parameters
+ + + + @@ -334,9 +430,9 @@ Search amanda library directories. diff --git a/www/api-docs/admin_anaconda.html b/www/api-docs/admin_anaconda.html index 202a711..b4b09ac 100644 --- a/www/api-docs/admin_anaconda.html +++ b/www/api-docs/admin_anaconda.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
diff --git a/www/api-docs/admin_bootloader.html b/www/api-docs/admin_bootloader.html new file mode 100644 index 0000000..71e6d53 --- /dev/null +++ b/www/api-docs/admin_bootloader.html @@ -0,0 +1,455 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: admin

+

Module: bootloader

+ +

Description:

+ +

Policy for the kernel modules, kernel image, and bootloader.

+ + + + +

Interfaces:

+ + +
+ + +
+ +bootloader_create_runtime_file( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write the bootloader +temporary data in /tmp. +

+ + +
Parameters
+
Parameter:Description:Optional:
+domain + +

+Domain to allow +

 No
domain - +

The type of the process performing this action. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +bootloader_domtrans( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute bootloader in the bootloader domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +bootloader_read_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read the bootloader configuration file. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +bootloader_run( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+
+ +
Summary
+

+Execute bootloader interactively and do +a domain transition to the bootloader domain. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+role + +

+The role to be allowed the bootloader domain. +

+		 +No +
+terminal + +

+The type of the terminal allow the bootloader domain to use. +

+		 +No +
+
+
+ + +
+ + +
+ +bootloader_rw_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write the bootloader +configuration file. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +bootloader_rw_tmp_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write the bootloader +temporary data in /tmp. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +Return + + + + + + + diff --git a/www/api-docs/admin_certwatch.html b/www/api-docs/admin_certwatch.html new file mode 100644 index 0000000..40a926a --- /dev/null +++ b/www/api-docs/admin_certwatch.html @@ -0,0 +1,286 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: admin

+

Module: certwatch

+ +

Description:

+ +

Digital Certificate Tracking

+ + + + +

Interfaces:

+ + +
+ + +
+ +certwatach_run( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+
+ +
Summary
+

+Execute certwatch in the certwatch domain, and +allow the specified role the certwatch domain, +and use the caller's terminal. Has a sigchld +backchannel. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+role + +

+The role to be allowed the certwatch domain. +

+		 +No +
+terminal + +

+The type of the terminal allow the certwatch domain to use. +

+		 +No +
+
+
+ + +
+ + +
+ +certwatch_domtrans( + + + + + domain + + + )
+
+
+ +
Summary
+

+Domain transition to certwatch. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/admin_consoletype.html b/www/api-docs/admin_consoletype.html index 748c4d9..80f8336 100644 --- a/www/api-docs/admin_consoletype.html +++ b/www/api-docs/admin_consoletype.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -173,9 +185,9 @@ Execute consoletype in the consoletype domain. domain - +

The type of the process performing this action. - +

No @@ -215,9 +227,88 @@ Execute consoletype in the caller domain. domain +

+The type of the process performing this action. +

+ +No + + + + + + + +
+ +
+ +consoletype_run( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+
+ +
Summary
+

+Execute consoletype in the consoletype domain, and +allow the specified role the consoletype domain. +

+ + +
Parameters
+ + + + + + + diff --git a/www/api-docs/admin_ddcprobe.html b/www/api-docs/admin_ddcprobe.html index 4ba8ed2..e840957 100644 --- a/www/api-docs/admin_ddcprobe.html +++ b/www/api-docs/admin_ddcprobe.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Execute ddcprobe in the ddcprobe domain. @@ -230,9 +242,9 @@ allow the specified role the ddcprobe domain. @@ -240,9 +252,9 @@ No @@ -250,9 +262,9 @@ No diff --git a/www/api-docs/admin_dmesg.html b/www/api-docs/admin_dmesg.html index 2c4daf2..0a75d29 100644 --- a/www/api-docs/admin_dmesg.html +++ b/www/api-docs/admin_dmesg.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Execute dmesg in the dmesg domain. @@ -213,9 +225,9 @@ Execute dmesg in the caller domain. diff --git a/www/api-docs/admin_dmidecode.html b/www/api-docs/admin_dmidecode.html index c4f0eb2..3fde90e 100644 --- a/www/api-docs/admin_dmidecode.html +++ b/www/api-docs/admin_dmidecode.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Execute dmidecode in the dmidecode domain. @@ -230,9 +242,9 @@ allow the specified role the dmidecode domain. @@ -240,9 +252,9 @@ No @@ -250,9 +262,9 @@ No diff --git a/www/api-docs/admin_firstboot.html b/www/api-docs/admin_firstboot.html index 1d82ab9..4325fc0 100644 --- a/www/api-docs/admin_firstboot.html +++ b/www/api-docs/admin_firstboot.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -174,9 +186,9 @@ Execute firstboot in the firstboot domain. @@ -185,13 +197,13 @@ No - +
-firstboot_dontaudit_use_fd( +firstboot_dontaudit_use_fds( @@ -217,9 +229,9 @@ file descriptor from firstboot.
@@ -276,9 +288,9 @@ allow the specified role the firstboot domain. @@ -286,9 +298,9 @@ No @@ -296,9 +308,9 @@ No @@ -307,13 +319,13 @@ No - +
-firstboot_use_fd( +firstboot_use_fds( @@ -338,9 +350,9 @@ Inherit and use a file descriptor from firstboot.
@@ -349,13 +361,13 @@ No - +
-firstboot_write_pipe( +firstboot_write_pipes( @@ -380,9 +392,9 @@ Write to a firstboot unnamed pipe.
diff --git a/www/api-docs/admin_kudzu.html b/www/api-docs/admin_kudzu.html index c0196a0..87e965f 100644 --- a/www/api-docs/admin_kudzu.html +++ b/www/api-docs/admin_kudzu.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Execute kudzu in the kudzu domain. @@ -182,13 +194,13 @@ No - +
-kudzu_getattr_exec_file( +kudzu_getattr_exec_files( @@ -213,9 +225,9 @@ Get attributes of kudzu executable.
@@ -272,9 +284,9 @@ allow the specified role the kudzu domain. @@ -282,9 +294,9 @@ No @@ -292,9 +304,9 @@ No diff --git a/www/api-docs/admin_logrotate.html b/www/api-docs/admin_logrotate.html index 15e7fb4..594e028 100644 --- a/www/api-docs/admin_logrotate.html +++ b/www/api-docs/admin_logrotate.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Execute logrotate in the logrotate domain. @@ -182,13 +194,13 @@ No - +
-logrotate_dontaudit_use_fd( +logrotate_dontaudit_use_fds( @@ -213,9 +225,9 @@ Do not audit attempts to inherit logrotate file descriptors.
@@ -255,9 +267,9 @@ Execute logrotate in the caller domain. @@ -297,9 +309,9 @@ Read a logrotate temporary files. @@ -356,9 +368,9 @@ allow the specified role the logrotate domain. @@ -366,9 +378,9 @@ No @@ -376,9 +388,9 @@ No @@ -387,13 +399,13 @@ No - +
-logrotate_use_fd( +logrotate_use_fds( @@ -418,9 +430,9 @@ Inherit and use logrotate file descriptors.
diff --git a/www/api-docs/admin_logwatch.html b/www/api-docs/admin_logwatch.html index 5ea9a2a..6653d84 100644 --- a/www/api-docs/admin_logwatch.html +++ b/www/api-docs/admin_logwatch.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Read logwatch temporary files. diff --git a/www/api-docs/admin_mrtg.html b/www/api-docs/admin_mrtg.html new file mode 100644 index 0000000..5b6e4df --- /dev/null +++ b/www/api-docs/admin_mrtg.html @@ -0,0 +1,205 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: admin

+

Module: mrtg

+ +

Description:

+ +

Network traffic graphing

+ + + + +

Interfaces:

+ + +
+ + +
+ +mrtg_append_create_logs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create and append mrtg logs. +

+ + +
Parameters
+
Parameter:Description:Optional:
+domain + +

The type of the process performing this action. +

+		 +No +
+role + +

+The role to be allowed the consoletype domain. +

+		 +No +
+terminal + +

+The type of the terminal allow the consoletype domain to use. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

Role to be authenticated for ddcprobe domain. - +

 No
terminal - +

The type of the terminal allow the clock domain to use. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the dmidecode domain. - +

 No
terminal - +

The type of the terminal allow the dmidecode domain to use. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the firstboot domain. - +

 No
terminal - +

The type of the terminal allow the firstboot domain to use. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the kudzu domain. - +

 No
terminal - +

The type of the terminal allow the kudzu domain to use. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process to not audit. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process to not audit. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the logrotate domain. - +

 No
terminal - +

The type of the terminal allow the logrotate domain to use. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +Return + + + + + + + diff --git a/www/api-docs/admin_netutils.html b/www/api-docs/admin_netutils.html index 23f7ef1..6aaf727 100644 --- a/www/api-docs/admin_netutils.html +++ b/www/api-docs/admin_netutils.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Execute network utilities in the netutils domain. domain - +

The type of the process performing this action. - +

No @@ -213,9 +225,9 @@ Execute ping in the ping domain. domain - +

The type of the process performing this action. - +

No @@ -255,9 +267,9 @@ Execute traceroute in the traceroute domain. domain - +

The type of the process performing this action. - +

No @@ -297,9 +309,9 @@ Execute network utilities in the caller domain. domain - +

The type of the process performing this action. - +

No @@ -339,9 +351,9 @@ Execute ping in the caller domain. domain - +

The type of the process performing this action. - +

No @@ -381,9 +393,9 @@ Execute traceroute in the caller domain. domain - +

The type of the process performing this action. - +

No @@ -440,9 +452,9 @@ allow the specified role the netutils domain. domain - +

The type of the process performing this action. - +

No @@ -450,9 +462,9 @@ No role - +

The role to be allowed the netutils domain. - +

No @@ -460,9 +472,9 @@ No terminal - +

The type of the terminal allow the netutils domain to use. - +

No @@ -519,9 +531,9 @@ allow the specified role the ping domain. domain - +

The type of the process performing this action. - +

No @@ -529,9 +541,9 @@ No role - +

The role to be allowed the ping domain. - +

No @@ -539,9 +551,9 @@ No terminal - +

The type of the terminal allow the ping domain to use. - +

No @@ -598,9 +610,9 @@ allow the specified role the ping domain. domain - +

The type of the process performing this action. - +

No @@ -608,9 +620,9 @@ No role - +

The role to be allowed the ping domain. - +

No @@ -618,9 +630,9 @@ No terminal - +

The type of the terminal allow the ping domain to use. - +

No @@ -677,9 +689,9 @@ allow the specified role the traceroute domain. domain - +

The type of the process performing this action. - +

No @@ -687,9 +699,9 @@ No role - +

The role to be allowed the traceroute domain. - +

No @@ -697,9 +709,9 @@ No terminal - +

The type of the terminal allow the traceroute domain to use. - +

No @@ -756,9 +768,9 @@ allow the specified role the traceroute domain. domain - +

The type of the process performing this action. - +

No @@ -766,9 +778,9 @@ No role - +

The role to be allowed the traceroute domain. - +

No @@ -776,9 +788,9 @@ No terminal - +

The type of the terminal allow the traceroute domain to use. - +

No diff --git a/www/api-docs/admin_portage.html b/www/api-docs/admin_portage.html new file mode 100644 index 0000000..f2be3fc --- /dev/null +++ b/www/api-docs/admin_portage.html @@ -0,0 +1,346 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: admin

+

Module: portage

+ +Interfaces +Templates + +

Description:

+ +

+Portage Package Management System. The primary package management and +distribution system for Gentoo. +

+ + + + +

Interfaces:

+ + +
+ + +
+ +portage_domtrans( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute emerge in the portage domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +portage_run( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+
+ +
Summary
+

+Execute emerge in the portage domain, and +allow the specified role the portage domain. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+role + +

+The role to allow the portage domain. +

+		 +No +
+terminal + +

+The type of the terminal allow for portage to use. +

+		 +No +
+
+
+ + +Return + + + +

Templates:

+ + +
+ + +
+ +portage_compile_domain_template( + + + + + prefix + + + )
+
+
+ +
Summary
+

+Template for portage sandbox. +

+ + +
Description
+

+

+Template for portage sandbox. Portage +does all compiling in the sandbox. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+prefix + +

+Name to be used to derive types. +

+		 +No +
+
+
+ + +Return + + + +
+ + diff --git a/www/api-docs/admin_prelink.html b/www/api-docs/admin_prelink.html index 9369b7b..049b94b 100644 --- a/www/api-docs/admin_prelink.html +++ b/www/api-docs/admin_prelink.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Delete the prelink cache. file_type - +

Domain allowed access. - +

No @@ -213,9 +225,9 @@ Execute the prelink program in the prelink domain. domain - +

Domain allowed access. - +

No @@ -256,9 +268,9 @@ prelink log files. file_type - +

Domain allowed access. - +

No @@ -298,9 +310,9 @@ Make the specified file type prelinkable. file_type - +

File type to be prelinked. - +

No @@ -340,9 +352,9 @@ Read the prelink cache. file_type - +

Domain allowed access. - +

No diff --git a/www/api-docs/admin_quota.html b/www/api-docs/admin_quota.html index 9f24f67..bca2147 100644 --- a/www/api-docs/admin_quota.html +++ b/www/api-docs/admin_quota.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Execute quota management tools in the quota domain. domain - +

The type of the process performing this action. - +

No @@ -214,9 +226,9 @@ of filesystem quota data files. domain - +

Domain to not audit. - +

No @@ -256,9 +268,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -315,9 +327,9 @@ allow the specified role the quota domain. domain - +

The type of the process performing this action. - +

No @@ -325,9 +337,9 @@ No role - +

The role to be allowed the quota domain. - +

No @@ -335,9 +347,9 @@ No terminal - +

The type of the terminal allow the quota domain to use. - +

No diff --git a/www/api-docs/admin_readahead.html b/www/api-docs/admin_readahead.html index e0e751f..1a64d7e 100644 --- a/www/api-docs/admin_readahead.html +++ b/www/api-docs/admin_readahead.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
diff --git a/www/api-docs/admin_rpm.html b/www/api-docs/admin_rpm.html index 0901580..dc6aef0 100644 --- a/www/api-docs/admin_rpm.html +++ b/www/api-docs/admin_rpm.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,51 @@ Execute rpm programs in the rpm domain. domain - +

The type of the process performing this action. +

+ +No + + + + + + + +
+ + +
+ +rpm_domtrans_script( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute rpm_script programs in the rpm_script domain. +

+ + +
Parameters
+ + + @@ -214,9 +268,9 @@ write, and delete the RPM package database. @@ -256,9 +310,9 @@ Create, read, write, and delete the RPM package database. @@ -298,9 +352,9 @@ Create, read, write, and delete the RPM log. @@ -340,9 +394,9 @@ Read the RPM package database. @@ -351,13 +405,13 @@ No - +
-rpm_read_pipe( +rpm_read_pipes( @@ -382,9 +436,9 @@ Read from an unnamed RPM pipe.
@@ -440,9 +494,9 @@ Execute RPM programs in the RPM domain. @@ -450,9 +504,9 @@ No @@ -460,9 +514,9 @@ No @@ -471,13 +525,13 @@ No - +
-rpm_rw_pipe( +rpm_rw_pipes( @@ -502,51 +556,9 @@ Read and write an unnamed RPM pipe.
- -
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain to not audit. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to allow the RPM domain. - +

 No
terminal - +

The type of the terminal allow the RPM domain to use. - +

 No
domain - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -rpm_script_domtrans( - - - - - domain - - - )
-
-
- -
Summary

-Execute rpm_script programs in the rpm_script domain. +The type of the process performing this action.

- - -
Parameters
- - - - @@ -555,13 +567,13 @@ No - +
-rpm_use_fd( +rpm_use_fds( @@ -586,9 +598,9 @@ Inherit and use file descriptors from RPM.
@@ -597,13 +609,13 @@ No - +
-rpm_use_script_fd( +rpm_use_script_fds( @@ -628,9 +640,9 @@ Inherit and use file descriptors from RPM scripts.
diff --git a/www/api-docs/admin_su.html b/www/api-docs/admin_su.html index 93c3a61..df68f53 100644 --- a/www/api-docs/admin_su.html +++ b/www/api-docs/admin_su.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -174,9 +186,9 @@ Execute su in the caller domain. @@ -253,10 +265,10 @@ by policy writers. @@ -264,9 +276,9 @@ No @@ -274,9 +286,9 @@ No @@ -316,9 +328,9 @@ Summary is missing! diff --git a/www/api-docs/admin_sudo.html b/www/api-docs/admin_sudo.html index 1aebe36..83cc6a0 100644 --- a/www/api-docs/admin_sudo.html +++ b/www/api-docs/admin_sudo.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -202,10 +214,10 @@ by policy writers. @@ -213,9 +225,9 @@ No @@ -223,9 +235,9 @@ No diff --git a/www/api-docs/admin_tmpreaper.html b/www/api-docs/admin_tmpreaper.html index f54460a..7e1e14a 100644 --- a/www/api-docs/admin_tmpreaper.html +++ b/www/api-docs/admin_tmpreaper.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Execute tmpreaper in the caller domain. diff --git a/www/api-docs/admin_updfstab.html b/www/api-docs/admin_updfstab.html index 51c67f4..f145cae 100644 --- a/www/api-docs/admin_updfstab.html +++ b/www/api-docs/admin_updfstab.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Execute updfstab in the updfstab domain. diff --git a/www/api-docs/admin_usbmodules.html b/www/api-docs/admin_usbmodules.html index bc12979..aa50e58 100644 --- a/www/api-docs/admin_usbmodules.html +++ b/www/api-docs/admin_usbmodules.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Execute usbmodules in the usbmodules domain. @@ -231,9 +243,9 @@ and use the caller's terminal. @@ -241,9 +253,9 @@ No @@ -251,9 +263,9 @@ No diff --git a/www/api-docs/admin_usermanage.html b/www/api-docs/admin_usermanage.html index 35249de..3a51f04 100644 --- a/www/api-docs/admin_usermanage.html +++ b/www/api-docs/admin_usermanage.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -172,9 +184,9 @@ the admin passwd domain. @@ -214,9 +226,9 @@ Execute chfn in the chfn domain. @@ -256,9 +268,9 @@ Execute groupadd in the groupadd domain. @@ -298,9 +310,9 @@ Execute passwd in the passwd domain. @@ -340,9 +352,9 @@ Execute useradd in the useradd domain. @@ -382,9 +394,9 @@ Read the crack database. @@ -442,9 +454,9 @@ the admin passwd domain. @@ -452,9 +464,9 @@ No @@ -462,9 +474,9 @@ No @@ -521,9 +533,9 @@ allow the specified role the chfn domain. @@ -531,9 +543,9 @@ No @@ -541,9 +553,9 @@ No @@ -600,9 +612,9 @@ allow the specified role the groupadd domain. @@ -610,9 +622,9 @@ No @@ -620,9 +632,9 @@ No @@ -679,9 +691,9 @@ allow the specified role the passwd domain. @@ -689,9 +701,9 @@ No @@ -699,9 +711,9 @@ No @@ -758,9 +770,9 @@ allow the specified role the useradd domain. @@ -768,9 +780,9 @@ No @@ -778,9 +790,9 @@ No diff --git a/www/api-docs/admin_vbetool.html b/www/api-docs/admin_vbetool.html index a17a807..9b2d2a0 100644 --- a/www/api-docs/admin_vbetool.html +++ b/www/api-docs/admin_vbetool.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -151,12 +163,8 @@ - [ - domain - ] - )
@@ -175,11 +183,11 @@ Execute vbetool application in the vbetool domain.
Parameter:Description:Optional:
-domain - - -Domain allowed access. - No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

 No
user_domain - +

The type of the user domain. - +

 No
user_role - +

The role associated with the user domain. - +

 No
? - +

Parameter descriptions are missing! - +

 No
userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

 No
user_domain - +

The type of the user domain. - +

 No
user_role - +

The role associated with the user domain. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the usbmodules domain. - +

 No
terminal - +

The type of the terminal allow the usbmodules domain to use. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the admin passwd domain. - +

 No
terminal - +

The type of the terminal allow the admin passwd domain to use. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the chfn domain. - +

 No
terminal - +

The type of the terminal allow the chfn domain to use. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the groupadd domain. - +

 No
terminal - +

The type of the terminal allow the groupadd domain to use. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the passwd domain. - +

 No
terminal - +

The type of the terminal allow the passwd domain to use. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the useradd domain. - +

 No
terminal - +

The type of the terminal allow the useradd domain to use. - +

 No
domain - +

N/A - +

 -yes +Yes
diff --git a/www/api-docs/admin_vpn.html b/www/api-docs/admin_vpn.html index 0083db7..2f36b57 100644 --- a/www/api-docs/admin_vpn.html +++ b/www/api-docs/admin_vpn.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -171,9 +183,9 @@ Execute VPN clients in the vpnc domain. domain - +

Domain allowed access. - +

No @@ -230,9 +242,9 @@ allow the specified role the vpnc domain. domain - +

Domain allowed access. - +

No @@ -240,9 +252,9 @@ No role - +

The role to be allowed the vpnc domain. - +

No @@ -250,9 +262,9 @@ No terminal - +

The type of the terminal allow the vpnc domain to use. - +

No @@ -292,9 +304,9 @@ Send generic signals to VPN clients. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/apps.html b/www/api-docs/apps.html index 161195b..c32f33b 100644 --- a/www/api-docs/apps.html +++ b/www/api-docs/apps.html @@ -37,15 +37,33 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+
+  @@ -123,6 +141,11 @@

device locking policy for lockdev

+ + mono +

Run .NET server and client applications on Linux.

+ + screen

GNU terminal multiplexer

@@ -133,10 +156,35 @@

Update database for mlocate

+ + tvtime +

tvtime - a high quality television application

+ + + + uml +

Policy for UML

+ + + + userhelper +

SELinux utility to run a shell with a new role

+ + + + usernetctl +

User network interface configuration helper

+ + webalizer

Web server log analysis

+ + + wine +

Wine Is Not an Emulator. Run Windows programs in Linux.

+ diff --git a/www/api-docs/apps_cdrecord.html b/www/api-docs/apps_cdrecord.html index de446cb..47dc647 100644 --- a/www/api-docs/apps_cdrecord.html +++ b/www/api-docs/apps_cdrecord.html @@ -37,15 +37,33 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+
+  @@ -153,10 +171,10 @@ by policy writers. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -164,9 +182,9 @@ No user_domain - +

The type of the user domain. - +

No @@ -174,9 +192,9 @@ No user_role - +

The role associated with the user domain. - +

No diff --git a/www/api-docs/apps_gpg.html b/www/api-docs/apps_gpg.html index 2f17bce..41451b3 100644 --- a/www/api-docs/apps_gpg.html +++ b/www/api-docs/apps_gpg.html @@ -37,15 +37,33 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+ +  @@ -112,7 +130,7 @@ - userdomain_prefix + userdomain @@ -120,7 +138,7 @@ - domain + role )
@@ -155,31 +173,30 @@ by policy writers. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No -userdomain_prefix +userdomain - -The prefix of the user domain (e.g., user -is the prefix for user_t). - +

+The user domain. +

No -domain +role - -The type of the process performing this action. - +

+The role associated with the user. +

No diff --git a/www/api-docs/apps_irc.html b/www/api-docs/apps_irc.html index a3f5cbf..ef61848 100644 --- a/www/api-docs/apps_irc.html +++ b/www/api-docs/apps_irc.html @@ -37,15 +37,33 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+ +  @@ -153,10 +171,10 @@ by policy writers. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -164,9 +182,9 @@ No user_domain - +

The type of the user domain. - +

No @@ -174,9 +192,9 @@ No user_role - +

The role associated with the user domain. - +

No diff --git a/www/api-docs/apps_java.html b/www/api-docs/apps_java.html index b9a8e77..812977d 100644 --- a/www/api-docs/apps_java.html +++ b/www/api-docs/apps_java.html @@ -37,15 +37,33 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+ +  @@ -83,12 +101,63 @@

Layer: apps

Module: java

+Interfaces +Templates +

Description:

Java virtual machine

+ +

Interfaces:

+ + +
+ + +
+ +java_domtrans( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute the java program in the java domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +Return +

Templates:

@@ -153,10 +222,10 @@ by policy writers. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -164,9 +233,9 @@ No user_domain - +

The type of the user domain. - +

No @@ -174,9 +243,9 @@ No user_role - +

The role associated with the user domain. - +

No diff --git a/www/api-docs/apps_loadkeys.html b/www/api-docs/apps_loadkeys.html index 5dbab61..bceba0a 100644 --- a/www/api-docs/apps_loadkeys.html +++ b/www/api-docs/apps_loadkeys.html @@ -37,15 +37,33 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+ +  @@ -123,9 +141,9 @@ Execute the loadkeys program in the loadkeys domain. domain - +

The type of the process performing this action. - +

No @@ -165,9 +183,9 @@ Execute the loadkeys program in the caller domain. domain - +

The type of the process performing this action. - +

No @@ -223,9 +241,9 @@ Execute the loadkeys program in the loadkeys domain. domain - +

The type of the process performing this action. - +

No @@ -233,9 +251,9 @@ No role - +

The role to allow the loadkeys domain. - +

No @@ -243,9 +261,9 @@ No terminal - +

The type of the terminal allow the loadkeys domain to use. - +

No diff --git a/www/api-docs/apps_lockdev.html b/www/api-docs/apps_lockdev.html index 4b9dd81..f478a02 100644 --- a/www/api-docs/apps_lockdev.html +++ b/www/api-docs/apps_lockdev.html @@ -37,15 +37,33 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+ +  @@ -154,10 +172,10 @@ by policy writers. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -165,9 +183,9 @@ No user_domain - +

The type of the user domain. - +

No @@ -175,9 +193,9 @@ No user_role - +

The role associated with the user domain. - +

No diff --git a/www/api-docs/apps_mono.html b/www/api-docs/apps_mono.html new file mode 100644 index 0000000..76c3f14 --- /dev/null +++ b/www/api-docs/apps_mono.html @@ -0,0 +1,163 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: apps

+

Module: mono

+ +

Description:

+ +

Run .NET server and client applications on Linux.

+ + + + +

Interfaces:

+ + +
+ + +
+ +mono_domtrans( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute the mono program in the mono domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/apps_screen.html b/www/api-docs/apps_screen.html index c7ab2d6..45011af 100644 --- a/www/api-docs/apps_screen.html +++ b/www/api-docs/apps_screen.html @@ -37,15 +37,33 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+ +  @@ -153,10 +171,10 @@ by policy writers. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -164,9 +182,9 @@ No user_domain - +

The type of the user domain. - +

No @@ -174,9 +192,9 @@ No user_role - +

The role associated with the user domain. - +

No diff --git a/www/api-docs/apps_slocate.html b/www/api-docs/apps_slocate.html index 0dcf640..af3a5c5 100644 --- a/www/api-docs/apps_slocate.html +++ b/www/api-docs/apps_slocate.html @@ -37,15 +37,33 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+ +  @@ -123,9 +141,9 @@ Create the locate log with append mode. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/apps_tvtime.html b/www/api-docs/apps_tvtime.html new file mode 100644 index 0000000..73d6f70 --- /dev/null +++ b/www/api-docs/apps_tvtime.html @@ -0,0 +1,213 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: apps

+

Module: tvtime

+ +

Description:

+ +

tvtime - a high quality television application

+ + + + + +

Templates:

+ + +
+ + +
+ +tvtime_per_userdomain_template( + + + + + userdomain_prefix + + + + , + + + + user_domain + + + + , + + + + user_role + + + )
+
+
+ +
Summary
+

+The per user domain template for the tvtime module. +

+ + +
Description
+

+

+This template creates a derived domains which are used +for tvtime. +

+

+This template is invoked automatically for each user, and +generally does not need to be invoked directly +by policy writers. +

+

+ +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+user_domain + +

+The type of the user domain. +

+		 +No +
+user_role + +

+The role associated with the user domain. +

+		 +No +
+
+
+ + +Return + + + +
+ + diff --git a/www/api-docs/apps_uml.html b/www/api-docs/apps_uml.html new file mode 100644 index 0000000..580f4f5 --- /dev/null +++ b/www/api-docs/apps_uml.html @@ -0,0 +1,306 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: apps

+

Module: uml

+ +Interfaces +Templates + +

Description:

+ +

Policy for UML

+ + + + +

Interfaces:

+ + +
+ + +
+ +uml_manage_util_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Manage uml utility files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +uml_setattr_util_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Set attributes on uml utility socket files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +Return + + + +

Templates:

+ + +
+ + +
+ +uml_per_userdomain_template( + + + + + userdomain_prefix + + + + , + + + + user_domain + + + + , + + + + user_role + + + )
+
+
+ +
Summary
+

+The per user domain template for the uml module. +

+ + +
Description
+

+

+This template creates a derived domains which are used +for uml program. +

+

+This template is invoked automatically for each user, and +generally does not need to be invoked directly +by policy writers. +

+

+ +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+user_domain + +

+The type of the user domain. +

+		 +No +
+user_role + +

+The role associated with the user domain. +

+		 +No +
+
+
+ + +Return + + + +
+ + diff --git a/www/api-docs/apps_userhelper.html b/www/api-docs/apps_userhelper.html new file mode 100644 index 0000000..b7ba201 --- /dev/null +++ b/www/api-docs/apps_userhelper.html @@ -0,0 +1,307 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: apps

+

Module: userhelper

+ +Interfaces +Templates + +

Description:

+ +

SELinux utility to run a shell with a new role

+ + + + +

Interfaces:

+ + +
+ + +
+ +userhelper_dontaudit_search_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to search +the userhelper configuration directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain to not audit. +

+		 +No +
+
+
+ + +
+ + +
+ +userhelper_search_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search the userhelper configuration directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +Return + + + +

Templates:

+ + +
+ + +
+ +userhelper_per_userdomain_template( + + + + + userdomain_prefix + + + + , + + + + user_domain + + + + , + + + + user_role + + + )
+
+
+ +
Summary
+

+The per user domain template for the userhelper module. +

+ + +
Description
+

+

+This template creates a derived domains which are used +for userhelper. +

+

+This template is invoked automatically for each user, and +generally does not need to be invoked directly +by policy writers. +

+

+ +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+user_domain + +

+The type of the user domain. +

+		 +No +
+user_role + +

+The role associated with the user domain. +

+		 +No +
+
+
+ + +Return + + + +
+ + diff --git a/www/api-docs/apps_usernetctl.html b/www/api-docs/apps_usernetctl.html new file mode 100644 index 0000000..9f5fd8a --- /dev/null +++ b/www/api-docs/apps_usernetctl.html @@ -0,0 +1,242 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: apps

+

Module: usernetctl

+ +

Description:

+ +

User network interface configuration helper

+ + + + +

Interfaces:

+ + +
+ + +
+ +usernetctl_domtrans( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute usernetctl in the usernetctl domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +usernetctl_run( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+
+ +
Summary
+

+Execute usernetctl in the usernetctl domain, and +allow the specified role the usernetctl domain. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+role + +

+The role to be allowed the usernetctl domain. +

+		 +No +
+terminal + +

+The type of the terminal allow the usernetctl domain to use. +

+		 +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/apps_webalizer.html b/www/api-docs/apps_webalizer.html index af33a67..b0ccde3 100644 --- a/www/api-docs/apps_webalizer.html +++ b/www/api-docs/apps_webalizer.html @@ -37,15 +37,33 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+ +  @@ -123,9 +141,9 @@ Execute webalizer in the webalizer domain. domain - +

The type of the process performing this action. - +

No @@ -182,9 +200,9 @@ allow the specified role the webalizer domain. domain - +

The type of the process performing this action. - +

No @@ -192,9 +210,9 @@ No role - +

The role to be allowed the webalizer domain. - +

No @@ -202,9 +220,9 @@ No terminal - +

The type of the terminal allow the webalizer domain to use. - +

No diff --git a/www/api-docs/apps_wine.html b/www/api-docs/apps_wine.html new file mode 100644 index 0000000..0157947 --- /dev/null +++ b/www/api-docs/apps_wine.html @@ -0,0 +1,163 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: apps

+

Module: wine

+ +

Description:

+ +

Wine Is Not an Emulator. Run Windows programs in Linux.

+ + + + +

Interfaces:

+ + +
+ + +
+ +wine_domtrans( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute the wine program in the wine domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/global_booleans.html b/www/api-docs/global_booleans.html index 8aa51d2..b0e670a 100644 --- a/www/api-docs/global_booleans.html +++ b/www/api-docs/global_booleans.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -112,24 +124,39 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+ +  kernel
-    -  - bootloader
-    -  corecommands
@@ -151,6 +178,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -400,12 +430,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -512,8 +542,13 @@

false

Description
-

-Enabling secure mode disallows programs, such asnewrole, from transitioning to administrativeuser domains.

+

+

+Enabling secure mode disallows programs, such as +newrole, from transitioning to administrative +user domains. +

+

@@ -524,8 +559,11 @@ Enabling secure mode disallows programs, such asnewrole, from transitioning to a

false

Description
-

-Disable transitions to insmod.

+

+

+Disable transitions to insmod. +

+

@@ -536,8 +574,13 @@ Disable transitions to insmod.

false

Description
-

-boolean to determine whether the system permits loading policy, settingenforcing mode, and changing boolean values. Set this to true and youhave to reboot to set it back

+

+

+boolean to determine whether the system permits loading policy, setting +enforcing mode, and changing boolean values. Set this to true and you +have to reboot to set it back +

+

diff --git a/www/api-docs/global_tunables.html b/www/api-docs/global_tunables.html index c22677c..1bde781 100644 --- a/www/api-docs/global_tunables.html +++ b/www/api-docs/global_tunables.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -112,24 +124,39 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+ +  kernel
-    -  - bootloader
-    -  corecommands
@@ -151,6 +178,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -400,12 +430,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -512,8 +542,26 @@

false

Description
-

-Allow cvs daemon to read shadow

+

+

+Allow cvs daemon to read shadow +

+

+ +
+ +
+
allow_execheap
+
+
Default value
+

false

+ +
Description
+

+

+Allow making the heap executable. +

+

@@ -524,8 +572,12 @@ Allow cvs daemon to read shadow

false

Description
-

-Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.

+

+

+Allow making anonymous memory executable, e.g. +for runtime-code generation or executable stack. +

+

@@ -536,8 +588,12 @@ Allow making anonymous memory executable, e.g.for runtime-code generation or exe

false

Description
-

-Allow making a modified private filemapping executable (text relocation).

+

+

+Allow making a modified private file +mapping executable (text relocation). +

+

@@ -548,8 +604,12 @@ Allow making a modified private filemapping executable (text relocation).

false

Description
-

-Allow making the stack executable via mprotect.Also requires allow_execmem.

+

+

+Allow making the stack executable via mprotect. +Also requires allow_execmem. +

+

@@ -560,8 +620,12 @@ Allow making the stack executable via mprotect.Also requires allow_execmem.

<

false

Description
-

-Allow ftp servers to modify public filesused for public file transfer services.

+

+

+Allow ftp servers to modify public files +used for public file transfer services. +

+

@@ -572,8 +636,11 @@ Allow ftp servers to modify public filesused for public file transfer services.<

false

Description
-

-Allow gpg executable stack

+

+

+Allow gpg executable stack +

+

@@ -584,8 +651,11 @@ Allow gpg executable stack

true

Description
-

-Allow gssd to read temp directory.

+

+

+Allow gssd to read temp directory. +

+

@@ -596,8 +666,12 @@ Allow gssd to read temp directory.

false

Description
-

-Allow Apache to modify public filesused for public file transfer services.

+

+

+Allow Apache to modify public files +used for public file transfer services. +

+

@@ -608,8 +682,11 @@ Allow Apache to modify public filesused for public file transfer services.

false

Description
-

-Allow java executable stack

+

+

+Allow java executable stack +

+

@@ -620,8 +697,11 @@ Allow java executable stack

false

Description
-

-Allow system to run with kerberos

+

+

+Allow system to run with kerberos +

+

@@ -632,8 +712,11 @@ Allow system to run with kerberos

false

Description
-

-Allow sysadm to ptrace all processes

+

+

+Allow sysadm to ptrace all processes +

+

@@ -644,8 +727,12 @@ Allow sysadm to ptrace all processes

false

Description
-

-Allow rsync to modify public filesused for public file transfer services.

+

+

+Allow rsync to modify public files +used for public file transfer services. +

+

@@ -656,8 +743,11 @@ Allow rsync to modify public filesused for public file transfer services.

false

Description
-

-Allow sasl to read shadow

+

+

+Allow sasl to read shadow +

+

@@ -668,8 +758,12 @@ Allow sasl to read shadow

false

Description
-

-Allow samba to modify public filesused for public file transfer services.

+

+

+Allow samba to modify public files +used for public file transfer services. +

+

@@ -680,8 +774,11 @@ Allow samba to modify public filesused for public file transfer services.

false

Description
-

-allow host key based authentication

+

+

+allow host key based authentication +

+

@@ -692,8 +789,27 @@ allow host key based authentication

false

Description
-

-Allow users to connect to mysql

+

+

+Allow users to connect to mysql +

+

+ + + +
+
allow_write_xshm
+
+
Default value
+

false

+ +
Description
+

+

+Allows clients to write to the X server shared +memory segments. +

+

@@ -704,8 +820,11 @@ Allow users to connect to mysql

false

Description
-

-Allow system to run with NIS

+

+

+Allow system to run with NIS +

+

@@ -716,8 +835,13 @@ Allow system to run with NIS

false

Description
-

-Allow cdrecord to read various content.nfs, samba, removable devices, user tempand untrusted content files

+

+

+Allow cdrecord to read various content. +nfs, samba, removable devices, user temp +and untrusted content files +

+

@@ -728,8 +852,12 @@ Allow cdrecord to read various content.nfs, samba, removable devices, user tempa

false

Description
-

-Allow system cron jobs to relabel filesystemfor restoring file contexts.

+

+

+Allow system cron jobs to relabel filesystem +for restoring file contexts. +

+

@@ -740,8 +868,12 @@ Allow system cron jobs to relabel filesystemfor restoring file contexts.

false

Description
-

-Enable extra rules in the cron domainto support fcron.

+

+

+Enable extra rules in the cron domain +to support fcron. +

+

@@ -752,8 +884,11 @@ Enable extra rules in the cron domainto support fcron.

false

Description
-

-Allow ftp to read and write files in the user home directories

+

+

+Allow ftp to read and write files in the user home directories +

+

@@ -764,8 +899,11 @@ Allow ftp to read and write files in the user home directories

false

Description
-

-Allow ftpd to run directly without inetd

+

+

+Allow ftpd to run directly without inetd +

+

@@ -776,8 +914,11 @@ Allow ftpd to run directly without inetd

false

Description
-

-Allow httpd to use built in scripting (usually php)

+

+

+Allow httpd to use built in scripting (usually php) +

+

@@ -788,8 +929,11 @@ Allow httpd to use built in scripting (usually php)

false

Description
-

-Allow http daemon to tcp connect

+

+

+Allow http daemon to tcp connect +

+

@@ -800,8 +944,11 @@ Allow http daemon to tcp connect

false

Description
-

-allow httpd to connect to mysql/posgresql

+

+

+Allow httpd to connect to mysql/posgresql +

+

@@ -812,8 +959,11 @@ allow httpd to connect to mysql/posgresql

false

Description
-

-allow httpd to act as a relay

+

+

+Allow httpd to act as a relay +

+

@@ -824,8 +974,11 @@ allow httpd to act as a relay

false

Description
-

-Allow httpd cgi support

+

+

+Allow httpd cgi support +

+

@@ -836,8 +989,12 @@ Allow httpd cgi support

false

Description
-

-Allow httpd to act as a FTP server bylistening on the ftp port.

+

+

+Allow httpd to act as a FTP server by +listening on the ftp port. +

+

@@ -848,8 +1005,11 @@ Allow httpd to act as a FTP server bylistening on the ftp port.

false

Description
-

-Allow httpd to read home directories

+

+

+Allow httpd to read home directories +

+

@@ -860,8 +1020,11 @@ Allow httpd to read home directories

false

Description
-

-Run SSI execs in system CGI script domain.

+

+

+Run SSI execs in system CGI script domain. +

+

@@ -872,8 +1035,11 @@ Run SSI execs in system CGI script domain.

false

Description
-

-Allow http daemon to communicate with the TTY

+

+

+Allow http daemon to communicate with the TTY +

+

@@ -884,8 +1050,11 @@ Allow http daemon to communicate with the TTY

false

Description
-

-Run CGI in the main httpd domain

+

+

+Run CGI in the main httpd domain +

+

@@ -896,8 +1065,12 @@ Run CGI in the main httpd domain

false

Description
-

-Allow BIND to write the master zone files.Generally this is used for dynamic DNS.

+

+

+Allow BIND to write the master zone files. +Generally this is used for dynamic DNS. +

+

@@ -908,8 +1081,11 @@ Allow BIND to write the master zone files.Generally this is used for dynamic DNS

false

Description
-

-Allow nfs to be exported read only

+

+

+Allow nfs to be exported read only +

+

@@ -920,8 +1096,11 @@ Allow nfs to be exported read only

false

Description
-

-Allow nfs to be exported read/write.

+

+

+Allow nfs to be exported read/write. +

+

@@ -932,8 +1111,11 @@ Allow nfs to be exported read/write.

false

Description
-

-Allow pppd to load kernel modules for certain modems

+

+

+Allow pppd to load kernel modules for certain modems +

+

@@ -944,8 +1126,11 @@ Allow pppd to load kernel modules for certain modems

false

Description
-

-Allow pppd to be run for a regular user

+

+

+Allow pppd to be run for a regular user +

+

@@ -956,8 +1141,11 @@ Allow pppd to be run for a regular user

false

Description
-

-Allow reading of default_t files.

+

+

+Allow reading of default_t files. +

+

@@ -968,8 +1156,13 @@ Allow reading of default_t files.

false

Description
-

-Allow applications to read untrusted contentIf this is disallowed, Internet content hasto be manually relabeled for read access to be granted

+

+

+Allow applications to read untrusted content +If this is disallowed, Internet content has +to be manually relabeled for read access to be granted +

+

@@ -980,8 +1173,11 @@ Allow applications to read untrusted contentIf this is disallowed, Internet cont

false

Description
-

-Allow ssh to run from inetd instead of as a daemon.

+

+

+Allow ssh to run from inetd instead of as a daemon. +

+

@@ -992,8 +1188,11 @@ Allow ssh to run from inetd instead of as a daemon.

false

Description
-

-Allow samba to export user home directories.

+

+

+Allow samba to export user home directories. +

+

@@ -1004,8 +1203,11 @@ Allow samba to export user home directories.

false

Description
-

-Allow spamassassin to do DNS lookups

+

+

+Allow spamassassin to do DNS lookups +

+

@@ -1016,8 +1218,26 @@ Allow spamassassin to do DNS lookups

false

Description
-

-Allow user spamassassin clients to use the network.

+

+

+Allow user spamassassin clients to use the network. +

+

+ + + +
+
spamd_enable_home_dirs
+
+
Default value
+

true

+ +
Description
+

+

+Allow spammd to read/write user home directories. +

+

@@ -1028,8 +1248,12 @@ Allow user spamassassin clients to use the network.

false

Description
-

-Allow squid to connect to all ports, not justHTTP, FTP, and Gopher ports.

+

+

+Allow squid to connect to all ports, not just +HTTP, FTP, and Gopher ports. +

+

@@ -1040,8 +1264,11 @@ Allow squid to connect to all ports, not justHTTP, FTP, and Gopher ports.

false

Description
-

-Allow ssh logins as sysadm_r:sysadm_t

+

+

+Allow ssh logins as sysadm_r:sysadm_t +

+

@@ -1052,8 +1279,12 @@ Allow ssh logins as sysadm_r:sysadm_t

false

Description
-

-Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)

+

+

+Allow staff_r users to search the sysadm home +dir and read files (such as ~/.bashrc) +

+

@@ -1064,8 +1295,12 @@ Allow staff_r users to search the sysadm homedir and read files (such as ~/.bash

false

Description
-

-Configure stunnel to be a standalone daemon orinetd service.

+

+

+Configure stunnel to be a standalone daemon or +inetd service. +

+

@@ -1076,8 +1311,11 @@ Configure stunnel to be a standalone daemon orinetd service.

false

Description
-

-Support NFS home directories

+

+

+Support NFS home directories +

+

@@ -1088,8 +1326,11 @@ Support NFS home directories

false

Description
-

-Support SAMBA home directories

+

+

+Support SAMBA home directories +

+

@@ -1100,8 +1341,11 @@ Support SAMBA home directories

false

Description
-

-Allow regular users direct mouse access

+

+

+Allow regular users direct mouse access +

+

@@ -1112,8 +1356,11 @@ Allow regular users direct mouse access

false

Description
-

-Allow users to read system messages.

+

+

+Allow users to read system messages. +

+

@@ -1124,8 +1371,12 @@ Allow users to read system messages.

false

Description
-

-Allow users to control network interfaces(also needs USERCTL=true)

+

+

+Allow users to control network interfaces +(also needs USERCTL=true) +

+

@@ -1136,8 +1387,11 @@ Allow users to control network interfaces(also needs USERCTL=true)

false

Description
-

-Control users use of ping and traceroute

+

+

+Control users use of ping and traceroute +

+

@@ -1148,8 +1402,12 @@ Control users use of ping and traceroute

false

Description
-

-Allow user to r/w files on filesystemsthat do not have extended attributes (FAT, CDROM, FLOPPY)

+

+

+Allow user to r/w files on filesystems +that do not have extended attributes (FAT, CDROM, FLOPPY) +

+

@@ -1160,8 +1418,11 @@ Allow user to r/w files on filesystemsthat do not have extended attributes (FAT,

false

Description
-

-Allow users to rw usb devices

+

+

+Allow users to rw usb devices +

+

@@ -1172,8 +1433,13 @@ Allow users to rw usb devices

false

Description
-

-Allow users to run TCP servers (bind to ports and accept connection fromthe same domain and outside users) disabling this forces FTP passive modeand may change other protocols.

+

+

+Allow users to run TCP servers (bind to ports and accept connection from +the same domain and outside users) disabling this forces FTP passive mode +and may change other protocols. +

+

@@ -1184,8 +1450,11 @@ Allow users to run TCP servers (bind to ports and accept connection fromthe same

false

Description
-

-Allow w to display everyone

+

+

+Allow w to display everyone +

+

@@ -1196,8 +1465,28 @@ Allow w to display everyone

false

Description
-

-Allow applications to write untrusted contentIf this is disallowed, no Internet contentwill be stored.

+

+

+Allow applications to write untrusted content +If this is disallowed, no Internet content +will be stored. +

+

+ + + +
+
xdm_sysadm_login
+
+
Default value
+

false

+ +
Description
+

+

+Allow xdm logins as sysadm +

+

diff --git a/www/api-docs/index.html b/www/api-docs/index.html index bb55645..8732390 100644 --- a/www/api-docs/index.html +++ b/www/api-docs/index.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -112,24 +124,39 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+ +  kernel
-    -  - bootloader
-    -  corecommands
@@ -151,6 +178,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -400,12 +430,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -535,6 +565,16 @@

Policy for the Anaconda installer.

+ + bootloader +

Policy for the kernel modules, kernel image, and bootloader.

+ + + + certwatch +

Digital Certificate Tracking

+ + consoletype

@@ -580,11 +620,24 @@ after installation of Red Hat/Fedora systems.

System log analyzer and reporter

+ + mrtg +

Network traffic graphing

+ + netutils

Network analysis utilities

+ + portage +

+Portage Package Management System. The primary package management and +distribution system for Gentoo. +

+ + prelink

Prelink ELF shared library mappings.

@@ -680,11 +733,6 @@ and unlabeled processes and objects. - - bootloader -

Policy for the kernel modules, kernel image, and bootloader.

- - corecommands

@@ -730,6 +778,11 @@ and unlabeled processes and objects.

+ + mcs +

Multicategory security policy

+ + mls

Multilevel security policy

@@ -805,6 +858,11 @@ Policy for kernel security interface, in particular, selinuxfs.

device locking policy for lockdev

+ + mono +

Run .NET server and client applications on Linux.

+ + screen

GNU terminal multiplexer

@@ -815,10 +873,35 @@ Policy for kernel security interface, in particular, selinuxfs.

Update database for mlocate

+ + tvtime +

tvtime - a high quality television application

+ + + + uml +

Policy for UML

+ + + + userhelper +

SELinux utility to run a shell with a new role

+ + + + usernetctl +

User network interface configuration helper

+ + webalizer

Web server log analysis

+ + + wine +

Wine Is Not an Emulator. Run Windows programs in Linux.

+ @@ -1395,16 +1478,16 @@ from Windows NT servers.

Unix to Unix Copy

- - xdm -

X windows login display manager

- - xfs

X Windows Font Server

+ + xserver +

X Windows Server

+ + zebra

Zebra border gateway protocol network routing service

diff --git a/www/api-docs/interfaces.html b/www/api-docs/interfaces.html index adfe364..46df10f 100644 --- a/www/api-docs/interfaces.html +++ b/www/api-docs/interfaces.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -112,24 +124,39 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+
+  kernel
-    -  - bootloader
-    -  corecommands
@@ -151,6 +178,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -400,12 +430,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -688,6 +718,32 @@ Allow read and write access to alsa shared memory.
+Module: +amanda

+Layer: +admin

+

+ +amanda_append_log_files( + + + + + domain + + + )
+
+ +
+

+Allow read/writing amanda logs +

+
+ +
+ +
Module: amanda

Layer: @@ -783,6 +839,32 @@ allow the specified role the amanda_recover domain.

+Module: +amanda

+Layer: +admin

+

+ +amanda_rw_dumpdates_files( + + + + + domain + + + )
+
+ +
+

+Allow read/writing /etc/dumpdates. +

+
+ +
+ +
Module: amanda

Layer: @@ -970,13 +1052,13 @@ Apache logs.

-Module: +Module: apache

Layer: services

-apache_dontaudit_rw_stream_socket( +apache_dontaudit_rw_stream_sockets( @@ -997,13 +1079,13 @@ unix domain stream sockets.
-Module: +Module: apache

Layer: services

-apache_dontaudit_rw_sys_script_stream_socket( +apache_dontaudit_rw_sys_script_stream_sockets( @@ -1024,13 +1106,13 @@ system script unix domain stream sockets.
-Module: +Module: apache

Layer: services

-apache_dontaudit_rw_tcp_socket( +apache_dontaudit_rw_tcp_sockets( @@ -1078,6 +1160,33 @@ module directories.
+Module: +apache

+Layer: +services

+

+ +apache_exec_modules( + + + + + domain + + + )
+
+ +
+

+Allow the specified domain to execute +apache modules. +

+
+ +
+ +
+Module: +apache

+Layer: +services

+

+ +apache_read_sys_content( + + + + + domain + + + )
+
+ +
+

+Read apache system content +

+
+ +
+ +
-Module: +Module: apache

Layer: services

-apache_use_fd( +apache_use_fds( @@ -1450,13 +1585,13 @@ Execute APM in the apm domain.
-Module: +Module: apm

Layer: services

-apm_rw_stream_socket( +apm_rw_stream_sockets( @@ -1502,13 +1637,13 @@ Connect to apmd over an unix stream socket.
-Module: +Module: apm

Layer: services

-apm_use_fd( +apm_use_fds( @@ -1528,13 +1663,13 @@ Use file descriptors for apmd.
-Module: +Module: apm

Layer: services

-apm_write_pipe( +apm_write_pipes( @@ -1554,13 +1689,13 @@ Write to apmd unnamed pipes.
-Module: +Module: arpwatch

Layer: services

-arpwatch_dontaudit_rw_packet_socket( +arpwatch_dontaudit_rw_packet_sockets( @@ -2137,18 +2272,18 @@ Execute the pam program.
-Module: +Module: authlogin

Layer: system

-auth_filetrans_login_records( +auth_getattr_shadow( - ? + domain )
@@ -2156,25 +2291,25 @@ system

-Summary is missing! +Get the attributes of the shadow passwords file.

-Module: +Module: authlogin

Layer: system

-auth_getattr_shadow( +auth_list_pam_console_data( - domain + ? )
@@ -2182,20 +2317,20 @@ system

-Get the attributes of the shadow passwords file. +Summary is missing!

-Module: +Module: authlogin

Layer: system

-auth_list_pam_console_data( +auth_log_filetrans_login_records( @@ -2260,12 +2395,8 @@ system

- [ - exception_types - ] - )

@@ -2332,6 +2463,32 @@ Summary is missing!
+Module: +authlogin

+Layer: +system

+

+ +auth_manage_pam_pid( + + + + + domain + + + )
+
+ +
+

+Manage pam PID files. +

+
+ +
+ +
+Module: +authlogin

+Layer: +system

+

+ +auth_manage_var_auth( + + + + + domain + + + )
+
+ +
+

+Manage var auth files. Used by various other applications +and pam applets etc. +

+
+ +
+ +
Module: authlogin

Layer: @@ -2377,12 +2561,8 @@ system

- [ - exception_types - ] - )

@@ -2416,12 +2596,8 @@ system

- [ - exception_types - ] - )

@@ -2455,12 +2631,8 @@ system

- [ - exception_types - ] - )

@@ -2624,12 +2796,8 @@ system

- [ - exception_types - ] - )

@@ -3069,6 +3237,33 @@ Execute automount in the automount domain.
+Module: +automount

+Layer: +services

+

+ +automount_dontaudit_getattr_tmp_dirs( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get the attributes +of automount temporary directories. +

+
+ +
+ +
-Module: +Module: bind

Layer: services

-bind_manage_config_dir( +bind_manage_config_dirs( @@ -3375,13 +3570,13 @@ Search the BIND cache directory.
-Module: +Module: bind

Layer: services

-bind_setattr_pid_dir( +bind_setattr_pid_dirs( @@ -3602,62 +3797,10 @@ allow the specified role the bluetooth_helper domain.
-Module: -bootloader

-Layer: -kernel

-

- -bootloader_create_kernel_img( - - - - - domain - - - )
-
- -
-

-Install a kernel into the /boot directory. -

-
- -
- -
-Module: -bootloader

-Layer: -kernel

-

- -bootloader_create_kernel_symbol_table( - - - - - domain - - - )
-
- -
-

-Install a system.map into the /boot directory. -

-
- -
- -
-Module: +Module: bootloader

-Layer: -kernel

+Layer: +admin

bootloader_create_runtime_file( @@ -3681,13 +3824,13 @@ temporary data in /tmp.
-Module: +Module: bootloader

-Layer: -kernel

+Layer: +admin

-bootloader_delete_kernel( +bootloader_domtrans( @@ -3700,20 +3843,20 @@ kernel

-Delete a kernel from /boot. +Execute bootloader in the bootloader domain.

-Module: +Module: bootloader

-Layer: -kernel

+Layer: +admin

-bootloader_delete_kernel_symbol_table( +bootloader_read_config( @@ -3726,20 +3869,20 @@ kernel

-Delete a system.map in the /boot directory. +Read the bootloader configuration file.

-Module: +Module: bootloader

-Layer: -kernel

+Layer: +admin

-bootloader_domtrans( +bootloader_run( @@ -3747,57 +3890,20 @@ kernel

domain - )
-

- -
-

-Execute bootloader in the bootloader domain. -

-
- -
- -
-Module: -bootloader

-Layer: -kernel

-

- -bootloader_dontaudit_getattr_boot_dir( - + , - domain - - )
-
- -
-

-Do not audit attempts to get attributes -of the /boot directory. -

-
- -
- -
-Module: -bootloader

-Layer: -kernel

-

- -bootloader_dontaudit_search_boot( + role + + , - domain + + terminal )
@@ -3805,25 +3911,26 @@ kernel

-Do not audit attempts to search the /boot directory. +Execute bootloader interactively and do +a domain transition to the bootloader domain.

-Module: +Module: bootloader

-Layer: -kernel

+Layer: +admin

-bootloader_filetrans_modules( +bootloader_rw_config( - ? + domain )
@@ -3831,20 +3938,21 @@ kernel

-Summary is missing! +Read and write the bootloader +configuration file.

-Module: +Module: bootloader

-Layer: -kernel

+Layer: +admin

-bootloader_getattr_boot_dir( +bootloader_rw_tmp_files( @@ -3857,20 +3965,21 @@ kernel

-Get attributes of the /boot directory. +Read and write the bootloader +temporary data in /tmp.

-Module: -bootloader

-Layer: -kernel

+Module: +canna

+Layer: +services

-bootloader_getattr_kernel_modules( +canna_stream_connect( @@ -3883,20 +3992,20 @@ kernel

-Get the attributes of kernel module files. +Connect to Canna using a unix domain stream socket.

-Module: -bootloader

-Layer: -kernel

+Module: +certwatch

+Layer: +admin

-bootloader_list_kernel_modules( +certwatach_run( @@ -3904,30 +4013,20 @@ kernel

domain - )
-

- -
-

-List the contents of the kernel module directories. -

-
- -
- -
-Module: -bootloader

-Layer: -kernel

-

- -bootloader_manage_kernel_modules( + + , + + + + role + + , - domain + + terminal )
@@ -3935,21 +4034,23 @@ kernel

-Create, read, write, and delete -kernel module files. +Execute certwatch in the certwatch domain, and +allow the specified role the certwatch domain, +and use the caller's terminal. Has a sigchld +backchannel.

-Module: -bootloader

-Layer: -kernel

+Module: +certwatch

+Layer: +admin

-bootloader_read_config( +certwatch_domtrans( @@ -3962,20 +4063,20 @@ kernel

-Read the bootloader configuration file. +Domain transition to certwatch.

-Module: -bootloader

-Layer: -kernel

+Module: +clock

+Layer: +system

-bootloader_read_kernel_modules( +clock_domtrans( @@ -3988,20 +4089,20 @@ kernel

-Read kernel module files. +Execute hwclock in the clock domain.

-Module: -bootloader

-Layer: -kernel

+Module: +clock

+Layer: +system

-bootloader_read_kernel_symbol_table( +clock_exec( @@ -4014,20 +4115,20 @@ kernel

-Read system.map in the /boot directory. +Execute hwclock in the caller domain.

-Module: -bootloader

-Layer: -kernel

+Module: +clock

+Layer: +system

-bootloader_run( +clock_run( @@ -4056,21 +4157,21 @@ kernel

-Execute bootloader interactively and do -a domain transition to the bootloader domain. +Execute hwclock in the clock domain, and +allow the specified role the hwclock domain.

-Module: -bootloader

-Layer: -kernel

+Module: +clock

+Layer: +system

-bootloader_rw_boot_symlinks( +clock_rw_adjtime( @@ -4083,21 +4184,20 @@ kernel

-Read and write symbolic links -in the /boot directory. +Allow executing domain to modify clock drift

-Module: -bootloader

-Layer: -kernel

+Module: +consoletype

+Layer: +admin

-bootloader_rw_config( +consoletype_domtrans( @@ -4110,21 +4210,20 @@ kernel

-Read and write the bootloader -configuration file. +Execute consoletype in the consoletype domain.

-Module: -bootloader

-Layer: -kernel

+Module: +consoletype

+Layer: +admin

-bootloader_rw_tmp_file( +consoletype_exec( @@ -4137,21 +4236,20 @@ kernel

-Read and write the bootloader -temporary data in /tmp. +Execute consoletype in the caller domain.

-Module: -bootloader

-Layer: -kernel

+Module: +consoletype

+Layer: +admin

-bootloader_search_boot( +consoletype_run( @@ -4159,25 +4257,42 @@ kernel

domain + + , + + + + role + + + + , + + + + terminal + + )

-Search the /boot directory. +Execute consoletype in the consoletype domain, and +allow the specified role the consoletype domain.

-Module: -bootloader

+Module: +corecommands

Layer: kernel

-bootloader_search_kernel_modules( +corecmd_bin_alias( @@ -4190,20 +4305,20 @@ kernel

-Search the contents of the kernel module directories. +Create a aliased type to generic bin files.

-Module: -bootloader

+Module: +corecommands

Layer: kernel

-bootloader_write_kernel_modules( +corecmd_bin_domtrans( @@ -4211,25 +4326,34 @@ kernel

domain + + , + + + + target_domain + + )

-Write kernel module files. +Execute a file in a bin directory +in the specified domain.

-Module: -canna

-Layer: -services

+Module: +corecommands

+Layer: +kernel

-canna_stream_connect( +corecmd_bin_spec_domtrans( @@ -4237,25 +4361,36 @@ services

domain + + , + + + + target_domain + + )

-Connect to Canna using a unix domain stream socket. +Execute a file in a bin directory +in the specified domain but do not +do it automatically. This is an explicit +transition, requiring the caller to use setexeccon().

-Module: -clock

-Layer: -system

+Module: +corecommands

+Layer: +kernel

-clock_domtrans( +corecmd_check_exec_shell( @@ -4268,25 +4403,25 @@ system

-Execute hwclock in the clock domain. +Check if a shell is executable (DAC-wise).

-Module: -clock

-Layer: -system

+Module: +corecommands

+Layer: +kernel

-clock_exec( +corecmd_dontaudit_getattr_sbin_files( - domain + ? )
@@ -4294,20 +4429,20 @@ system

-Execute hwclock in the caller domain. +Summary is missing!

-Module: -clock

-Layer: -system

+Module: +corecommands

+Layer: +kernel

-clock_run( +corecmd_dontaudit_search_sbin( @@ -4315,47 +4450,31 @@ system

domain - - , - - - - role - - - - , - - - - terminal - - )

-Execute hwclock in the clock domain, and -allow the specified role the hwclock domain. +Do not audit attempts to search +sbin directories.

-Module: -clock

-Layer: -system

+Module: +corecommands

+Layer: +kernel

-clock_rw_adjtime( +corecmd_exec_bin( - domain + ? )
@@ -4363,25 +4482,25 @@ system

-Allow executing domain to modify clock drift +Summary is missing!

-Module: -consoletype

-Layer: -admin

+Module: +corecommands

+Layer: +kernel

-consoletype_domtrans( +corecmd_exec_chroot( - domain + ? )
@@ -4389,25 +4508,25 @@ admin

-Execute consoletype in the consoletype domain. +Summary is missing!

-Module: -consoletype

-Layer: -admin

+Module: +corecommands

+Layer: +kernel

-consoletype_exec( +corecmd_exec_ls( - domain + ? )
@@ -4415,25 +4534,25 @@ admin

-Execute consoletype in the caller domain. +Summary is missing!

-Module: +Module: corecommands

Layer: kernel

-corecmd_bin_alias( +corecmd_exec_sbin( - domain + ? )
@@ -4441,33 +4560,25 @@ kernel

-Create a aliased type to generic bin files. +Summary is missing!

-Module: +Module: corecommands

Layer: kernel

-corecmd_bin_domtrans( - - - - - domain - +corecmd_exec_shell( - , - - target_domain + ? )
@@ -4475,21 +4586,20 @@ kernel

-Execute a file in a bin directory -in the specified domain. +Summary is missing!

-Module: +Module: corecommands

Layer: kernel

-corecmd_check_exec_shell( +corecmd_getattr_bin_files( @@ -4502,229 +4612,20 @@ kernel

-Check if a shell is executable (DAC-wise). +Get the attributes of files in bin directories.

-Module: +Module: corecommands

Layer: kernel

-corecmd_dontaudit_getattr_sbin_file( - - - - - ? - - - )
-
- -
-

-Summary is missing! -

-
- -
- -
-Module: -corecommands

-Layer: -kernel

-

- -corecmd_dontaudit_search_sbin( - - - - - domain - - - )
-
- -
-

-Do not audit attempts to search -sbin directories. -

-
- -
- -
-Module: -corecommands

-Layer: -kernel

-

- -corecmd_exec_bin( - - - - - ? - - - )
-
- -
-

-Summary is missing! -

-
- -
- -
-Module: -corecommands

-Layer: -kernel

-

- -corecmd_exec_chroot( - - - - - ? - - - )
-
- -
-

-Summary is missing! -

-
- -
- -
-Module: -corecommands

-Layer: -kernel

-

- -corecmd_exec_ls( - - - - - ? - - - )
-
- -
-

-Summary is missing! -

-
- -
- -
-Module: -corecommands

-Layer: -kernel

-

- -corecmd_exec_sbin( - - - - - ? - - - )
-
- -
-

-Summary is missing! -

-
- -
- -
-Module: -corecommands

-Layer: -kernel

-

- -corecmd_exec_shell( - - - - - ? - - - )
-
- -
-

-Summary is missing! -

-
- -
- -
-Module: -corecommands

-Layer: -kernel

-

- -corecmd_getattr_bin_file( - - - - - domain - - - )
-
- -
-

-Get the attributes of files in bin directories. -

-
- -
- -
-Module: -corecommands

-Layer: -kernel

-

- -corecmd_getattr_sbin_file( +corecmd_getattr_sbin_files( @@ -4900,13 +4801,13 @@ Mmap a sbin file as executable.
-Module: +Module: corecommands

Layer: kernel

-corecmd_read_bin_file( +corecmd_read_bin_files( @@ -4926,13 +4827,13 @@ Read files in bin directories.
-Module: +Module: corecommands

Layer: kernel

-corecmd_read_bin_pipe( +corecmd_read_bin_pipes( @@ -4952,13 +4853,13 @@ Read pipes in bin directories.
-Module: +Module: corecommands

Layer: kernel

-corecmd_read_bin_socket( +corecmd_read_bin_sockets( @@ -4978,13 +4879,13 @@ Read named sockets in bin directories.
-Module: +Module: corecommands

Layer: kernel

-corecmd_read_bin_symlink( +corecmd_read_bin_symlinks( @@ -5004,13 +4905,13 @@ Read symbolic links in bin directories.
-Module: +Module: corecommands

Layer: kernel

-corecmd_read_sbin_file( +corecmd_read_sbin_files( @@ -5030,13 +4931,13 @@ Read files in sbin directories.
-Module: +Module: corecommands

Layer: kernel

-corecmd_read_sbin_pipe( +corecmd_read_sbin_pipes( @@ -5056,13 +4957,13 @@ Read named pipes in sbin directories.
-Module: +Module: corecommands

Layer: kernel

-corecmd_read_sbin_socket( +corecmd_read_sbin_sockets( @@ -5082,13 +4983,13 @@ Read named sockets in sbin directories.
-Module: +Module: corecommands

Layer: kernel

-corecmd_read_sbin_symlink( +corecmd_read_sbin_symlinks( @@ -5195,6 +5096,43 @@ in the specified domain.
+Module: +corecommands

+Layer: +kernel

+

+ +corecmd_sbin_spec_domtrans( + + + + + domain + + + + , + + + + target_domain + + + )
+
+ +
+

+Execute a file in a sbin directory +in the specified domain but do not +do it automatically. This is an explicit +transition, requiring the caller to use setexeccon(). +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_dontaudit_tcp_bind_all_ports( + + + + + domain + + + )
+
+ +
+

+Do not audit attepts to bind TCP sockets to any ports. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_rw_ppp_dev( + + + + + domain + + + )
+
+ +
+

+Read and write the point-to-point device. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_rw_tun_tap_dev( + + + + + domain + + + )
+
+ +
+

+Read and write the TUN/TAP virtual network device. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_bind_bgp_port( + + + + + domain + + + )
+
+ +
+

+Bind TCP sockets to the bgp port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_bind_router_port( + + + + + domain + + + )
+
+ +
+

+Bind TCP sockets to the router port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_connect_bgp_port( + + + + + domain + + + )
+
+ +
+

+Make a TCP connection to the bgp port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_connect_router_port( + + + + + domain + + + )
+
+ +
+

+Make a TCP connection to the router port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_sendrecv_bgp_port( + + + + + domain + + + )
+
+ +
+

+Send and receive TCP traffic on the bgp port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_tcp_sendrecv_router_port( + + + + + domain + + + )
+
+ +
+

+Send and receive TCP traffic on the router port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_bind_bgp_port( + + + + + domain + + + )
+
+ +
+

+Bind UDP sockets to the bgp port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_bind_router_port( + + + + + domain + + + )
+
+ +
+

+Bind UDP sockets to the router port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_receive_bgp_port( + + + + + domain + + + )
+
+ +
+

+Receive UDP traffic on the bgp port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_receive_router_port( + + + + + domain + + + )
+
+ +
+

+Receive UDP traffic on the router port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_send_bgp_port( + + + + + domain + + + )
+
+ +
+

+Send UDP traffic on the bgp port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_send_router_port( + + + + + domain + + + )
+
+ +
+

+Send UDP traffic on the router port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_sendrecv_bgp_port( + + + + + domain + + + )
+
+ +
+

+Send and receive UDP traffic on the bgp port. +

+
+ +
+ +
+Module: +corenetwork

+Layer: +kernel

+

+ +corenet_udp_sendrecv_router_port( + + + + + domain + + + )
+
+ +
+

+Send and receive UDP traffic on the router port. +

+
+ +
+ +
-Module: -corenetwork

-Layer: -kernel

-

- -corenet_use_ppp_device( - - - - - domain - - - )
-
- -
-

-Read and write the point-to-point device. -

-
- -
- -
-Module: -corenetwork

-Layer: -kernel

-

- -corenet_use_tun_tap_device( - - - - - domain - - - )
-
- -
-

-Read and write the TUN/TAP virtual network device. -

-
- -
- -
Module: cpucontrol

Layer: @@ -24649,12 +24977,8 @@ services

- [ - domain - ] - )

@@ -24668,13 +24992,13 @@ CPUcontrol stub interface. No access allowed.
-Module: +Module: cron

Layer: services

-cron_crw_tcp_socket( +cron_anacron_domtrans_system_job( @@ -24687,20 +25011,20 @@ services

-Create, read, and write a cron daemon TCP socket. +Execute APM in the apm domain.

-Module: +Module: cron

Layer: services

-cron_domtrans_anacron_system_job( +cron_dontaudit_append_system_job_tmp_files( @@ -24713,20 +25037,21 @@ services

-Execute APM in the apm domain. +Do not audit attempts to append temporary +files from the system cron jobs.

-Module: +Module: cron

Layer: services

-cron_dontaudit_append_system_job_tmp_files( +cron_dontaudit_write_pipes( @@ -24739,21 +25064,20 @@ services

-Do not audit attempts to append temporary -files from the system cron jobs. +Do not audit attempts to write cron daemon unnamed pipes.

-Module: +Module: cron

Layer: services

-cron_dontaudit_write_pipe( +cron_read_pipes( @@ -24766,20 +25090,20 @@ services

-Do not audit attempts to write cron daemon unnamed pipes. +Read a cron daemon unnamed pipe.

-Module: +Module: cron

Layer: services

-cron_read_pipe( +cron_read_system_job_tmp_files( @@ -24792,20 +25116,20 @@ services

-Read a cron daemon unnamed pipe. +Read temporary files from the system cron jobs.

-Module: +Module: cron

Layer: services

-cron_read_system_job_tmp_files( +cron_rw_pipes( @@ -24818,20 +25142,20 @@ services

-Read temporary files from the system cron jobs. +Read and write a cron daemon unnamed pipe.

-Module: +Module: cron

Layer: services

-cron_rw_pipe( +cron_rw_system_job_pipes( @@ -24844,20 +25168,20 @@ services

-Read and write a cron daemon unnamed pipe. +Read and write a system cron job unnamed pipe.

-Module: +Module: cron

Layer: services

-cron_rw_system_job_pipe( +cron_rw_tcp_sockets( @@ -24870,7 +25194,7 @@ services

-Read and write a system cron job unnamed pipe. +Read, and write cron daemon TCP sockets.

@@ -24964,13 +25288,13 @@ from the system cron jobs.
-Module: +Module: cron

Layer: services

-cron_use_fd( +cron_use_fds( @@ -24991,13 +25315,13 @@ from the cron daemon.
-Module: +Module: cron

Layer: services

-cron_use_system_job_fd( +cron_use_system_job_fds( @@ -25018,13 +25342,13 @@ from system cron jobs.
-Module: +Module: cron

Layer: services

-cron_write_system_job_pipe( +cron_write_system_job_pipes( @@ -25150,6 +25474,32 @@ Execute cups_config in the cups_config domain.
+Module: +cups

+Layer: +services

+

+ +cups_read_config( + + + + + domain + + + )
+
+ +
+

+Read cups configuration files. +

+
+ +
+ +
+Module: +cups

+Layer: +services

+

+ +cups_tcp_connect( + + + + + domain + + + )
+
+ +
+

+Connect to cups over TCP. +

+
+ +
+ +
+Module: +cups

+Layer: +services

+

+ +cups_write_log( + + + + + domain + + + )
+
+ +
+

+Write cups log files. +

+
+ +
+ +
-Module: +Module: dbus

Layer: services

-dbus_send_system_bus_msg( +dbus_send_system_bus( @@ -25588,12 +25990,8 @@ services

- [ - domain - ] - )

@@ -25739,7 +26137,7 @@ kernel

- domain + file_type )
@@ -25747,20 +26145,20 @@ kernel

-Mount a usbfs filesystem. +Associate a file to a usbfs filesystem.

-Module: +Module: devices

Layer: kernel

-dev_create_cardmgr( +dev_create_cardmgr_dev( @@ -25782,39 +26180,13 @@ with the correct type.
-Module: -devices

-Layer: -kernel

-

- -dev_create_dir( - - - - - domain - - - )
-
- -
-

-Create a directory in the device directory. -

-
- -
- -
-Module: +Module: devices

Layer: kernel

-dev_create_generic_chr_file( +dev_create_generic_chr_files( @@ -25834,13 +26206,13 @@ Allow read, write, and create for generic character device files.
-Module: +Module: devices

Layer: kernel

-dev_del_generic_symlinks( +dev_create_generic_dirs( @@ -25853,20 +26225,20 @@ kernel

-Delete symbolic links in device directories. +Create a directory in the device directory.

-Module: +Module: devices

Layer: kernel

-dev_delete_generic_file( +dev_delete_generic_files( @@ -25886,13 +26258,39 @@ Delete generic files in /dev.
-Module: +Module: devices

Layer: kernel

-dev_delete_lvm_control( +dev_delete_generic_symlinks( + + + + + domain + + + )
+
+ +
+

+Delete symbolic links in device directories. +

+
+ +
+ +
+Module: +devices

+Layer: +kernel

+

+ +dev_delete_lvm_control_dev( @@ -25964,13 +26362,13 @@ Dontaudit getattr on all character file device nodes.
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_getattr_apm_bios( +dev_dontaudit_getattr_apm_bios_dev( @@ -25991,13 +26389,13 @@ the apm bios device node.
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_getattr_generic_blk_file( +dev_dontaudit_getattr_generic_blk_files( @@ -26017,13 +26415,13 @@ Dontaudit getattr on generic block devices.
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_getattr_generic_chr_file( +dev_dontaudit_getattr_generic_chr_files( @@ -26043,13 +26441,13 @@ Dontaudit getattr for generic character device files.
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_getattr_generic_pipe( +dev_dontaudit_getattr_generic_pipes( @@ -26095,13 +26493,13 @@ dontaudit getattr raw memory devices (e.g. /dev/mem).
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_getattr_misc( +dev_dontaudit_getattr_misc_dev( @@ -26122,13 +26520,13 @@ of miscellaneous devices.
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_getattr_scanner( +dev_dontaudit_getattr_scanner_dev( @@ -26149,13 +26547,13 @@ the scanner device.
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_getattr_usbfs_dir( +dev_dontaudit_getattr_usbfs_dirs( @@ -26307,6 +26705,33 @@ Do not audit attempts to read the framebuffer.
+Module: +devices

+Layer: +kernel

+

+ +dev_dontaudit_read_rand( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to read from random +number generator devices (e.g., /dev/random) +

+
+ +
+ +
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_rw_dri_dev( +dev_dontaudit_rw_dri( @@ -26386,6 +26811,32 @@ Dontaudit getattr for generic device files.
+Module: +devices

+Layer: +kernel

+

+ +dev_dontaudit_rw_misc( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to read and write miscellaneous devices. +

+
+ +
+ +
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_setattr_apm_bios( +dev_dontaudit_setattr_apm_bios_dev( @@ -26439,13 +26890,13 @@ the apm bios device node.
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_setattr_framebuffer( +dev_dontaudit_setattr_framebuffer_dev( @@ -26466,13 +26917,13 @@ of the framebuffer device node.
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_setattr_generic_blk_file( +dev_dontaudit_setattr_generic_blk_files( @@ -26492,13 +26943,13 @@ Dontaudit setattr on generic block devices.
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_setattr_generic_chr_file( +dev_dontaudit_setattr_generic_chr_files( @@ -26518,13 +26969,13 @@ Dontaudit setattr for generic character device files.
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_setattr_generic_symlink( +dev_dontaudit_setattr_generic_symlinks( @@ -26545,13 +26996,13 @@ of symbolic links in device directories (/dev).
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_setattr_misc( +dev_dontaudit_setattr_misc_dev( @@ -26572,13 +27023,13 @@ of miscellaneous devices.
-Module: +Module: devices

Layer: kernel

-dev_dontaudit_setattr_scanner( +dev_dontaudit_setattr_scanner_dev( @@ -26626,13 +27077,13 @@ of video4linux device nodes.
-Module: +Module: devices

Layer: kernel

-dev_filetrans_dev_node( +dev_filetrans( @@ -26747,13 +27198,13 @@ Getattr on all character file device nodes.
-Module: +Module: devices

Layer: kernel

-dev_getattr_apm_bios( +dev_getattr_apm_bios_dev( @@ -26773,13 +27224,13 @@ Get the attributes of the apm bios device node.
-Module: +Module: devices

Layer: kernel

-dev_getattr_cpu( +dev_getattr_cpu_dev( @@ -26800,13 +27251,39 @@ microcode and id interfaces.
-Module: +Module: +devices

+Layer: +kernel

+

+ +dev_getattr_dri_dev( + + + + + domain + + + )
+
+ +
+

+getattr the dri devices. +

+
+ +
+ +
+Module: devices

Layer: kernel

-dev_getattr_framebuffer( +dev_getattr_framebuffer_dev( @@ -26826,13 +27303,13 @@ Get the attributes of the framebuffer device node.
-Module: +Module: devices

Layer: kernel

-dev_getattr_generic_blk_file( +dev_getattr_generic_blk_files( @@ -26852,13 +27329,13 @@ Allow getattr on generic block devices.
-Module: +Module: devices

Layer: kernel

-dev_getattr_generic_chr_file( +dev_getattr_generic_chr_files( @@ -26878,13 +27355,13 @@ Allow getattr for generic character device files.
-Module: +Module: devices

Layer: kernel

-dev_getattr_misc( +dev_getattr_misc_dev( @@ -26904,13 +27381,13 @@ Get the attributes of miscellaneous devices.
-Module: +Module: devices

Layer: kernel

-dev_getattr_mouse( +dev_getattr_mouse_dev( @@ -26930,13 +27407,13 @@ Get the attributes of the mouse devices.
-Module: +Module: devices

Layer: kernel

-dev_getattr_mtrr( +dev_getattr_mtrr_dev( @@ -26956,13 +27433,13 @@ Get the attributes of the mtrr device.
-Module: +Module: devices

Layer: kernel

-dev_getattr_power_management( +dev_getattr_power_mgmt_dev( @@ -26982,13 +27459,13 @@ Get the attributes of the the power management device.
-Module: +Module: devices

Layer: kernel

-dev_getattr_scanner( +dev_getattr_scanner_dev( @@ -27008,13 +27485,13 @@ Get the attributes of the scanner device.
-Module: +Module: devices

Layer: kernel

-dev_getattr_snd_dev( +dev_getattr_sound_dev( @@ -27034,13 +27511,13 @@ Get the attributes of the sound devices.
-Module: +Module: devices

Layer: kernel

-dev_getattr_sysfs_dir( +dev_getattr_sysfs_dirs( @@ -27060,13 +27537,13 @@ Get the attributes of sysfs directories.
-Module: +Module: devices

Layer: kernel

-dev_getattr_usbfs_dir( +dev_getattr_usbfs_dirs( @@ -27268,13 +27745,39 @@ Read, write, create, and delete all character device files.
-Module: +Module: +devices

+Layer: +kernel

+

+ +dev_manage_all_dev_nodes( + + + + + domain + + + )
+
+ +
+

+Create, delete, read, and write device nodes in device directories. +

+
+ +
+ +
+Module: devices

Layer: kernel

-dev_manage_cardmgr( +dev_manage_cardmgr_dev( @@ -27295,13 +27798,13 @@ the PCMCIA card manager device.
-Module: +Module: devices

Layer: kernel

-dev_manage_dev_nodes( +dev_manage_dri_dev( @@ -27314,20 +27817,20 @@ kernel

-Create, delete, read, and write device nodes in device directories. +Create, read, write, and delete the dri devices.

-Module: +Module: devices

Layer: kernel

-dev_manage_generic_blk_file( +dev_manage_generic_blk_files( @@ -27347,13 +27850,13 @@ Create, delete, read, and write block device files.
-Module: +Module: devices

Layer: kernel

-dev_manage_generic_chr_file( +dev_manage_generic_chr_files( @@ -27373,6 +27876,32 @@ Create, delete, read, and write character device files.
+Module: +devices

+Layer: +kernel

+

+ +dev_manage_generic_files( + + + + + domain + + + )
+
+ +
+

+Create a file in the device directory. +

+
+ +
+ +
Module: devices

Layer: @@ -27653,7 +28182,8 @@ kernel

-Read from random devices (e.g., /dev/random) +Read from random number generator +devices (e.g., /dev/random)

@@ -27712,13 +28242,13 @@ Read the realtime clock (/dev/rtc).
-Module: +Module: devices

Layer: kernel

-dev_read_snd_dev( +dev_read_sound( @@ -27738,13 +28268,13 @@ Read the sound devices.
-Module: +Module: devices

Layer: kernel

-dev_read_snd_mixer_dev( +dev_read_sound_mixer( @@ -27869,13 +28399,13 @@ Allow full relabeling (to and from) of all device nodes.
-Module: +Module: devices

Layer: kernel

-dev_relabel_dev_dirs( +dev_relabel_generic_dev_dirs( @@ -27921,13 +28451,13 @@ Relabel symbolic links in device directories.
-Module: +Module: devices

Layer: kernel

-dev_rw_agp_dev( +dev_rw_agp( @@ -28052,13 +28582,13 @@ Read and write the the hardware SSL accelerator.
-Module: +Module: devices

Layer: kernel

-dev_rw_dri_dev( +dev_rw_dri( @@ -28078,13 +28608,39 @@ Read and write the dri devices.
-Module: +Module: +devices

+Layer: +kernel

+

+ +dev_rw_framebuffer( + + + + + domain + + + )
+
+ +
+

+Read and write the framebuffer. +

+
+ +
+ +
+Module: devices

Layer: kernel

-dev_rw_generic_file( +dev_rw_generic_files( @@ -28104,13 +28660,13 @@ Read and write generic files in /dev.
-Module: +Module: devices

Layer: kernel

-dev_rw_lvm_control( +dev_rw_generic_usb_dev( @@ -28123,20 +28679,20 @@ kernel

-Read and write the lvm control device. +Read and write generic the USB devices.

-Module: +Module: devices

Layer: kernel

-dev_rw_mouse( +dev_rw_input_dev( @@ -28149,20 +28705,20 @@ kernel

-Read and write to mouse devices. +Read input event devices (/dev/input).

-Module: +Module: devices

Layer: kernel

-dev_rw_null_dev( +dev_rw_lvm_control( @@ -28175,20 +28731,20 @@ kernel

-Read and write to the null device (/dev/null). +Read and write the lvm control device.

-Module: +Module: devices

Layer: kernel

-dev_rw_power_management( +dev_rw_mouse( @@ -28201,20 +28757,20 @@ kernel

-Read and write the the power management device. +Read and write to mouse devices.

-Module: +Module: devices

Layer: kernel

-dev_rw_printer( +dev_rw_mtrr( @@ -28227,20 +28783,20 @@ kernel

-Read and write the printer device. +Read and write the mtrr device.

-Module: +Module: devices

Layer: kernel

-dev_rw_realtime_clock( +dev_rw_null( @@ -28253,20 +28809,20 @@ kernel

-Read and set the realtime clock (/dev/rtc). +Read and write to the null device (/dev/null).

-Module: +Module: devices

Layer: kernel

-dev_rw_scanner( +dev_rw_power_management( @@ -28279,20 +28835,20 @@ kernel

-Read and write the scanner device. +Read and write the the power management device.

-Module: +Module: devices

Layer: kernel

-dev_rw_sysfs( +dev_rw_printer( @@ -28305,20 +28861,20 @@ kernel

-Allow caller to modify hardware state information. +Read and write the printer device.

-Module: +Module: devices

Layer: kernel

-dev_rw_usbfs( +dev_rw_realtime_clock( @@ -28331,20 +28887,20 @@ kernel

-Allow caller to modify usb hardware configuration files. +Read and set the realtime clock (/dev/rtc).

-Module: +Module: devices

Layer: kernel

-dev_rw_zero_dev( +dev_rw_scanner( @@ -28357,20 +28913,20 @@ kernel

-Read and write to the zero device (/dev/zero). +Read and write the scanner device.

-Module: +Module: devices

Layer: kernel

-dev_rwx_zero_dev( +dev_rw_sysfs( @@ -28383,20 +28939,20 @@ kernel

-Read, write, and execute the zero device (/dev/zero). +Allow caller to modify hardware state information.

-Module: +Module: devices

Layer: kernel

-dev_rx_raw_memory( +dev_rw_usbfs( @@ -28409,20 +28965,20 @@ kernel

-Read and execute raw memory devices (e.g. /dev/mem). +Allow caller to modify usb hardware configuration files.

-Module: +Module: devices

Layer: kernel

-dev_search_sysfs( +dev_rw_xserver_misc( @@ -28435,20 +28991,20 @@ kernel

-Search the sysfs directories. +Read and write X server miscellaneous devices.

-Module: +Module: devices

Layer: kernel

-dev_search_usbfs( +dev_rw_zero( @@ -28461,20 +29017,20 @@ kernel

-Search the directory containing USB hardware information. +Read and write to the zero device (/dev/zero).

-Module: +Module: devices

Layer: kernel

-dev_setattr_all_blk_files( +dev_rwx_zero( @@ -28487,20 +29043,20 @@ kernel

-Setattr on all block file device nodes. +Read, write, and execute the zero device (/dev/zero).

-Module: +Module: devices

Layer: kernel

-dev_setattr_all_chr_files( +dev_rx_raw_memory( @@ -28513,20 +29069,20 @@ kernel

-Setattr on all character file device nodes. +Read and execute raw memory devices (e.g. /dev/mem).

-Module: +Module: devices

Layer: kernel

-dev_setattr_apm_bios( +dev_search_sysfs( @@ -28539,20 +29095,20 @@ kernel

-Set the attributes of the apm bios device node. +Search the sysfs directories.

-Module: +Module: devices

Layer: kernel

-dev_setattr_dev_dir( +dev_search_usbfs( @@ -28565,20 +29121,20 @@ kernel

-Set the attributes of /dev directories. +Search the directory containing USB hardware information.

-Module: +Module: devices

Layer: kernel

-dev_setattr_framebuffer( +dev_setattr_all_blk_files( @@ -28591,20 +29147,20 @@ kernel

-Set the attributes of the framebuffer device node. +Setattr on all block file device nodes.

-Module: +Module: devices

Layer: kernel

-dev_setattr_misc( +dev_setattr_all_chr_files( @@ -28617,20 +29173,20 @@ kernel

-Set the attributes of miscellaneous devices. +Setattr on all character file device nodes.

-Module: +Module: devices

Layer: kernel

-dev_setattr_mouse( +dev_setattr_apm_bios_dev( @@ -28643,20 +29199,150 @@ kernel

-Set the attributes of the mouse devices. +Set the attributes of the apm bios device node.

-Module: +Module: devices

Layer: kernel

-dev_setattr_power_management( +dev_setattr_dri_dev( + + + + + domain + + + )
+
+ +
+

+Setattr the dri devices. +

+
+ +
+ +
+Module: +devices

+Layer: +kernel

+

+ +dev_setattr_framebuffer_dev( + + + + + domain + + + )
+
+ +
+

+Set the attributes of the framebuffer device node. +

+
+ +
+ +
+Module: +devices

+Layer: +kernel

+

+ +dev_setattr_generic_dirs( + + + + + domain + + + )
+
+ +
+

+Set the attributes of /dev directories. +

+
+ +
+ +
+Module: +devices

+Layer: +kernel

+

+ +dev_setattr_misc_dev( + + + + + domain + + + )
+
+ +
+

+Set the attributes of miscellaneous devices. +

+
+ +
+ +
+Module: +devices

+Layer: +kernel

+

+ +dev_setattr_mouse_dev( + + + + + domain + + + )
+
+ +
+

+Set the attributes of the mouse devices. +

+
+ +
+ +
+Module: +devices

+Layer: +kernel

+

+ +dev_setattr_power_mgmt_dev( @@ -28676,13 +29362,13 @@ Set the attributes of the the power management device.
-Module: +Module: devices

Layer: kernel

-dev_setattr_printer( +dev_setattr_printer_dev( @@ -28702,13 +29388,13 @@ Set the attributes of the printer device nodes.
-Module: +Module: devices

Layer: kernel

-dev_setattr_scanner( +dev_setattr_scanner_dev( @@ -28728,13 +29414,13 @@ Set the attributes of the scanner device.
-Module: +Module: devices

Layer: kernel

-dev_setattr_snd_dev( +dev_setattr_sound_dev( @@ -28990,13 +29676,13 @@ Set the realtime clock (/dev/rtc).
-Module: +Module: devices

Layer: kernel

-dev_write_snd_dev( +dev_write_sound( @@ -29016,13 +29702,13 @@ Write the sound devices.
-Module: +Module: devices

Layer: kernel

-dev_write_snd_mixer_dev( +dev_write_sound_mixer( @@ -29122,13 +29808,13 @@ server state files.
-Module: +Module: dictd

Layer: services

-dictd_use( +dictd_tcp_connect( @@ -29650,13 +30336,13 @@ session ID of all domains.
-Module: +Module: domain

Layer: kernel

-domain_dontaudit_list_all_domains_proc( +domain_dontaudit_list_all_domains_state( @@ -29837,13 +30523,13 @@ state directory (/proc/pid) of all domains.
-Module: +Module: domain

Layer: kernel

-domain_dontaudit_use_wide_inherit_fd( +domain_dontaudit_use_interactive_fds( @@ -29924,6 +30610,32 @@ an entry point for the domain.
+Module: +domain

+Layer: +kernel

+

+ +domain_entry_file_spec_domtrans( + + + + + domain + + + )
+
+ +
+

+Execute an entry_type in the specified domain. +

+
+ +
+ +
+Module: +domain

+Layer: +kernel

+

+ +domain_interactive_fd( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
-Module: +Module: domain

Layer: kernel

-domain_obj_id_change_exempt( +domain_obj_id_change_exemption( @@ -30319,13 +31057,13 @@ file types.
-Module: +Module: domain

Layer: kernel

-domain_role_change_exempt( +domain_role_change_exemption( @@ -30424,13 +31162,13 @@ Send a child terminated signal to all domains.
-Module: +Module: domain

Layer: kernel

-domain_sigchld_wide_inherit_fd( +domain_sigchld_interactive_fds( @@ -30529,13 +31267,13 @@ Send a stop signal to all domains.
-Module: +Module: domain

Layer: kernel

-domain_subj_id_change_exempt( +domain_subj_id_change_exemption( @@ -30556,13 +31294,13 @@ changing of user identity.
-Module: +Module: domain

Layer: kernel

-domain_system_change_exempt( +domain_system_change_exemption( @@ -30636,13 +31374,13 @@ Unconfined access to domains.
-Module: +Module: domain

Layer: kernel

-domain_use_wide_inherit_fd( +domain_use_interactive_fds( @@ -30691,32 +31429,6 @@ constraints.
-Module: -domain

-Layer: -kernel

-

- -domain_wide_inherit_fd( - - - - - ? - - - )
-
- -
-

-Summary is missing! -

-
- -
- -
-Module: +Module: files

Layer: kernel

-files_config_file( +files_boot_filetrans( - file_type + domain + + + + , + + + + private_type + + + + , + + + + object_class )
@@ -30790,26 +31518,26 @@ kernel

-Make the specified type a -configuration file. +Create a private type object in boot +with an automatic type transition

-Module: +Module: files

Layer: kernel

-files_create_boot_flag( +files_config_file( - ? + file_type )
@@ -30817,25 +31545,26 @@ kernel

-Summary is missing! +Make the specified type a +configuration file.

-Module: +Module: files

Layer: kernel

-files_delete_all_locks( +files_create_boot_dirs( - ? + domain )
@@ -30843,20 +31572,20 @@ kernel

-Summary is missing! +Create directories in /boot

-Module: +Module: files

Layer: kernel

-files_delete_all_pid_dirs( +files_create_boot_flag( @@ -30876,18 +31605,18 @@ Summary is missing!
-Module: +Module: files

Layer: kernel

-files_delete_all_pids( +files_create_kernel_img( - ? + domain )
@@ -30895,20 +31624,20 @@ kernel

-Summary is missing! +Install a kernel into the /boot directory.

-Module: +Module: files

Layer: kernel

-files_delete_etc_files( +files_create_kernel_symbol_table( @@ -30921,20 +31650,20 @@ kernel

-Delete system configuration files in /etc. +Install a system.map into the /boot directory.

-Module: +Module: files

Layer: kernel

-files_delete_root_dir_entry( +files_delete_all_locks( @@ -30954,18 +31683,18 @@ Summary is missing!
-Module: +Module: files

Layer: kernel

-files_dontaudit_getattr_all_dirs( +files_delete_all_pid_dirs( - domain + ? )
@@ -30973,26 +31702,25 @@ kernel

-Do not audit attempts to get the attributes -of all directories. +Summary is missing!

-Module: +Module: files

Layer: kernel

-files_dontaudit_getattr_all_files( +files_delete_all_pids( - domain + ? )
@@ -31000,21 +31728,20 @@ kernel

-Do not audit attempts to get the attributes -of all files. +Summary is missing!

-Module: +Module: files

Layer: kernel

-files_dontaudit_getattr_all_pipes( +files_delete_etc_files( @@ -31027,21 +31754,20 @@ kernel

-Do not audit attempts to get the attributes -of all named pipes. +Delete system configuration files in /etc.

-Module: +Module: files

Layer: kernel

-files_dontaudit_getattr_all_sockets( +files_delete_kernel( @@ -31054,21 +31780,20 @@ kernel

-Do not audit attempts to get the attributes -of all named sockets. +Delete a kernel from /boot.

-Module: +Module: files

Layer: kernel

-files_dontaudit_getattr_all_symlinks( +files_delete_kernel_modules( @@ -31081,21 +31806,234 @@ kernel

-Do not audit attempts to get the attributes -of all symbolic links. +Delete kernel module files.

-Module: +Module: files

Layer: kernel

-files_dontaudit_getattr_default_dir( +files_delete_kernel_symbol_table( + + + + + domain + + + )
+
+ +
+

+Delete a system.map in the /boot directory. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_delete_root_dir_entry( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_dontaudit_getattr_all_dirs( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get the attributes +of all directories. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_dontaudit_getattr_all_files( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get the attributes +of all files. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_dontaudit_getattr_all_pipes( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get the attributes +of all named pipes. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_dontaudit_getattr_all_sockets( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get the attributes +of all named sockets. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_dontaudit_getattr_all_symlinks( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get the attributes +of all symbolic links. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_dontaudit_getattr_boot_dirs( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get attributes +of the /boot directory. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_dontaudit_getattr_default_dirs( @@ -31171,13 +32109,13 @@ attributes of the home directories root
-Module: +Module: files

Layer: kernel

-files_dontaudit_getattr_non_security_blk_dev( +files_dontaudit_getattr_non_security_blk_files( @@ -31198,13 +32136,13 @@ of non security block devices.
-Module: +Module: files

Layer: kernel

-files_dontaudit_getattr_non_security_chr_dev( +files_dontaudit_getattr_non_security_chr_files( @@ -31333,13 +32271,13 @@ of non security symbolic links.
-Module: +Module: files

Layer: kernel

-files_dontaudit_getattr_pid_dir( +files_dontaudit_getattr_pid_dirs( @@ -31360,13 +32298,13 @@ of the /var/run directory.
-Module: +Module: files

Layer: kernel

-files_dontaudit_getattr_tmp_dir( +files_dontaudit_getattr_tmp_dirs( @@ -31575,13 +32513,13 @@ created on boot, such as mtab.
-Module: +Module: files

Layer: kernel

-files_dontaudit_read_root_file( +files_dontaudit_read_root_files( @@ -31601,13 +32539,13 @@ Summary is missing!
-Module: +Module: files

Layer: kernel

-files_dontaudit_rw_root_chr_dev( +files_dontaudit_rw_root_chr_files( @@ -31627,13 +32565,13 @@ Summary is missing!
-Module: +Module: files

Layer: kernel

-files_dontaudit_rw_root_file( +files_dontaudit_rw_root_files( @@ -31679,6 +32617,32 @@ Summary is missing!
+Module: +files

+Layer: +kernel

+

+ +files_dontaudit_search_boot( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to search the /boot directory. +

+
+ +
+ +
-Module: +Module: files

Layer: kernel

-files_dontaudit_search_isid_type_dir( +files_dontaudit_search_isid_type_dirs( @@ -31787,6 +32751,33 @@ the /var/run directory.
+Module: +files

+Layer: +kernel

+

+ +files_dontaudit_search_spool( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to search generic +spool directories. +

+
+ +
+ +
-Module: +Module: files

Layer: kernel

-files_dontaudit_write_var( +files_dontaudit_write_var_dirs( @@ -31892,6 +32883,32 @@ Do not audit attempts to write to /var.
+Module: +files

+Layer: +kernel

+

+ +files_etc_filetrans( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
-Module: +Module: files

Layer: kernel

-files_filetrans_etc( +files_getattr_all_dirs( - ? + domain )
@@ -31989,20 +33006,20 @@ kernel

-Summary is missing! +Get the attributes of all directories.

-Module: +Module: files

Layer: kernel

-files_filetrans_home( +files_getattr_all_files( @@ -32010,24 +33027,30 @@ kernel

domain - - , - - - - home_type - + )
+

+ +
+

+Get the attributes of all files. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_getattr_all_pipes( - , - - - [ - - object - ] + domain )
@@ -32035,25 +33058,25 @@ kernel

-Create objects in /home. +Get the attributes of all named pipes.

-Module: +Module: files

Layer: kernel

-files_filetrans_lock( +files_getattr_all_sockets( - ? + domain )
@@ -32061,25 +33084,25 @@ kernel

-Summary is missing! +Get the attributes of all named sockets.

-Module: +Module: files

Layer: kernel

-files_filetrans_pid( +files_getattr_all_symlinks( - ? + domain )
@@ -32087,20 +33110,20 @@ kernel

-Summary is missing! +Get the attributes of all symbolic links.

-Module: +Module: files

Layer: kernel

-files_filetrans_root( +files_getattr_boot_dirs( @@ -32108,24 +33131,30 @@ kernel

domain - - , - - - - private type - + )
+

+ +
+

+Get attributes of the /boot directory. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_getattr_default_dirs( - , - - [ - - object - - ] + domain )
@@ -32133,21 +33162,20 @@ kernel

-Create an object in the root directory, with a private -type. +Getattr of directories with the default file type.

-Module: +Module: files

Layer: kernel

-files_filetrans_tmp( +files_getattr_generic_locks( @@ -32167,13 +33195,13 @@ Summary is missing!
-Module: +Module: files

Layer: kernel

-files_filetrans_usr( +files_getattr_home_dir( @@ -32181,45 +33209,26 @@ kernel

domain - - , - - - - file_type - - - - , - - - - [ - - object_class - - ] - - )

-Create objects in the /usr directory +Get the attributes of the home directories root +(/home).

-Module: +Module: files

Layer: kernel

-files_filetrans_var( +files_getattr_isid_type_dirs( @@ -32227,45 +33236,26 @@ kernel

domain - - , - - - - file_type - - - - , - - - - [ - - object_class - - ] - - )

-Create objects in the /var directory +Getattr of directories on new filesystems +that have not yet been labeled.

-Module: +Module: files

Layer: kernel

-files_filetrans_var_lib( +files_getattr_kernel_modules( @@ -32273,24 +33263,30 @@ kernel

domain - - , - - - - file_type - + )
+

+ +
+

+Get the attributes of kernel module files. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_getattr_tmp_dirs( - , - - [ - - object_class - - ] + domain )
@@ -32298,20 +33294,20 @@ kernel

-Create objects in the /var/lib directory +Get the attributes of the tmp directory (/tmp).

-Module: +Module: files

Layer: kernel

-files_getattr_all_dirs( +files_getattr_usr_files( @@ -32324,20 +33320,20 @@ kernel

-Get the attributes of all directories. +Get the attributes of files in /usr.

-Module: +Module: files

Layer: kernel

-files_getattr_all_file_type_sockets( +files_getattr_var_lib_dirs( @@ -32350,21 +33346,20 @@ kernel

-Get the attributes of all sockets -with the type of a file. +Get the attributes of the /var/lib directory.

-Module: +Module: files

Layer: kernel

-files_getattr_all_files( +files_home_filetrans( @@ -32372,25 +33367,41 @@ kernel

domain + + , + + + + home_type + + + + , + + + + object + + )

-Get the attributes of all files. +Create objects in /home.

-Module: +Module: files

Layer: kernel

-files_getattr_all_pipes( +files_kernel_modules_filetrans( @@ -32398,30 +33409,47 @@ kernel

domain + + , + + + + private_type + + + + , + + + + object_class + + )

-Get the attributes of all named pipes. +Create objects in the kernel module directories +with a private type via an automatic type transition.

-Module: +Module: files

Layer: kernel

-files_getattr_all_sockets( +files_list_all( - domain + ? )
@@ -32429,20 +33457,20 @@ kernel

-Get the attributes of all named sockets. +Summary is missing!

-Module: +Module: files

Layer: kernel

-files_getattr_all_symlinks( +files_list_default( @@ -32455,25 +33483,25 @@ kernel

-Get the attributes of all symbolic links. +List contents of directories with the default file type.

-Module: +Module: files

Layer: kernel

-files_getattr_default_dir( +files_list_etc( - domain + ? )
@@ -32481,25 +33509,25 @@ kernel

-Getattr of directories with the default file type. +Summary is missing!

-Module: +Module: files

Layer: kernel

-files_getattr_generic_locks( +files_list_home( - ? + domain )
@@ -32507,20 +33535,20 @@ kernel

-Summary is missing! +Get listing of home directories.

-Module: +Module: files

Layer: kernel

-files_getattr_home_dir( +files_list_isid_type_dirs( @@ -32533,21 +33561,21 @@ kernel

-Get the attributes of the home directories root -(/home). +List the contents of directories on new filesystems +that have not yet been labeled.

-Module: +Module: files

Layer: kernel

-files_getattr_isid_type_dir( +files_list_kernel_modules( @@ -32560,78 +33588,25 @@ kernel

-Getattr of directories on new filesystems -that have not yet been labeled. -

-
- -
- -
-Module: -files

-Layer: -kernel

-

- -files_getattr_tmp_dir( - - - - - domain - - - )
-
- -
-

-Get the attributes of the tmp directory (/tmp). -

-
- -
- -
-Module: -files

-Layer: -kernel

-

- -files_getattr_usr_files( - - - - - domain - - - )
-
- -
-

-Get the attributes of files in /usr. +List the contents of the kernel module directories.

-Module: +Module: files

Layer: kernel

-files_getattr_var_lib_dir( +files_list_mnt( - domain + ? )
@@ -32639,20 +33614,20 @@ kernel

-Get the attributes of the /var/lib directory. +Summary is missing!

-Module: +Module: files

Layer: kernel

-files_list_all( +files_list_non_security( @@ -32665,20 +33640,20 @@ kernel

-List the contents of all directories. +List all non-security directories.

-Module: +Module: files

Layer: kernel

-files_list_all_dirs( +files_list_pids( @@ -32698,18 +33673,18 @@ Summary is missing!
-Module: +Module: files

Layer: kernel

-files_list_default( +files_list_root( - domain + ? )
@@ -32717,20 +33692,20 @@ kernel

-List contents of directories with the default file type. +Summary is missing!

-Module: +Module: files

Layer: kernel

-files_list_etc( +files_list_spool( @@ -32750,13 +33725,13 @@ Summary is missing!
-Module: +Module: files

Layer: kernel

-files_list_home( +files_list_tmp( @@ -32769,20 +33744,20 @@ kernel

-Get listing of home directories. +Read the tmp directory (/tmp).

-Module: +Module: files

Layer: kernel

-files_list_isid_type_dir( +files_list_usr( @@ -32795,26 +33770,26 @@ kernel

-List the contents of directories on new filesystems -that have not yet been labeled. +List the contents of generic +directories in /usr.

-Module: +Module: files

Layer: kernel

-files_list_mnt( +files_list_var( - ? + domain )
@@ -32822,20 +33797,20 @@ kernel

-Summary is missing! +List the contents of /var.

-Module: +Module: files

Layer: kernel

-files_list_non_security( +files_list_var_lib( @@ -32848,25 +33823,25 @@ kernel

-List all non-security directories. +List the contents of the /var/lib directory.

-Module: +Module: files

Layer: kernel

-files_list_pids( +files_list_world_readable( - ? + domain )
@@ -32874,20 +33849,20 @@ kernel

-Summary is missing! +List world-readable directories.

-Module: +Module: files

Layer: kernel

-files_list_root( +files_lock_file( @@ -32907,13 +33882,13 @@ Summary is missing!
-Module: +Module: files

Layer: kernel

-files_list_spool( +files_lock_filetrans( @@ -32933,13 +33908,13 @@ Summary is missing!
-Module: +Module: files

Layer: kernel

-files_list_tmp( +files_manage_all_files( @@ -32947,57 +33922,12 @@ kernel

domain - )
-

- -
-

-Read the tmp directory (/tmp). -

-
- -
- -
-Module: -files

-Layer: -kernel

-

- -files_list_usr( - - - - - domain - - )
-
- -
-

-List the contents of generic -directories in /usr. -

-
- -
- -
-Module: -files

-Layer: -kernel

-

- -files_list_var( - + , - domain + exception_types )
@@ -33005,20 +33935,21 @@ kernel

-List the contents of /var. +Manage all files on the filesystem, except +the listed exceptions.

-Module: +Module: files

Layer: kernel

-files_list_var_lib( +files_manage_boot_files( @@ -33031,20 +33962,21 @@ kernel

-List the contents of the /var/lib directory. +Create, read, write, and delete files +in the /boot directory.

-Module: +Module: files

Layer: kernel

-files_list_world_readable( +files_manage_boot_symlinks( @@ -33057,20 +33989,21 @@ kernel

-List world-readable directories. +Create, read, write, and delete symbolic links +in the /boot directory.

-Module: +Module: files

Layer: kernel

-files_lock_file( +files_manage_etc_files( @@ -33090,13 +34023,13 @@ Summary is missing!
-Module: +Module: files

Layer: kernel

-files_manage_all_files( +files_manage_etc_runtime_files( @@ -33104,38 +34037,27 @@ kernel

domain - - , - - - - [ - - exception_types - - ] - - )

-Manage all files on the filesystem, except -the listed exceptions. +Create, read, write, and delete files in +/etc that are dynamically created on boot, +such as mtab.

-Module: +Module: files

Layer: kernel

-files_manage_etc_files( +files_manage_generic_locks( @@ -33155,41 +34077,13 @@ Summary is missing!
-Module: -files

-Layer: -kernel

-

- -files_manage_etc_runtime_files( - - - - - domain - - - )
-
- -
-

-Create, read, write, and delete files in -/etc that are dynamically created on boot, -such as mtab. -

-
- -
- -
-Module: +Module: files

Layer: kernel

-files_manage_generic_locks( +files_manage_generic_spool( @@ -33235,18 +34129,18 @@ Summary is missing!
-Module: +Module: files

Layer: kernel

-files_manage_generic_spools( +files_manage_isid_type_blk_files( - ? + domain )
@@ -33254,20 +34148,21 @@ kernel

-Summary is missing! +Create, read, write, and delete block device nodes +on new filesystems that have not yet been labeled.

-Module: +Module: files

Layer: kernel

-files_manage_isid_type_blk_node( +files_manage_isid_type_chr_files( @@ -33280,7 +34175,7 @@ kernel

-Create, read, write, and delete block device nodes +Create, read, write, and delete character device nodes on new filesystems that have not yet been labeled.

@@ -33288,13 +34183,13 @@ on new filesystems that have not yet been labeled.
-Module: +Module: files

Layer: kernel

-files_manage_isid_type_chr_node( +files_manage_isid_type_dirs( @@ -33307,7 +34202,7 @@ kernel

-Create, read, write, and delete character device nodes +Create, read, write, and delete directories on new filesystems that have not yet been labeled.

@@ -33315,13 +34210,13 @@ on new filesystems that have not yet been labeled.
-Module: +Module: files

Layer: kernel

-files_manage_isid_type_dir( +files_manage_isid_type_files( @@ -33334,7 +34229,7 @@ kernel

-Create, read, write, and delete directories +Create, read, write, and delete files on new filesystems that have not yet been labeled.

@@ -33342,13 +34237,13 @@ on new filesystems that have not yet been labeled.
-Module: +Module: files

Layer: kernel

-files_manage_isid_type_file( +files_manage_isid_type_symlinks( @@ -33361,7 +34256,7 @@ kernel

-Create, read, write, and delete files +Create, read, write, and delete symbolic links on new filesystems that have not yet been labeled.

@@ -33369,13 +34264,13 @@ on new filesystems that have not yet been labeled.
-Module: +Module: files

Layer: kernel

-files_manage_isid_type_symlink( +files_manage_kernel_modules( @@ -33388,8 +34283,8 @@ kernel

-Create, read, write, and delete symbolic links -on new filesystems that have not yet been labeled. +Create, read, write, and delete +kernel module files.

@@ -33739,13 +34634,13 @@ Mount a filesystem on a directory with the default file type.
-Module: +Module: files

Layer: kernel

-files_mounton_isid_type_dir( +files_mounton_isid_type_dirs( @@ -33844,6 +34739,32 @@ Summary is missing!
+Module: +files

+Layer: +kernel

+

+ +files_pid_filetrans( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
-Module: +Module: files

Layer: kernel

-files_read_all_blk_nodes( +files_read_all_blk_files( @@ -34039,13 +34960,13 @@ Read all block nodes with file types.
-Module: +Module: files

Layer: kernel

-files_read_all_chr_nodes( +files_read_all_chr_files( @@ -34084,12 +35005,8 @@ kernel

- [ - exception_types - ] - )

@@ -34149,12 +35066,8 @@ kernel

- [ - exception_types - ] - )

@@ -34266,12 +35179,8 @@ kernel

- [ - exception_types - ] - )

@@ -34443,13 +35352,13 @@ created on boot, such as mtab.
-Module: +Module: files

Layer: kernel

-files_read_generic_spools( +files_read_generic_spool( @@ -34521,13 +35430,13 @@ Read symbolic links in the tmp directory (/tmp).
-Module: +Module: files

Layer: kernel

-files_read_isid_type_file( +files_read_isid_type_files( @@ -34548,6 +35457,58 @@ that have not yet been labeled.
+Module: +files

+Layer: +kernel

+

+ +files_read_kernel_modules( + + + + + domain + + + )
+
+ +
+

+Read kernel module files. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_read_kernel_symbol_table( + + + + + domain + + + )
+
+ +
+

+Read system.map in the /boot directory. +

+
+ +
+ +
-Module: +Module: files

Layer: kernel

-files_read_var_symlink( +files_read_var_symlinks( @@ -34879,12 +35840,8 @@ kernel

- [ - exception_types - ] - )

@@ -34925,6 +35882,58 @@ Relabel from and to generic files in /etc.
+Module: +files

+Layer: +kernel

+

+ +files_relabel_kernel_modules( + + + + + domain + + + )
+
+ +
+

+Relabel from and to kernel module files. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_relabelfrom_boot_files( + + + + + domain + + + )
+
+ +
+

+Relabel from files in the /boot directory. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_root_filetrans( + + + + + domain + + + + , + + + + private type + + + + , + + + + object + + + )
+
+ +
+

+Create an object in the root directory, with a private +type. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_rw_boot_symlinks( + + + + + domain + + + )
+
+ +
+

+Read and write symbolic links +in the /boot directory. +

+
+ +
+ +
-Module: +Module: files

Layer: kernel

-files_rw_isid_type_blk_node( +files_rw_isid_type_blk_files( @@ -35109,13 +36188,13 @@ that have not yet been labeled.
-Module: +Module: files

Layer: kernel

-files_rw_isid_type_dir( +files_rw_isid_type_dirs( @@ -35136,13 +36215,13 @@ that have not yet been labeled.
-Module: +Module: files

Layer: kernel

-files_rw_locks_dir( +files_rw_lock_dirs( @@ -35174,7 +36253,7 @@ kernel

- domain + ? )
@@ -35182,25 +36261,25 @@ kernel

-Search all directories. +Summary is missing!

-Module: +Module: files

Layer: kernel

-files_search_all_dirs( +files_search_boot( - ? + domain )
@@ -35208,7 +36287,7 @@ kernel

-Summary is missing! +Search the /boot directory.

@@ -35293,6 +36372,32 @@ Search home directories root (/home).
+Module: +files

+Layer: +kernel

+

+ +files_search_kernel_modules( + + + + + domain + + + )
+
+ +
+

+Search the contents of the kernel module directories. +

+
+ +
+ +
Module: files

Layer: @@ -35304,7 +36409,7 @@ kernel

- ? + domain )
@@ -35312,7 +36417,7 @@ kernel

-Summary is missing! +Search the locks directory (/var/lock).

@@ -35501,18 +36606,18 @@ Search the /var/lib directory.
-Module: +Module: files

Layer: kernel

-files_search_var_lib_dir( +files_security_file( - domain + file_type )
@@ -35520,25 +36625,27 @@ kernel

-Search directories in /var/lib. +Make the specified type a file that +should not be dontaudited from +browsing from user domains.

-Module: +Module: files

Layer: kernel

-files_security_file( +files_setattr_all_tmp_dirs( - file_type + domain )
@@ -35546,22 +36653,20 @@ kernel

-Make the specified type a file that -should not be dontaudited from -browsing from user domains. +Set the attributes of all tmp directories.

-Module: +Module: files

Layer: kernel

-files_setattr_all_tmp_dirs( +files_setattr_etc_dirs( @@ -35574,25 +36679,25 @@ kernel

-Set the attributes of all tmp directories. +Set the attributes of the /etc directories.

-Module: +Module: files

Layer: kernel

-files_setattr_etc_dir( +files_tmp_file( - domain + file_type )
@@ -35600,25 +36705,26 @@ kernel

-Set the attributes of the /etc directories. +Make the specified type a file +used for temporary files.

-Module: +Module: files

Layer: kernel

-files_tmp_file( +files_tmp_filetrans( - file_type + ? )
@@ -35626,8 +36732,7 @@ kernel

-Make the specified type a file -used for temporary files. +Summary is missing!

@@ -35766,13 +36871,165 @@ Summary is missing!
-Module: +Module: files

Layer: kernel

-files_write_non_security_dir( +files_usr_filetrans( + + + + + domain + + + + , + + + + file_type + + + + , + + + + object_class + + + )
+
+ +
+

+Create objects in the /usr directory +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_var_filetrans( + + + + + domain + + + + , + + + + file_type + + + + , + + + + object_class + + + )
+
+ +
+

+Create objects in the /var directory +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_var_lib_filetrans( + + + + + domain + + + + , + + + + file_type + + + + , + + + + object_class + + + )
+
+ +
+

+Create objects in the /var/lib directory +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_write_kernel_modules( + + + + + domain + + + )
+
+ +
+

+Write kernel module files. +

+
+ +
+ +
+Module: +files

+Layer: +kernel

+

+ +files_write_non_security_dirs( @@ -35870,13 +37127,13 @@ Execute firstboot in the firstboot domain.
-Module: +Module: firstboot

Layer: admin

-firstboot_dontaudit_use_fd( +firstboot_dontaudit_use_fds( @@ -35940,13 +37197,13 @@ allow the specified role the firstboot domain.
-Module: +Module: firstboot

Layer: admin

-firstboot_use_fd( +firstboot_use_fds( @@ -35966,13 +37223,13 @@ Inherit and use a file descriptor from firstboot.
-Module: +Module: firstboot

Layer: admin

-firstboot_write_pipe( +firstboot_write_pipes( @@ -36383,13 +37640,13 @@ of directories on a NFS filesystem.
-Module: +Module: filesystem

Layer: kernel

-fs_dontaudit_list_removable_dirs( +fs_dontaudit_list_removable( @@ -36602,13 +37859,13 @@ files on a NFS filesystem.
-Module: +Module: filesystem

Layer: kernel

-fs_dontaudit_rw_cifs_files( +fs_dontaudit_read_ramfs_files( @@ -36621,21 +37878,46 @@ kernel

-Do not audit attempts to read or -write files on a CIFS or SMB filesystem. +Dontaudit read on a ramfs files.

-Module: +Module: filesystem

Layer: kernel

-fs_dontaudit_rw_nfs_files( +fs_dontaudit_read_ramfs_pipes( + + + + + domain + + + )
+
+ +
+

+Dontaudit read on a ramfs fifo_files. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_dontaudit_rw_cifs_files( @@ -36649,20 +37931,20 @@ kernel

Do not audit attempts to read or -write files on a NFS filesystem. +write files on a CIFS or SMB filesystem.

-Module: +Module: filesystem

Layer: kernel

-fs_dontaudit_rw_tmpfs_files( +fs_dontaudit_rw_nfs_files( @@ -36675,21 +37957,21 @@ kernel

-Do not audit attempts to read or write -generic tmpfs files. +Do not audit attempts to read or +write files on a NFS filesystem.

-Module: +Module: filesystem

Layer: kernel

-fs_dontaudit_use_tmpfs_chr_dev( +fs_dontaudit_rw_tmpfs_files( @@ -36702,20 +37984,21 @@ kernel

-dontaudit Read and write character nodes on tmpfs filesystems. +Do not audit attempts to read or write +generic tmpfs files.

-Module: +Module: filesystem

Layer: kernel

-fs_exec_noxattr( +fs_dontaudit_search_ramfs( @@ -36728,21 +38011,20 @@ kernel

-Execute files on a filesystem that does -not support extended attributes. +Dontaudit Search directories on a ramfs

-Module: +Module: filesystem

Layer: kernel

-fs_execute_cifs_files( +fs_dontaudit_use_tmpfs_chr_dev( @@ -36755,22 +38037,20 @@ kernel

-Execute files on a CIFS or SMB -network filesystem, in the caller -domain. +dontaudit Read and write character nodes on tmpfs filesystems.

-Module: +Module: filesystem

Layer: kernel

-fs_execute_nfs_files( +fs_exec_cifs_files( @@ -36783,25 +38063,27 @@ kernel

-Execute files on a NFS filesystem. +Execute files on a CIFS or SMB +network filesystem, in the caller +domain.

-Module: +Module: filesystem

Layer: kernel

-fs_filetrans_tmpfs( +fs_exec_nfs_files( - ? + domain )
@@ -36809,20 +38091,20 @@ kernel

-Summary is missing! +Execute files on a NFS filesystem.

-Module: +Module: filesystem

Layer: kernel

-fs_get_all_fs_quotas( +fs_exec_noxattr( @@ -36835,20 +38117,21 @@ kernel

-Get the quotas of all filesystems. +Execute files on a filesystem that does +not support extended attributes.

-Module: +Module: filesystem

Layer: kernel

-fs_get_xattr_fs_quota( +fs_get_all_fs_quotas( @@ -36861,8 +38144,7 @@ kernel

-Get the filesystem quotas of a filesystem -with extended attributes. +Get the quotas of all filesystems.

@@ -36888,9 +38170,8 @@ kernel

-Get the quotas of a persistent -filesystem which has extended -attributes, such as ext3, JFS, or XFS. +Get the filesystem quotas of a filesystem +with extended attributes.

@@ -37353,13 +38634,13 @@ filesystem.
-Module: +Module: filesystem

Layer: kernel

-fs_getattr_tmpfs_dir( +fs_getattr_tmpfs_dirs( @@ -37487,6 +38768,32 @@ CIFS or SMB filesystem.
+Module: +filesystem

+Layer: +kernel

+

+ +fs_list_inotifyfs( + + + + + domain + + + )
+
+ +
+

+List inotifyfs filesystem. +

+
+ +
+ +
-Module: +Module: filesystem

Layer: kernel

-fs_list_tmpfs( +fs_list_rpc( @@ -37558,20 +38865,20 @@ kernel

-List the contents of generic tmpfs directories. +Read directories of RPC file system pipes.

-Module: +Module: filesystem

Layer: kernel

-fs_make_noxattr_fs( +fs_list_tmpfs( @@ -37584,9 +38891,7 @@ kernel

-Transform specified type into a filesystem -type which does not have extended attribute -support. +List the contents of generic tmpfs directories.

@@ -37890,13 +39195,13 @@ on a CIFS or SMB network filesystem.
-Module: +Module: filesystem

Layer: kernel

-fs_manage_tmpfs_blk_dev( +fs_manage_tmpfs_blk_files( @@ -37917,13 +39222,13 @@ on tmpfs filesystems.
-Module: +Module: filesystem

Layer: kernel

-fs_manage_tmpfs_chr_dev( +fs_manage_tmpfs_chr_files( @@ -38403,6 +39708,34 @@ in the specified domain.
+Module: +filesystem

+Layer: +kernel

+

+ +fs_noxattr_type( + + + + + domain + + + )
+
+ +
+

+Transform specified type into a filesystem +type which does not have extended attribute +support. +

+
+ +
+ +
-Module: +Module: filesystem

Layer: kernel

-fs_read_rpc_dirs( +fs_read_rpc_files( @@ -38656,20 +39989,20 @@ kernel

-Read directories of RPC file system pipes. +Read files of RPC file system pipes.

-Module: +Module: filesystem

Layer: kernel

-fs_read_rpc_files( +fs_read_rpc_sockets( @@ -38682,20 +40015,20 @@ kernel

-Read files of RPC file system pipes. +Read sockets of RPC file system pipes.

-Module: +Module: filesystem

Layer: kernel

-fs_read_rpc_sockets( +fs_read_rpc_symlinks( @@ -38708,20 +40041,20 @@ kernel

-Read sockets of RPC file system pipes. +Read symbolic links of RPC file system pipes.

-Module: +Module: filesystem

Layer: kernel

-fs_read_rpc_symlinks( +fs_read_tmpfs_symlinks( @@ -38734,7 +40067,7 @@ kernel

-Read symbolic links of RPC file system pipes. +Read tmpfs link files.

@@ -38773,13 +40106,13 @@ without specifying the interpreter.
-Module: +Module: filesystem

Layer: kernel

-fs_relabel_tmpfs_blk_dev( +fs_relabel_tmpfs_blk_file( @@ -38799,13 +40132,13 @@ Relabel block nodes on tmpfs filesystems.
-Module: +Module: filesystem

Layer: kernel

-fs_relabel_tmpfs_chr_dev( +fs_relabel_tmpfs_chr_file( @@ -39259,13 +40592,13 @@ Read and write NFS server files.
-Module: +Module: filesystem

Layer: kernel

-fs_rw_ramfs_pipe( +fs_rw_ramfs_pipes( @@ -39285,13 +40618,65 @@ Read and write a named pipe on a ramfs filesystem.
-Module: +Module: +filesystem

+Layer: +kernel

+

+ +fs_rw_tmpfs_blk_files( + + + + + domain + + + )
+
+ +
+

+Read and write block nodes on tmpfs filesystems. +

+
+ +
+ +
+Module: filesystem

Layer: kernel

-fs_rw_tmpfs_file( +fs_rw_tmpfs_chr_files( + + + + + domain + + + )
+
+ +
+

+Read and write character nodes on tmpfs filesystems. +

+
+ +
+ +
+Module: +filesystem

+Layer: +kernel

+

+ +fs_rw_tmpfs_files( @@ -39390,6 +40775,32 @@ Search directories on a CIFS or SMB filesystem.
+Module: +filesystem

+Layer: +kernel

+

+ +fs_search_inotifyfs( + + + + + domain + + + )
+
+ +
+

+Search inotifyfs filesystem. +

+
+ +
+ +
-Module: +Module: filesystem

Layer: kernel

-fs_search_removable_dirs( +fs_search_removable( @@ -39494,13 +40905,13 @@ Search removable storage directories.
-Module: +Module: filesystem

Layer: kernel

-fs_search_rpc_dirs( +fs_search_rpc( @@ -39572,13 +40983,13 @@ Set the quotas of all filesystems.
-Module: +Module: filesystem

Layer: kernel

-fs_set_xattr_fs_quota( +fs_set_xattr_fs_quotas( @@ -39599,13 +41010,13 @@ with extended attributes.
-Module: +Module: filesystem

Layer: kernel

-fs_setattr_tmpfs_dir( +fs_setattr_tmpfs_dirs( @@ -39625,6 +41036,32 @@ Set the attributes of tmpfs directories.
+Module: +filesystem

+Layer: +kernel

+

+ +fs_tmpfs_filetrans( + + + + + ? + + + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
-Module: -filesystem

-Layer: -kernel

-

- -fs_use_tmpfs_blk_dev( - - - - - domain - - - )
-
- -
-

-Read and write block nodes on tmpfs filesystems. -

-
- -
- -
-Module: -filesystem

-Layer: -kernel

-

- -fs_use_tmpfs_chr_dev( - - - - - domain - - - )
-
- -
-

-Read and write character nodes on tmpfs filesystems. -

-
- -
- -
-Module: +Module: filesystem

Layer: kernel

-fs_write_ramfs_pipe( +fs_write_ramfs_pipes( @@ -40097,13 +41482,13 @@ Write to named pipe on a ramfs filesystem.
-Module: +Module: filesystem

Layer: kernel

-fs_write_ramfs_socket( +fs_write_ramfs_sockets( @@ -40402,13 +41787,13 @@ Execute gettys in the getty domain.
-Module: +Module: getty

Layer: system

-getty_modify_config( +getty_read_config( @@ -40421,20 +41806,20 @@ system

-Allow process to edit getty config file. +Allow process to read getty config file.

-Module: +Module: getty

Layer: system

-getty_read_config( +getty_read_log( @@ -40447,20 +41832,20 @@ system

-Allow process to read getty config file. +Allow process to read getty log file.

-Module: +Module: getty

Layer: system

-getty_read_log( +getty_rw_config( @@ -40473,7 +41858,33 @@ system

-Allow process to read getty log file. +Allow process to edit getty config file. +

+
+ +
+ +
+Module: +getty

+Layer: +system

+

+ +getty_use_fds( + + + + + domain + + + )
+
+ +
+

+Inherit and use getty file descriptors.

@@ -40562,6 +41973,33 @@ control channel named socket.
+Module: +gpm

+Layer: +services

+

+ +gpm_stream_connect( + + + + + domain + + + )
+
+ +
+

+Connect to GPM over a unix domain +stream socket. +

+
+ +
+ +
-Module: +Module: hal

Layer: services

-hal_dgram_sendto( +hal_dgram_send( @@ -40842,13 +42280,13 @@ Summary is missing!
-Module: +Module: hotplug

Layer: system

-hotplug_dontaudit_use_fd( +hotplug_dontaudit_use_fds( @@ -40894,13 +42332,13 @@ Summary is missing!
-Module: +Module: hotplug

Layer: system

-hotplug_getattr_config_dir( +hotplug_getattr_config_dirs( @@ -40972,13 +42410,13 @@ Search the hotplug configuration directory.
-Module: +Module: hotplug

Layer: system

-hotplug_use_fd( +hotplug_use_fds( @@ -41110,13 +42548,13 @@ Run inetd child process in the inet child domain
-Module: +Module: inetd

Layer: services

-inetd_rw_tcp_socket( +inetd_rw_tcp_sockets( @@ -41230,13 +42668,13 @@ Define the specified domain as a TCP inetd service.
-Module: +Module: inetd

Layer: services

-inetd_udp_sendto( +inetd_udp_send( @@ -41290,13 +42728,13 @@ Define the specified domain as a UDP inetd service.
-Module: +Module: inetd

Layer: services

-inetd_use_fd( +inetd_use_fds( @@ -41490,13 +42928,13 @@ Summary is missing!
-Module: +Module: init

Layer: system

-init_dontaudit_lock_pid( +init_dontaudit_lock_utmp( @@ -41517,13 +42955,13 @@ init script pid files.
-Module: +Module: init

Layer: system

-init_dontaudit_rw_script_pid( +init_dontaudit_rw_initctl( @@ -41543,18 +42981,18 @@ Summary is missing!
-Module: +Module: init

Layer: system

-init_dontaudit_unix_connect_script( +init_dontaudit_rw_utmp( - domain + ? )
@@ -41562,26 +43000,25 @@ system

-Dont audit the specified domain connecting to -init scripts with a unix domain stream socket. +Summary is missing!

-Module: +Module: init

Layer: system

-init_dontaudit_use_fd( +init_dontaudit_stream_connect_script( - ? + domain )
@@ -41589,20 +43026,21 @@ system

-Summary is missing! +Dont audit the specified domain connecting to +init scripts with a unix domain stream socket.

-Module: +Module: init

Layer: system

-init_dontaudit_use_initctl( +init_dontaudit_use_fds( @@ -41622,13 +43060,13 @@ Summary is missing!
-Module: +Module: init

Layer: system

-init_dontaudit_use_script_fd( +init_dontaudit_use_script_fds( @@ -41648,13 +43086,13 @@ Summary is missing!
-Module: +Module: init

Layer: system

-init_dontaudit_use_script_pty( +init_dontaudit_use_script_ptys( @@ -41675,13 +43113,13 @@ write the init script pty.
-Module: +Module: init

Layer: system

-init_dontaudit_write_script_pid( +init_dontaudit_write_utmp( @@ -41727,13 +43165,13 @@ Execute the init program in the caller domain.
-Module: +Module: init

Layer: system

-init_exec_script( +init_exec_script_files( @@ -41753,38 +43191,44 @@ Summary is missing!
-Module: +Module: init

Layer: system

-init_filetrans_script_tmp( +init_getattr_initctl( - domain + ? - - , - - - - file_type - + )
+
+ +
+

+Summary is missing! +

+
+ +
+ +
+Module: +init

+Layer: +system

+

+ +init_getattr_script_files( - , - - - [ - - object_class - ] + domain )
@@ -41792,26 +43236,25 @@ system

-Create files in a init script -temporary data directory. +Get the attribute of init script entrypoint files.

-Module: +Module: init

Layer: system

-init_get_process_group( +init_getattr_utmp( - ? + domain )
@@ -41819,20 +43262,20 @@ system

-Summary is missing! +Get the attributes of init script process id files.

-Module: +Module: init

Layer: system

-init_get_script_process_group( +init_getpgid( @@ -41852,13 +43295,13 @@ Summary is missing!
-Module: +Module: init

Layer: system

-init_getattr_initctl( +init_getpgid_script( @@ -41878,13 +43321,13 @@ Summary is missing!
-Module: +Module: init

Layer: system

-init_getattr_script_entry_file( +init_manage_utmp( @@ -41897,20 +43340,20 @@ system

-Get the attribute of init script entrypoint files. +Create, read, write, and delete utmp.

-Module: +Module: init

Layer: system

-init_getattr_script_pids( +init_read_script_files( @@ -41923,20 +43366,20 @@ system

-Get the attributes of init script process id files. +Read init scripts.

-Module: +Module: init

Layer: system

-init_list_script_pids( +init_read_script_state( @@ -41949,26 +43392,25 @@ system

-List the contents of an init script -process id directory. +Read the process state (/proc/pid) of the init scripts.

-Module: +Module: init

Layer: system

-init_read_script( +init_read_utmp( - domain + ? )
@@ -41976,20 +43418,20 @@ system

-Read init scripts. +Summary is missing!

-Module: +Module: init

Layer: system

-init_read_script_file( +init_run_daemon( @@ -41997,25 +43439,41 @@ system

domain + + , + + + + role + + + + , + + + + terminal + + )

-Read init scripts. +Start and stop daemon programs directly.

-Module: +Module: init

Layer: system

-init_read_script_pid( +init_rw_initctl( @@ -42035,13 +43493,13 @@ Summary is missing!
-Module: +Module: init

Layer: system

-init_read_script_process_state( +init_rw_script_pipes( @@ -42054,20 +43512,20 @@ system

-Read the process state (/proc/pid) of the init scripts. +Read and write init script unnamed pipes.

-Module: +Module: init

Layer: system

-init_run_daemon( +init_rw_script_tmp_files( @@ -42075,20 +43533,30 @@ system

domain - - , - - - - role - + )
+

+ +
+

+Read and write init script temporary data. +

+
+ +
+ +
+Module: +init

+Layer: +system

+

+ +init_rw_utmp( - , - - terminal + ? )
@@ -42096,25 +43564,33 @@ system

-Start and stop daemon programs directly. +Summary is missing!

-Module: +Module: init

Layer: system

-init_rw_script_pid( +init_script_file_domtrans( - ? + source_domain + + + + , + + + + target_domain )
@@ -42122,20 +43598,20 @@ system

-Summary is missing! +Execute a init script in a specified domain.

-Module: +Module: init

Layer: system

-init_rw_script_pipe( +init_script_file_entry_type( @@ -42148,20 +43624,21 @@ system

-Read and write init script unnamed pipes. +Make init scripts an entry point for +the specified domain.

-Module: +Module: init

Layer: system

-init_rw_script_tmp_files( +init_script_tmp_filetrans( @@ -42169,12 +43646,29 @@ system

domain + + , + + + + file_type + + + + , + + + + object_class + + )

-Read and write init script temporary data. +Create files in a init script +temporary data directory.

@@ -42311,13 +43805,13 @@ Send null signals to init scripts.
-Module: +Module: init

Layer: system

-init_system_domain( +init_stream_connect_script( @@ -42325,34 +43819,26 @@ system

domain - - , - - - - entry_point - - )

-Create a domain for short running processes -which can be started by init scripts. +Allow the specified domain to connect to +init scripts with a unix socket.

-Module: +Module: init

Layer: system

-init_udp_sendto( +init_system_domain( @@ -42360,25 +43846,34 @@ system

domain + + , + + + + entry_point + + )

-Send UDP network traffic to init. +Create a domain for short running processes +which can be started by init scripts.

-Module: +Module: init

Layer: system

-init_udp_sendto_script( +init_udp_send( @@ -42391,20 +43886,20 @@ system

-Send UDP network traffic to init scripts. +Send UDP network traffic to init.

-Module: +Module: init

Layer: system

-init_unix_connect_script( +init_udp_send_script( @@ -42417,21 +43912,20 @@ system

-Allow the specified domain to connect to -init scripts with a unix socket. +Send UDP network traffic to init scripts.

-Module: +Module: init

Layer: system

-init_use_fd( +init_use_fds( @@ -42451,13 +43945,13 @@ Summary is missing!
-Module: +Module: init

Layer: system

-init_use_initctl( +init_use_script_fds( @@ -42477,18 +43971,18 @@ Summary is missing!
-Module: +Module: init

Layer: system

-init_use_script_fd( +init_use_script_ptys( - ? + domain )
@@ -42496,25 +43990,25 @@ system

-Summary is missing! +Read and write the init script pty.

-Module: +Module: init

Layer: system

-init_use_script_pty( +init_write_initctl( - domain + ? )
@@ -42522,25 +44016,25 @@ system

-Read and write the init script pty. +Summary is missing!

-Module: +Module: init

Layer: system

-init_write_initctl( +init_write_script_pipes( - ? + domain )
@@ -42548,20 +44042,20 @@ system

-Summary is missing! +Write an init script unnamed pipe.

-Module: -init

-Layer: -system

+Module: +inn

+Layer: +services

-init_write_script_pipe( +inn_dgram_send( @@ -42574,7 +44068,7 @@ system

-Write an init script unnamed pipe. +Send to a innd unix dgram socket.

@@ -42765,32 +44259,6 @@ Read innd news library files.
-Module: -inn

-Layer: -services

-

- -inn_sendto_unix_dgram_socket( - - - - - domain - - - )
-
- -
-

-Send to a innd unix dgram socket. -

-
- -
- -
-Module: +Module: ipsec

Layer: system

-ipsec_getattr_key_socket( +ipsec_getattr_key_sockets( @@ -43042,6 +44510,32 @@ allow the specified role the iptables domain.
+Module: +java

+Layer: +apps

+

+ +java_domtrans( + + + + + domain + + + )
+
+ +
+

+Execute the java program in the java domain. +

+
+ +
+ +
-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_getattr_core( +kernel_dgram_send( @@ -43244,21 +44738,20 @@ kernel

-Do not audit attempts to get the attributes of -core kernel interfaces. +Send messages to kernel unix datagram sockets.

-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_getattr_message_if( +kernel_domtrans_to( @@ -43266,26 +44759,88 @@ kernel

domain + + , + + + + entrypoint + + )

-Do not audit attempts by caller to get the attributes of kernel -message interfaces. +Allows to start userland processes +by transitioning to the specified domain.

-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_getattr_unlabeled_blk_dev( +kernel_dontaudit_getattr_core_if( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to get the attributes of +core kernel interfaces. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_dontaudit_getattr_message_if( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts by caller to get the attributes of kernel +message interfaces. +

+
+ +
+ +
+Module: +kernel

+Layer: +kernel

+

+ +kernel_dontaudit_getattr_unlabeled_blk_files( @@ -43306,13 +44861,13 @@ unlabeled block devices.
-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_getattr_unlabeled_chr_dev( +kernel_dontaudit_getattr_unlabeled_chr_files( @@ -43333,13 +44888,13 @@ unlabeled character devices.
-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_getattr_unlabeled_file( +kernel_dontaudit_getattr_unlabeled_files( @@ -43494,13 +45049,13 @@ Do not audit attempts to list unlabeled directories.
-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_read_proc_symlink( +kernel_dontaudit_read_proc_symlinks( @@ -43574,13 +45129,13 @@ read system state information in proc.
-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_read_unlabeled_file( +kernel_dontaudit_read_unlabeled_files( @@ -43707,13 +45262,13 @@ the base directory of sysctls.
-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_use_fd( +kernel_dontaudit_use_fds( @@ -43786,13 +45341,13 @@ Get information on all System V IPC objects.
-Module: +Module: kernel

Layer: kernel

-kernel_getattr_core( +kernel_getattr_core_if( @@ -43943,33 +45498,6 @@ Send a kill signal to unlabeled processes.
-Module: -kernel

-Layer: -kernel

-

- -kernel_list_from( - - - - - dir_type - - - )
-
- -
-

-Allow the kernel to read the contents -of the specified directory. -

-
- -
- -
-Module: +Module: kernel

Layer: kernel

-kernel_read_all_sysctl( +kernel_read_all_sysctls( @@ -44126,13 +45654,13 @@ Read information from the debugging filesystem.
-Module: +Module: kernel

Layer: kernel

-kernel_read_device_sysctl( +kernel_read_device_sysctls( @@ -44152,40 +45680,13 @@ Allow caller to read the device sysctls.
-Module: -kernel

-Layer: -kernel

-

- -kernel_read_file_from( - - - - - dir_type - - - )
-
- -
-

-Allow the kernel to read the -specified file. -

-
- -
- -
-Module: +Module: kernel

Layer: kernel

-kernel_read_fs_sysctl( +kernel_read_fs_sysctls( @@ -44205,13 +45706,13 @@ Read filesystem sysctls.
-Module: +Module: kernel

Layer: kernel

-kernel_read_hotplug_sysctl( +kernel_read_hotplug_sysctls( @@ -44231,13 +45732,13 @@ Read the hotplug sysctl.
-Module: +Module: kernel

Layer: kernel

-kernel_read_irq_sysctl( +kernel_read_irq_sysctls( @@ -44257,13 +45758,13 @@ Read IRQ sysctls.
-Module: +Module: kernel

Layer: kernel

-kernel_read_kernel_sysctl( +kernel_read_kernel_sysctls( @@ -44310,13 +45811,13 @@ using the /proc/kmsg interface.
-Module: +Module: kernel

Layer: kernel

-kernel_read_modprobe_sysctl( +kernel_read_modprobe_sysctls( @@ -44336,13 +45837,13 @@ Read the modprobe sysctl.
-Module: +Module: kernel

Layer: kernel

-kernel_read_net_sysctl( +kernel_read_net_sysctls( @@ -44466,13 +45967,13 @@ Allows caller to read the ring buffer.
-Module: +Module: kernel

Layer: kernel

-kernel_read_rpc_sysctl( +kernel_read_rpc_sysctls( @@ -44570,13 +46071,13 @@ Allows caller to read system state information in proc.
-Module: +Module: kernel

Layer: kernel

-kernel_read_unix_sysctl( +kernel_read_unix_sysctls( @@ -44597,13 +46098,13 @@ socket sysctls.
-Module: +Module: kernel

Layer: kernel

-kernel_read_vm_sysctl( +kernel_read_vm_sysctls( @@ -44623,13 +46124,13 @@ Allow caller to read virtual memory sysctls.
-Module: +Module: kernel

Layer: kernel

-kernel_relabel_unlabeled( +kernel_relabelfrom_unlabeled_dirs( @@ -44642,73 +46143,20 @@ kernel

-Allow caller to relabel unlabeled objects. -

-
- -
- -
-Module: -kernel

-Layer: -kernel

-

- -kernel_remount_debugfs( - - - - - domain - - - )
-
- -
-

-Remount a kernel debugging filesystem. -

-
- -
- -
-Module: -kernel

-Layer: -kernel

-

- -kernel_rootfs_mountpoint( - - - - - directory_type - - - )
-
- -
-

-Allows the kernel to mount filesystems on -the specified directory type. +Allow caller to relabel unlabeled directories.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_all_sysctl( +kernel_relabelfrom_unlabeled_files( @@ -44721,20 +46169,20 @@ kernel

-Read and write all sysctls. +Allow caller to relabel unlabeled files.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_device_sysctl( +kernel_relabelfrom_unlabeled_pipes( @@ -44747,20 +46195,20 @@ kernel

-Read and write device sysctls. +Allow caller to relabel unlabeled named pipes.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_fs_sysctl( +kernel_relabelfrom_unlabeled_sockets( @@ -44773,20 +46221,20 @@ kernel

-Read and write fileystem sysctls. +Allow caller to relabel unlabeled named sockets.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_hotplug_sysctl( +kernel_relabelfrom_unlabeled_symlinks( @@ -44799,20 +46247,20 @@ kernel

-Read and write the hotplug sysctl. +Allow caller to relabel unlabeled symbolic links.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_irq_sysctl( +kernel_remount_debugfs( @@ -44825,25 +46273,25 @@ kernel

-Read and write IRQ sysctls. +Remount a kernel debugging filesystem.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_kernel_sysctl( +kernel_rootfs_mountpoint( - domain + directory_type )
@@ -44851,20 +46299,21 @@ kernel

-Read and write generic kernel sysctls. +Allows the kernel to mount filesystems on +the specified directory type.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_modprobe_sysctl( +kernel_rw_all_sysctls( @@ -44877,20 +46326,20 @@ kernel

-Read and write the modprobe sysctl. +Read and write all sysctls.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_net_sysctl( +kernel_rw_device_sysctls( @@ -44903,20 +46352,20 @@ kernel

-Allow caller to modiry contents of sysctl network files. +Read and write device sysctls.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_pipe( +kernel_rw_fs_sysctls( @@ -44929,46 +46378,20 @@ kernel

-Read and write kernel unnamed pipes. -

-
- -
- -
-Module: -kernel

-Layer: -kernel

-

- -kernel_rw_rpc_sysctl( - - - - - ? - - - )
-
- -
-

-Summary is missing! +Read and write fileystem sysctls.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_software_raid_state( +kernel_rw_hotplug_sysctls( @@ -44981,20 +46404,20 @@ kernel

-Allow caller to read and set the state information for software raid. +Read and write the hotplug sysctl.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_unix_dgram_socket( +kernel_rw_irq_sysctls( @@ -45007,20 +46430,20 @@ kernel

-Read and write kernel unix datagram sockets. +Read and write IRQ sysctls.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_unix_sysctl( +kernel_rw_kernel_sysctl( @@ -45033,21 +46456,20 @@ kernel

-Read and write unix domain -socket sysctls. +Read and write generic kernel sysctls.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_unlabeled_dir( +kernel_rw_modprobe_sysctls( @@ -45060,20 +46482,20 @@ kernel

-Read and write unlabeled directories. +Read and write the modprobe sysctl.

-Module: +Module: kernel

Layer: kernel

-kernel_rw_vm_sysctl( +kernel_rw_net_sysctls( @@ -45086,20 +46508,20 @@ kernel

-Read and write virtual memory sysctls. +Allow caller to modiry contents of sysctl network files.

-Module: +Module: kernel

Layer: kernel

-kernel_search_debugfs( +kernel_rw_pipes( @@ -45112,25 +46534,25 @@ kernel

-Search the contents of a kernel debugging filesystem. +Read and write kernel unnamed pipes.

-Module: +Module: kernel

Layer: kernel

-kernel_search_from( +kernel_rw_rpc_sysctls( - dir_type + ? )
@@ -45138,21 +46560,20 @@ kernel

-Allow the kernel to search the -specified directory. +Summary is missing!

-Module: +Module: kernel

Layer: kernel

-kernel_search_network_state( +kernel_rw_software_raid_state( @@ -45165,20 +46586,20 @@ kernel

-Allow searching of network state directory. +Allow caller to read and set the state information for software raid.

-Module: +Module: kernel

Layer: kernel

-kernel_search_network_sysctl( +kernel_rw_unix_dgram_sockets( @@ -45191,20 +46612,20 @@ kernel

-Search network sysctl directories. +Read and write kernel unix datagram sockets.

-Module: +Module: kernel

Layer: kernel

-kernel_search_proc( +kernel_rw_unix_sysctls( @@ -45217,20 +46638,21 @@ kernel

-Search directories in /proc. +Read and write unix domain +socket sysctls.

-Module: +Module: kernel

Layer: kernel

-kernel_search_vm_sysctl( +kernel_rw_unlabeled_blk_files( @@ -45243,57 +46665,20 @@ kernel

-Allow caller to search virtual memory sysctls. -

-
- -
- -
-Module: -kernel

-Layer: -kernel

-

- -kernel_send_syslog_msg_from( - - - - - socket - - - - , - - - - syslog_type - - - )
-
- -
-

-Allow the kernel to send a syslog -message to the specified domain, -connecting over the specified named -socket. +Read and write unlabeled block device nodes.

-Module: +Module: kernel

Layer: kernel

-kernel_sendrecv_unlabeled_association( +kernel_rw_unlabeled_dirs( @@ -45306,21 +46691,20 @@ kernel

-Send and receive messages from an -unlabeled IPSEC association. +Read and write unlabeled directories.

-Module: +Module: kernel

Layer: kernel

-kernel_sendto_unix_dgram_socket( +kernel_rw_vm_sysctls( @@ -45333,20 +46717,20 @@ kernel

-Send messages to kernel unix datagram sockets. +Read and write virtual memory sysctls.

-Module: +Module: kernel

Layer: kernel

-kernel_setpgid( +kernel_search_debugfs( @@ -45359,20 +46743,20 @@ kernel

-Set the process group of kernel threads. +Search the contents of a kernel debugging filesystem.

-Module: +Module: kernel

Layer: kernel

-kernel_share_state( +kernel_search_network_state( @@ -45385,21 +46769,20 @@ kernel

-Allows the kernel to share state information with -the caller. +Allow searching of network state directory.

-Module: +Module: kernel

Layer: kernel

-kernel_sigchld( +kernel_search_network_sysctl( @@ -45412,20 +46795,20 @@ kernel

-Send a SIGCHLD signal to kernel threads. +Search network sysctl directories.

-Module: +Module: kernel

Layer: kernel

-kernel_sigchld_from( +kernel_search_proc( @@ -45438,21 +46821,20 @@ kernel

-Allow the kernel to send a SIGCHLD -signal to the specified domain. +Search directories in /proc.

-Module: +Module: kernel

Layer: kernel

-kernel_sigchld_from_unlabeled( +kernel_search_vm_sysctl( @@ -45465,21 +46847,20 @@ kernel

-Allow unlabeled processes to send a SIGCHLD -signal to the specified domain. +Allow caller to search virtual memory sysctls.

-Module: +Module: kernel

Layer: kernel

-kernel_sigchld_unlabeled( +kernel_sendrecv_unlabeled_association( @@ -45492,20 +46873,21 @@ kernel

-Send a child terminated signal to unlabeled processes. +Send and receive messages from an +unlabeled IPSEC association.

-Module: +Module: kernel

Layer: kernel

-kernel_signal( +kernel_setpgid( @@ -45518,20 +46900,20 @@ kernel

-Send a generic signal to kernel threads. +Set the process group of kernel threads.

-Module: +Module: kernel

Layer: kernel

-kernel_signal_unlabeled( +kernel_share_state( @@ -45544,20 +46926,21 @@ kernel

-Send general signals to unlabeled processes. +Allows the kernel to share state information with +the caller.

-Module: +Module: kernel

Layer: kernel

-kernel_signull_unlabeled( +kernel_sigchld( @@ -45570,20 +46953,20 @@ kernel

-Send a null signal to unlabeled processes. +Send a SIGCHLD signal to kernel threads.

-Module: +Module: kernel

Layer: kernel

-kernel_sigstop_unlabeled( +kernel_sigchld_unlabeled( @@ -45596,20 +46979,20 @@ kernel

-Send a stop signal to unlabeled processes. +Send a child terminated signal to unlabeled processes.

-Module: +Module: kernel

Layer: kernel

-kernel_tcp_recvfrom( +kernel_signal( @@ -45622,20 +47005,20 @@ kernel

-Receive messages from kernel TCP sockets. +Send a generic signal to kernel threads.

-Module: +Module: kernel

Layer: kernel

-kernel_udp_recvfrom( +kernel_signal_unlabeled( @@ -45648,20 +47031,20 @@ kernel

-Receive messages from kernel UDP sockets. +Send general signals to unlabeled processes.

-Module: +Module: kernel

Layer: kernel

-kernel_udp_sendfrom( +kernel_signull_unlabeled( @@ -45674,21 +47057,20 @@ kernel

-Allow the kernel to send UDP network traffic -the specified domain. +Send a null signal to unlabeled processes.

-Module: +Module: kernel

Layer: kernel

-kernel_unconfined( +kernel_sigstop_unlabeled( @@ -45701,20 +47083,20 @@ kernel

-Unconfined access to kernel module resources. +Send a stop signal to unlabeled processes.

-Module: +Module: kernel

Layer: kernel

-kernel_unmount_debugfs( +kernel_tcp_recvfrom( @@ -45727,20 +47109,20 @@ kernel

-Unmount a kernel debugging filesystem. +Receive messages from kernel TCP sockets.

-Module: +Module: kernel

Layer: kernel

-kernel_use_fd( +kernel_udp_recvfrom( @@ -45753,41 +47135,25 @@ kernel

-Permits caller to use kernel file descriptors. +Receive messages from kernel UDP sockets.

-Module: +Module: kernel

Layer: kernel

-kernel_use_ld_so_from( - - - - - lib_type - - - - , - - - - ld_type - +kernel_udp_send( - , - - cache_type + domain )
@@ -45795,36 +47161,25 @@ kernel

-Use the specified types for /lib directory -and use the dynamic link/loader for automatic loading -of shared libraries, and the link/loader -cache. +Send UDP network traffic to the kernel.

-Module: +Module: kernel

Layer: kernel

-kernel_use_shared_libs_from( - - - - - lib_dir_type - +kernel_unconfined( - , - - shlib_type + domain )
@@ -45832,21 +47187,20 @@ kernel

-Allow the kernel to load and execute -functions from the specified shared libraries. +Unconfined access to kernel module resources.

-Module: +Module: kernel

Layer: kernel

-kernel_use_unlabeled_blk_dev( +kernel_unmount_debugfs( @@ -45859,20 +47213,20 @@ kernel

-Read and write unlabeled block device nodes. +Unmount a kernel debugging filesystem.

-Module: +Module: kernel

Layer: kernel

-kernel_userland_entry( +kernel_use_fds( @@ -45880,34 +47234,25 @@ kernel

domain - - , - - - - entrypoint - - )

-Allows to start userland processes -by transitioning to the specified domain. +Permits caller to use kernel file descriptors.

-Module: +Module: kernel

Layer: kernel

-kernel_write_proc_file( +kernel_write_proc_files( @@ -45953,13 +47298,13 @@ Execute kudzu in the kudzu domain.
-Module: +Module: kudzu

Layer: admin

-kudzu_getattr_exec_file( +kudzu_getattr_exec_files( @@ -46022,13 +47367,13 @@ allow the specified role the kudzu domain.
-Module: +Module: ldap

Layer: services

-ldap_list_db_dir( +ldap_list_db( @@ -46101,6 +47446,32 @@ Use LDAP over TCP connection.
+Module: +libraries

+Layer: +system

+

+ +libs_delete_lib_symlinks( + + + + + domain + + + )
+
+ +
+

+Delete generic symlinks in library directories. +

+
+ +
+ +
-Module: +Module: libraries

Layer: system

-libs_read_lib( +libs_read_lib_files( @@ -46569,13 +47940,13 @@ of shared libraries.
-Module: +Module: libraries

Layer: system

-libs_use_lib( +libs_use_lib_files( @@ -46742,13 +48113,13 @@ Execute local logins in the local login domain.
-Module: +Module: locallogin

Layer: system

-locallogin_dontaudit_use_fd( +locallogin_dontaudit_use_fds( @@ -46794,13 +48165,13 @@ Send a null signal to local login processes.
-Module: +Module: locallogin

Layer: system

-locallogin_use_fd( +locallogin_use_fds( @@ -46950,18 +48321,18 @@ Execute all log files in the caller domain.
-Module: +Module: logging

Layer: system

-logging_filetrans_log( +logging_list_logs( - ? + domain )
@@ -46969,25 +48340,25 @@ system

-Summary is missing! +List the contents of the generic log directory (/var/log).

-Module: +Module: logging

Layer: system

-logging_list_logs( +logging_log_file( - domain + file_type )
@@ -46995,25 +48366,26 @@ system

-List the contents of the generic log directory (/var/log). +Make the specified type a file +used for logs.

-Module: +Module: logging

Layer: system

-logging_log_file( +logging_log_filetrans( - file_type + ? )
@@ -47021,8 +48393,7 @@ system

-Make the specified type a file -used for logs. +Summary is missing!

@@ -47108,13 +48479,13 @@ Summary is missing!
-Module: +Module: logging

Layer: system

-logging_read_audit_log( +logging_read_audit_config( @@ -47127,20 +48498,20 @@ system

-Read the audit log. +Read the auditd configuration files.

-Module: +Module: logging

Layer: system

-logging_read_auditd_config( +logging_read_audit_log( @@ -47153,7 +48524,7 @@ system

-Read the auditd configuration files. +Read the audit log.

@@ -47186,13 +48557,13 @@ Summary is missing!
-Module: +Module: logging

Layer: system

-logging_rw_generic_logs( +logging_rw_generic_log_dirs( @@ -47205,20 +48576,20 @@ system

-Read and write generic log files. +Read and write the generic log directory (/var/log).

-Module: +Module: logging

Layer: system

-logging_rw_log_dir( +logging_rw_generic_logs( @@ -47231,7 +48602,7 @@ system

-Read and write the generic log directory (/var/log). +Read and write generic log files.

@@ -47344,13 +48715,13 @@ Execute logrotate in the logrotate domain.
-Module: +Module: logrotate

Layer: admin

-logrotate_dontaudit_use_fd( +logrotate_dontaudit_use_fds( @@ -47465,13 +48836,13 @@ allow the specified role the logrotate domain.
-Module: +Module: logrotate

Layer: admin

-logrotate_use_fd( +logrotate_use_fds( @@ -47994,6 +49365,33 @@ Send generic signals to the mailman cgi domain.
+Module: +mcs

+Layer: +kernel

+

+ +mcs_killall( + + + + + domain + + + )
+
+ +
+

+This domain is allowed to sigkill and sigstop +all domains regardless of their MCS level. +

+
+ +
+ +
-Module: +Module: modutils

Layer: system

-modutils_read_mods_deps( +modutils_read_module_config( @@ -48833,20 +50231,21 @@ system

-Read the dependencies of kernel modules. +Read the configuration options used when +loading modules.

-Module: +Module: modutils

Layer: system

-modutils_read_module_conf( +modutils_read_module_deps( @@ -48859,21 +50258,20 @@ system

-Read the configuration options used when -loading modules. +Read the dependencies of kernel modules.

-Module: +Module: modutils

Layer: system

-modutils_rename_module_conf( +modutils_rename_module_config( @@ -49023,6 +50421,32 @@ Execute update_modules in the update_modules domain.
+Module: +mono

+Layer: +apps

+

+ +mono_domtrans( + + + + + domain + + + )
+
+ +
+

+Execute the mono program in the mono domain. +

+
+ +
+ +
-Module: +Module: mount

Layer: system

-mount_use_fd( +mount_use_fds( @@ -49172,6 +50596,32 @@ Use file descriptors for mount.
+Module: +mrtg

+Layer: +admin

+

+ +mrtg_append_create_logs( + + + + + domain + + + )
+
+ +
+

+Create and append mrtg logs. +

+
+ +
+ +
-Module: +Module: mta

Layer: services

-mta_dontaudit_read_spool_symlink( +mta_dontaudit_getattr_spool_files( - domain + ? )
@@ -49243,21 +50693,20 @@ services

-Do not audit attempts to read a symlink -in the mail spool. +Summary is missing!

-Module: +Module: mta

Layer: services

-mta_dontaudit_rw_delivery_tcp_socket( +mta_dontaudit_read_spool_symlinks( @@ -49270,21 +50719,21 @@ services

-Do not audit attempts to read and write TCP -sockets of mail delivery domains. +Do not audit attempts to read a symlink +in the mail spool.

-Module: +Module: mta

Layer: services

-mta_dontaudit_rw_queue( +mta_dontaudit_rw_delivery_tcp_sockets( @@ -49297,26 +50746,26 @@ services

-Do not audit attempts to read and -write the mail queue. +Do not audit attempts to read and write TCP +sockets of mail delivery domains.

-Module: +Module: mta

Layer: services

-mta_exec( +mta_dontaudit_rw_queue( - ? + domain )
@@ -49324,20 +50773,21 @@ services

-Summary is missing! +Do not audit attempts to read and +write the mail queue.

-Module: +Module: mta

Layer: services

-mta_filetrans_etc_aliases( +mta_etc_filetrans_aliases( @@ -49358,38 +50808,18 @@ to the mail address aliases type.
-Module: +Module: mta

Layer: services

-mta_filetrans_spool( - - - - - domain - - - - , - - - - private type - +mta_exec( - , - - - [ - - object - ] + ? )
@@ -49397,8 +50827,7 @@ services

-Create private objects in the -mail spool directory. +Summary is missing!

@@ -49721,13 +51150,13 @@ Summary is missing!
-Module: +Module: mta

Layer: services

-mta_rw_user_mail_stream_socket( +mta_rw_user_mail_stream_sockets( @@ -49809,6 +51238,49 @@ sendmail daemon use.
+Module: +mta

+Layer: +services

+

+ +mta_spool_filetrans( + + + + + domain + + + + , + + + + private type + + + + , + + + + object + + + )
+
+ +
+

+Create private objects in the +mail spool directory. +

+
+ +
+ +
Module: mta

Layer: @@ -49820,12 +51292,8 @@ services

- [ - domain - ] - )

@@ -49865,13 +51333,13 @@ Connect to all mail servers over TCP.
-Module: +Module: mysql

Layer: services

-mysql_manage_db_dir( +mysql_manage_db_dirs( @@ -49917,13 +51385,13 @@ Read MySQL configuration files.
-Module: +Module: mysql

Layer: services

-mysql_rw_db_dir( +mysql_rw_db_dirs( @@ -49943,13 +51411,13 @@ Read and write to the MySQL database directory.
-Module: +Module: mysql

Layer: services

-mysql_rw_db_socket( +mysql_rw_db_sockets( @@ -49970,13 +51438,13 @@ named socket.
-Module: +Module: mysql

Layer: services

-mysql_search_db_dir( +mysql_search_db( @@ -50473,13 +51941,13 @@ NetworkManager over dbus.
-Module: +Module: networkmanager

Layer: services

-networkmanager_rw_packet_socket( +networkmanager_rw_packet_sockets( @@ -50499,13 +51967,13 @@ Read and write NetworkManager packet sockets.
-Module: +Module: networkmanager

Layer: services

-networkmanager_rw_routing_socket( +networkmanager_rw_routing_sockets( @@ -50526,13 +51994,13 @@ routing sockets.
-Module: +Module: networkmanager

Layer: services

-networkmanager_rw_udp_socket( +networkmanager_rw_udp_sockets( @@ -50734,13 +52202,13 @@ Connect to ypbind over TCP.
-Module: +Module: nis

Layer: services

-nis_udp_sendto_ypbind( +nis_udp_send_ypbind( @@ -50865,13 +52333,13 @@ Read NSCD pid file.
-Module: +Module: nscd

Layer: services

-nscd_unconfined( +nscd_shm_use( @@ -50884,20 +52352,21 @@ services

-Unconfined access to NSCD services. +Use NSCD services by mapping the database from +an inherited NSCD file descriptor.

-Module: +Module: nscd

Layer: services

-nscd_use_shared_mem( +nscd_socket_use( @@ -50910,21 +52379,21 @@ services

-Use NSCD services by mapping the database from -an inherited NSCD file descriptor. +Use NSCD services by connecting using +a unix stream socket.

-Module: +Module: nscd

Layer: services

-nscd_use_socket( +nscd_unconfined( @@ -50937,8 +52406,7 @@ services

-Use NSCD services by connecting using -a unix stream socket. +Unconfined access to NSCD services.

@@ -51008,12 +52476,8 @@ services

- [ - domain - ] - )

@@ -51106,13 +52570,13 @@ cardmgr pid files.
-Module: +Module: pcmcia

Layer: system

-pcmcia_manage_runtime_chr( +pcmcia_manage_pid_chr_files( @@ -51213,12 +52677,8 @@ system

- [ - domain - ] - )

@@ -51232,13 +52692,13 @@ PCMCIA stub interface. No access allowed.
-Module: +Module: pcmcia

Layer: system

-pcmcia_use_cardmgr_fd( +pcmcia_use_cardmgr_fds( @@ -51258,13 +52718,13 @@ Inherit and use file descriptors from cardmgr.
-Module: -portmap

-Layer: -services

+Module: +portage

+Layer: +admin

-portmap_domtrans_helper( +portage_domtrans( @@ -51277,20 +52737,20 @@ services

-Execute portmap_helper in the helper domain. +Execute emerge in the portage domain.

-Module: -portmap

-Layer: -services

+Module: +portage

+Layer: +admin

-portmap_run_helper( +portage_run( @@ -51319,22 +52779,21 @@ services

-Execute portmap helper in the helper domain, and -allow the specified role the helper domain. -Communicate with portmap. +Execute emerge in the portage domain, and +allow the specified role the portage domain.

-Module: +Module: portmap

Layer: services

-portmap_tcp_connect( +portmap_domtrans_helper( @@ -51347,20 +52806,20 @@ services

-Connect to portmap over a TCP socket +Execute portmap_helper in the helper domain.

-Module: +Module: portmap

Layer: services

-portmap_udp_sendrecv( +portmap_run_helper( @@ -51368,109 +52827,20 @@ services

domain - )
-

- -
-

-Send and receive UDP network traffic from portmap. -

-
- -
- -
-Module: -portmap

-Layer: -services

-

- -portmap_udp_sendto( - - - - - domain - - )
-
- -
-

-Send UDP network traffic to portmap. -

-
- -
- -
-Module: -postfix

-Layer: -services

-

- -postfix_domtrans_map( - + , - domain + role - )
-
- -
-

-Execute postfix_map in the postfix_map domain. -

-
- -
- -
-Module: -postfix

-Layer: -services

-

- -postfix_domtrans_master( - - - - - domain - - )
-
- -
-

-Execute the master postfix program in the -postfix_master domain. -

-
- -
- -
-Module: -postfix

-Layer: -services

-

- -postfix_domtrans_user_mail_handler( - + , - domain + terminal )
@@ -51478,21 +52848,22 @@ services

-Execute postfix user mail programs -in their respective domains. +Execute portmap helper in the helper domain, and +allow the specified role the helper domain. +Communicate with portmap.

-Module: -postfix

+Module: +portmap

Layer: services

-postfix_dontaudit_rw_local_tcp_socket( +portmap_tcp_connect( @@ -51505,22 +52876,20 @@ services

-Do not audit attempts to read and -write postfix local delivery -TCP sockets. +Connect to portmap over a TCP socket

-Module: -postfix

+Module: +portmap

Layer: services

-postfix_dontaudit_use_fd( +portmap_udp_chat( @@ -51533,22 +52902,20 @@ services

-Do not audit attempts to use -postfix master process file -file descriptors. +Send and receive UDP network traffic from portmap.

-Module: -postfix

+Module: +portmap

Layer: services

-postfix_exec_master( +portmap_udp_send( @@ -51561,21 +52928,20 @@ services

-Execute the master postfix program in the -caller domain. +Send UDP network traffic to portmap.

-Module: +Module: postfix

Layer: services

-postfix_filetrans_config( +postfix_config_filetrans( @@ -51596,12 +52962,8 @@ services

- [ - object - ] - )

@@ -51616,6 +52978,169 @@ the postfix configuration directories.
+Module: +postfix

+Layer: +services

+

+ +postfix_domtrans_map( + + + + + domain + + + )
+
+ +
+

+Execute postfix_map in the postfix_map domain. +

+
+ +
+ +
+Module: +postfix

+Layer: +services

+

+ +postfix_domtrans_master( + + + + + domain + + + )
+
+ +
+

+Execute the master postfix program in the +postfix_master domain. +

+
+ +
+ +
+Module: +postfix

+Layer: +services

+

+ +postfix_domtrans_user_mail_handler( + + + + + domain + + + )
+
+ +
+

+Execute postfix user mail programs +in their respective domains. +

+
+ +
+ +
+Module: +postfix

+Layer: +services

+

+ +postfix_dontaudit_rw_local_tcp_sockets( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to read and +write postfix local delivery +TCP sockets. +

+
+ +
+ +
+Module: +postfix

+Layer: +services

+

+ +postfix_dontaudit_use_fds( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to use +postfix master process file +file descriptors. +

+
+ +
+ +
+Module: +postfix

+Layer: +services

+

+ +postfix_exec_master( + + + + + domain + + + )
+
+ +
+

+Execute the master postfix program in the +caller domain. +

+
+ +
+ +
Module: postfix

Layer: @@ -51748,12 +53273,8 @@ services

- [ - domain - ] - )

@@ -51845,13 +53366,13 @@ Allow the specified domain to read postgresql's etc.
-Module: +Module: postgresql

Layer: services

-postgresql_search_db_dir( +postgresql_search_db( @@ -51871,13 +53392,13 @@ Allow the specified domain to search postgresql's database directory.
-Module: +Module: postgresql

Layer: services

-postgresql_tcp_connect( +postgresql_stream_connect( @@ -51890,20 +53411,20 @@ services

-Allow the specified domain to connect to postgresql with a tcp socket. +Allow the specified domain to connect to postgresql with a unix socket.

-Module: +Module: postgresql

Layer: services

-postgresql_unix_connect( +postgresql_tcp_connect( @@ -51916,7 +53437,7 @@ services

-Allow the specified domain to connect to postgresql with a unix socket. +Allow the specified domain to connect to postgresql with a tcp socket.

@@ -51949,13 +53470,13 @@ Execute domain in the ppp domain.
-Module: +Module: ppp

Layer: services

-ppp_dontaudit_use_fd( +ppp_dontaudit_use_fds( @@ -52080,13 +53601,13 @@ Send a generic signal to PPP.
-Module: +Module: ppp

Layer: services

-ppp_use_fd( +ppp_use_fds( @@ -52724,13 +54245,13 @@ Allow domain to read and write to an NFS UDP socket.
-Module: +Module: rpc

Layer: services

-rpc_udp_sendto( +rpc_udp_send( @@ -52750,13 +54271,13 @@ Send UDP network traffic to rpc and recieve UDP traffic from rpc.
-Module: +Module: rpc

Layer: services

-rpc_udp_sendto_nfs( +rpc_udp_send_nfs( @@ -52769,8 +54290,7 @@ services

-Allow NFS to send UDP network traffic -the specified domain and recieve from it. +Send UDP traffic to NFSd.

@@ -52829,6 +54349,32 @@ Execute rpm programs in the rpm domain.
+Module: +rpm

+Layer: +admin

+

+ +rpm_domtrans_script( + + + + + domain + + + )
+
+ +
+

+Execute rpm_script programs in the rpm_script domain. +

+
+ +
+ +
-Module: +Module: rpm

Layer: admin

-rpm_read_pipe( +rpm_read_pipes( @@ -53002,13 +54548,13 @@ Execute RPM programs in the RPM domain.
-Module: +Module: rpm

Layer: admin

-rpm_rw_pipe( +rpm_rw_pipes( @@ -53028,39 +54574,13 @@ Read and write an unnamed RPM pipe.
-Module: +Module: rpm

Layer: admin

-rpm_script_domtrans( - - - - - domain - - - )
-
- -
-

-Execute rpm_script programs in the rpm_script domain. -

-
- -
- -
-Module: -rpm

-Layer: -admin

-

- -rpm_use_fd( +rpm_use_fds( @@ -53080,13 +54600,13 @@ Inherit and use file descriptors from RPM.
-Module: +Module: rpm

Layer: admin

-rpm_use_script_fd( +rpm_use_script_fds( @@ -53132,32 +54652,6 @@ Domain transition to rshd.
-Module: -samba

-Layer: -services

-

- -samba_connect_winbind( - - - - - domain - - - )
-
- -
-

-Connect to winbind. -

-
- -
- -
-Module: +Module: samba

Layer: services

-samba_rw_smbmount_tcp_socket( +samba_rw_smbmount_tcp_sockets( @@ -53560,13 +55054,39 @@ samba /var directories.
-Module: +Module: +samba

+Layer: +services

+

+ +samba_stream_connect_winbind( + + + + + domain + + + )
+
+ +
+

+Connect to winbind. +

+
+ +
+ +
+Module: samba

Layer: services

-samba_write_smbmount_tcp_socket( +samba_write_smbmount_tcp_sockets( @@ -54138,13 +55658,13 @@ Create, read, write, and delete sendmail logs.
-Module: +Module: sendmail

Layer: services

-sendmail_rw_tcp_socket( +sendmail_rw_tcp_sockets( @@ -54164,6 +55684,32 @@ Read and write sendmail TCP sockets.
+Module: +sendmail

+Layer: +services

+

+ +sendmail_rw_unix_stream_sockets( + + + + + domain + + + )
+
+ +
+

+Read and write sendmail unix_stream_sockets. +

+
+ +
+ +
Module: sendmail

Layer: @@ -54175,12 +55721,8 @@ services

- [ - domain - ] - )

@@ -54194,13 +55736,13 @@ Sendmail stub interface. No access allowed.
-Module: +Module: selinuxutil

Layer: system

-seutil_create_binary_pol( +seutil_create_bin_policy( @@ -54220,13 +55762,13 @@ Summary is missing!
-Module: +Module: selinuxutil

Layer: system

-seutil_domtrans_checkpol( +seutil_domtrans_checkpolicy( @@ -54246,13 +55788,13 @@ Execute checkpolicy in the checkpolicy domain.
-Module: +Module: selinuxutil

Layer: system

-seutil_domtrans_loadpol( +seutil_domtrans_loadpolicy( @@ -54350,6 +55892,32 @@ Execute run_init in the run_init domain.
+Module: +selinuxutil

+Layer: +system

+

+ +seutil_domtrans_semanage( + + + + + domain + + + )
+
+ +
+

+Execute a domain transition to run semanage. +

+
+ +
+ +
-Module: +Module: selinuxutil

Layer: system

-seutil_exec_checkpol( +seutil_exec_checkpolicy( @@ -54483,13 +56051,13 @@ Summary is missing!
-Module: +Module: selinuxutil

Layer: system

-seutil_exec_loadpol( +seutil_exec_loadpolicy( @@ -54587,13 +56155,135 @@ Summary is missing!
-Module: +Module: +selinuxutil

+Layer: +system

+

+ +seutil_get_semanage_read_lock( + + + + + domain + + + )
+
+ +
+

+Get read lock on module store +

+
+ +
+ +
+Module: +selinuxutil

+Layer: +system

+

+ +seutil_get_semanage_trans_lock( + + + + + domain + + + )
+
+ +
+

+Get trans lock on module store +

+
+ +
+ +
+Module: +selinuxutil

+Layer: +system

+

+ +seutil_init_script_domtrans_runinit( + + + + + domain + + + )
+
+ +
+

+Execute init scripts in the run_init domain. +

+
+ +
+ +
+Module: +selinuxutil

+Layer: +system

+

+ +seutil_init_script_run_runinit( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+ +
+

+Execute init scripts in the run_init domain, and +allow the specified role the run_init domain, +and use the caller's terminal. +

+
+ +
+ +
+Module: selinuxutil

Layer: system

-seutil_manage_binary_pol( +seutil_manage_bin_policy( @@ -54613,13 +56303,40 @@ Summary is missing!
-Module: +Module: selinuxutil

Layer: system

-seutil_manage_src_pol( +seutil_manage_module_store( + + + + + domain + + + )
+
+ +
+

+Full management of the semanage +module store. +

+
+ +
+ +
+Module: +selinuxutil

+Layer: +system

+

+ +seutil_manage_src_policy( @@ -54639,13 +56356,13 @@ Summary is missing!
-Module: +Module: selinuxutil

Layer: system

-seutil_read_binary_pol( +seutil_read_bin_policy( @@ -54743,13 +56460,13 @@ Summary is missing!
-Module: +Module: selinuxutil

Layer: system

-seutil_read_loadpol( +seutil_read_loadpolicy( @@ -54769,13 +56486,13 @@ Summary is missing!
-Module: +Module: selinuxutil

Layer: system

-seutil_read_src_pol( +seutil_read_src_policy( @@ -54795,13 +56512,13 @@ Summary is missing!
-Module: +Module: selinuxutil

Layer: system

-seutil_relabelto_binary_pol( +seutil_relabelto_bin_policy( @@ -54821,13 +56538,13 @@ Allow the caller to relabel a file to the binary policy type.
-Module: +Module: selinuxutil

Layer: system

-seutil_run_checkpol( +seutil_run_checkpolicy( @@ -54865,13 +56582,13 @@ and use the caller's terminal.
-Module: +Module: selinuxutil

Layer: system

-seutil_run_loadpol( +seutil_run_loadpolicy( @@ -55042,6 +56759,50 @@ and use the caller's terminal.
+Module: +selinuxutil

+Layer: +system

+

+ +seutil_run_semanage( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+ +
+

+Execute semanage in the semanage domain, and +allow the specified role the semanage domain, +and use the caller's terminal. +

+
+ +
+ +
+Module: +selinuxutil

+Layer: +system

+

+ +seutil_rw_file_contexts( + + + + + domain + + + )
+
+ +
+

+Read and write the file_contexts files. +

+
+ +
+ +
-Module: +Module: selinuxutil

Layer: system

-seutil_use_newrole_fd( +seutil_use_newrole_fds( @@ -55164,13 +56951,13 @@ Summary is missing!
-Module: +Module: selinuxutil

Layer: system

-seutil_use_runinit_fd( +seutil_use_runinit_fds( @@ -55269,13 +57056,13 @@ Allow the domain to search slrnpull spools.
-Module: +Module: smartmon

Layer: services

-smartmon_read_tmp( +smartmon_read_tmp_files( @@ -55295,13 +57082,39 @@ Allow caller to read smartmon temporary files.
-Module: +Module: +snmp

+Layer: +services

+

+ +snmp_read_snmp_var_lib_files( + + + + + domain + + + )
+
+ +
+

+Read snmpd libraries. +

+
+ +
+ +
+Module: snmp

Layer: services

-snmp_use( +snmp_tcp_connect( @@ -55321,6 +57134,32 @@ Use snmp over a TCP connection.
+Module: +snmp

+Layer: +services

+

+ +snmp_udp_chat( + + + + + domain + + + )
+
+ +
+

+Send and receive UDP traffic to SNMP +

+
+ +
+ +
-

Read ssh server keys

+

+Read ssh server keys +

-Module: -storage

-Layer: -kernel

+Module: +ssh

+Layer: +services

+

+ +ssh_dontaudit_rw_tcp_sockets( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to read and write +ssh server TCP sockets. +

+
+ +
+ +
+Module: +ssh

+Layer: +services

+

+ +ssh_read_pipes( + + + + + domain + + + )
+
+ +
+

+Read a ssh server unnamed pipe. +

+
+ +
+ +
+Module: +ssh

+Layer: +services

+

+ +ssh_sigchld( + + + + + domain + + + )
+
+ +
+

+Send a SIGCHLD signal to the ssh server. +

+
+ +
+ +
+Module: +ssh

+Layer: +services

-storage_create_fixed_disk( +ssh_tcp_connect( @@ -55575,20 +57495,20 @@ kernel

-Create block devices in /dev with the fixed disk type. +Connect to SSH daemons over TCP sockets.

-Module: +Module: storage

Layer: kernel

-storage_create_fixed_disk_tmpfs( +storage_dev_filetrans_fixed_disk( @@ -55601,20 +57521,21 @@ kernel

-Create fixed disk device nodes on a tmpfs filesystem. +Create block devices in /dev with the fixed disk type +via an automatic type transition.

-Module: +Module: storage

Layer: kernel

-storage_dontaudit_getattr_fixed_disk( +storage_dontaudit_getattr_fixed_disk_dev( @@ -55635,13 +57556,13 @@ the attributes of fixed disk device nodes.
-Module: +Module: storage

Layer: kernel

-storage_dontaudit_getattr_removable_device( +storage_dontaudit_getattr_removable_dev( @@ -55662,6 +57583,58 @@ the attributes of removable devices device nodes.
+Module: +storage

+Layer: +kernel

+

+ +storage_dontaudit_raw_read_removable_device( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to directly read removable devices. +

+
+ +
+ +
+Module: +storage

+Layer: +kernel

+

+ +storage_dontaudit_raw_write_removable_device( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to directly write removable devices. +

+
+ +
+ +
-Module: +Module: storage

Layer: kernel

-storage_dontaudit_setattr_fixed_disk( +storage_dontaudit_rw_scsi_generic( @@ -55735,21 +57708,21 @@ kernel

-Do not audit attempts made by the caller to set -the attributes of fixed disk device nodes. +Do not audit attempts to read or write +SCSI generic device interfaces.

-Module: +Module: storage

Layer: kernel

-storage_dontaudit_setattr_removable_device( +storage_dontaudit_setattr_fixed_disk_dev( @@ -55763,20 +57736,20 @@ kernel

Do not audit attempts made by the caller to set -the attributes of removable devices device nodes. +the attributes of fixed disk device nodes.

-Module: +Module: storage

Layer: kernel

-storage_getattr_fixed_disk( +storage_dontaudit_setattr_removable_dev( @@ -55789,21 +57762,21 @@ kernel

-Allow the caller to get the attributes of fixed disk -device nodes. +Do not audit attempts made by the caller to set +the attributes of removable devices device nodes.

-Module: +Module: storage

Layer: kernel

-storage_getattr_removable_device( +storage_dontaudit_write_fixed_disk( @@ -55816,21 +57789,21 @@ kernel

-Allow the caller to get the attributes of removable -devices device nodes. +Do not audit attempts made by the caller to write +fixed disk device nodes.

-Module: +Module: storage

Layer: kernel

-storage_getattr_scsi_generic( +storage_getattr_fixed_disk_dev( @@ -55843,21 +57816,21 @@ kernel

-Allow the caller to get the attributes of -the generic SCSI interface device nodes. +Allow the caller to get the attributes of fixed disk +device nodes.

-Module: +Module: storage

Layer: kernel

-storage_getattr_tape_device( +storage_getattr_removable_dev( @@ -55870,21 +57843,21 @@ kernel

-Allow the caller to get the attributes -of device nodes of tape devices. +Allow the caller to get the attributes of removable +devices device nodes.

-Module: +Module: storage

Layer: kernel

-storage_manage_fixed_disk( +storage_getattr_scsi_generic_dev( @@ -55897,20 +57870,21 @@ kernel

-Create, read, write, and delete fixed disk device nodes. +Allow the caller to get the attributes of +the generic SCSI interface device nodes.

-Module: +Module: storage

Layer: kernel

-storage_raw_read_fixed_disk( +storage_getattr_tape_dev( @@ -55923,23 +57897,21 @@ kernel

-Allow the caller to directly read from a fixed disk. -This is extremly dangerous as it can bypass the -SELinux protections for filesystem objects, and -should only be used by trusted domains. +Allow the caller to get the attributes +of device nodes of tape devices.

-Module: +Module: storage

Layer: kernel

-storage_raw_read_lvm_volume( +storage_manage_fixed_disk( @@ -55952,23 +57924,20 @@ kernel

-Allow the caller to directly read from a logical volume. -This is extremly dangerous as it can bypass the -SELinux protections for filesystem objects, and -should only be used by trusted domains. +Create, read, write, and delete fixed disk device nodes.

-Module: +Module: storage

Layer: kernel

-storage_raw_read_removable_device( +storage_raw_read_fixed_disk( @@ -55981,8 +57950,7 @@ kernel

-Allow the caller to directly read from -a removable device. +Allow the caller to directly read from a fixed disk. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains. @@ -55992,13 +57960,13 @@ should only be used by trusted domains.

-Module: +Module: storage

Layer: kernel

-storage_raw_write_fixed_disk( +storage_raw_read_removable_device( @@ -56011,7 +57979,8 @@ kernel

-Allow the caller to directly write to a fixed disk. +Allow the caller to directly read from +a removable device. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains. @@ -56021,13 +57990,13 @@ should only be used by trusted domains.

-Module: +Module: storage

Layer: kernel

-storage_raw_write_lvm_volume( +storage_raw_write_fixed_disk( @@ -56040,7 +58009,7 @@ kernel

-Allow the caller to directly read from a logical volume. +Allow the caller to directly write to a fixed disk. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains. @@ -56110,13 +58079,13 @@ should only be used by trusted domains.

-Module: +Module: storage

Layer: kernel

-storage_read_tape_device( +storage_read_tape( @@ -56163,13 +58132,13 @@ Relabel fixed disk device nodes.
-Module: +Module: storage

Layer: kernel

-storage_set_scsi_generic_attributes( +storage_setattr_fixed_disk_dev( @@ -56182,21 +58151,21 @@ kernel

-Set attributes of the device nodes -for the SCSI generic inerface. +Allow the caller to set the attributes of fixed disk +device nodes.

-Module: +Module: storage

Layer: kernel

-storage_setattr_fixed_disk( +storage_setattr_removable_dev( @@ -56209,21 +58178,21 @@ kernel

-Allow the caller to set the attributes of fixed disk -device nodes. +Allow the caller to set the attributes of removable +devices device nodes.

-Module: +Module: storage

Layer: kernel

-storage_setattr_removable_device( +storage_setattr_scsi_generic_dev( @@ -56236,21 +58205,21 @@ kernel

-Allow the caller to set the attributes of removable -devices device nodes. +Allow the caller to set the attributes of +the generic SCSI interface device nodes.

-Module: +Module: storage

Layer: kernel

-storage_setattr_scsi_generic( +storage_setattr_scsi_generic_dev_dev( @@ -56263,21 +58232,21 @@ kernel

-Allow the caller to set the attributes of -the generic SCSI interface device nodes. +Set attributes of the device nodes +for the SCSI generic inerface.

-Module: +Module: storage

Layer: kernel

-storage_setattr_tape_device( +storage_setattr_tape_dev( @@ -56324,6 +58293,33 @@ Enable a fixed disk device as swap space
+Module: +storage

+Layer: +kernel

+

+ +storage_tmpfs_filetrans_fixed_disk( + + + + + domain + + + )
+
+ +
+

+Create block devices in on a tmpfs filesystem with the +fixed disk type via an automatic type transition. +

+
+ +
+ +
-Module: +Module: storage

Layer: kernel

-storage_write_tape_device( +storage_write_tape( @@ -56486,6 +58482,48 @@ Delete the dhcp client pid file.
+Module: +sysnetwork

+Layer: +system

+

+ +sysnet_dhcp_state_filetrans( + + + + + domain + + + + , + + + + file_type + + + + , + + + + object_class + + + )
+
+ +
+

+Create DHCP state data. +

+
+ +
+ +
-Module: +Module: sysnetwork

Layer: system

-sysnet_exec_ifconfig( - - - - - domain - - - )
-
- -
-

-Execute ifconfig in the caller domain. -

-
- -
- -
-Module: -sysnetwork

-Layer: -system

-

- -sysnet_filetrans_config( +sysnet_etc_filetrans_config( @@ -56643,13 +58655,13 @@ the network config files.
-Module: +Module: sysnetwork

Layer: system

-sysnet_filetrans_dhcp_state( +sysnet_exec_ifconfig( @@ -56657,32 +58669,12 @@ system

domain - - , - - - - file_type - - - - , - - - - [ - - object_class - - ] - - )

-Create DHCP state data. +Execute ifconfig in the caller domain.

@@ -57282,13 +59274,13 @@ device nodes.
-Module: +Module: terminal

Layer: kernel

-term_dontaudit_getattr_pty_dir( +term_dontaudit_getattr_pty_dirs( @@ -57390,13 +59382,13 @@ Do not audit attempts to read the
-Module: +Module: terminal

Layer: kernel

-term_dontaudit_manage_pty_dir( +term_dontaudit_manage_pty_dirs( @@ -57525,13 +59517,13 @@ or write to the console.
-Module: +Module: terminal

Layer: kernel

-term_dontaudit_use_generic_pty( +term_dontaudit_use_generic_ptys( @@ -57580,13 +59572,13 @@ write the pty multiplexor (/dev/ptmx).
-Module: +Module: terminal

Layer: kernel

-term_dontaudit_use_unallocated_tty( +term_dontaudit_use_unallocated_ttys( @@ -57688,13 +59680,13 @@ tty device nodes.
-Module: +Module: terminal

Layer: kernel

-term_ioctl_generic_pty( +term_ioctl_generic_ptys( @@ -58246,13 +60238,13 @@ terminal (/dev/tty).
-Module: +Module: terminal

Layer: kernel

-term_use_generic_pty( +term_use_generic_ptys( @@ -58300,13 +60292,13 @@ Read and write the pty multiplexor (/dev/ptmx).
-Module: +Module: terminal

Layer: kernel

-term_use_unallocated_tty( +term_use_unallocated_ttys( @@ -58526,13 +60518,13 @@ Execute udev in the udev domain.
-Module: +Module: udev

Layer: system

-udev_dontaudit_rw_unix_dgram_socket( +udev_dontaudit_rw_dgram_sockets( @@ -58553,13 +60545,13 @@ to a udev unix datagram socket.
-Module: +Module: udev

Layer: system

-udev_dontaudit_use_fd( +udev_dontaudit_use_fds( @@ -58684,6 +60676,58 @@ Allow process to modify list of devices.
+Module: +uml

+Layer: +apps

+

+ +uml_manage_util_files( + + + + + domain + + + )
+
+ +
+

+Manage uml utility files. +

+
+ +
+ +
+Module: +uml

+Layer: +apps

+

+ +uml_setattr_util_sockets( + + + + + domain + + + )
+
+ +
+

+Set attributes on uml utility socket files. +

+
+ +
+ +
+Module: +unconfined

+Layer: +system

+

+ +unconfined_domain( + + + + + domain + + + )
+
+ +
+

+Make the specified domain unconfined and +audit executable memory and executable heap +usage. +

+
+ +
+ +
+Module: +unconfined

+Layer: +system

+

+ +unconfined_domain_noaudit( + + + + + domain + + + )
+
+ +
+

+Make the specified domain unconfined. +

+
+ +
+ +
-Module: +Module: unconfined

Layer: system

-unconfined_dontaudit_read_pipe( +unconfined_dontaudit_read_pipes( @@ -58788,13 +60886,13 @@ Do not audit attempts to read unconfined domain unnamed pipes.
-Module: +Module: unconfined

Layer: system

-unconfined_dontaudit_rw_tcp_socket( +unconfined_dontaudit_rw_tcp_sockets( @@ -58815,13 +60913,13 @@ unconfined domain tcp sockets.
-Module: +Module: unconfined

Layer: system

-unconfined_read_pipe( +unconfined_read_pipes( @@ -58883,13 +60981,13 @@ Execute specified programs in the unconfined domain.
-Module: +Module: unconfined

Layer: system

-unconfined_rw_pipe( +unconfined_rw_pipes( @@ -58987,13 +61085,13 @@ Send generic signals to the unconfined domain.
-Module: +Module: unconfined

Layer: system

-unconfined_use_fd( +unconfined_use_fds( @@ -59109,13 +61207,13 @@ and use the caller's terminal.
-Module: +Module: userdomain

Layer: system

-userdom_create_sysadm_home( +userdom_bin_spec_domtrans_sysadm( @@ -59123,16 +61221,30 @@ system

domain + )
+

+ +
+

+Execute a generic bin program in the sysadm domain. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_bin_spec_domtrans_unpriv_users( + - , - - - - [ - object_class - ] + domain )
@@ -59140,8 +61252,9 @@ system

-Create objects in sysadm home directories -with automatic file type transition. +Execute bin_t in the unprivileged user domains. This +is an explicit transition, requiring the +caller to use setexeccon().

@@ -59174,13 +61287,40 @@ Send a dbus message to all user domains.
-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_getattr_sysadm_home_dir( +userdom_dontaudit_append_staff_home_content_files( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to append to the staff +users home directory. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_getattr_sysadm_home_dirs( @@ -59202,13 +61342,13 @@ home directory.
-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_getattr_sysadm_tty( +userdom_dontaudit_getattr_sysadm_ttys( @@ -59229,13 +61369,13 @@ of sysadm ttys.
-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_list_sysadm_home_dir( +userdom_dontaudit_list_sysadm_home_dirs( @@ -59256,13 +61396,67 @@ users home directory.
-Module: +Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_read_sysadm_home_content_files( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to search the sysadm +users home directory. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_relabelfrom_unpriv_users_ptys( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to relabel files from +unprivileged user pty types. +

+
+ +
+ +
+Module: userdomain

Layer: system

-userdom_dontaudit_search_all_users_home( +userdom_dontaudit_search_all_users_home_content( @@ -59282,13 +61476,39 @@ Do not audit attempts to search all users home directories.
-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_search_staff_home_dir( +userdom_dontaudit_search_generic_user_home_dirs( + + + + + domain + + + )
+
+ +
+

+Don't audit search on the user home subdirectory. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_search_staff_home_dirs( @@ -59309,13 +61529,254 @@ users home directory.
-Module: +Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_search_sysadm_home_dirs( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to search the sysadm +users home directory. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_use_all_users_fds( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to inherit the file +descriptors from any user domains. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_use_sysadm_ptys( + + + + + domain + + + )
+
+ +
+

+Dont audit attempts to read and write sysadm ptys. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_use_sysadm_terms( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to use sysadm ttys and ptys. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_use_sysadm_ttys( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to use sysadm ttys. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_use_unpriv_user_fds( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to inherit the +file descriptors from all user domains. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_use_unpriv_users_ptys( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to use unprivileged +user ptys. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_use_unpriv_users_ttys( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to use unprivileged +user ttys. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_entry_spec_domtrans_sysadm( + + + + + domain + + + )
+
+ +
+

+Execute all entrypoint files in the sysadm domain. This +is an explicit transition, requiring the +caller to use setexeccon(). +

+
+ +
+ +
+Module: userdomain

Layer: system

-userdom_dontaudit_search_sysadm_home_dir( +userdom_entry_spec_domtrans_unpriv_users( @@ -59328,21 +61789,22 @@ system

-Do not audit attempts to search the sysadm -users home directory. +Execute all entrypoint files in unprivileged user +domains. This is an explicit transition, requiring the +caller to use setexeccon().

-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_search_user_home_dirs( +userdom_generic_user_home_dir_filetrans_generic_user_home_content( @@ -59350,25 +61812,34 @@ system

domain + + , + + + + object_class + + )

-Don't audit search on the user home subdirectory. +Create objects in generic user home directories +with automatic file type transition.

-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_use_all_user_fd( +userdom_getattr_all_users( @@ -59381,21 +61852,20 @@ system

-Do not audit attempts to inherit the file -descriptors from any user domains. +Get the attributes of all user domains.

-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_use_sysadm_pty( +userdom_getattr_sysadm_home_dirs( @@ -59408,20 +61878,21 @@ system

-Dont audit attempts to read and write sysadm ptys. +Get the attributes of the sysadm users +home directory.

-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_use_sysadm_terms( +userdom_home_filetrans_generic_user_home_dir( @@ -59434,20 +61905,21 @@ system

-Do not audit attempts to use sysadm ttys and ptys. +Create generic user home directories +with automatic file type transition.

-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_use_sysadm_tty( +userdom_list_all_users_home_dirs( @@ -59460,20 +61932,20 @@ system

-Do not audit attempts to use sysadm ttys. +List all users home directories.

-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_use_unpriv_user_fd( +userdom_list_sysadm_home_dirs( @@ -59486,21 +61958,20 @@ system

-Do not audit attempts to inherit the -file descriptors from all user domains. +List the sysadm users home directory.

-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_use_unpriv_user_pty( +userdom_list_unpriv_users_tmp( @@ -59513,21 +61984,20 @@ system

-Do not audit attempts to use unprivileged -user ptys. +Read all unprivileged users temporary directories.

-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_use_unpriv_user_tty( +userdom_manage_all_users_home_content_dirs( @@ -59540,21 +62010,21 @@ system

-Do not audit attempts to use unprivileged -user ttys. +Create, read, write, and delete all directories +in all users home directories.

-Module: +Module: userdomain

Layer: system

-userdom_filetrans_generic_user_home( +userdom_manage_all_users_home_content_files( @@ -59562,16 +62032,58 @@ system

domain + )
+

+ +
+

+Create, read, write, and delete all files +in all users home directories. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_manage_all_users_home_content_symlinks( + - , + domain + + + )
+
+ +
+

+Create, read, write, and delete all symlinks +in all users home directories. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_manage_generic_user_home_content_dirs( + - [ - object_class - ] + domain )
@@ -59579,21 +62091,22 @@ system

-Create objects in generic user home directories -with automatic file type transition. +Create, read, write, and delete +subdirectories of generic user +home directories.

-Module: +Module: userdomain

Layer: system

-userdom_filetrans_generic_user_home_dir( +userdom_manage_generic_user_home_content_files( @@ -59606,21 +62119,21 @@ system

-Create generic user home directories -with automatic file type transition. +Create, read, write, and delete files +in generic user home directories.

-Module: +Module: userdomain

Layer: system

-userdom_getattr_all_userdomains( +userdom_manage_generic_user_home_content_pipes( @@ -59633,20 +62146,21 @@ system

-Get the attributes of all user domains. +Create, read, write, and delete named +pipes in generic user home directories.

-Module: +Module: userdomain

Layer: system

-userdom_getattr_sysadm_home_dir( +userdom_manage_generic_user_home_content_sockets( @@ -59659,21 +62173,21 @@ system

-Get the attributes of the sysadm users -home directory. +Create, read, write, and delete named +sockets in generic user home directories.

-Module: +Module: userdomain

Layer: system

-userdom_list_sysadm_home_dir( +userdom_manage_generic_user_home_content_symlinks( @@ -59686,20 +62200,21 @@ system

-List the sysadm users home directory. +Create, read, write, and delete symbolic +links in generic user home directories.

-Module: +Module: userdomain

Layer: system

-userdom_list_unpriv_user_tmp( +userdom_manage_unpriv_user_semaphores( @@ -59712,20 +62227,20 @@ system

-Read all unprivileged users temporary directories. +Manage unpriviledged user SysV sempaphores.

-Module: +Module: userdomain

Layer: system

-userdom_manage_all_user_dirs( +userdom_manage_unpriv_user_shared_mem( @@ -59738,21 +62253,21 @@ system

-Create, read, write, and delete all directories -in all users home directories. +Manage unpriviledged user SysV shared +memory segments.

-Module: +Module: userdomain

Layer: system

-userdom_manage_all_user_files( +userdom_priveleged_home_dir_manager( @@ -59765,21 +62280,21 @@ system

-Create, read, write, and delete all files -in all users home directories. +Make the specified domain a privileged +home directory manager.

-Module: +Module: userdomain

Layer: system

-userdom_manage_all_user_symlinks( +userdom_read_all_tmp_untrusted_content( @@ -59792,21 +62307,20 @@ system

-Create, read, write, and delete all symlinks -in all users home directories. +Read all user temporary untrusted content files.

-Module: +Module: userdomain

Layer: system

-userdom_manage_generic_user_home_dir( +userdom_read_all_untrusted_content( @@ -59819,21 +62333,20 @@ system

-Create, read, write, and delete -generic user home directories. +Read all user untrusted content files.

-Module: +Module: userdomain

Layer: system

-userdom_manage_generic_user_home_dirs( +userdom_read_all_users_home_content_files( @@ -59846,22 +62359,20 @@ system

-Create, read, write, and delete -subdirectories of generic user -home directories. +Read all files in all users home directories.

-Module: +Module: userdomain

Layer: system

-userdom_manage_generic_user_home_files( +userdom_read_all_users_state( @@ -59874,21 +62385,20 @@ system

-Create, read, write, and delete files -in generic user home directories. +Read the process state of all user domains.

-Module: +Module: userdomain

Layer: system

-userdom_manage_generic_user_home_pipes( +userdom_read_staff_home_content_files( @@ -59901,21 +62411,20 @@ system

-Create, read, write, and delete named -pipes in generic user home directories. +Read files in the staff users home directory.

-Module: +Module: userdomain

Layer: system

-userdom_manage_generic_user_home_sockets( +userdom_read_sysadm_home_content_files( @@ -59928,21 +62437,20 @@ system

-Create, read, write, and delete named -sockets in generic user home directories. +Read files in the sysadm users home directory.

-Module: +Module: userdomain

Layer: system

-userdom_manage_generic_user_home_symlinks( +userdom_read_unpriv_users_home_content_files( @@ -59955,21 +62463,21 @@ system

-Create, read, write, and delete symbolic -links in generic user home directories. +Read all unprivileged users home directory +files.

-Module: +Module: userdomain

Layer: system

-userdom_manage_unpriv_user_semaphores( +userdom_read_unpriv_users_tmp_files( @@ -59982,20 +62490,20 @@ system

-Manage unpriviledged user SysV sempaphores. +Read all unprivileged users temporary files.

-Module: +Module: userdomain

Layer: system

-userdom_manage_unpriv_user_shared_mem( +userdom_read_unpriv_users_tmp_symlinks( @@ -60008,21 +62516,20 @@ system

-Manage unpriviledged user SysV shared -memory segments. +Read all unprivileged users temporary symbolic links.

-Module: +Module: userdomain

Layer: system

-userdom_priveleged_home_dir_manager( +userdom_relabelto_unpriv_users_ptys( @@ -60035,21 +62542,20 @@ system

-Make the specified domain a privileged -home directory manager. +Relabel files to unprivileged user pty types.

-Module: +Module: userdomain

Layer: system

-userdom_read_all_user_files( +userdom_rw_sysadm_pipes( @@ -60062,20 +62568,20 @@ system

-Read all files in all users home directories. +Read and write sysadm user unnamed pipes.

-Module: +Module: userdomain

Layer: system

-userdom_read_all_userdomains_state( +userdom_sbin_spec_domtrans_sysadm( @@ -60088,20 +62594,20 @@ system

-Read the process state of all user domains. +Execute a generic sbin program in the sysadm domain.

-Module: +Module: userdomain

Layer: system

-userdom_read_staff_home_files( +userdom_sbin_spec_domtrans_unpriv_users( @@ -60114,20 +62620,22 @@ system

-Read files in the staff users home directory. +Execute generic sbin programs in all unprivileged user +domains. This is an explicit transition, requiring the +caller to use setexeccon().

-Module: +Module: userdomain

Layer: system

-userdom_read_sysadm_home_files( +userdom_search_all_users_home_content( @@ -60140,20 +62648,20 @@ system

-Read files in the sysadm users home directory. +Search all users home directories.

-Module: +Module: userdomain

Layer: system

-userdom_read_unpriv_user_home_files( +userdom_search_generic_user_home_dirs( @@ -60166,21 +62674,20 @@ system

-Read all unprivileged users home directory -files. +Search generic user home directories.

-Module: +Module: userdomain

Layer: system

-userdom_read_unpriv_user_tmp_files( +userdom_search_staff_home_dirs( @@ -60193,20 +62700,20 @@ system

-Read all unprivileged users temporary files. +Search the staff users home directory.

-Module: +Module: userdomain

Layer: system

-userdom_read_unpriv_user_tmp_symlinks( +userdom_search_sysadm_home_content_dirs( @@ -60219,20 +62726,20 @@ system

-Read all unprivileged users temporary symbolic links. +Search the sysadm users home sub directories.

-Module: +Module: userdomain

Layer: system

-userdom_rw_sysadm_pipe( +userdom_search_sysadm_home_dirs( @@ -60245,20 +62752,20 @@ system

-Read and write sysadm user unnamed pipes. +Search the sysadm users home directory.

-Module: +Module: userdomain

Layer: system

-userdom_search_all_users_home( +userdom_search_unpriv_users_home_dirs( @@ -60271,20 +62778,20 @@ system

-Search all users home directories. +Search all unprivileged users home directories.

-Module: +Module: userdomain

Layer: system

-userdom_search_generic_user_home_dir( +userdom_setattr_unpriv_users_ptys( @@ -60297,20 +62804,20 @@ system

-Search generic user home directories. +Set the attributes of user ptys.

-Module: +Module: userdomain

Layer: system

-userdom_search_staff_home_dir( +userdom_shell_domtrans_sysadm( @@ -60323,20 +62830,20 @@ system

-Search the staff users home directory. +Execute a shell in the sysadm domain.

-Module: +Module: userdomain

Layer: system

-userdom_search_sysadm_home_dir( +userdom_sigchld_all_users( @@ -60349,20 +62856,20 @@ system

-Search the sysadm users home directory. +Send a SIGCHLD signal to all user domains.

-Module: +Module: userdomain

Layer: system

-userdom_search_sysadm_home_subdirs( +userdom_sigchld_sysadm( @@ -60375,20 +62882,20 @@ system

-Search the sysadm users home sub directories. +Send a SIGCHLD signal to sysadm users.

-Module: +Module: userdomain

Layer: system

-userdom_search_unpriv_user_home_dirs( +userdom_signal_all_users( @@ -60401,20 +62908,20 @@ system

-Search all unprivileged users home directories. +Send general signals to all user domains.

-Module: +Module: userdomain

Layer: system

-userdom_setattr_unpriv_user_pty( +userdom_signal_unpriv_users( @@ -60427,20 +62934,20 @@ system

-Set the attributes of user ptys. +Send general signals to unprivileged user domains.

-Module: +Module: userdomain

Layer: system

-userdom_shell_domtrans_sysadm( +userdom_spec_domtrans_all_users( @@ -60453,20 +62960,22 @@ system

-Execute a shell in the sysadm domain. +Execute a shell in all user domains. This +is an explicit transition, requiring the +caller to use setexeccon().

-Module: +Module: userdomain

Layer: system

-userdom_sigchld_all_users( +userdom_spec_domtrans_unpriv_users( @@ -60479,20 +62988,22 @@ system

-Send a SIGCHLD signal to all user domains. +Execute a shell in all unprivileged user domains. This +is an explicit transition, requiring the +caller to use setexeccon().

-Module: +Module: userdomain

Layer: system

-userdom_sigchld_sysadm( +userdom_sysadm_home_dir_filetrans( @@ -60500,25 +63011,42 @@ system

domain + + , + + + + private type + + + + , + + + + object_class + + )

-Send a SIGCHLD signal to sysadm users. +Create objects in sysadm home directories +with automatic file type transition.

-Module: +Module: userdomain

Layer: system

-userdom_signal_all_users( +userdom_unconfined( @@ -60531,20 +63059,20 @@ system

-Send general signals to all user domains. +Unconfined access to user domains.

-Module: +Module: userdomain

Layer: system

-userdom_signal_unpriv_users( +userdom_use_all_users_fds( @@ -60557,20 +63085,20 @@ system

-Send general signals to unprivileged user domains. +Inherit the file descriptors from all user domains

-Module: +Module: userdomain

Layer: system

-userdom_spec_domtrans_all_users( +userdom_use_sysadm_fds( @@ -60583,22 +63111,20 @@ system

-Execute a shell in all user domains. This -is an explicit transition, requiring the -caller to use setexeccon(). +Inherit and use sysadm file descriptors

-Module: +Module: userdomain

Layer: system

-userdom_spec_domtrans_unpriv_users( +userdom_use_sysadm_ptys( @@ -60611,22 +63137,20 @@ system

-Execute a shell in all unprivileged user domains. This -is an explicit transition, requiring the -caller to use setexeccon(). +Read and write sysadm ptys.

-Module: +Module: userdomain

Layer: system

-userdom_unconfined( +userdom_use_sysadm_terms( @@ -60639,20 +63163,20 @@ system

-Unconfined access to user domains. +Read and write sysadm ttys and ptys.

-Module: +Module: userdomain

Layer: system

-userdom_use_all_user_fd( +userdom_use_sysadm_ttys( @@ -60665,20 +63189,20 @@ system

-Inherit the file descriptors from all user domains +Read and write sysadm ttys.

-Module: +Module: userdomain

Layer: system

-userdom_use_sysadm_fd( +userdom_use_unpriv_users_fds( @@ -60691,20 +63215,20 @@ system

-Inherit and use sysadm file descriptors +Inherit the file descriptors from unprivileged user domains.

-Module: +Module: userdomain

Layer: system

-userdom_use_sysadm_pty( +userdom_use_unpriv_users_ptys( @@ -60717,20 +63241,20 @@ system

-Read and write sysadm ptys. +Read and write unprivileged user ptys.

-Module: +Module: userdomain

Layer: system

-userdom_use_sysadm_terms( +userdom_write_unpriv_users_tmp_files( @@ -60743,20 +63267,20 @@ system

-Read and write sysadm ttys and ptys. +Write all unprivileged users files in /tmp

-Module: +Module: userdomain

Layer: system

-userdom_use_sysadm_tty( +userdom_xsession_spec_domtrans_all_users( @@ -60769,20 +63293,22 @@ system

-Read and write sysadm ttys. +Execute an Xserver session in all unprivileged user domains. This +is an explicit transition, requiring the +caller to use setexeccon().

-Module: +Module: userdomain

Layer: system

-userdom_use_unpriv_user_pty( +userdom_xsession_spec_domtrans_unpriv_users( @@ -60795,20 +63321,22 @@ system

-Read and write unprivileged user ptys. +Execute an Xserver session in all unprivileged user domains. This +is an explicit transition, requiring the +caller to use setexeccon().

-Module: -userdomain

-Layer: -system

+Module: +userhelper

+Layer: +apps

-userdom_use_unpriv_users_fd( +userhelper_dontaudit_search_config( @@ -60821,20 +63349,21 @@ system

-Inherit the file descriptors from unprivileged user domains. +Do not audit attempts to search +the userhelper configuration directory.

-Module: -userdomain

-Layer: -system

+Module: +userhelper

+Layer: +apps

-userdom_write_unpriv_user_tmp( +userhelper_search_config( @@ -60847,7 +63376,7 @@ system

-Write all unprivileged users files in /tmp +Search the userhelper configuration directory.

@@ -61227,6 +63756,75 @@ allow the specified role the useradd domain.
+Module: +usernetctl

+Layer: +apps

+

+ +usernetctl_domtrans( + + + + + domain + + + )
+
+ +
+

+Execute usernetctl in the usernetctl domain. +

+
+ +
+ +
+Module: +usernetctl

+Layer: +apps

+

+ +usernetctl_run( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+ +
+

+Execute usernetctl in the usernetctl domain, and +allow the specified role the usernetctl domain. +

+
+ +
+ +
Module: vbetool

Layer: @@ -61238,12 +63836,8 @@ admin

- [ - domain - ] - )

@@ -61421,13 +64015,39 @@ allow the specified role the webalizer domain.
-Module: +Module: +wine

+Layer: +apps

+

+ +wine_domtrans( + + + + + domain + + + )
+
+ +
+

+Execute the wine program in the wine domain. +

+
+ +
+ +
+Module: xfs

Layer: services

-xfs_read_socket( +xfs_read_sockets( @@ -61447,6 +64067,307 @@ Read a X font server named socket.
+Module: +xfs

+Layer: +services

+

+ +xfs_stream_connect( + + + + + domain + + + )
+
+ +
+

+Connect to a X font server over +a unix domain stream socket. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_create_xdm_tmp_sockets( + + + + + domain + + + )
+
+ +
+

+Create a named socket in a XDM +temporary directory. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_delete_log( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to write the X server +log files. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_domtrans_xdm_xserver( + + + + + domain + + + )
+
+ +
+

+Execute the X server in the XDM X server domain. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_dontaudit_write_log( + + + + + domain + + + )
+
+ +
+

+Do not audit attempts to write the X server +log files. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_read_xdm_pid( + + + + + domain + + + )
+
+ +
+

+Read XDM pid files. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_read_xdm_rw_config( + + + + + domain + + + )
+
+ +
+

+Read xdm-writable configuration files. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_setattr_xdm_tmp_dirs( + + + + + domain + + + )
+
+ +
+

+Set the attributes of XDM temporary directories. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_stream_connect_xdm( + + + + + domain + + + )
+
+ +
+

+Connect to XDM over a unix domain +stream socket. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_xsession_entry_type( + + + + + domain + + + )
+
+ +
+

+Make an X session script an entrypoint for the specified domain. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_xsession_spec_domtrans( + + + + + domain + + + + , + + + + target_domain + + + )
+
+ +
+

+Execute an X session in the target domain. This +is an explicit transition, requiring the +caller to use setexeccon(). +

+
+ +
+ +
Module: zebra

Layer: diff --git a/www/api-docs/kernel.html b/www/api-docs/kernel.html index ac3a835..7b9a351 100644 --- a/www/api-docs/kernel.html +++ b/www/api-docs/kernel.html @@ -25,9 +25,6 @@ kernel

-    -  - bootloader
-    -  corecommands
@@ -49,6 +46,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -108,11 +108,6 @@ and unlabeled processes and objects. - - bootloader -

Policy for the kernel modules, kernel image, and bootloader.

- - corecommands

@@ -158,6 +153,11 @@ and unlabeled processes and objects.

+ + mcs +

Multicategory security policy

+ + mls

Multilevel security policy

diff --git a/www/api-docs/kernel_bootloader.html b/www/api-docs/kernel_bootloader.html deleted file mode 100644 index a5dd10e..0000000 --- a/www/api-docs/kernel_bootloader.html +++ /dev/null @@ -1,1121 +0,0 @@ - - - - Security Enhanced Linux Reference Policy - - - - - - - -
- -

Layer: kernel

-

Module: bootloader

- -

Description:

- -

Policy for the kernel modules, kernel image, and bootloader.

- - - - -

Interfaces:

- - -
- - -
- -bootloader_create_kernel_img( - - - - - domain - - - )
-
-
- -
Summary
-

-Install a kernel into the /boot directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_create_kernel_symbol_table( - - - - - domain - - - )
-
-
- -
Summary
-

-Install a system.map into the /boot directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_create_runtime_file( - - - - - domain - - - )
-
-
- -
Summary
-

-Read and write the bootloader -temporary data in /tmp. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_delete_kernel( - - - - - domain - - - )
-
-
- -
Summary
-

-Delete a kernel from /boot. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_delete_kernel_symbol_table( - - - - - domain - - - )
-
-
- -
Summary
-

-Delete a system.map in the /boot directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_domtrans( - - - - - domain - - - )
-
-
- -
Summary
-

-Execute bootloader in the bootloader domain. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_dontaudit_getattr_boot_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to get attributes -of the /boot directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -bootloader_dontaudit_search_boot( - - - - - domain - - - )
-
-
- -
Summary
-

-Do not audit attempts to search the /boot directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_filetrans_modules( - - - - - ? - - - )
-
-
- -
Summary
-

-Summary is missing! -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - - -No -
-
-
- - -
- - -
- -bootloader_getattr_boot_dir( - - - - - domain - - - )
-
-
- -
Summary
-

-Get attributes of the /boot directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain to not audit. - - -No -
-
-
- - -
- - -
- -bootloader_getattr_kernel_modules( - - - - - domain - - - )
-
-
- -
Summary
-

-Get the attributes of kernel module files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_list_kernel_modules( - - - - - domain - - - )
-
-
- -
Summary
-

-List the contents of the kernel module directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_manage_kernel_modules( - - - - - domain - - - )
-
-
- -
Summary
-

-Create, read, write, and delete -kernel module files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_read_config( - - - - - domain - - - )
-
-
- -
Summary
-

-Read the bootloader configuration file. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_read_kernel_modules( - - - - - domain - - - )
-
-
- -
Summary
-

-Read kernel module files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_read_kernel_symbol_table( - - - - - domain - - - )
-
-
- -
Summary
-

-Read system.map in the /boot directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_run( - - - - - domain - - - - , - - - - role - - - - , - - - - terminal - - - )
-
-
- -
Summary
-

-Execute bootloader interactively and do -a domain transition to the bootloader domain. -

- - -
Parameters
- - - - - - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-role - - -The role to be allowed the bootloader domain. - - -No -
-terminal - - -The type of the terminal allow the bootloader domain to use. - - -No -
-
-
- - -
- - -
- -bootloader_rw_boot_symlinks( - - - - - domain - - - )
-
-
- -
Summary
-

-Read and write symbolic links -in the /boot directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_rw_config( - - - - - domain - - - )
-
-
- -
Summary
-

-Read and write the bootloader -configuration file. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_rw_tmp_file( - - - - - domain - - - )
-
-
- -
Summary
-

-Read and write the bootloader -temporary data in /tmp. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_search_boot( - - - - - domain - - - )
-
-
- -
Summary
-

-Search the /boot directory. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_search_kernel_modules( - - - - - domain - - - )
-
-
- -
Summary
-

-Search the contents of the kernel module directories. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -bootloader_write_kernel_modules( - - - - - domain - - - )
-
-
- -
Summary
-

-Write kernel module files. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -Return - - - - -
- - diff --git a/www/api-docs/kernel_corecommands.html b/www/api-docs/kernel_corecommands.html index c44acb3..2d8ecfd 100644 --- a/www/api-docs/kernel_corecommands.html +++ b/www/api-docs/kernel_corecommands.html @@ -25,9 +25,6 @@ kernel
-    -  - bootloader
-    -  corecommands
@@ -49,6 +46,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -149,9 +149,9 @@ on the strict policy. domain - +

Alias type for bin_t. - +

No @@ -220,9 +220,9 @@ the ssh-agent policy. domain - +

Domain allowed access. - +

No @@ -230,9 +230,92 @@ No target_domain - +

The type of the new process. +

+ +No + + + +
+
+ + +
+ + +
+ +corecmd_bin_spec_domtrans( + + + + + domain + + + + , + + + + target_domain + + + )
+
+
+ +
Summary
+

+Execute a file in a bin directory +in the specified domain but do not +do it automatically. This is an explicit +transition, requiring the caller to use setexeccon(). +

+ + +
Description
+

+

+Execute a file in a bin directory +in the specified domain. This allows +the specified domain to execute any file +on these filesystems in the specified +domain. This is not suggested. +

+

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+

+This interface was added to handle +the userhelper policy. +

+

+ +
Parameters
+ + + + + @@ -272,9 +355,9 @@ Check if a shell is executable (DAC-wise). @@ -283,13 +366,13 @@ No - +
-corecmd_dontaudit_getattr_sbin_file( +corecmd_dontaudit_getattr_sbin_files( @@ -314,9 +397,9 @@ Summary is missing!
@@ -357,9 +440,9 @@ sbin directories. @@ -399,9 +482,9 @@ Summary is missing! @@ -441,9 +524,9 @@ Summary is missing! @@ -483,9 +566,9 @@ Summary is missing! @@ -525,9 +608,9 @@ Summary is missing! @@ -567,9 +650,9 @@ Summary is missing! @@ -578,13 +661,13 @@ No - +
-corecmd_getattr_bin_file( +corecmd_getattr_bin_files( @@ -609,9 +692,9 @@ Get the attributes of files in bin directories.
@@ -620,13 +703,13 @@ No - +
-corecmd_getattr_sbin_file( +corecmd_getattr_sbin_files( @@ -651,9 +734,9 @@ Summary is missing!
@@ -693,9 +776,9 @@ Summary is missing! @@ -735,9 +818,9 @@ Summary is missing! @@ -777,9 +860,9 @@ Create, read, write, and delete bin files. @@ -819,9 +902,9 @@ Create, read, write, and delete sbin files. @@ -861,9 +944,9 @@ Mmap a bin file as executable. @@ -903,9 +986,9 @@ Mmap a sbin file as executable. @@ -914,13 +997,13 @@ No - +
-corecmd_read_bin_file( +corecmd_read_bin_files( @@ -945,9 +1028,9 @@ Read files in bin directories.
@@ -956,13 +1039,13 @@ No - +
-corecmd_read_bin_pipe( +corecmd_read_bin_pipes( @@ -987,9 +1070,9 @@ Read pipes in bin directories.
@@ -998,13 +1081,13 @@ No - +
-corecmd_read_bin_socket( +corecmd_read_bin_sockets( @@ -1029,9 +1112,9 @@ Read named sockets in bin directories.
@@ -1040,13 +1123,13 @@ No - +
-corecmd_read_bin_symlink( +corecmd_read_bin_symlinks( @@ -1071,9 +1154,9 @@ Read symbolic links in bin directories.
@@ -1082,13 +1165,13 @@ No - +
-corecmd_read_sbin_file( +corecmd_read_sbin_files( @@ -1113,9 +1196,9 @@ Read files in sbin directories.
@@ -1124,13 +1207,13 @@ No - +
-corecmd_read_sbin_pipe( +corecmd_read_sbin_pipes( @@ -1155,9 +1238,9 @@ Read named pipes in sbin directories.
@@ -1166,13 +1249,13 @@ No - +
-corecmd_read_sbin_socket( +corecmd_read_sbin_sockets( @@ -1197,9 +1280,9 @@ Read named sockets in sbin directories.
@@ -1208,13 +1291,13 @@ No - +
-corecmd_read_sbin_symlink( +corecmd_read_sbin_symlinks( @@ -1239,9 +1322,9 @@ Read symbolic links in sbin directories.
@@ -1281,9 +1364,9 @@ Relabel to and from the bin type. @@ -1323,9 +1406,9 @@ Relabel to and from the sbin type. @@ -1394,9 +1477,9 @@ the ssh-agent policy. @@ -1404,9 +1487,92 @@ No + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+target_domain + +

+The type of the new process. +

 No
domain - +

Domain allowed access. - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain to not audit. - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain allowed access. - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
target_domain - +

The type of the new process. +

+		 +No +
+
+
+ + +
+ + +
+ +corecmd_sbin_spec_domtrans( + + + + + domain + + + + , + + + + target_domain + + + )
+
+
+ +
Summary
+

+Execute a file in a sbin directory +in the specified domain but do not +do it automatically. This is an explicit +transition, requiring the caller to use setexeccon(). +

+ + +
Description
+

+

+Execute a file in a sbin directory +in the specified domain. This allows +the specified domain to execute any file +on these filesystems in the specified +domain. This is not suggested. +

+

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+

+This interface was added to handle +the userhelper policy. +

+

+ +
Parameters
+ + + + + @@ -1446,9 +1612,9 @@ Summary is missing! @@ -1488,9 +1654,9 @@ Summary is missing! @@ -1550,9 +1716,9 @@ the domains are not owned by this module. @@ -1560,9 +1726,9 @@ No @@ -1602,9 +1768,9 @@ Make the shell an entrypoint for the specified domain. @@ -1668,9 +1834,9 @@ the domains are not owned by this module. @@ -1678,9 +1844,9 @@ No diff --git a/www/api-docs/kernel_corenetwork.html b/www/api-docs/kernel_corenetwork.html index 6697c54..6684ccf 100644 --- a/www/api-docs/kernel_corenetwork.html +++ b/www/api-docs/kernel_corenetwork.html @@ -25,9 +25,6 @@ kernel
-    -  - bootloader
-    -  corecommands
@@ -49,6 +46,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -103,6 +103,48 @@

Interfaces:

+ +
+ + +
+ +corenet_dontaudit_tcp_bind_all_ports( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attepts to bind TCP sockets to any ports. +

+ + +
Parameters
+
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+target_domain + +

+The type of the new process. +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain allowed access. - +

 No
target_domain - +

The type of the shell process. - +

 No
domain - +

The domain for which the shell is an entrypoint. - +

 No
domain - +

Domain allowed access. - +

 No
target_domain - +

The type of the shell process. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+Domain to not audit. +

+		 +No +
+
+
+
@@ -134,9 +176,9 @@ Do not audit attempts to bind TCP sockets to all reserved ports. domain - +

The type of the process to not audit. - +

No @@ -177,9 +219,9 @@ all reserved ports. domain - +

Domain to not audit. - +

No @@ -219,9 +261,9 @@ Do not audit attempts to bind UDP sockets to all reserved ports. domain - +

The type of the process to not audit. - +

No @@ -263,9 +305,9 @@ session. domain - +

Domain allowed access. - +

No @@ -305,9 +347,9 @@ Bind raw sockets to all nodes. domain - +

The type of the process performing this action. - +

No @@ -347,9 +389,9 @@ Receive raw IP packets on all interfaces. domain - +

The type of the process performing this action. - +

No @@ -389,9 +431,9 @@ Receive raw IP packets on all nodes. domain - +

The type of the process performing this action. - +

No @@ -431,9 +473,9 @@ Receive raw IP packets on the compat_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -473,9 +515,9 @@ Receive raw IP packets on generic interfaces. domain - +

The type of the process performing this action. - +

No @@ -515,9 +557,9 @@ Receive raw IP packets on generic nodes. domain - +

The type of the process performing this action. - +

No @@ -557,9 +599,9 @@ Receive raw IP packets on the inaddr_any node. domain - +

The type of the process performing this action. - +

No @@ -599,9 +641,9 @@ Receive raw IP packets on the link_local node. domain - +

The type of the process performing this action. - +

No @@ -641,9 +683,9 @@ Receive raw IP packets on the lo interface. domain - +

The type of the process performing this action. - +

No @@ -683,9 +725,9 @@ Receive raw IP packets on the lo node. domain - +

The type of the process performing this action. - +

No @@ -725,9 +767,9 @@ Receive raw IP packets on the mapped_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -767,9 +809,9 @@ Receive raw IP packets on the multicast node. domain - +

The type of the process performing this action. - +

No @@ -809,9 +851,9 @@ Receive raw IP packets on the site_local node. domain - +

The type of the process performing this action. - +

No @@ -851,9 +893,9 @@ Receive raw IP packets on the unspec node. domain - +

The type of the process performing this action. - +

No @@ -893,9 +935,9 @@ Send raw IP packets on all interfaces. domain - +

The type of the process performing this action. - +

No @@ -935,9 +977,9 @@ Send raw IP packets on all nodes. domain - +

The type of the process performing this action. - +

No @@ -977,9 +1019,9 @@ Send raw IP packets on the compat_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -1019,9 +1061,9 @@ Send raw IP packets on generic interfaces. domain - +

The type of the process performing this action. - +

No @@ -1061,9 +1103,9 @@ Send raw IP packets on generic nodes. domain - +

The type of the process performing this action. - +

No @@ -1103,9 +1145,9 @@ Send raw IP packets on the inaddr_any node. domain - +

The type of the process performing this action. - +

No @@ -1145,9 +1187,9 @@ Send raw IP packets on the link_local node. domain - +

The type of the process performing this action. - +

No @@ -1187,9 +1229,9 @@ Send raw IP packets on the lo interface. domain - +

The type of the process performing this action. - +

No @@ -1229,9 +1271,9 @@ Send raw IP packets on the lo node. domain - +

The type of the process performing this action. - +

No @@ -1271,9 +1313,9 @@ Send raw IP packets on the mapped_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -1313,9 +1355,9 @@ Send raw IP packets on the multicast node. domain - +

The type of the process performing this action. - +

No @@ -1355,9 +1397,9 @@ Send raw IP packets on the site_local node. domain - +

The type of the process performing this action. - +

No @@ -1397,9 +1439,9 @@ Send raw IP packets on the unspec node. domain - +

The type of the process performing this action. - +

No @@ -1439,9 +1481,9 @@ Send and receive raw IP packets on all interfaces. domain - +

The type of the process performing this action. - +

No @@ -1481,9 +1523,9 @@ Send and receive raw IP packets on all nodes. domain - +

The type of the process performing this action. - +

No @@ -1523,9 +1565,9 @@ Send and receive raw IP packets on the compat_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -1565,9 +1607,9 @@ Send and receive raw IP packets on generic interfaces. domain - +

The type of the process performing this action. - +

No @@ -1607,9 +1649,9 @@ Send and receive raw IP packets on generic nodes. domain - +

The type of the process performing this action. - +

No @@ -1649,9 +1691,9 @@ Send and receive raw IP packets on the inaddr_any node. domain - +

The type of the process performing this action. - +

No @@ -1691,9 +1733,9 @@ Send and receive raw IP packets on the link_local node. domain - +

The type of the process performing this action. - +

No @@ -1733,9 +1775,9 @@ Send and receive raw IP packets on the lo interface. domain - +

The type of the process performing this action. - +

No @@ -1775,9 +1817,9 @@ Send and receive raw IP packets on the lo node. domain - +

The type of the process performing this action. - +

No @@ -1817,9 +1859,9 @@ Send and receive raw IP packets on the mapped_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -1859,9 +1901,9 @@ Send and receive raw IP packets on the multicast node. domain - +

The type of the process performing this action. - +

No @@ -1901,9 +1943,9 @@ Send and receive raw IP packets on the site_local node. domain - +

The type of the process performing this action. - +

No @@ -1943,9 +1985,9 @@ Send and receive raw IP packets on the unspec node. domain - +

The type of the process performing this action. - +

No @@ -1954,13 +1996,13 @@ No
- +
-corenet_tcp_bind_afs_bos_port( +corenet_rw_ppp_dev( @@ -1974,7 +2016,7 @@ No
Summary

-Bind TCP sockets to the afs_bos port. +Read and write the point-to-point device.

@@ -1985,9 +2027,9 @@ Bind TCP sockets to the afs_bos port. domain - -The type of the process performing this action. - +

+The domain allowed access. +

No @@ -1996,13 +2038,13 @@ No
- +
-corenet_tcp_bind_afs_fs_port( +corenet_rw_tun_tap_dev( @@ -2016,7 +2058,7 @@ No
Summary

-Bind TCP sockets to the afs_fs port. +Read and write the TUN/TAP virtual network device.

@@ -2027,9 +2069,9 @@ Bind TCP sockets to the afs_fs port. domain - -The type of the process performing this action. - +

+The domain allowed access. +

No @@ -2038,13 +2080,13 @@ No
- +
-corenet_tcp_bind_afs_ka_port( +corenet_tcp_bind_afs_bos_port( @@ -2058,7 +2100,7 @@ No
Summary

-Bind TCP sockets to the afs_ka port. +Bind TCP sockets to the afs_bos port.

@@ -2069,9 +2111,9 @@ Bind TCP sockets to the afs_ka port. domain - +

The type of the process performing this action. - +

No @@ -2080,13 +2122,13 @@ No
- +
-corenet_tcp_bind_afs_pt_port( +corenet_tcp_bind_afs_fs_port( @@ -2100,7 +2142,7 @@ No
Summary

-Bind TCP sockets to the afs_pt port. +Bind TCP sockets to the afs_fs port.

@@ -2111,9 +2153,93 @@ Bind TCP sockets to the afs_pt port. domain - +

The type of the process performing this action. - +

+ +No + + + +
+
+ + +
+ + +
+ +corenet_tcp_bind_afs_ka_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind TCP sockets to the afs_ka port. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +corenet_tcp_bind_afs_pt_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind TCP sockets to the afs_pt port. +

+ + +
Parameters
+ + + + @@ -2153,9 +2279,9 @@ Bind TCP sockets to the afs_vl port. @@ -2195,9 +2321,9 @@ Bind TCP sockets to all nodes. @@ -2237,9 +2363,9 @@ Bind TCP sockets to all ports. @@ -2279,9 +2405,9 @@ Bind TCP sockets to all reserved ports. @@ -2321,9 +2447,9 @@ Bind TCP sockets to the amanda port. @@ -2363,9 +2489,9 @@ Bind TCP sockets to the amavisd_recv port. @@ -2405,9 +2531,9 @@ Bind TCP sockets to the amavisd_send port. @@ -2447,9 +2573,9 @@ Bind TCP sockets to the asterisk port. @@ -2489,9 +2615,51 @@ Bind TCP sockets to the auth port. + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ +
+ +corenet_tcp_bind_bgp_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind TCP sockets to the bgp port. +

+ + +
Parameters
+ + + + @@ -2531,9 +2699,9 @@ Bind TCP sockets to the clamd port. @@ -2573,9 +2741,9 @@ Bind TCP sockets to the clockspeed port. @@ -2615,9 +2783,9 @@ Bind TCP sockets to node compat_ipv4. @@ -2657,9 +2825,9 @@ Bind TCP sockets to the comsat port. @@ -2699,9 +2867,9 @@ Bind TCP sockets to the cvs port. @@ -2741,9 +2909,9 @@ Bind TCP sockets to the dbskkd port. @@ -2783,9 +2951,9 @@ Bind TCP sockets to the dcc port. @@ -2825,9 +2993,9 @@ Bind TCP sockets to the dhcpc port. @@ -2867,9 +3035,9 @@ Bind TCP sockets to the dhcpd port. @@ -2909,9 +3077,9 @@ Bind TCP sockets to the dict port. @@ -2951,9 +3119,9 @@ Bind TCP sockets to the distccd port. @@ -2993,9 +3161,9 @@ Bind TCP sockets to the dns port. @@ -3035,9 +3203,9 @@ Bind TCP sockets to the fingerd port. @@ -3077,9 +3245,9 @@ Bind TCP sockets to the ftp_data port. @@ -3119,9 +3287,9 @@ Bind TCP sockets to the ftp port. @@ -3161,9 +3329,9 @@ Bind TCP sockets to the gatekeeper port. @@ -3203,9 +3371,9 @@ Bind TCP sockets to generic nodes. @@ -3245,9 +3413,9 @@ Bind TCP sockets to generic ports. @@ -3287,9 +3455,9 @@ Bind TCP sockets to the giftd port. @@ -3329,9 +3497,9 @@ Bind TCP sockets to the gopher port. @@ -3371,9 +3539,9 @@ Bind TCP sockets to the howl port. @@ -3413,9 +3581,9 @@ Bind TCP sockets to the hplip port. @@ -3455,9 +3623,9 @@ Bind TCP sockets to the http_cache port. @@ -3497,9 +3665,9 @@ Bind TCP sockets to the http port. @@ -3539,9 +3707,9 @@ Bind TCP sockets to the i18n_input port. @@ -3581,9 +3749,9 @@ Bind TCP sockets to the imaze port. @@ -3623,9 +3791,9 @@ Bind TCP sockets to node inaddr_any. @@ -3665,9 +3833,9 @@ Bind TCP sockets to the inetd_child port. @@ -3707,9 +3875,9 @@ Bind TCP sockets to the innd port. @@ -3749,9 +3917,9 @@ Bind TCP sockets to the ipp port. @@ -3791,9 +3959,9 @@ Bind TCP sockets to the ircd port. @@ -3833,9 +4001,9 @@ Bind TCP sockets to the isakmp port. @@ -3875,9 +4043,9 @@ Bind TCP sockets to the jabber_client port. @@ -3917,9 +4085,9 @@ Bind TCP sockets to the jabber_interserver port. @@ -3959,9 +4127,9 @@ Bind TCP sockets to the kerberos_admin port. @@ -4001,9 +4169,9 @@ Bind TCP sockets to the kerberos_master port. @@ -4043,9 +4211,9 @@ Bind TCP sockets to the kerberos port. @@ -4085,9 +4253,9 @@ Bind TCP sockets to the ktalkd port. @@ -4127,9 +4295,9 @@ Bind TCP sockets to the ldap port. @@ -4169,9 +4337,9 @@ Bind TCP sockets to node link_local. @@ -4211,9 +4379,9 @@ Bind TCP sockets to node lo. @@ -4253,9 +4421,9 @@ Bind TCP sockets to the mail port. @@ -4295,9 +4463,9 @@ Bind TCP sockets to node mapped_ipv4. @@ -4337,9 +4505,9 @@ Bind TCP sockets to the monopd port. @@ -4379,9 +4547,9 @@ Bind TCP sockets to node multicast. @@ -4421,9 +4589,9 @@ Bind TCP sockets to the mysqld port. @@ -4463,9 +4631,9 @@ Bind TCP sockets to the nessus port. @@ -4505,9 +4673,9 @@ Bind TCP sockets to the nmbd port. @@ -4547,9 +4715,9 @@ Bind TCP sockets to the ntp port. @@ -4589,9 +4757,9 @@ Bind TCP sockets to the openvpn port. @@ -4631,9 +4799,9 @@ Bind TCP sockets to the pegasus_http port. @@ -4673,9 +4841,9 @@ Bind TCP sockets to the pegasus_https port. @@ -4715,9 +4883,9 @@ Bind TCP sockets to the pop port. @@ -4757,9 +4925,9 @@ Bind TCP sockets to the portmap port. @@ -4799,9 +4967,9 @@ Bind TCP sockets to the postgresql port. @@ -4841,9 +5009,9 @@ Bind TCP sockets to the postgrey port. @@ -4883,9 +5051,9 @@ Bind TCP sockets to the printer port. @@ -4925,9 +5093,9 @@ Bind TCP sockets to the ptal port. @@ -4967,9 +5135,9 @@ Bind TCP sockets to the pxe port. @@ -5009,9 +5177,9 @@ Bind TCP sockets to the pyzor port. @@ -5051,9 +5219,9 @@ Bind TCP sockets to the radacct port. @@ -5093,9 +5261,9 @@ Bind TCP sockets to the radius port. @@ -5135,9 +5303,9 @@ Bind TCP sockets to the razor port. @@ -5177,9 +5345,9 @@ Bind TCP sockets to generic reserved ports. @@ -5219,9 +5387,9 @@ Bind TCP sockets to the rlogind port. @@ -5261,9 +5429,51 @@ Bind TCP sockets to the rndc port. + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +corenet_tcp_bind_router_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind TCP sockets to the router port. +

+ + +
Parameters
+ + + @@ -5303,9 +5513,9 @@ Bind TCP sockets to the rsh port. @@ -5345,9 +5555,9 @@ Bind TCP sockets to the rsync port. @@ -5387,9 +5597,9 @@ Bind TCP sockets to node site_local. @@ -5429,9 +5639,9 @@ Bind TCP sockets to the smbd port. @@ -5471,9 +5681,9 @@ Bind TCP sockets to the smtp port. @@ -5513,9 +5723,9 @@ Bind TCP sockets to the snmp port. @@ -5555,9 +5765,9 @@ Bind TCP sockets to the soundd port. @@ -5597,9 +5807,9 @@ Bind TCP sockets to the spamd port. @@ -5639,9 +5849,9 @@ Bind TCP sockets to the ssh port. @@ -5681,9 +5891,9 @@ Bind TCP sockets to the swat port. @@ -5723,9 +5933,9 @@ Bind TCP sockets to the syslogd port. @@ -5765,9 +5975,9 @@ Bind TCP sockets to the telnetd port. @@ -5807,9 +6017,9 @@ Bind TCP sockets to the tftp port. @@ -5849,9 +6059,9 @@ Bind TCP sockets to the transproxy port. @@ -5891,9 +6101,9 @@ Bind TCP sockets to node unspec. @@ -5933,9 +6143,9 @@ Bind TCP sockets to the uucpd port. @@ -5975,9 +6185,9 @@ Bind TCP sockets to the vnc port. @@ -6017,9 +6227,9 @@ Bind TCP sockets to the xserver port. @@ -6059,9 +6269,9 @@ Bind TCP sockets to the zebra port. @@ -6101,9 +6311,9 @@ Bind TCP sockets to the zope port. @@ -6143,9 +6353,9 @@ Make a TCP connection to the afs_bos port. @@ -6185,9 +6395,9 @@ Make a TCP connection to the afs_fs port. @@ -6227,9 +6437,9 @@ Make a TCP connection to the afs_ka port. @@ -6269,9 +6479,9 @@ Make a TCP connection to the afs_pt port. @@ -6311,9 +6521,9 @@ Make a TCP connection to the afs_vl port. @@ -6353,9 +6563,9 @@ Connect TCP sockets to all ports. @@ -6395,9 +6605,9 @@ Connect TCP sockets to reserved ports. @@ -6437,9 +6647,9 @@ Make a TCP connection to the amanda port. @@ -6479,9 +6689,9 @@ Make a TCP connection to the amavisd_recv port. @@ -6521,9 +6731,9 @@ Make a TCP connection to the amavisd_send port. @@ -6563,9 +6773,9 @@ Make a TCP connection to the asterisk port. @@ -6605,9 +6815,51 @@ Make a TCP connection to the auth port. + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ +
+ +corenet_tcp_connect_bgp_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make a TCP connection to the bgp port. +

+ + +
Parameters
+ + + + @@ -6647,9 +6899,9 @@ Make a TCP connection to the clamd port. @@ -6689,9 +6941,9 @@ Make a TCP connection to the clockspeed port. @@ -6731,9 +6983,9 @@ Make a TCP connection to the comsat port. @@ -6773,9 +7025,9 @@ Make a TCP connection to the cvs port. @@ -6815,9 +7067,9 @@ Make a TCP connection to the dbskkd port. @@ -6857,9 +7109,9 @@ Make a TCP connection to the dcc port. @@ -6899,9 +7151,9 @@ Make a TCP connection to the dhcpc port. @@ -6941,9 +7193,9 @@ Make a TCP connection to the dhcpd port. @@ -6983,9 +7235,9 @@ Make a TCP connection to the dict port. @@ -7025,9 +7277,9 @@ Make a TCP connection to the distccd port. @@ -7067,9 +7319,9 @@ Make a TCP connection to the dns port. @@ -7109,9 +7361,9 @@ Make a TCP connection to the fingerd port. @@ -7151,9 +7403,9 @@ Make a TCP connection to the ftp_data port. @@ -7193,9 +7445,9 @@ Make a TCP connection to the ftp port. @@ -7235,9 +7487,9 @@ Make a TCP connection to the gatekeeper port. @@ -7277,9 +7529,9 @@ Connect TCP sockets to generic ports. @@ -7319,9 +7571,9 @@ Make a TCP connection to the giftd port. @@ -7361,9 +7613,9 @@ Make a TCP connection to the gopher port. @@ -7403,9 +7655,9 @@ Make a TCP connection to the howl port. @@ -7445,9 +7697,9 @@ Make a TCP connection to the hplip port. @@ -7487,9 +7739,9 @@ Make a TCP connection to the http_cache port. @@ -7529,9 +7781,9 @@ Make a TCP connection to the http port. @@ -7571,9 +7823,9 @@ Make a TCP connection to the i18n_input port. @@ -7613,9 +7865,9 @@ Make a TCP connection to the imaze port. @@ -7655,9 +7907,9 @@ Make a TCP connection to the inetd_child port. @@ -7697,9 +7949,9 @@ Make a TCP connection to the innd port. @@ -7739,9 +7991,9 @@ Make a TCP connection to the ipp port. @@ -7781,9 +8033,9 @@ Make a TCP connection to the ircd port. @@ -7823,9 +8075,9 @@ Make a TCP connection to the isakmp port. @@ -7865,9 +8117,9 @@ Make a TCP connection to the jabber_client port. @@ -7907,9 +8159,9 @@ Make a TCP connection to the jabber_interserver port. @@ -7949,9 +8201,9 @@ Make a TCP connection to the kerberos_admin port. @@ -7991,9 +8243,9 @@ Make a TCP connection to the kerberos_master port. @@ -8033,9 +8285,9 @@ Make a TCP connection to the kerberos port. @@ -8075,9 +8327,9 @@ Make a TCP connection to the ktalkd port. @@ -8117,9 +8369,9 @@ Make a TCP connection to the ldap port. @@ -8159,9 +8411,9 @@ Make a TCP connection to the mail port. @@ -8201,9 +8453,9 @@ Make a TCP connection to the monopd port. @@ -8243,9 +8495,9 @@ Make a TCP connection to the mysqld port. @@ -8285,9 +8537,9 @@ Make a TCP connection to the nessus port. @@ -8327,9 +8579,9 @@ Make a TCP connection to the nmbd port. @@ -8369,9 +8621,9 @@ Make a TCP connection to the ntp port. @@ -8411,9 +8663,9 @@ Make a TCP connection to the openvpn port. @@ -8453,9 +8705,9 @@ Make a TCP connection to the pegasus_http port. @@ -8495,9 +8747,9 @@ Make a TCP connection to the pegasus_https port. @@ -8537,9 +8789,9 @@ Make a TCP connection to the pop port. @@ -8579,9 +8831,9 @@ Make a TCP connection to the portmap port. @@ -8621,9 +8873,9 @@ Make a TCP connection to the postgresql port. @@ -8663,9 +8915,9 @@ Make a TCP connection to the postgrey port. @@ -8705,9 +8957,9 @@ Make a TCP connection to the printer port. @@ -8747,9 +8999,9 @@ Make a TCP connection to the ptal port. @@ -8789,9 +9041,9 @@ Make a TCP connection to the pxe port. @@ -8831,9 +9083,9 @@ Make a TCP connection to the pyzor port. @@ -8873,9 +9125,9 @@ Make a TCP connection to the radacct port. @@ -8915,9 +9167,9 @@ Make a TCP connection to the radius port. @@ -8957,9 +9209,9 @@ Make a TCP connection to the razor port. @@ -8999,9 +9251,9 @@ Connect TCP sockets to generic reserved ports. @@ -9041,9 +9293,9 @@ Make a TCP connection to the rlogind port. @@ -9083,9 +9335,51 @@ Make a TCP connection to the rndc port. + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +corenet_tcp_connect_router_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make a TCP connection to the router port. +

+ + +
Parameters
+ + + @@ -9125,9 +9419,9 @@ Make a TCP connection to the rsh port. @@ -9167,9 +9461,9 @@ Make a TCP connection to the rsync port. @@ -9209,9 +9503,9 @@ Make a TCP connection to the smbd port. @@ -9251,9 +9545,9 @@ Make a TCP connection to the smtp port. @@ -9293,9 +9587,9 @@ Make a TCP connection to the snmp port. @@ -9335,9 +9629,9 @@ Make a TCP connection to the soundd port. @@ -9377,9 +9671,9 @@ Make a TCP connection to the spamd port. @@ -9419,9 +9713,9 @@ Make a TCP connection to the ssh port. @@ -9461,9 +9755,9 @@ Make a TCP connection to the swat port. @@ -9503,9 +9797,9 @@ Make a TCP connection to the syslogd port. @@ -9545,9 +9839,9 @@ Make a TCP connection to the telnetd port. @@ -9587,9 +9881,9 @@ Make a TCP connection to the tftp port. @@ -9629,9 +9923,9 @@ Make a TCP connection to the transproxy port. @@ -9671,9 +9965,9 @@ Make a TCP connection to the uucpd port. @@ -9713,9 +10007,9 @@ Make a TCP connection to the vnc port. @@ -9755,9 +10049,9 @@ Make a TCP connection to the xserver port. @@ -9797,9 +10091,9 @@ Make a TCP connection to the zebra port. @@ -9839,9 +10133,9 @@ Make a TCP connection to the zope port. @@ -9881,9 +10175,9 @@ Send and receive TCP traffic on the afs_bos port. @@ -9923,9 +10217,9 @@ Send and receive TCP traffic on the afs_fs port. @@ -9965,9 +10259,9 @@ Send and receive TCP traffic on the afs_ka port. @@ -10007,9 +10301,9 @@ Send and receive TCP traffic on the afs_pt port. @@ -10049,9 +10343,9 @@ Send and receive TCP traffic on the afs_vl port. @@ -10091,9 +10385,9 @@ Send and receive TCP network traffic on all interfaces. @@ -10133,9 +10427,9 @@ Send and receive TCP network traffic on all nodes. @@ -10175,9 +10469,9 @@ Send and receive TCP network traffic on all ports. @@ -10206,7 +10500,49 @@ No
Summary

-Send and receive TCP network traffic on all reserved ports. +Send and receive TCP network traffic on all reserved ports. +

+ + +
Parameters
+
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +corenet_tcp_sendrecv_amanda_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive TCP traffic on the amanda port.

@@ -10217,9 +10553,9 @@ Send and receive TCP network traffic on all reserved ports. domain - +

The type of the process performing this action. - +

No @@ -10228,13 +10564,13 @@ No
- +
-corenet_tcp_sendrecv_amanda_port( +corenet_tcp_sendrecv_amavisd_recv_port( @@ -10248,7 +10584,7 @@ No
Summary

-Send and receive TCP traffic on the amanda port. +Send and receive TCP traffic on the amavisd_recv port.

@@ -10259,9 +10595,9 @@ Send and receive TCP traffic on the amanda port. domain - +

The type of the process performing this action. - +

No @@ -10270,13 +10606,13 @@ No
- +
-corenet_tcp_sendrecv_amavisd_recv_port( +corenet_tcp_sendrecv_amavisd_send_port( @@ -10290,7 +10626,7 @@ No
Summary

-Send and receive TCP traffic on the amavisd_recv port. +Send and receive TCP traffic on the amavisd_send port.

@@ -10301,9 +10637,9 @@ Send and receive TCP traffic on the amavisd_recv port. domain - +

The type of the process performing this action. - +

No @@ -10312,13 +10648,13 @@ No
- +
-corenet_tcp_sendrecv_amavisd_send_port( +corenet_tcp_sendrecv_asterisk_port( @@ -10332,7 +10668,7 @@ No
Summary

-Send and receive TCP traffic on the amavisd_send port. +Send and receive TCP traffic on the asterisk port.

@@ -10343,9 +10679,9 @@ Send and receive TCP traffic on the amavisd_send port. domain - +

The type of the process performing this action. - +

No @@ -10354,13 +10690,13 @@ No
- +
-corenet_tcp_sendrecv_asterisk_port( +corenet_tcp_sendrecv_auth_port( @@ -10374,7 +10710,7 @@ No
Summary

-Send and receive TCP traffic on the asterisk port. +Send and receive TCP traffic on the auth port.

@@ -10385,9 +10721,9 @@ Send and receive TCP traffic on the asterisk port. domain - +

The type of the process performing this action. - +

No @@ -10396,13 +10732,13 @@ No
- +
-corenet_tcp_sendrecv_auth_port( +corenet_tcp_sendrecv_bgp_port( @@ -10416,7 +10752,7 @@ No
Summary

-Send and receive TCP traffic on the auth port. +Send and receive TCP traffic on the bgp port.

@@ -10427,9 +10763,9 @@ Send and receive TCP traffic on the auth port. domain - +

The type of the process performing this action. - +

No @@ -10469,9 +10805,9 @@ Send and receive TCP traffic on the clamd port. domain - +

The type of the process performing this action. - +

No @@ -10511,9 +10847,9 @@ Send and receive TCP traffic on the clockspeed port. domain - +

The type of the process performing this action. - +

No @@ -10553,9 +10889,9 @@ Send and receive TCP traffic on the compat_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -10595,9 +10931,9 @@ Send and receive TCP traffic on the comsat port. domain - +

The type of the process performing this action. - +

No @@ -10637,9 +10973,9 @@ Send and receive TCP traffic on the cvs port. domain - +

The type of the process performing this action. - +

No @@ -10679,9 +11015,9 @@ Send and receive TCP traffic on the dbskkd port. domain - +

The type of the process performing this action. - +

No @@ -10721,9 +11057,9 @@ Send and receive TCP traffic on the dcc port. domain - +

The type of the process performing this action. - +

No @@ -10763,9 +11099,9 @@ Send and receive TCP traffic on the dhcpc port. domain - +

The type of the process performing this action. - +

No @@ -10805,9 +11141,9 @@ Send and receive TCP traffic on the dhcpd port. domain - +

The type of the process performing this action. - +

No @@ -10847,9 +11183,9 @@ Send and receive TCP traffic on the dict port. domain - +

The type of the process performing this action. - +

No @@ -10889,9 +11225,9 @@ Send and receive TCP traffic on the distccd port. domain - +

The type of the process performing this action. - +

No @@ -10931,9 +11267,9 @@ Send and receive TCP traffic on the dns port. domain - +

The type of the process performing this action. - +

No @@ -10973,9 +11309,9 @@ Send and receive TCP traffic on the fingerd port. domain - +

The type of the process performing this action. - +

No @@ -11015,9 +11351,9 @@ Send and receive TCP traffic on the ftp_data port. domain - +

The type of the process performing this action. - +

No @@ -11057,9 +11393,9 @@ Send and receive TCP traffic on the ftp port. domain - +

The type of the process performing this action. - +

No @@ -11099,9 +11435,9 @@ Send and receive TCP traffic on the gatekeeper port. domain - +

The type of the process performing this action. - +

No @@ -11141,9 +11477,9 @@ Send and receive TCP network traffic on the generic interfaces. domain - +

The type of the process performing this action. - +

No @@ -11183,9 +11519,9 @@ Send and receive TCP network traffic on generic nodes. domain - +

The type of the process performing this action. - +

No @@ -11225,9 +11561,9 @@ Send and receive TCP network traffic on generic ports. domain - +

The type of the process performing this action. - +

No @@ -11267,9 +11603,9 @@ Send and receive TCP traffic on the giftd port. domain - +

The type of the process performing this action. - +

No @@ -11309,9 +11645,9 @@ Send and receive TCP traffic on the gopher port. domain - +

The type of the process performing this action. - +

No @@ -11351,9 +11687,9 @@ Send and receive TCP traffic on the howl port. domain - +

The type of the process performing this action. - +

No @@ -11393,9 +11729,9 @@ Send and receive TCP traffic on the hplip port. domain - +

The type of the process performing this action. - +

No @@ -11435,9 +11771,9 @@ Send and receive TCP traffic on the http_cache port. domain - +

The type of the process performing this action. - +

No @@ -11477,9 +11813,9 @@ Send and receive TCP traffic on the http port. domain - +

The type of the process performing this action. - +

No @@ -11519,9 +11855,9 @@ Send and receive TCP traffic on the i18n_input port. domain - +

The type of the process performing this action. - +

No @@ -11561,9 +11897,9 @@ Send and receive TCP traffic on the imaze port. domain - +

The type of the process performing this action. - +

No @@ -11603,9 +11939,9 @@ Send and receive TCP traffic on the inaddr_any node. domain - +

The type of the process performing this action. - +

No @@ -11645,9 +11981,9 @@ Send and receive TCP traffic on the inetd_child port. domain - +

The type of the process performing this action. - +

No @@ -11687,9 +12023,9 @@ Send and receive TCP traffic on the innd port. domain - +

The type of the process performing this action. - +

No @@ -11729,9 +12065,9 @@ Send and receive TCP traffic on the ipp port. domain - +

The type of the process performing this action. - +

No @@ -11771,9 +12107,9 @@ Send and receive TCP traffic on the ircd port. domain - +

The type of the process performing this action. - +

No @@ -11813,9 +12149,9 @@ Send and receive TCP traffic on the isakmp port. domain - +

The type of the process performing this action. - +

No @@ -11855,9 +12191,9 @@ Send and receive TCP traffic on the jabber_client port. domain - +

The type of the process performing this action. - +

No @@ -11897,9 +12233,9 @@ Send and receive TCP traffic on the jabber_interserver port. domain - +

The type of the process performing this action. - +

No @@ -11939,9 +12275,9 @@ Send and receive TCP traffic on the kerberos_admin port. domain - +

The type of the process performing this action. - +

No @@ -11981,9 +12317,9 @@ Send and receive TCP traffic on the kerberos_master port. domain - +

The type of the process performing this action. - +

No @@ -12023,9 +12359,9 @@ Send and receive TCP traffic on the kerberos port. domain - +

The type of the process performing this action. - +

No @@ -12065,9 +12401,9 @@ Send and receive TCP traffic on the ktalkd port. domain - +

The type of the process performing this action. - +

No @@ -12107,9 +12443,9 @@ Send and receive TCP traffic on the ldap port. domain - +

The type of the process performing this action. - +

No @@ -12149,9 +12485,9 @@ Send and receive TCP traffic on the link_local node. domain - +

The type of the process performing this action. - +

No @@ -12191,9 +12527,9 @@ Send and receive TCP network traffic on the lo interface. domain - +

The type of the process performing this action. - +

No @@ -12233,9 +12569,9 @@ Send and receive TCP traffic on the lo node. domain - +

The type of the process performing this action. - +

No @@ -12275,9 +12611,9 @@ Send and receive TCP traffic on the mail port. domain - +

The type of the process performing this action. - +

No @@ -12317,9 +12653,9 @@ Send and receive TCP traffic on the mapped_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -12359,9 +12695,9 @@ Send and receive TCP traffic on the monopd port. domain - +

The type of the process performing this action. - +

No @@ -12401,9 +12737,9 @@ Send and receive TCP traffic on the multicast node. domain - +

The type of the process performing this action. - +

No @@ -12443,9 +12779,9 @@ Send and receive TCP traffic on the mysqld port. domain - +

The type of the process performing this action. - +

No @@ -12485,9 +12821,9 @@ Send and receive TCP traffic on the nessus port. domain - +

The type of the process performing this action. - +

No @@ -12527,9 +12863,9 @@ Send and receive TCP traffic on the nmbd port. domain - +

The type of the process performing this action. - +

No @@ -12569,9 +12905,9 @@ Send and receive TCP traffic on the ntp port. domain - +

The type of the process performing this action. - +

No @@ -12611,9 +12947,9 @@ Send and receive TCP traffic on the openvpn port. domain - +

The type of the process performing this action. - +

No @@ -12653,9 +12989,9 @@ Send and receive TCP traffic on the pegasus_http port. domain - +

The type of the process performing this action. - +

No @@ -12695,9 +13031,9 @@ Send and receive TCP traffic on the pegasus_https port. domain - +

The type of the process performing this action. - +

No @@ -12737,9 +13073,9 @@ Send and receive TCP traffic on the pop port. domain - +

The type of the process performing this action. - +

No @@ -12779,9 +13115,9 @@ Send and receive TCP traffic on the portmap port. domain - +

The type of the process performing this action. - +

No @@ -12821,9 +13157,9 @@ Send and receive TCP traffic on the postgresql port. domain - +

The type of the process performing this action. - +

No @@ -12863,9 +13199,9 @@ Send and receive TCP traffic on the postgrey port. domain - +

The type of the process performing this action. - +

No @@ -12905,9 +13241,9 @@ Send and receive TCP traffic on the printer port. domain - +

The type of the process performing this action. - +

No @@ -12947,9 +13283,9 @@ Send and receive TCP traffic on the ptal port. domain - +

The type of the process performing this action. - +

No @@ -12989,9 +13325,9 @@ Send and receive TCP traffic on the pxe port. domain - +

The type of the process performing this action. - +

No @@ -13031,9 +13367,9 @@ Send and receive TCP traffic on the pyzor port. domain - +

The type of the process performing this action. - +

No @@ -13073,9 +13409,9 @@ Send and receive TCP traffic on the radacct port. domain - +

The type of the process performing this action. - +

No @@ -13115,9 +13451,9 @@ Send and receive TCP traffic on the radius port. domain - +

The type of the process performing this action. - +

No @@ -13157,9 +13493,9 @@ Send and receive TCP traffic on the razor port. domain - +

The type of the process performing this action. - +

No @@ -13199,9 +13535,9 @@ Send and receive TCP network traffic on generic reserved ports. domain - +

The type of the process performing this action. - +

No @@ -13241,9 +13577,9 @@ Send and receive TCP traffic on the rlogind port. domain - +

The type of the process performing this action. - +

No @@ -13283,9 +13619,51 @@ Send and receive TCP traffic on the rndc port. domain - +

The type of the process performing this action. +

+ +No + + + +
+
+ + +
+ + +
+ +corenet_tcp_sendrecv_router_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive TCP traffic on the router port. +

+ +
Parameters
+ + + + @@ -13325,9 +13703,9 @@ Send and receive TCP traffic on the rsh port. @@ -13367,9 +13745,9 @@ Send and receive TCP traffic on the rsync port. @@ -13409,9 +13787,9 @@ Send and receive TCP traffic on the site_local node. @@ -13451,9 +13829,9 @@ Send and receive TCP traffic on the smbd port. @@ -13493,9 +13871,9 @@ Send and receive TCP traffic on the smtp port. @@ -13535,9 +13913,9 @@ Send and receive TCP traffic on the snmp port. @@ -13577,9 +13955,9 @@ Send and receive TCP traffic on the soundd port. @@ -13619,9 +13997,9 @@ Send and receive TCP traffic on the spamd port. @@ -13661,9 +14039,9 @@ Send and receive TCP traffic on the ssh port. @@ -13703,9 +14081,9 @@ Send and receive TCP traffic on the swat port. @@ -13745,9 +14123,9 @@ Send and receive TCP traffic on the syslogd port. @@ -13787,9 +14165,9 @@ Send and receive TCP traffic on the telnetd port. @@ -13829,9 +14207,9 @@ Send and receive TCP traffic on the tftp port. @@ -13871,9 +14249,9 @@ Send and receive TCP traffic on the transproxy port. @@ -13913,9 +14291,9 @@ Send and receive TCP traffic on the unspec node. @@ -13955,9 +14333,9 @@ Send and receive TCP traffic on the uucpd port. @@ -13997,9 +14375,9 @@ Send and receive TCP traffic on the vnc port. @@ -14039,9 +14417,9 @@ Send and receive TCP traffic on the xserver port. @@ -14081,9 +14459,9 @@ Send and receive TCP traffic on the zebra port. @@ -14123,9 +14501,9 @@ Send and receive TCP traffic on the zope port. @@ -14165,9 +14543,9 @@ Bind UDP sockets to the afs_bos port. @@ -14207,9 +14585,9 @@ Bind UDP sockets to the afs_fs port. @@ -14249,9 +14627,9 @@ Bind UDP sockets to the afs_ka port. @@ -14291,9 +14669,9 @@ Bind UDP sockets to the afs_pt port. @@ -14333,9 +14711,9 @@ Bind UDP sockets to the afs_vl port. @@ -14375,9 +14753,9 @@ Bind UDP sockets to all nodes. @@ -14417,9 +14795,9 @@ Bind UDP sockets to all ports. @@ -14448,7 +14826,49 @@ No
Summary

-Bind UDP sockets to all reserved ports. +Bind UDP sockets to all reserved ports. +

+ + +
Parameters
+
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +corenet_udp_bind_amanda_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind UDP sockets to the amanda port.

@@ -14459,9 +14879,9 @@ Bind UDP sockets to all reserved ports. domain - +

The type of the process performing this action. - +

No @@ -14470,13 +14890,13 @@ No
- +
-corenet_udp_bind_amanda_port( +corenet_udp_bind_amavisd_recv_port( @@ -14490,7 +14910,7 @@ No
Summary

-Bind UDP sockets to the amanda port. +Bind UDP sockets to the amavisd_recv port.

@@ -14501,9 +14921,9 @@ Bind UDP sockets to the amanda port. domain - +

The type of the process performing this action. - +

No @@ -14512,13 +14932,13 @@ No
- +
-corenet_udp_bind_amavisd_recv_port( +corenet_udp_bind_amavisd_send_port( @@ -14532,7 +14952,7 @@ No
Summary

-Bind UDP sockets to the amavisd_recv port. +Bind UDP sockets to the amavisd_send port.

@@ -14543,9 +14963,9 @@ Bind UDP sockets to the amavisd_recv port. domain - +

The type of the process performing this action. - +

No @@ -14554,13 +14974,13 @@ No
- +
-corenet_udp_bind_amavisd_send_port( +corenet_udp_bind_asterisk_port( @@ -14574,7 +14994,7 @@ No
Summary

-Bind UDP sockets to the amavisd_send port. +Bind UDP sockets to the asterisk port.

@@ -14585,9 +15005,9 @@ Bind UDP sockets to the amavisd_send port. domain - +

The type of the process performing this action. - +

No @@ -14596,13 +15016,13 @@ No
- +
-corenet_udp_bind_asterisk_port( +corenet_udp_bind_auth_port( @@ -14616,7 +15036,7 @@ No
Summary

-Bind UDP sockets to the asterisk port. +Bind UDP sockets to the auth port.

@@ -14627,9 +15047,9 @@ Bind UDP sockets to the asterisk port. domain - +

The type of the process performing this action. - +

No @@ -14638,13 +15058,13 @@ No
- +
-corenet_udp_bind_auth_port( +corenet_udp_bind_bgp_port( @@ -14658,7 +15078,7 @@ No
Summary

-Bind UDP sockets to the auth port. +Bind UDP sockets to the bgp port.

@@ -14669,9 +15089,9 @@ Bind UDP sockets to the auth port. domain - +

The type of the process performing this action. - +

No @@ -14711,9 +15131,9 @@ Bind UDP sockets to the clamd port. domain - +

The type of the process performing this action. - +

No @@ -14753,9 +15173,9 @@ Bind UDP sockets to the clockspeed port. domain - +

The type of the process performing this action. - +

No @@ -14795,9 +15215,9 @@ Bind UDP sockets to the compat_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -14837,9 +15257,9 @@ Bind UDP sockets to the comsat port. domain - +

The type of the process performing this action. - +

No @@ -14879,9 +15299,9 @@ Bind UDP sockets to the cvs port. domain - +

The type of the process performing this action. - +

No @@ -14921,9 +15341,9 @@ Bind UDP sockets to the dbskkd port. domain - +

The type of the process performing this action. - +

No @@ -14963,9 +15383,9 @@ Bind UDP sockets to the dcc port. domain - +

The type of the process performing this action. - +

No @@ -15005,9 +15425,9 @@ Bind UDP sockets to the dhcpc port. domain - +

The type of the process performing this action. - +

No @@ -15047,9 +15467,9 @@ Bind UDP sockets to the dhcpd port. domain - +

The type of the process performing this action. - +

No @@ -15089,9 +15509,9 @@ Bind UDP sockets to the dict port. domain - +

The type of the process performing this action. - +

No @@ -15131,9 +15551,9 @@ Bind UDP sockets to the distccd port. domain - +

The type of the process performing this action. - +

No @@ -15173,9 +15593,9 @@ Bind UDP sockets to the dns port. domain - +

The type of the process performing this action. - +

No @@ -15215,9 +15635,9 @@ Bind UDP sockets to the fingerd port. domain - +

The type of the process performing this action. - +

No @@ -15257,9 +15677,9 @@ Bind UDP sockets to the ftp_data port. domain - +

The type of the process performing this action. - +

No @@ -15299,9 +15719,9 @@ Bind UDP sockets to the ftp port. domain - +

The type of the process performing this action. - +

No @@ -15341,9 +15761,9 @@ Bind UDP sockets to the gatekeeper port. domain - +

The type of the process performing this action. - +

No @@ -15383,9 +15803,9 @@ Bind UDP sockets to generic nodes. domain - +

The type of the process performing this action. - +

No @@ -15425,9 +15845,9 @@ Bind UDP sockets to generic ports. domain - +

The type of the process performing this action. - +

No @@ -15467,9 +15887,9 @@ Bind UDP sockets to the giftd port. domain - +

The type of the process performing this action. - +

No @@ -15509,9 +15929,9 @@ Bind UDP sockets to the gopher port. domain - +

The type of the process performing this action. - +

No @@ -15551,9 +15971,9 @@ Bind UDP sockets to the howl port. domain - +

The type of the process performing this action. - +

No @@ -15593,9 +16013,9 @@ Bind UDP sockets to the hplip port. domain - +

The type of the process performing this action. - +

No @@ -15635,9 +16055,9 @@ Bind UDP sockets to the http_cache port. domain - +

The type of the process performing this action. - +

No @@ -15677,9 +16097,9 @@ Bind UDP sockets to the http port. domain - +

The type of the process performing this action. - +

No @@ -15719,9 +16139,9 @@ Bind UDP sockets to the i18n_input port. domain - +

The type of the process performing this action. - +

No @@ -15761,9 +16181,9 @@ Bind UDP sockets to the imaze port. domain - +

The type of the process performing this action. - +

No @@ -15803,9 +16223,9 @@ Bind UDP sockets to the inaddr_any node. domain - +

The type of the process performing this action. - +

No @@ -15845,9 +16265,9 @@ Bind UDP sockets to the inetd_child port. domain - +

The type of the process performing this action. - +

No @@ -15887,9 +16307,9 @@ Bind UDP sockets to the innd port. domain - +

The type of the process performing this action. - +

No @@ -15929,9 +16349,9 @@ Bind UDP sockets to the ipp port. domain - +

The type of the process performing this action. - +

No @@ -15971,9 +16391,9 @@ Bind UDP sockets to the ircd port. domain - +

The type of the process performing this action. - +

No @@ -16013,9 +16433,9 @@ Bind UDP sockets to the isakmp port. domain - +

The type of the process performing this action. - +

No @@ -16055,9 +16475,9 @@ Bind UDP sockets to the jabber_client port. domain - +

The type of the process performing this action. - +

No @@ -16097,9 +16517,9 @@ Bind UDP sockets to the jabber_interserver port. domain - +

The type of the process performing this action. - +

No @@ -16139,9 +16559,9 @@ Bind UDP sockets to the kerberos_admin port. domain - +

The type of the process performing this action. - +

No @@ -16181,9 +16601,9 @@ Bind UDP sockets to the kerberos_master port. domain - +

The type of the process performing this action. - +

No @@ -16223,9 +16643,9 @@ Bind UDP sockets to the kerberos port. domain - +

The type of the process performing this action. - +

No @@ -16265,9 +16685,9 @@ Bind UDP sockets to the ktalkd port. domain - +

The type of the process performing this action. - +

No @@ -16307,9 +16727,9 @@ Bind UDP sockets to the ldap port. domain - +

The type of the process performing this action. - +

No @@ -16349,9 +16769,9 @@ Bind UDP sockets to the link_local node. domain - +

The type of the process performing this action. - +

No @@ -16391,9 +16811,9 @@ Bind UDP sockets to the lo node. domain - +

The type of the process performing this action. - +

No @@ -16433,9 +16853,9 @@ Bind UDP sockets to the mail port. domain - +

The type of the process performing this action. - +

No @@ -16475,9 +16895,9 @@ Bind UDP sockets to the mapped_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -16517,9 +16937,9 @@ Bind UDP sockets to the monopd port. domain - +

The type of the process performing this action. - +

No @@ -16559,9 +16979,9 @@ Bind UDP sockets to the multicast node. domain - +

The type of the process performing this action. - +

No @@ -16601,9 +17021,9 @@ Bind UDP sockets to the mysqld port. domain - +

The type of the process performing this action. - +

No @@ -16643,9 +17063,9 @@ Bind UDP sockets to the nessus port. domain - +

The type of the process performing this action. - +

No @@ -16685,9 +17105,9 @@ Bind UDP sockets to the nmbd port. domain - +

The type of the process performing this action. - +

No @@ -16727,9 +17147,9 @@ Bind UDP sockets to the ntp port. domain - +

The type of the process performing this action. - +

No @@ -16769,9 +17189,9 @@ Bind UDP sockets to the openvpn port. domain - +

The type of the process performing this action. - +

No @@ -16811,9 +17231,9 @@ Bind UDP sockets to the pegasus_http port. domain - +

The type of the process performing this action. - +

No @@ -16853,9 +17273,9 @@ Bind UDP sockets to the pegasus_https port. domain - +

The type of the process performing this action. - +

No @@ -16895,9 +17315,9 @@ Bind UDP sockets to the pop port. domain - +

The type of the process performing this action. - +

No @@ -16937,9 +17357,9 @@ Bind UDP sockets to the portmap port. domain - +

The type of the process performing this action. - +

No @@ -16979,9 +17399,9 @@ Bind UDP sockets to the postgresql port. domain - +

The type of the process performing this action. - +

No @@ -17021,9 +17441,9 @@ Bind UDP sockets to the postgrey port. domain - +

The type of the process performing this action. - +

No @@ -17063,9 +17483,9 @@ Bind UDP sockets to the printer port. domain - +

The type of the process performing this action. - +

No @@ -17105,9 +17525,9 @@ Bind UDP sockets to the ptal port. domain - +

The type of the process performing this action. - +

No @@ -17147,9 +17567,9 @@ Bind UDP sockets to the pxe port. domain - +

The type of the process performing this action. - +

No @@ -17189,9 +17609,9 @@ Bind UDP sockets to the pyzor port. domain - +

The type of the process performing this action. - +

No @@ -17231,9 +17651,9 @@ Bind UDP sockets to the radacct port. domain - +

The type of the process performing this action. - +

No @@ -17273,9 +17693,9 @@ Bind UDP sockets to the radius port. domain - +

The type of the process performing this action. - +

No @@ -17315,9 +17735,9 @@ Bind UDP sockets to the razor port. domain - +

The type of the process performing this action. - +

No @@ -17357,9 +17777,9 @@ Bind UDP sockets to generic reserved ports. domain - +

The type of the process performing this action. - +

No @@ -17399,9 +17819,9 @@ Bind UDP sockets to the rlogind port. domain - +

The type of the process performing this action. - +

No @@ -17441,9 +17861,51 @@ Bind UDP sockets to the rndc port. domain - +

The type of the process performing this action. +

+ +No + + + +
+
+ + +
+ + +
+ +corenet_udp_bind_router_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Bind UDP sockets to the router port. +

+ +
Parameters
+ + + + @@ -17483,9 +17945,9 @@ Bind UDP sockets to the rsh port. @@ -17525,9 +17987,9 @@ Bind UDP sockets to the rsync port. @@ -17567,9 +18029,9 @@ Bind UDP sockets to the site_local node. @@ -17609,9 +18071,9 @@ Bind UDP sockets to the smbd port. @@ -17651,9 +18113,9 @@ Bind UDP sockets to the smtp port. @@ -17693,9 +18155,9 @@ Bind UDP sockets to the snmp port. @@ -17735,9 +18197,9 @@ Bind UDP sockets to the soundd port. @@ -17777,9 +18239,9 @@ Bind UDP sockets to the spamd port. @@ -17819,9 +18281,9 @@ Bind UDP sockets to the ssh port. @@ -17861,9 +18323,9 @@ Bind UDP sockets to the swat port. @@ -17903,9 +18365,9 @@ Bind UDP sockets to the syslogd port. @@ -17945,9 +18407,9 @@ Bind UDP sockets to the telnetd port. @@ -17987,9 +18449,9 @@ Bind UDP sockets to the tftp port. @@ -18029,9 +18491,9 @@ Bind UDP sockets to the transproxy port. @@ -18071,9 +18533,9 @@ Bind UDP sockets to the unspec node. @@ -18113,9 +18575,9 @@ Bind UDP sockets to the uucpd port. @@ -18155,9 +18617,9 @@ Bind UDP sockets to the vnc port. @@ -18197,9 +18659,9 @@ Bind UDP sockets to the xserver port. @@ -18239,9 +18701,9 @@ Bind UDP sockets to the zebra port. @@ -18281,9 +18743,9 @@ Bind UDP sockets to the zope port. @@ -18323,9 +18785,9 @@ Receive UDP traffic on the afs_bos port. @@ -18365,9 +18827,9 @@ Receive UDP traffic on the afs_fs port. @@ -18407,9 +18869,9 @@ Receive UDP traffic on the afs_ka port. @@ -18449,9 +18911,9 @@ Receive UDP traffic on the afs_pt port. @@ -18491,9 +18953,9 @@ Receive UDP traffic on the afs_vl port. @@ -18533,9 +18995,9 @@ Receive UDP network traffic on all interfaces. @@ -18575,9 +19037,9 @@ Receive UDP network traffic on all nodes. @@ -18617,9 +19079,9 @@ Receive UDP network traffic on all ports. @@ -18659,9 +19121,9 @@ Receive UDP network traffic on all reserved ports. @@ -18676,7 +19138,49 @@ No
-corenet_udp_receive_amanda_port( +corenet_udp_receive_amanda_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Receive UDP traffic on the amanda port. +

+ + +
Parameters
+
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +corenet_udp_receive_amavisd_recv_port( @@ -18690,7 +19194,7 @@ No
Summary

-Receive UDP traffic on the amanda port. +Receive UDP traffic on the amavisd_recv port.

@@ -18701,9 +19205,9 @@ Receive UDP traffic on the amanda port. domain - +

The type of the process performing this action. - +

No @@ -18712,13 +19216,13 @@ No
- +
-corenet_udp_receive_amavisd_recv_port( +corenet_udp_receive_amavisd_send_port( @@ -18732,7 +19236,7 @@ No
Summary

-Receive UDP traffic on the amavisd_recv port. +Receive UDP traffic on the amavisd_send port.

@@ -18743,9 +19247,9 @@ Receive UDP traffic on the amavisd_recv port. domain - +

The type of the process performing this action. - +

No @@ -18754,13 +19258,13 @@ No
- +
-corenet_udp_receive_amavisd_send_port( +corenet_udp_receive_asterisk_port( @@ -18774,7 +19278,7 @@ No
Summary

-Receive UDP traffic on the amavisd_send port. +Receive UDP traffic on the asterisk port.

@@ -18785,9 +19289,9 @@ Receive UDP traffic on the amavisd_send port. domain - +

The type of the process performing this action. - +

No @@ -18796,13 +19300,13 @@ No
- +
-corenet_udp_receive_asterisk_port( +corenet_udp_receive_auth_port( @@ -18816,7 +19320,7 @@ No
Summary

-Receive UDP traffic on the asterisk port. +Receive UDP traffic on the auth port.

@@ -18827,9 +19331,9 @@ Receive UDP traffic on the asterisk port. domain - +

The type of the process performing this action. - +

No @@ -18838,13 +19342,13 @@ No
- +
-corenet_udp_receive_auth_port( +corenet_udp_receive_bgp_port( @@ -18858,7 +19362,7 @@ No
Summary

-Receive UDP traffic on the auth port. +Receive UDP traffic on the bgp port.

@@ -18869,9 +19373,9 @@ Receive UDP traffic on the auth port. domain - +

The type of the process performing this action. - +

No @@ -18911,9 +19415,9 @@ Receive UDP traffic on the clamd port. domain - +

The type of the process performing this action. - +

No @@ -18953,9 +19457,9 @@ Receive UDP traffic on the clockspeed port. domain - +

The type of the process performing this action. - +

No @@ -18995,9 +19499,9 @@ Receive UDP traffic on the compat_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -19037,9 +19541,9 @@ Receive UDP traffic on the comsat port. domain - +

The type of the process performing this action. - +

No @@ -19079,9 +19583,9 @@ Receive UDP traffic on the cvs port. domain - +

The type of the process performing this action. - +

No @@ -19121,9 +19625,9 @@ Receive UDP traffic on the dbskkd port. domain - +

The type of the process performing this action. - +

No @@ -19163,9 +19667,9 @@ Receive UDP traffic on the dcc port. domain - +

The type of the process performing this action. - +

No @@ -19205,9 +19709,9 @@ Receive UDP traffic on the dhcpc port. domain - +

The type of the process performing this action. - +

No @@ -19247,9 +19751,9 @@ Receive UDP traffic on the dhcpd port. domain - +

The type of the process performing this action. - +

No @@ -19289,9 +19793,9 @@ Receive UDP traffic on the dict port. domain - +

The type of the process performing this action. - +

No @@ -19331,9 +19835,9 @@ Receive UDP traffic on the distccd port. domain - +

The type of the process performing this action. - +

No @@ -19373,9 +19877,9 @@ Receive UDP traffic on the dns port. domain - +

The type of the process performing this action. - +

No @@ -19415,9 +19919,9 @@ Receive UDP traffic on the fingerd port. domain - +

The type of the process performing this action. - +

No @@ -19457,9 +19961,9 @@ Receive UDP traffic on the ftp_data port. domain - +

The type of the process performing this action. - +

No @@ -19499,9 +20003,9 @@ Receive UDP traffic on the ftp port. domain - +

The type of the process performing this action. - +

No @@ -19541,9 +20045,9 @@ Receive UDP traffic on the gatekeeper port. domain - +

The type of the process performing this action. - +

No @@ -19583,9 +20087,9 @@ Receive UDP network traffic on generic interfaces. domain - +

The type of the process performing this action. - +

No @@ -19625,9 +20129,9 @@ Receive UDP network traffic on generic nodes. domain - +

The type of the process performing this action. - +

No @@ -19667,9 +20171,9 @@ Receive UDP network traffic on generic ports. domain - +

The type of the process performing this action. - +

No @@ -19709,9 +20213,9 @@ Receive UDP traffic on the giftd port. domain - +

The type of the process performing this action. - +

No @@ -19751,9 +20255,9 @@ Receive UDP traffic on the gopher port. domain - +

The type of the process performing this action. - +

No @@ -19793,9 +20297,9 @@ Receive UDP traffic on the howl port. domain - +

The type of the process performing this action. - +

No @@ -19835,9 +20339,9 @@ Receive UDP traffic on the hplip port. domain - +

The type of the process performing this action. - +

No @@ -19877,9 +20381,9 @@ Receive UDP traffic on the http_cache port. domain - +

The type of the process performing this action. - +

No @@ -19919,9 +20423,9 @@ Receive UDP traffic on the http port. domain - +

The type of the process performing this action. - +

No @@ -19961,9 +20465,9 @@ Receive UDP traffic on the i18n_input port. domain - +

The type of the process performing this action. - +

No @@ -20003,9 +20507,9 @@ Receive UDP traffic on the imaze port. domain - +

The type of the process performing this action. - +

No @@ -20045,9 +20549,9 @@ Receive UDP traffic on the inaddr_any node. domain - +

The type of the process performing this action. - +

No @@ -20087,9 +20591,9 @@ Receive UDP traffic on the inetd_child port. domain - +

The type of the process performing this action. - +

No @@ -20129,9 +20633,9 @@ Receive UDP traffic on the innd port. domain - +

The type of the process performing this action. - +

No @@ -20171,9 +20675,9 @@ Receive UDP traffic on the ipp port. domain - +

The type of the process performing this action. - +

No @@ -20213,9 +20717,9 @@ Receive UDP traffic on the ircd port. domain - +

The type of the process performing this action. - +

No @@ -20255,9 +20759,9 @@ Receive UDP traffic on the isakmp port. domain - +

The type of the process performing this action. - +

No @@ -20297,9 +20801,9 @@ Receive UDP traffic on the jabber_client port. domain - +

The type of the process performing this action. - +

No @@ -20339,9 +20843,9 @@ Receive UDP traffic on the jabber_interserver port. domain - +

The type of the process performing this action. - +

No @@ -20381,9 +20885,9 @@ Receive UDP traffic on the kerberos_admin port. domain - +

The type of the process performing this action. - +

No @@ -20423,9 +20927,9 @@ Receive UDP traffic on the kerberos_master port. domain - +

The type of the process performing this action. - +

No @@ -20465,9 +20969,9 @@ Receive UDP traffic on the kerberos port. domain - +

The type of the process performing this action. - +

No @@ -20507,9 +21011,9 @@ Receive UDP traffic on the ktalkd port. domain - +

The type of the process performing this action. - +

No @@ -20549,9 +21053,9 @@ Receive UDP traffic on the ldap port. domain - +

The type of the process performing this action. - +

No @@ -20591,9 +21095,9 @@ Receive UDP traffic on the link_local node. domain - +

The type of the process performing this action. - +

No @@ -20633,9 +21137,9 @@ Receive UDP network traffic on the lo interface. domain - +

The type of the process performing this action. - +

No @@ -20675,9 +21179,9 @@ Receive UDP traffic on the lo node. domain - +

The type of the process performing this action. - +

No @@ -20717,9 +21221,9 @@ Receive UDP traffic on the mail port. domain - +

The type of the process performing this action. - +

No @@ -20759,9 +21263,9 @@ Receive UDP traffic on the mapped_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -20801,9 +21305,9 @@ Receive UDP traffic on the monopd port. domain - +

The type of the process performing this action. - +

No @@ -20843,9 +21347,9 @@ Receive UDP traffic on the multicast node. domain - +

The type of the process performing this action. - +

No @@ -20885,9 +21389,9 @@ Receive UDP traffic on the mysqld port. domain - +

The type of the process performing this action. - +

No @@ -20927,9 +21431,9 @@ Receive UDP traffic on the nessus port. domain - +

The type of the process performing this action. - +

No @@ -20969,9 +21473,9 @@ Receive UDP traffic on the nmbd port. domain - +

The type of the process performing this action. - +

No @@ -21011,9 +21515,9 @@ Receive UDP traffic on the ntp port. domain - +

The type of the process performing this action. - +

No @@ -21053,9 +21557,9 @@ Receive UDP traffic on the openvpn port. domain - +

The type of the process performing this action. - +

No @@ -21095,9 +21599,9 @@ Receive UDP traffic on the pegasus_http port. domain - +

The type of the process performing this action. - +

No @@ -21137,9 +21641,9 @@ Receive UDP traffic on the pegasus_https port. domain - +

The type of the process performing this action. - +

No @@ -21179,9 +21683,9 @@ Receive UDP traffic on the pop port. domain - +

The type of the process performing this action. - +

No @@ -21221,9 +21725,9 @@ Receive UDP traffic on the portmap port. domain - +

The type of the process performing this action. - +

No @@ -21263,9 +21767,9 @@ Receive UDP traffic on the postgresql port. domain - +

The type of the process performing this action. - +

No @@ -21305,9 +21809,9 @@ Receive UDP traffic on the postgrey port. domain - +

The type of the process performing this action. - +

No @@ -21347,9 +21851,9 @@ Receive UDP traffic on the printer port. domain - +

The type of the process performing this action. - +

No @@ -21389,9 +21893,9 @@ Receive UDP traffic on the ptal port. domain - +

The type of the process performing this action. - +

No @@ -21431,9 +21935,9 @@ Receive UDP traffic on the pxe port. domain - +

The type of the process performing this action. - +

No @@ -21473,9 +21977,9 @@ Receive UDP traffic on the pyzor port. domain - +

The type of the process performing this action. - +

No @@ -21515,9 +22019,9 @@ Receive UDP traffic on the radacct port. domain - +

The type of the process performing this action. - +

No @@ -21557,9 +22061,9 @@ Receive UDP traffic on the radius port. domain - +

The type of the process performing this action. - +

No @@ -21599,9 +22103,9 @@ Receive UDP traffic on the razor port. domain - +

The type of the process performing this action. - +

No @@ -21641,9 +22145,9 @@ Receive UDP network traffic on generic reserved ports. domain - +

The type of the process performing this action. - +

No @@ -21683,9 +22187,9 @@ Receive UDP traffic on the rlogind port. domain - +

The type of the process performing this action. - +

No @@ -21725,9 +22229,51 @@ Receive UDP traffic on the rndc port. domain - +

The type of the process performing this action. +

+ +No + + + +
+
+ + +
+ + +
+ +corenet_udp_receive_router_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Receive UDP traffic on the router port. +

+ +
Parameters
+ + + + @@ -21767,9 +22313,9 @@ Receive UDP traffic on the rsh port. @@ -21809,9 +22355,9 @@ Receive UDP traffic on the rsync port. @@ -21851,9 +22397,9 @@ Receive UDP traffic on the site_local node. @@ -21893,9 +22439,9 @@ Receive UDP traffic on the smbd port. @@ -21935,9 +22481,9 @@ Receive UDP traffic on the smtp port. @@ -21977,9 +22523,9 @@ Receive UDP traffic on the snmp port. @@ -22019,9 +22565,9 @@ Receive UDP traffic on the soundd port. @@ -22061,9 +22607,9 @@ Receive UDP traffic on the spamd port. @@ -22103,9 +22649,9 @@ Receive UDP traffic on the ssh port. @@ -22145,9 +22691,9 @@ Receive UDP traffic on the swat port. @@ -22187,9 +22733,9 @@ Receive UDP traffic on the syslogd port. @@ -22229,9 +22775,9 @@ Receive UDP traffic on the telnetd port. @@ -22271,9 +22817,9 @@ Receive UDP traffic on the tftp port. @@ -22313,9 +22859,9 @@ Receive UDP traffic on the transproxy port. @@ -22355,9 +22901,9 @@ Receive UDP traffic on the unspec node. @@ -22397,9 +22943,9 @@ Receive UDP traffic on the uucpd port. @@ -22439,9 +22985,9 @@ Receive UDP traffic on the vnc port. @@ -22481,9 +23027,9 @@ Receive UDP traffic on the xserver port. @@ -22523,9 +23069,9 @@ Receive UDP traffic on the zebra port. @@ -22565,9 +23111,9 @@ Receive UDP traffic on the zope port. @@ -22607,9 +23153,9 @@ Send UDP traffic on the afs_bos port. @@ -22649,9 +23195,9 @@ Send UDP traffic on the afs_fs port. @@ -22691,9 +23237,9 @@ Send UDP traffic on the afs_ka port. @@ -22733,9 +23279,9 @@ Send UDP traffic on the afs_pt port. @@ -22775,9 +23321,9 @@ Send UDP traffic on the afs_vl port. @@ -22817,9 +23363,9 @@ Send UDP network traffic on all interfaces. @@ -22859,9 +23405,9 @@ Send UDP network traffic on all nodes. @@ -22901,9 +23447,9 @@ Send UDP network traffic on all ports. @@ -22943,9 +23489,9 @@ Send UDP network traffic on all reserved ports. @@ -22960,7 +23506,49 @@ No
-corenet_udp_send_amanda_port( +corenet_udp_send_amanda_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send UDP traffic on the amanda port. +

+ + +
Parameters
+
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +corenet_udp_send_amavisd_recv_port( @@ -22974,7 +23562,7 @@ No
Summary

-Send UDP traffic on the amanda port. +Send UDP traffic on the amavisd_recv port.

@@ -22985,9 +23573,9 @@ Send UDP traffic on the amanda port. domain - +

The type of the process performing this action. - +

No @@ -22996,13 +23584,13 @@ No
- +
-corenet_udp_send_amavisd_recv_port( +corenet_udp_send_amavisd_send_port( @@ -23016,7 +23604,7 @@ No
Summary

-Send UDP traffic on the amavisd_recv port. +Send UDP traffic on the amavisd_send port.

@@ -23027,9 +23615,9 @@ Send UDP traffic on the amavisd_recv port. domain - +

The type of the process performing this action. - +

No @@ -23038,13 +23626,13 @@ No
- +
-corenet_udp_send_amavisd_send_port( +corenet_udp_send_asterisk_port( @@ -23058,7 +23646,7 @@ No
Summary

-Send UDP traffic on the amavisd_send port. +Send UDP traffic on the asterisk port.

@@ -23069,9 +23657,9 @@ Send UDP traffic on the amavisd_send port. domain - +

The type of the process performing this action. - +

No @@ -23080,13 +23668,13 @@ No
- +
-corenet_udp_send_asterisk_port( +corenet_udp_send_auth_port( @@ -23100,7 +23688,7 @@ No
Summary

-Send UDP traffic on the asterisk port. +Send UDP traffic on the auth port.

@@ -23111,9 +23699,9 @@ Send UDP traffic on the asterisk port. domain - +

The type of the process performing this action. - +

No @@ -23122,13 +23710,13 @@ No
- +
-corenet_udp_send_auth_port( +corenet_udp_send_bgp_port( @@ -23142,7 +23730,7 @@ No
Summary

-Send UDP traffic on the auth port. +Send UDP traffic on the bgp port.

@@ -23153,9 +23741,9 @@ Send UDP traffic on the auth port. domain - +

The type of the process performing this action. - +

No @@ -23195,9 +23783,9 @@ Send UDP traffic on the clamd port. domain - +

The type of the process performing this action. - +

No @@ -23237,9 +23825,9 @@ Send UDP traffic on the clockspeed port. domain - +

The type of the process performing this action. - +

No @@ -23279,9 +23867,9 @@ Send UDP traffic on the compat_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -23321,9 +23909,9 @@ Send UDP traffic on the comsat port. domain - +

The type of the process performing this action. - +

No @@ -23363,9 +23951,9 @@ Send UDP traffic on the cvs port. domain - +

The type of the process performing this action. - +

No @@ -23405,9 +23993,9 @@ Send UDP traffic on the dbskkd port. domain - +

The type of the process performing this action. - +

No @@ -23447,9 +24035,9 @@ Send UDP traffic on the dcc port. domain - +

The type of the process performing this action. - +

No @@ -23489,9 +24077,9 @@ Send UDP traffic on the dhcpc port. domain - +

The type of the process performing this action. - +

No @@ -23531,9 +24119,9 @@ Send UDP traffic on the dhcpd port. domain - +

The type of the process performing this action. - +

No @@ -23573,9 +24161,9 @@ Send UDP traffic on the dict port. domain - +

The type of the process performing this action. - +

No @@ -23615,9 +24203,9 @@ Send UDP traffic on the distccd port. domain - +

The type of the process performing this action. - +

No @@ -23657,9 +24245,9 @@ Send UDP traffic on the dns port. domain - +

The type of the process performing this action. - +

No @@ -23699,9 +24287,9 @@ Send UDP traffic on the fingerd port. domain - +

The type of the process performing this action. - +

No @@ -23741,9 +24329,9 @@ Send UDP traffic on the ftp_data port. domain - +

The type of the process performing this action. - +

No @@ -23783,9 +24371,9 @@ Send UDP traffic on the ftp port. domain - +

The type of the process performing this action. - +

No @@ -23825,9 +24413,9 @@ Send UDP traffic on the gatekeeper port. domain - +

The type of the process performing this action. - +

No @@ -23867,9 +24455,9 @@ Send UDP network traffic on generic interfaces. domain - +

The type of the process performing this action. - +

No @@ -23909,9 +24497,9 @@ Send UDP network traffic on generic nodes. domain - +

The type of the process performing this action. - +

No @@ -23951,9 +24539,9 @@ Send UDP network traffic on generic ports. domain - +

The type of the process performing this action. - +

No @@ -23993,9 +24581,9 @@ Send UDP traffic on the giftd port. domain - +

The type of the process performing this action. - +

No @@ -24035,9 +24623,9 @@ Send UDP traffic on the gopher port. domain - +

The type of the process performing this action. - +

No @@ -24077,9 +24665,9 @@ Send UDP traffic on the howl port. domain - +

The type of the process performing this action. - +

No @@ -24119,9 +24707,9 @@ Send UDP traffic on the hplip port. domain - +

The type of the process performing this action. - +

No @@ -24161,9 +24749,9 @@ Send UDP traffic on the http_cache port. domain - +

The type of the process performing this action. - +

No @@ -24203,9 +24791,9 @@ Send UDP traffic on the http port. domain - +

The type of the process performing this action. - +

No @@ -24245,9 +24833,9 @@ Send UDP traffic on the i18n_input port. domain - +

The type of the process performing this action. - +

No @@ -24287,9 +24875,9 @@ Send UDP traffic on the imaze port. domain - +

The type of the process performing this action. - +

No @@ -24329,9 +24917,9 @@ Send UDP traffic on the inaddr_any node. domain - +

The type of the process performing this action. - +

No @@ -24371,9 +24959,9 @@ Send UDP traffic on the inetd_child port. domain - +

The type of the process performing this action. - +

No @@ -24413,9 +25001,9 @@ Send UDP traffic on the innd port. domain - +

The type of the process performing this action. - +

No @@ -24455,9 +25043,9 @@ Send UDP traffic on the ipp port. domain - +

The type of the process performing this action. - +

No @@ -24497,9 +25085,9 @@ Send UDP traffic on the ircd port. domain - +

The type of the process performing this action. - +

No @@ -24539,9 +25127,9 @@ Send UDP traffic on the isakmp port. domain - +

The type of the process performing this action. - +

No @@ -24581,9 +25169,9 @@ Send UDP traffic on the jabber_client port. domain - +

The type of the process performing this action. - +

No @@ -24623,9 +25211,9 @@ Send UDP traffic on the jabber_interserver port. domain - +

The type of the process performing this action. - +

No @@ -24665,9 +25253,9 @@ Send UDP traffic on the kerberos_admin port. domain - +

The type of the process performing this action. - +

No @@ -24707,9 +25295,9 @@ Send UDP traffic on the kerberos_master port. domain - +

The type of the process performing this action. - +

No @@ -24749,9 +25337,9 @@ Send UDP traffic on the kerberos port. domain - +

The type of the process performing this action. - +

No @@ -24791,9 +25379,9 @@ Send UDP traffic on the ktalkd port. domain - +

The type of the process performing this action. - +

No @@ -24833,9 +25421,9 @@ Send UDP traffic on the ldap port. domain - +

The type of the process performing this action. - +

No @@ -24875,9 +25463,9 @@ Send UDP traffic on the link_local node. domain - +

The type of the process performing this action. - +

No @@ -24917,9 +25505,9 @@ Send UDP network traffic on the lo interface. domain - +

The type of the process performing this action. - +

No @@ -24959,9 +25547,9 @@ Send UDP traffic on the lo node. domain - +

The type of the process performing this action. - +

No @@ -25001,9 +25589,9 @@ Send UDP traffic on the mail port. domain - +

The type of the process performing this action. - +

No @@ -25043,9 +25631,9 @@ Send UDP traffic on the mapped_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -25085,9 +25673,9 @@ Send UDP traffic on the monopd port. domain - +

The type of the process performing this action. - +

No @@ -25127,9 +25715,9 @@ Send UDP traffic on the multicast node. domain - +

The type of the process performing this action. - +

No @@ -25169,9 +25757,9 @@ Send UDP traffic on the mysqld port. domain - +

The type of the process performing this action. - +

No @@ -25211,9 +25799,9 @@ Send UDP traffic on the nessus port. domain - +

The type of the process performing this action. - +

No @@ -25253,9 +25841,9 @@ Send UDP traffic on the nmbd port. domain - +

The type of the process performing this action. - +

No @@ -25295,9 +25883,9 @@ Send UDP traffic on the ntp port. domain - +

The type of the process performing this action. - +

No @@ -25337,9 +25925,9 @@ Send UDP traffic on the openvpn port. domain - +

The type of the process performing this action. - +

No @@ -25379,9 +25967,9 @@ Send UDP traffic on the pegasus_http port. domain - +

The type of the process performing this action. - +

No @@ -25421,9 +26009,9 @@ Send UDP traffic on the pegasus_https port. domain - +

The type of the process performing this action. - +

No @@ -25463,9 +26051,9 @@ Send UDP traffic on the pop port. domain - +

The type of the process performing this action. - +

No @@ -25505,9 +26093,9 @@ Send UDP traffic on the portmap port. domain - +

The type of the process performing this action. - +

No @@ -25547,9 +26135,9 @@ Send UDP traffic on the postgresql port. domain - +

The type of the process performing this action. - +

No @@ -25589,9 +26177,9 @@ Send UDP traffic on the postgrey port. domain - +

The type of the process performing this action. - +

No @@ -25631,9 +26219,9 @@ Send UDP traffic on the printer port. domain - +

The type of the process performing this action. - +

No @@ -25673,9 +26261,9 @@ Send UDP traffic on the ptal port. domain - +

The type of the process performing this action. - +

No @@ -25715,9 +26303,9 @@ Send UDP traffic on the pxe port. domain - +

The type of the process performing this action. - +

No @@ -25757,9 +26345,9 @@ Send UDP traffic on the pyzor port. domain - +

The type of the process performing this action. - +

No @@ -25799,9 +26387,9 @@ Send UDP traffic on the radacct port. domain - +

The type of the process performing this action. - +

No @@ -25841,9 +26429,9 @@ Send UDP traffic on the radius port. domain - +

The type of the process performing this action. - +

No @@ -25883,9 +26471,9 @@ Send UDP traffic on the razor port. domain - +

The type of the process performing this action. - +

No @@ -25925,9 +26513,9 @@ Send UDP network traffic on generic reserved ports. domain - +

The type of the process performing this action. - +

No @@ -25967,9 +26555,9 @@ Send UDP traffic on the rlogind port. domain - +

The type of the process performing this action. - +

No @@ -26009,9 +26597,51 @@ Send UDP traffic on the rndc port. domain - +

The type of the process performing this action. +

+ +No + + + +
+
+ + +
+ + +
+ +corenet_udp_send_router_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send UDP traffic on the router port. +

+ +
Parameters
+ + + + @@ -26051,9 +26681,9 @@ Send UDP traffic on the rsh port. @@ -26093,9 +26723,9 @@ Send UDP traffic on the rsync port. @@ -26135,9 +26765,9 @@ Send UDP traffic on the site_local node. @@ -26177,9 +26807,9 @@ Send UDP traffic on the smbd port. @@ -26219,9 +26849,9 @@ Send UDP traffic on the smtp port. @@ -26261,9 +26891,9 @@ Send UDP traffic on the snmp port. @@ -26303,9 +26933,9 @@ Send UDP traffic on the soundd port. @@ -26345,9 +26975,9 @@ Send UDP traffic on the spamd port. @@ -26387,9 +27017,9 @@ Send UDP traffic on the ssh port. @@ -26429,9 +27059,9 @@ Send UDP traffic on the swat port. @@ -26471,9 +27101,9 @@ Send UDP traffic on the syslogd port. @@ -26513,9 +27143,9 @@ Send UDP traffic on the telnetd port. @@ -26555,9 +27185,9 @@ Send UDP traffic on the tftp port. @@ -26597,9 +27227,9 @@ Send UDP traffic on the transproxy port. @@ -26639,9 +27269,9 @@ Send UDP traffic on the unspec node. @@ -26681,9 +27311,9 @@ Send UDP traffic on the uucpd port. @@ -26723,9 +27353,9 @@ Send UDP traffic on the vnc port. @@ -26765,9 +27395,9 @@ Send UDP traffic on the xserver port. @@ -26807,9 +27437,9 @@ Send UDP traffic on the zebra port. @@ -26849,9 +27479,9 @@ Send UDP traffic on the zope port. @@ -26891,9 +27521,9 @@ Send and receive UDP traffic on the afs_bos port. @@ -26933,9 +27563,9 @@ Send and receive UDP traffic on the afs_fs port. @@ -26975,9 +27605,9 @@ Send and receive UDP traffic on the afs_ka port. @@ -27017,9 +27647,9 @@ Send and receive UDP traffic on the afs_pt port. @@ -27059,9 +27689,9 @@ Send and receive UDP traffic on the afs_vl port. @@ -27101,9 +27731,9 @@ Send and receive UDP network traffic on all interfaces. @@ -27143,9 +27773,9 @@ Send and receive UDP network traffic on all nodes. @@ -27185,9 +27815,9 @@ Send and receive UDP network traffic on all ports. @@ -27227,9 +27857,9 @@ Send and receive UDP network traffic on all reserved ports. @@ -27258,7 +27888,49 @@ No
Summary

-Send and receive UDP traffic on the amanda port. +Send and receive UDP traffic on the amanda port. +

+ + +
Parameters
+
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +corenet_udp_sendrecv_amavisd_recv_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive UDP traffic on the amavisd_recv port.

@@ -27269,9 +27941,9 @@ Send and receive UDP traffic on the amanda port. domain - +

The type of the process performing this action. - +

No @@ -27280,13 +27952,13 @@ No
- +
-corenet_udp_sendrecv_amavisd_recv_port( +corenet_udp_sendrecv_amavisd_send_port( @@ -27300,7 +27972,7 @@ No
Summary

-Send and receive UDP traffic on the amavisd_recv port. +Send and receive UDP traffic on the amavisd_send port.

@@ -27311,9 +27983,9 @@ Send and receive UDP traffic on the amavisd_recv port. domain - +

The type of the process performing this action. - +

No @@ -27322,13 +27994,13 @@ No
- +
-corenet_udp_sendrecv_amavisd_send_port( +corenet_udp_sendrecv_asterisk_port( @@ -27342,7 +28014,7 @@ No
Summary

-Send and receive UDP traffic on the amavisd_send port. +Send and receive UDP traffic on the asterisk port.

@@ -27353,9 +28025,9 @@ Send and receive UDP traffic on the amavisd_send port. domain - +

The type of the process performing this action. - +

No @@ -27364,13 +28036,13 @@ No
- +
-corenet_udp_sendrecv_asterisk_port( +corenet_udp_sendrecv_auth_port( @@ -27384,7 +28056,7 @@ No
Summary

-Send and receive UDP traffic on the asterisk port. +Send and receive UDP traffic on the auth port.

@@ -27395,9 +28067,9 @@ Send and receive UDP traffic on the asterisk port. domain - +

The type of the process performing this action. - +

No @@ -27406,13 +28078,13 @@ No
- +
-corenet_udp_sendrecv_auth_port( +corenet_udp_sendrecv_bgp_port( @@ -27426,7 +28098,7 @@ No
Summary

-Send and receive UDP traffic on the auth port. +Send and receive UDP traffic on the bgp port.

@@ -27437,9 +28109,9 @@ Send and receive UDP traffic on the auth port. domain - +

The type of the process performing this action. - +

No @@ -27479,9 +28151,9 @@ Send and receive UDP traffic on the clamd port. domain - +

The type of the process performing this action. - +

No @@ -27521,9 +28193,9 @@ Send and receive UDP traffic on the clockspeed port. domain - +

The type of the process performing this action. - +

No @@ -27563,9 +28235,9 @@ Send and receive UDP traffic on the compat_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -27605,9 +28277,9 @@ Send and receive UDP traffic on the comsat port. domain - +

The type of the process performing this action. - +

No @@ -27647,9 +28319,9 @@ Send and receive UDP traffic on the cvs port. domain - +

The type of the process performing this action. - +

No @@ -27689,9 +28361,9 @@ Send and receive UDP traffic on the dbskkd port. domain - +

The type of the process performing this action. - +

No @@ -27731,9 +28403,9 @@ Send and receive UDP traffic on the dcc port. domain - +

The type of the process performing this action. - +

No @@ -27773,9 +28445,9 @@ Send and receive UDP traffic on the dhcpc port. domain - +

The type of the process performing this action. - +

No @@ -27815,9 +28487,9 @@ Send and receive UDP traffic on the dhcpd port. domain - +

The type of the process performing this action. - +

No @@ -27857,9 +28529,9 @@ Send and receive UDP traffic on the dict port. domain - +

The type of the process performing this action. - +

No @@ -27899,9 +28571,9 @@ Send and receive UDP traffic on the distccd port. domain - +

The type of the process performing this action. - +

No @@ -27941,9 +28613,9 @@ Send and receive UDP traffic on the dns port. domain - +

The type of the process performing this action. - +

No @@ -27983,9 +28655,9 @@ Send and receive UDP traffic on the fingerd port. domain - +

The type of the process performing this action. - +

No @@ -28025,9 +28697,9 @@ Send and receive UDP traffic on the ftp_data port. domain - +

The type of the process performing this action. - +

No @@ -28067,9 +28739,9 @@ Send and receive UDP traffic on the ftp port. domain - +

The type of the process performing this action. - +

No @@ -28109,9 +28781,9 @@ Send and receive UDP traffic on the gatekeeper port. domain - +

The type of the process performing this action. - +

No @@ -28151,9 +28823,9 @@ Send and Receive UDP network traffic on generic interfaces. domain - +

The type of the process performing this action. - +

No @@ -28193,9 +28865,9 @@ Send and receive UDP network traffic on generic nodes. domain - +

The type of the process performing this action. - +

No @@ -28235,9 +28907,9 @@ Send and receive UDP network traffic on generic ports. domain - +

The type of the process performing this action. - +

No @@ -28277,9 +28949,9 @@ Send and receive UDP traffic on the giftd port. domain - +

The type of the process performing this action. - +

No @@ -28319,9 +28991,9 @@ Send and receive UDP traffic on the gopher port. domain - +

The type of the process performing this action. - +

No @@ -28361,9 +29033,9 @@ Send and receive UDP traffic on the howl port. domain - +

The type of the process performing this action. - +

No @@ -28403,9 +29075,9 @@ Send and receive UDP traffic on the hplip port. domain - +

The type of the process performing this action. - +

No @@ -28445,9 +29117,9 @@ Send and receive UDP traffic on the http_cache port. domain - +

The type of the process performing this action. - +

No @@ -28487,9 +29159,9 @@ Send and receive UDP traffic on the http port. domain - +

The type of the process performing this action. - +

No @@ -28529,9 +29201,9 @@ Send and receive UDP traffic on the i18n_input port. domain - +

The type of the process performing this action. - +

No @@ -28571,9 +29243,9 @@ Send and receive UDP traffic on the imaze port. domain - +

The type of the process performing this action. - +

No @@ -28613,9 +29285,9 @@ Send and receive UDP traffic on the inaddr_any node. domain - +

The type of the process performing this action. - +

No @@ -28655,9 +29327,9 @@ Send and receive UDP traffic on the inetd_child port. domain - +

The type of the process performing this action. - +

No @@ -28697,9 +29369,9 @@ Send and receive UDP traffic on the innd port. domain - +

The type of the process performing this action. - +

No @@ -28739,9 +29411,9 @@ Send and receive UDP traffic on the ipp port. domain - +

The type of the process performing this action. - +

No @@ -28781,9 +29453,9 @@ Send and receive UDP traffic on the ircd port. domain - +

The type of the process performing this action. - +

No @@ -28823,9 +29495,9 @@ Send and receive UDP traffic on the isakmp port. domain - +

The type of the process performing this action. - +

No @@ -28865,9 +29537,9 @@ Send and receive UDP traffic on the jabber_client port. domain - +

The type of the process performing this action. - +

No @@ -28907,9 +29579,9 @@ Send and receive UDP traffic on the jabber_interserver port. domain - +

The type of the process performing this action. - +

No @@ -28949,9 +29621,9 @@ Send and receive UDP traffic on the kerberos_admin port. domain - +

The type of the process performing this action. - +

No @@ -28991,9 +29663,9 @@ Send and receive UDP traffic on the kerberos_master port. domain - +

The type of the process performing this action. - +

No @@ -29033,9 +29705,9 @@ Send and receive UDP traffic on the kerberos port. domain - +

The type of the process performing this action. - +

No @@ -29075,9 +29747,9 @@ Send and receive UDP traffic on the ktalkd port. domain - +

The type of the process performing this action. - +

No @@ -29117,9 +29789,9 @@ Send and receive UDP traffic on the ldap port. domain - +

The type of the process performing this action. - +

No @@ -29159,9 +29831,9 @@ Send and receive UDP traffic on the link_local node. domain - +

The type of the process performing this action. - +

No @@ -29201,9 +29873,9 @@ Send and receive UDP network traffic on the lo interface. domain - +

The type of the process performing this action. - +

No @@ -29243,9 +29915,9 @@ Send and receive UDP traffic on the lo node. domain - +

The type of the process performing this action. - +

No @@ -29285,9 +29957,9 @@ Send and receive UDP traffic on the mail port. domain - +

The type of the process performing this action. - +

No @@ -29327,9 +29999,9 @@ Send and receive UDP traffic on the mapped_ipv4 node. domain - +

The type of the process performing this action. - +

No @@ -29369,9 +30041,9 @@ Send and receive UDP traffic on the monopd port. domain - +

The type of the process performing this action. - +

No @@ -29411,9 +30083,9 @@ Send and receive UDP traffic on the multicast node. domain - +

The type of the process performing this action. - +

No @@ -29453,9 +30125,9 @@ Send and receive UDP traffic on the mysqld port. domain - +

The type of the process performing this action. - +

No @@ -29495,9 +30167,9 @@ Send and receive UDP traffic on the nessus port. domain - +

The type of the process performing this action. - +

No @@ -29537,9 +30209,9 @@ Send and receive UDP traffic on the nmbd port. domain - +

The type of the process performing this action. - +

No @@ -29579,9 +30251,9 @@ Send and receive UDP traffic on the ntp port. domain - +

The type of the process performing this action. - +

No @@ -29621,9 +30293,9 @@ Send and receive UDP traffic on the openvpn port. domain - +

The type of the process performing this action. - +

No @@ -29663,9 +30335,9 @@ Send and receive UDP traffic on the pegasus_http port. domain - +

The type of the process performing this action. - +

No @@ -29705,9 +30377,9 @@ Send and receive UDP traffic on the pegasus_https port. domain - +

The type of the process performing this action. - +

No @@ -29747,9 +30419,9 @@ Send and receive UDP traffic on the pop port. domain - +

The type of the process performing this action. - +

No @@ -29789,9 +30461,9 @@ Send and receive UDP traffic on the portmap port. domain - +

The type of the process performing this action. - +

No @@ -29831,9 +30503,9 @@ Send and receive UDP traffic on the postgresql port. domain - +

The type of the process performing this action. - +

No @@ -29873,9 +30545,9 @@ Send and receive UDP traffic on the postgrey port. domain - +

The type of the process performing this action. - +

No @@ -29915,9 +30587,9 @@ Send and receive UDP traffic on the printer port. domain - +

The type of the process performing this action. - +

No @@ -29957,9 +30629,9 @@ Send and receive UDP traffic on the ptal port. domain - +

The type of the process performing this action. - +

No @@ -29999,9 +30671,9 @@ Send and receive UDP traffic on the pxe port. domain - +

The type of the process performing this action. - +

No @@ -30041,9 +30713,9 @@ Send and receive UDP traffic on the pyzor port. domain - +

The type of the process performing this action. - +

No @@ -30083,9 +30755,9 @@ Send and receive UDP traffic on the radacct port. domain - +

The type of the process performing this action. - +

No @@ -30125,9 +30797,9 @@ Send and receive UDP traffic on the radius port. domain - +

The type of the process performing this action. - +

No @@ -30167,9 +30839,9 @@ Send and receive UDP traffic on the razor port. domain - +

The type of the process performing this action. - +

No @@ -30209,9 +30881,9 @@ Send and receive UDP network traffic on generic reserved ports. domain - +

The type of the process performing this action. - +

No @@ -30251,9 +30923,9 @@ Send and receive UDP traffic on the rlogind port. domain - +

The type of the process performing this action. - +

No @@ -30293,9 +30965,51 @@ Send and receive UDP traffic on the rndc port. domain - +

The type of the process performing this action. +

+ +No + + + +
+
+ + +
+ + +
+ +corenet_udp_sendrecv_router_port( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive UDP traffic on the router port. +

+ + +
Parameters
+ + + @@ -30335,9 +31049,9 @@ Send and receive UDP traffic on the rsh port. @@ -30377,9 +31091,9 @@ Send and receive UDP traffic on the rsync port. @@ -30419,9 +31133,9 @@ Send and receive UDP traffic on the site_local node. @@ -30461,9 +31175,9 @@ Send and receive UDP traffic on the smbd port. @@ -30503,9 +31217,9 @@ Send and receive UDP traffic on the smtp port. @@ -30545,9 +31259,9 @@ Send and receive UDP traffic on the snmp port. @@ -30587,9 +31301,9 @@ Send and receive UDP traffic on the soundd port. @@ -30629,9 +31343,9 @@ Send and receive UDP traffic on the spamd port. @@ -30671,9 +31385,9 @@ Send and receive UDP traffic on the ssh port. @@ -30713,9 +31427,9 @@ Send and receive UDP traffic on the swat port. @@ -30755,9 +31469,9 @@ Send and receive UDP traffic on the syslogd port. @@ -30797,9 +31511,9 @@ Send and receive UDP traffic on the telnetd port. @@ -30839,9 +31553,9 @@ Send and receive UDP traffic on the tftp port. @@ -30881,9 +31595,9 @@ Send and receive UDP traffic on the transproxy port. @@ -30923,9 +31637,9 @@ Send and receive UDP traffic on the unspec node. @@ -30965,9 +31679,9 @@ Send and receive UDP traffic on the uucpd port. @@ -31007,9 +31721,9 @@ Send and receive UDP traffic on the vnc port. @@ -31049,9 +31763,9 @@ Send and receive UDP traffic on the xserver port. @@ -31091,9 +31805,9 @@ Send and receive UDP traffic on the zebra port. @@ -31133,9 +31847,9 @@ Send and receive UDP traffic on the zope port. @@ -31175,93 +31889,9 @@ Unconfined access to network objects. - -
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - -The domain allowed access. - - -No -
-
-
- - -
- - -
- -corenet_use_ppp_device( - - - - - domain - - - )
-
-
- -
Summary

-Read and write the point-to-point device. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - The domain allowed access. - - -No -
-
-
- - -
- - -
- -corenet_use_tun_tap_device( - - - - - domain - - - )
-
-
- -
Summary
-

-Read and write the TUN/TAP virtual network device.

- - -
Parameters
- - - - diff --git a/www/api-docs/kernel_devices.html b/www/api-docs/kernel_devices.html index 28977b7..e1820d8 100644 --- a/www/api-docs/kernel_devices.html +++ b/www/api-docs/kernel_devices.html @@ -25,9 +25,6 @@ kernel
-    -  - bootloader
-    -  corecommands
@@ -49,6 +46,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -155,9 +155,9 @@ Append the printer device.
@@ -177,7 +177,7 @@ No - domain + file_type )
@@ -186,7 +186,7 @@ No
Summary

-Mount a usbfs filesystem. +Associate a file to a usbfs filesystem.

@@ -195,11 +195,11 @@ Mount a usbfs filesystem. @@ -208,13 +208,13 @@ No - +
-dev_create_cardmgr( +dev_create_cardmgr_dev( @@ -241,9 +241,9 @@ with the correct type.
@@ -252,13 +252,13 @@ No - +
-dev_create_dir( +dev_create_generic_chr_files( @@ -272,7 +272,7 @@ No
Summary

-Create a directory in the device directory. +Allow read, write, and create for generic character device files.

@@ -283,9 +283,9 @@ Create a directory in the device directory.
@@ -294,13 +294,13 @@ No - +
-dev_create_generic_chr_file( +dev_create_generic_dirs( @@ -314,7 +314,7 @@ No
Summary

-Allow read, write, and create for generic character device files. +Create a directory in the device directory.

@@ -325,9 +325,9 @@ Allow read, write, and create for generic character device files.
@@ -336,13 +336,13 @@ No - +
-dev_del_generic_symlinks( +dev_delete_generic_files( @@ -356,7 +356,7 @@ No
Summary

-Delete symbolic links in device directories. +Delete generic files in /dev.

@@ -367,9 +367,9 @@ Delete symbolic links in device directories.
@@ -378,13 +378,13 @@ No - +
-dev_delete_generic_file( +dev_delete_generic_symlinks( @@ -398,7 +398,7 @@ No
Summary

-Delete generic files in /dev. +Delete symbolic links in device directories.

@@ -409,9 +409,9 @@ Delete generic files in /dev.
@@ -420,13 +420,13 @@ No - +
-dev_delete_lvm_control( +dev_delete_lvm_control_dev( @@ -451,9 +451,9 @@ Delete the lvm control device.
@@ -493,9 +493,9 @@ Dontaudit getattr on all block file device nodes. @@ -535,9 +535,9 @@ Dontaudit getattr on all character file device nodes. @@ -546,13 +546,13 @@ No - +
-dev_dontaudit_getattr_apm_bios( +dev_dontaudit_getattr_apm_bios_dev( @@ -578,9 +578,9 @@ the apm bios device node.
@@ -589,13 +589,13 @@ No - +
-dev_dontaudit_getattr_generic_blk_file( +dev_dontaudit_getattr_generic_blk_files( @@ -620,9 +620,9 @@ Dontaudit getattr on generic block devices.
@@ -631,13 +631,13 @@ No - +
-dev_dontaudit_getattr_generic_chr_file( +dev_dontaudit_getattr_generic_chr_files( @@ -662,9 +662,9 @@ Dontaudit getattr for generic character device files.
@@ -673,13 +673,13 @@ No - +
-dev_dontaudit_getattr_generic_pipe( +dev_dontaudit_getattr_generic_pipes( @@ -704,9 +704,9 @@ Dontaudit getattr on generic pipes.
@@ -746,9 +746,9 @@ dontaudit getattr raw memory devices (e.g. /dev/mem). @@ -757,13 +757,13 @@ No - +
-dev_dontaudit_getattr_misc( +dev_dontaudit_getattr_misc_dev( @@ -789,9 +789,9 @@ of miscellaneous devices.
@@ -800,13 +800,13 @@ No - +
-dev_dontaudit_getattr_scanner( +dev_dontaudit_getattr_scanner_dev( @@ -832,9 +832,9 @@ the scanner device.
@@ -843,13 +843,13 @@ No - +
-dev_dontaudit_getattr_usbfs_dir( +dev_dontaudit_getattr_usbfs_dirs( @@ -875,9 +875,9 @@ of a directory in the usb filesystem.
@@ -918,9 +918,9 @@ of video4linux device nodes. @@ -960,9 +960,9 @@ Dontaudit attempts to list all device nodes. @@ -1002,9 +1002,9 @@ Dontaudit read on all block file device nodes. @@ -1044,9 +1044,9 @@ Dontaudit read on all character file device nodes. @@ -1086,9 +1086,52 @@ Do not audit attempts to read the framebuffer. + +
Parameter:Description:Optional:
-domain - - -The domain allowed access. - No
domain - +

Domain allowed access. - +

 No
Parameter:Description:Optional:
-domain +file_type - -The type of the process performing this action. - +

+The type of the file to be associated to usbfs. +

 No
domain - +

Domain allowed access. - +

 No
domain - -Domain allowed to create the directory. - +

+Domain allowed access. +

 No
domain - -Domain allowed access. - +

+Domain allowed to create the directory. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain to dontaudit access. - +

 No
domain - +

Domain to dontaudit access. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to dontaudit access. - +

 No
domain - +

Domain to dontaudit access. - +

 No
domain - +

Domain to dontaudit. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to dontaudit listing of device nodes. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +dev_dontaudit_read_rand( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read from random +number generator devices (e.g., /dev/random) +

+ +
Parameters
+ + + + @@ -1129,9 +1172,9 @@ write the PCMCIA card manager device. @@ -1140,13 +1183,13 @@ No - +
-dev_dontaudit_rw_dri_dev( +dev_dontaudit_rw_dri( @@ -1171,9 +1214,9 @@ Dontaudit read and write on the dri devices.
@@ -1213,9 +1256,51 @@ Dontaudit getattr for generic device files. + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to dontaudit access. - +

 No
domain - +

Domain to dontaudit access. +

+		 +No +
+
+
+ + +
+ + +
+ +dev_dontaudit_rw_misc( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read and write miscellaneous devices. +

+ + +
Parameters
+ + + @@ -1255,9 +1340,9 @@ Do not audit attempts to search sysfs. @@ -1266,13 +1351,13 @@ No - +
-dev_dontaudit_setattr_apm_bios( +dev_dontaudit_setattr_apm_bios_dev( @@ -1298,9 +1383,9 @@ the apm bios device node.
@@ -1309,13 +1394,13 @@ No - +
-dev_dontaudit_setattr_framebuffer( +dev_dontaudit_setattr_framebuffer_dev( @@ -1341,9 +1426,9 @@ of the framebuffer device node.
@@ -1352,13 +1437,13 @@ No - +
-dev_dontaudit_setattr_generic_blk_file( +dev_dontaudit_setattr_generic_blk_files( @@ -1383,9 +1468,9 @@ Dontaudit setattr on generic block devices.
@@ -1394,13 +1479,13 @@ No - +
-dev_dontaudit_setattr_generic_chr_file( +dev_dontaudit_setattr_generic_chr_files( @@ -1425,9 +1510,9 @@ Dontaudit setattr for generic character device files.
@@ -1436,13 +1521,13 @@ No - +
-dev_dontaudit_setattr_generic_symlink( +dev_dontaudit_setattr_generic_symlinks( @@ -1468,9 +1553,9 @@ of symbolic links in device directories (/dev).
@@ -1479,13 +1564,13 @@ No - +
-dev_dontaudit_setattr_misc( +dev_dontaudit_setattr_misc_dev( @@ -1511,9 +1596,9 @@ of miscellaneous devices.
@@ -1522,13 +1607,13 @@ No - +
-dev_dontaudit_setattr_scanner( +dev_dontaudit_setattr_scanner_dev( @@ -1554,9 +1639,9 @@ the scanner device.
@@ -1597,9 +1682,9 @@ of video4linux device nodes. @@ -1608,13 +1693,13 @@ No - +
-dev_filetrans_dev_node( +dev_filetrans( @@ -1656,9 +1741,9 @@ will be transitioned to the type provided.
@@ -1666,9 +1751,9 @@ No @@ -1676,10 +1761,10 @@ No @@ -1719,9 +1804,9 @@ Getattr the agp devices. @@ -1761,9 +1846,9 @@ Getattr on all block file device nodes. @@ -1803,9 +1888,9 @@ Getattr on all character file device nodes. @@ -1814,13 +1899,13 @@ No - +
-dev_getattr_apm_bios( +dev_getattr_apm_bios_dev( @@ -1845,9 +1930,9 @@ Get the attributes of the apm bios device node.
@@ -1856,13 +1941,13 @@ No - +
-dev_getattr_cpu( +dev_getattr_cpu_dev( @@ -1888,9 +1973,51 @@ microcode and id interfaces.
+ +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to dontaudit access. - +

 No
domain - +

Domain to dontaudit access. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain allowed access. - +

 No
file - +

Type to which the created node will be transitioned. - +

 No
objectclass(es) - +

Object class(es) (single or set including {}) for which this the transition will occur. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +dev_getattr_dri_dev( + + + + + domain + + + )
+
+
+
Summary
+

+getattr the dri devices. +

+ + +
Parameters
+ + + + @@ -1899,13 +2026,13 @@ No - +
-dev_getattr_framebuffer( +dev_getattr_framebuffer_dev( @@ -1930,9 +2057,9 @@ Get the attributes of the framebuffer device node.
@@ -1941,13 +2068,13 @@ No - +
-dev_getattr_generic_blk_file( +dev_getattr_generic_blk_files( @@ -1972,9 +2099,9 @@ Allow getattr on generic block devices.
@@ -1983,13 +2110,13 @@ No - +
-dev_getattr_generic_chr_file( +dev_getattr_generic_chr_files( @@ -2014,9 +2141,9 @@ Allow getattr for generic character device files.
@@ -2025,13 +2152,13 @@ No - +
-dev_getattr_misc( +dev_getattr_misc_dev( @@ -2056,9 +2183,9 @@ Get the attributes of miscellaneous devices.
@@ -2067,13 +2194,13 @@ No - +
-dev_getattr_mouse( +dev_getattr_mouse_dev( @@ -2098,9 +2225,9 @@ Get the attributes of the mouse devices.
@@ -2109,13 +2236,13 @@ No - +
-dev_getattr_mtrr( +dev_getattr_mtrr_dev( @@ -2140,9 +2267,9 @@ Get the attributes of the mtrr device.
@@ -2151,13 +2278,13 @@ No - +
-dev_getattr_power_management( +dev_getattr_power_mgmt_dev( @@ -2182,9 +2309,9 @@ Get the attributes of the the power management device.
@@ -2193,13 +2320,13 @@ No - +
-dev_getattr_scanner( +dev_getattr_scanner_dev( @@ -2224,9 +2351,9 @@ Get the attributes of the scanner device.
@@ -2235,13 +2362,13 @@ No - +
-dev_getattr_snd_dev( +dev_getattr_sound_dev( @@ -2266,9 +2393,9 @@ Get the attributes of the sound devices.
@@ -2277,13 +2404,13 @@ No - +
-dev_getattr_sysfs_dir( +dev_getattr_sysfs_dirs( @@ -2308,9 +2435,9 @@ Get the attributes of sysfs directories.
@@ -2319,13 +2446,13 @@ No - +
-dev_getattr_usbfs_dir( +dev_getattr_usbfs_dirs( @@ -2350,9 +2477,9 @@ Get the attributes of a directory in the usb filesystem.
@@ -2392,9 +2519,9 @@ Get the attributes of video4linux devices. @@ -2434,9 +2561,9 @@ Get the attributes of X server miscellaneous devices. @@ -2476,9 +2603,9 @@ List all of the device nodes in a device directory. @@ -2518,9 +2645,9 @@ List the contents of the sysfs directories. @@ -2560,9 +2687,9 @@ Allow caller to get a list of usb hardware. @@ -2602,9 +2729,9 @@ Read, write, create, and delete all block device files. @@ -2644,9 +2771,51 @@ Read, write, create, and delete all character device files. + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed to list device nodes. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The process type getting the list. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +dev_manage_all_dev_nodes( + + + + + domain + + + )
+
+
+
Summary
+

+Create, delete, read, and write device nodes in device directories. +

+ + +
Parameters
+ + + + @@ -2655,13 +2824,13 @@ No - +
-dev_manage_cardmgr( +dev_manage_cardmgr_dev( @@ -2687,9 +2856,9 @@ the PCMCIA card manager device.
@@ -2698,13 +2867,13 @@ No - +
-dev_manage_dev_nodes( +dev_manage_dri_dev( @@ -2718,7 +2887,7 @@ No
Summary

-Create, delete, read, and write device nodes in device directories. +Create, read, write, and delete the dri devices.

@@ -2729,9 +2898,9 @@ Create, delete, read, and write device nodes in device directories.
@@ -2740,13 +2909,13 @@ No - +
-dev_manage_generic_blk_file( +dev_manage_generic_blk_files( @@ -2771,9 +2940,9 @@ Create, delete, read, and write block device files.
@@ -2782,13 +2951,13 @@ No - +
-dev_manage_generic_chr_file( +dev_manage_generic_chr_files( @@ -2813,9 +2982,51 @@ Create, delete, read, and write character device files.
+
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +dev_manage_generic_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create a file in the device directory. +

+ + +
Parameters
+ + + + @@ -2855,9 +3066,9 @@ Create, delete, read, and write symbolic links in device directories. @@ -2897,9 +3108,9 @@ Mount a usbfs filesystem. @@ -2940,9 +3151,9 @@ use on device nodes (usually files in /dev). @@ -2982,9 +3193,9 @@ Read the CPU identity. @@ -3024,9 +3235,9 @@ Read the framebuffer. @@ -3066,9 +3277,9 @@ Read input event devices (/dev/input). @@ -3108,9 +3319,9 @@ Read the lvm comtrol device. @@ -3150,9 +3361,9 @@ Read miscellaneous devices. @@ -3192,9 +3403,9 @@ Read the mouse devices. @@ -3234,9 +3445,9 @@ Read the mtrr device. @@ -3265,7 +3476,8 @@ No
Summary

-Read from random devices (e.g., /dev/random) +Read from random number generator +devices (e.g., /dev/random)

@@ -3276,9 +3488,9 @@ Read from random devices (e.g., /dev/random) @@ -3318,9 +3530,9 @@ Read raw memory devices (e.g. /dev/mem). @@ -3360,9 +3572,9 @@ Read the realtime clock (/dev/rtc). @@ -3371,13 +3583,13 @@ No - +
-dev_read_snd_dev( +dev_read_sound( @@ -3402,9 +3614,9 @@ Read the sound devices.
@@ -3413,13 +3625,13 @@ No - +
-dev_read_snd_mixer_dev( +dev_read_sound_mixer( @@ -3444,9 +3656,9 @@ Read the sound mixer devices.
@@ -3486,9 +3698,9 @@ Allow caller to read hardware state information. @@ -3528,9 +3740,9 @@ Read from pseudo random devices (e.g., /dev/urandom) @@ -3571,9 +3783,9 @@ the usbfs filesystem interface. @@ -3613,9 +3825,9 @@ Allow full relabeling (to and from) of all device nodes. @@ -3624,13 +3836,13 @@ No - +
-dev_relabel_dev_dirs( +dev_relabel_generic_dev_dirs( @@ -3655,9 +3867,9 @@ Allow full relabeling (to and from) of directories in /dev.
@@ -3697,9 +3909,9 @@ Relabel symbolic links in device directories. @@ -3708,13 +3920,13 @@ No - +
-dev_rw_agp_dev( +dev_rw_agp( @@ -3739,9 +3951,9 @@ Read and write the agp devices.
@@ -3781,9 +3993,9 @@ Read and write the apm bios. @@ -3823,9 +4035,9 @@ Read and write the PCMCIA card manager device. @@ -3866,9 +4078,9 @@ is required to load CPU microcode. @@ -3897,7 +4109,175 @@ No
Summary

-Read and write the the hardware SSL accelerator. +Read and write the the hardware SSL accelerator. +

+ + +
Parameters
+
Parameter:Description:Optional:
+domain + +

+Domain allowed to create the files. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
object_type - +

The object type that will be used on device nodes. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The process type reading hardware state information. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed to relabel. - +

 No
domain - +

Domain allowed to relabel. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +dev_rw_dri( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write the dri devices. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +dev_rw_framebuffer( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write the framebuffer. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +dev_rw_generic_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write generic files in /dev. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +dev_rw_generic_usb_dev( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write generic the USB devices.

@@ -3908,9 +4288,9 @@ Read and write the the hardware SSL accelerator. domain - +

Domain allowed access. - +

No @@ -3919,13 +4299,13 @@ No
- +
-dev_rw_dri_dev( +dev_rw_input_dev( @@ -3939,7 +4319,7 @@ No
Summary

-Read and write the dri devices. +Read input event devices (/dev/input).

@@ -3950,9 +4330,9 @@ Read and write the dri devices. domain - +

Domain allowed access. - +

No @@ -3961,13 +4341,13 @@ No
- +
-dev_rw_generic_file( +dev_rw_lvm_control( @@ -3981,7 +4361,7 @@ No
Summary

-Read and write generic files in /dev. +Read and write the lvm control device.

@@ -3992,9 +4372,9 @@ Read and write generic files in /dev. domain - +

Domain allowed access. - +

No @@ -4003,13 +4383,13 @@ No
- +
-dev_rw_lvm_control( +dev_rw_mouse( @@ -4023,7 +4403,7 @@ No
Summary

-Read and write the lvm control device. +Read and write to mouse devices.

@@ -4034,9 +4414,9 @@ Read and write the lvm control device. domain - +

Domain allowed access. - +

No @@ -4045,13 +4425,13 @@ No
- +
-dev_rw_mouse( +dev_rw_mtrr( @@ -4065,7 +4445,7 @@ No
Summary

-Read and write to mouse devices. +Read and write the mtrr device.

@@ -4076,9 +4456,9 @@ Read and write to mouse devices. domain - +

Domain allowed access. - +

No @@ -4087,13 +4467,13 @@ No
- +
-dev_rw_null_dev( +dev_rw_null( @@ -4118,9 +4498,9 @@ Read and write to the null device (/dev/null). domain - +

Domain allowed access. - +

No @@ -4160,9 +4540,9 @@ Read and write the the power management device. domain - +

Domain allowed access. - +

No @@ -4202,9 +4582,9 @@ Read and write the printer device. domain - +

Domain allowed access. - +

No @@ -4244,9 +4624,9 @@ Read and set the realtime clock (/dev/rtc). domain - +

Domain allowed access. - +

No @@ -4286,9 +4666,9 @@ Read and write the scanner device. domain - +

Domain allowed access. - +

No @@ -4328,9 +4708,9 @@ Allow caller to modify hardware state information. domain - +

The process type modifying hardware state information. - +

No @@ -4370,9 +4750,51 @@ Allow caller to modify usb hardware configuration files. domain - +

The process type modifying the options. +

+ +No + + + +
+
+ + +
+ + +
+ +dev_rw_xserver_misc( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write X server miscellaneous devices. +

+ + +
Parameters
+ + + @@ -4381,13 +4803,13 @@ No - +
-dev_rw_zero_dev( +dev_rw_zero( @@ -4412,9 +4834,9 @@ Read and write to the zero device (/dev/zero).
@@ -4423,13 +4845,13 @@ No - +
-dev_rwx_zero_dev( +dev_rwx_zero( @@ -4454,9 +4876,9 @@ Read, write, and execute the zero device (/dev/zero).
@@ -4496,9 +4918,9 @@ Read and execute raw memory devices (e.g. /dev/mem). @@ -4538,9 +4960,9 @@ Search the sysfs directories. @@ -4580,9 +5002,9 @@ Search the directory containing USB hardware information. @@ -4622,9 +5044,9 @@ Setattr on all block file device nodes. @@ -4664,9 +5086,9 @@ Setattr on all character file device nodes. @@ -4675,13 +5097,13 @@ No - +
-dev_setattr_apm_bios( +dev_setattr_apm_bios_dev( @@ -4706,9 +5128,9 @@ Set the attributes of the apm bios device node.
@@ -4717,13 +5139,13 @@ No - +
-dev_setattr_dev_dir( +dev_setattr_dri_dev( @@ -4737,7 +5159,7 @@ No
Summary

-Set the attributes of /dev directories. +Setattr the dri devices.

@@ -4748,9 +5170,9 @@ Set the attributes of /dev directories.
@@ -4759,13 +5181,13 @@ No - +
-dev_setattr_framebuffer( +dev_setattr_framebuffer_dev( @@ -4790,9 +5212,51 @@ Set the attributes of the framebuffer device node.
+ +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +dev_setattr_generic_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Set the attributes of /dev directories. +

+ + +
Parameters
+ + + @@ -4801,13 +5265,13 @@ No - +
-dev_setattr_misc( +dev_setattr_misc_dev( @@ -4832,9 +5296,9 @@ Set the attributes of miscellaneous devices.
@@ -4843,13 +5307,13 @@ No - +
-dev_setattr_mouse( +dev_setattr_mouse_dev( @@ -4874,9 +5338,9 @@ Set the attributes of the mouse devices.
@@ -4885,13 +5349,13 @@ No - +
-dev_setattr_power_management( +dev_setattr_power_mgmt_dev( @@ -4916,9 +5380,9 @@ Set the attributes of the the power management device.
@@ -4927,13 +5391,13 @@ No - +
-dev_setattr_printer( +dev_setattr_printer_dev( @@ -4958,9 +5422,9 @@ Set the attributes of the printer device nodes.
@@ -4969,13 +5433,13 @@ No - +
-dev_setattr_scanner( +dev_setattr_scanner_dev( @@ -5000,9 +5464,9 @@ Set the attributes of the scanner device.
@@ -5011,13 +5475,13 @@ No - +
-dev_setattr_snd_dev( +dev_setattr_sound_dev( @@ -5042,9 +5506,9 @@ Set the attributes of the sound devices.
@@ -5084,9 +5548,9 @@ Set the attributes of video4linux device nodes. @@ -5126,9 +5590,9 @@ Set the attributes of X server miscellaneous devices. @@ -5168,9 +5632,9 @@ Unconfined access to devices. @@ -5210,9 +5674,9 @@ Write the framebuffer. @@ -5252,9 +5716,9 @@ Write miscellaneous devices. @@ -5294,9 +5758,9 @@ Write the mtrr device. @@ -5338,9 +5802,9 @@ random device. @@ -5380,9 +5844,9 @@ Write raw memory devices (e.g. /dev/mem). @@ -5422,9 +5886,9 @@ Set the realtime clock (/dev/rtc). @@ -5433,13 +5897,13 @@ No - +
-dev_write_snd_dev( +dev_write_sound( @@ -5464,9 +5928,9 @@ Write the sound devices.
@@ -5475,13 +5939,13 @@ No - +
-dev_write_snd_mixer_dev( +dev_write_sound_mixer( @@ -5506,9 +5970,9 @@ Write the sound mixer devices.
@@ -5549,9 +6013,9 @@ sets the random number generator seed. @@ -5591,9 +6055,9 @@ Write and execute raw memory devices (e.g. /dev/mem). diff --git a/www/api-docs/kernel_domain.html b/www/api-docs/kernel_domain.html index 81fe238..be075a3 100644 --- a/www/api-docs/kernel_domain.html +++ b/www/api-docs/kernel_domain.html @@ -25,9 +25,6 @@ kernel
-    -  - bootloader
-    -  corecommands
@@ -49,6 +46,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -149,9 +149,9 @@ more appropriate for userland processes.
@@ -210,9 +210,9 @@ cron domains. @@ -271,9 +271,9 @@ user cron jobs. @@ -314,9 +314,9 @@ of all domains unix datagram sockets. @@ -356,9 +356,9 @@ Get the attributes of all domains of all domains. @@ -399,9 +399,9 @@ all domains IPSEC key management sockets. @@ -442,9 +442,9 @@ all domains packet sockets. @@ -485,9 +485,9 @@ of all domains unnamed pipes. @@ -528,9 +528,9 @@ all domains raw sockets. @@ -583,9 +583,9 @@ and is probably excessive. @@ -626,9 +626,9 @@ of all domains unix datagram sockets. @@ -669,9 +669,9 @@ of all domains TCP sockets. @@ -712,9 +712,9 @@ of all domains UDP sockets. @@ -755,9 +755,9 @@ session ID of all domains. @@ -766,13 +766,13 @@ No - +
-domain_dontaudit_list_all_domains_proc( +domain_dontaudit_list_all_domains_state( @@ -798,9 +798,9 @@ directories of all domains.
@@ -852,9 +852,9 @@ Generally this needs to be suppressed because procps tries to access @@ -906,9 +906,9 @@ Generally this needs to be suppressed because procps tries to access @@ -949,9 +949,9 @@ state (/proc/pid) of all domains. @@ -992,9 +992,9 @@ all domains key sockets. @@ -1035,9 +1035,9 @@ all domains UDP sockets. @@ -1078,9 +1078,9 @@ state directory (/proc/pid) of all domains. @@ -1089,13 +1089,13 @@ No - +
-domain_dontaudit_use_wide_inherit_fd( +domain_dontaudit_use_interactive_fds( @@ -1120,9 +1120,9 @@ Summary is missing!
@@ -1162,9 +1162,9 @@ Summary is missing! @@ -1213,9 +1213,9 @@ an entry point for the domain. @@ -1223,10 +1223,52 @@ No + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
type - +

Type to be used as a basic domain type. - +

 No
domain - +

Domain target for user exemption. - +

 No
domain - +

Domain target for user exemption. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain to not audit. - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain to be entered. - +

 No
type - +

Type of program used for entering the domain. +

+		 +No +
+
+
+ + +
+ + +
+ +domain_entry_file_spec_domtrans( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute an entry_type in the specified domain. +

+ +
Parameters
+ + + + @@ -1266,9 +1308,9 @@ Summary is missing! @@ -1308,9 +1350,9 @@ Get the attributes of all domains of all domains. @@ -1351,9 +1393,9 @@ files for all domains. @@ -1406,9 +1448,9 @@ that can use lsof on all domains. @@ -1448,9 +1490,9 @@ Get the attributes of all confined domains. @@ -1490,9 +1532,51 @@ Get the session ID of all domains. +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +domain_interactive_fd( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + @@ -1532,9 +1616,9 @@ Send a kill signal to all domains. @@ -1575,9 +1659,9 @@ entrypoint files. @@ -1617,9 +1701,9 @@ Mmap all entry point files as executable. @@ -1628,13 +1712,13 @@ No - +
-domain_obj_id_change_exempt( +domain_obj_id_change_exemption( @@ -1660,9 +1744,9 @@ changing the user identity in object contexts.
@@ -1702,9 +1786,9 @@ Ptrace all domains. @@ -1744,9 +1828,9 @@ Read the process state (/proc/pid) of all domains. @@ -1786,9 +1870,9 @@ Summary is missing! @@ -1828,9 +1912,9 @@ Read the process state (/proc/pid) of all confined domains. @@ -1871,9 +1955,9 @@ file types. @@ -1882,13 +1966,13 @@ No - +
-domain_role_change_exempt( +domain_role_change_exemption( @@ -1914,9 +1998,9 @@ changing of role.
@@ -1956,9 +2040,9 @@ Search the process state directory (/proc/pid) of all domains. @@ -1998,9 +2082,9 @@ Summary is missing! @@ -2040,9 +2124,9 @@ Send a child terminated signal to all domains. @@ -2051,13 +2135,13 @@ No - +
-domain_sigchld_wide_inherit_fd( +domain_sigchld_interactive_fds( @@ -2083,9 +2167,9 @@ discriptors are widely inheritable.
@@ -2125,9 +2209,9 @@ Send general signals to all domains. @@ -2167,9 +2251,9 @@ Send a null signal to all domains. @@ -2209,9 +2293,9 @@ Send a stop signal to all domains. @@ -2220,13 +2304,13 @@ No - +
-domain_subj_id_change_exempt( +domain_subj_id_change_exemption( @@ -2252,9 +2336,9 @@ changing of user identity.
@@ -2263,13 +2347,13 @@ No - +
-domain_system_change_exempt( +domain_system_change_exemption( @@ -2296,9 +2380,9 @@ identity and system role.
@@ -2338,9 +2422,9 @@ Make the specified type usable as a domain. @@ -2380,9 +2464,9 @@ Unconfined access to domains. @@ -2391,13 +2475,13 @@ No - +
-domain_use_wide_inherit_fd( +domain_use_interactive_fds( @@ -2422,9 +2506,9 @@ Summary is missing!
@@ -2483,51 +2567,9 @@ user domains. - -
Parameter:Description:Optional:
+? + +

+Parameter descriptions are missing! +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The process type to make an exception to the constraint. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The process type to make an exception to the constraint. - +

 No
domain - +

Domain allowed access. - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The process type to make an exception to the constraint. - +

 No
domain - +

Domain allowed access. - +

 No
type - +

Type to be used as a domain type. - +

 No
domain - +

The type of the process performing this action. - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - -Domain target for user exemption. - - -No -
-
-
- - -
- - -
- -domain_wide_inherit_fd( - - - - - ? - - - )
-
-
- -
Summary

-Summary is missing! +Domain target for user exemption.

- - -
Parameters
- - - - @@ -2574,9 +2616,9 @@ Summary is missing! @@ -2616,9 +2658,9 @@ Summary is missing! diff --git a/www/api-docs/kernel_files.html b/www/api-docs/kernel_files.html index b7ed449..f10180e 100644 --- a/www/api-docs/kernel_files.html +++ b/www/api-docs/kernel_files.html @@ -25,9 +25,6 @@ kernel
-    -  - bootloader
-    -  corecommands
@@ -49,6 +46,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -148,9 +148,9 @@ temporary directory (/tmp).
@@ -159,18 +159,34 @@ No - +
-files_config_file( +files_boot_filetrans( - file_type + domain + + + + , + + + + private_type + + + + , + + + + object_class )
@@ -179,8 +195,8 @@ No
Summary

-Make the specified type a -configuration file. +Create a private type object in boot +with an automatic type transition

@@ -189,11 +205,31 @@ configuration file.
-Type to be used as a configuration file. + + @@ -202,18 +238,18 @@ No - +
-files_create_boot_flag( +files_config_file( - ? + file_type )
@@ -222,7 +258,8 @@ No
Summary

-Summary is missing! +Make the specified type a +configuration file.

@@ -231,11 +268,11 @@ Summary is missing!
@@ -244,18 +281,18 @@ No - +
-files_delete_all_locks( +files_create_boot_dirs( - ? + domain )
@@ -264,7 +301,7 @@ No
Summary

-Summary is missing! +Create directories in /boot

@@ -273,11 +310,11 @@ Summary is missing!
@@ -286,13 +323,13 @@ No - +
-files_delete_all_pid_dirs( +files_create_boot_flag( @@ -317,9 +354,9 @@ Summary is missing!
@@ -328,18 +365,18 @@ No - +
-files_delete_all_pids( +files_create_kernel_img( - ? + domain )
@@ -348,7 +385,7 @@ No
Summary

-Summary is missing! +Install a kernel into the /boot directory.

@@ -357,11 +394,11 @@ Summary is missing!
@@ -370,13 +407,13 @@ No - +
-files_delete_etc_files( +files_create_kernel_symbol_table( @@ -390,7 +427,7 @@ No
Summary

-Delete system configuration files in /etc. +Install a system.map into the /boot directory.

@@ -401,9 +438,9 @@ Delete system configuration files in /etc.
@@ -412,13 +449,13 @@ No - +
-files_delete_root_dir_entry( +files_delete_all_locks( @@ -443,9 +480,9 @@ Summary is missing!
@@ -454,18 +491,18 @@ No - +
-files_dontaudit_getattr_all_dirs( +files_delete_all_pid_dirs( - domain + ? )
@@ -474,8 +511,7 @@ No
Summary

-Do not audit attempts to get the attributes -of all directories. +Summary is missing!

@@ -484,11 +520,11 @@ of all directories.
@@ -497,18 +533,18 @@ No - +
-files_dontaudit_getattr_all_files( +files_delete_all_pids( - domain + ? )
@@ -517,8 +553,7 @@ No
Summary

-Do not audit attempts to get the attributes -of all files. +Summary is missing!

@@ -527,11 +562,11 @@ of all files.
@@ -540,13 +575,13 @@ No - +
-files_dontaudit_getattr_all_pipes( +files_delete_etc_files( @@ -560,8 +595,7 @@ No
Summary

-Do not audit attempts to get the attributes -of all named pipes. +Delete system configuration files in /etc.

@@ -572,9 +606,9 @@ of all named pipes.
@@ -583,13 +617,13 @@ No - +
-files_dontaudit_getattr_all_sockets( +files_delete_kernel( @@ -603,8 +637,7 @@ No
Summary

-Do not audit attempts to get the attributes -of all named sockets. +Delete a kernel from /boot.

@@ -615,9 +648,9 @@ of all named sockets.
@@ -626,13 +659,13 @@ No - +
-files_dontaudit_getattr_all_symlinks( +files_delete_kernel_modules( @@ -646,8 +679,7 @@ No
Summary

-Do not audit attempts to get the attributes -of all symbolic links. +Delete kernel module files.

@@ -658,9 +690,9 @@ of all symbolic links.
@@ -669,13 +701,13 @@ No - +
-files_dontaudit_getattr_default_dir( +files_delete_kernel_symbol_table( @@ -689,8 +721,7 @@ No
Summary

-Do not audit attempts to get the attributes of -directories with the default file type. +Delete a system.map in the /boot directory.

@@ -701,9 +732,9 @@ directories with the default file type.
@@ -712,18 +743,18 @@ No - +
-files_dontaudit_getattr_default_files( +files_delete_root_dir_entry( - domain + ? )
@@ -732,8 +763,7 @@ No
Summary

-Do not audit attempts to get the attributes of -files with the default file type. +Summary is missing!

@@ -742,11 +772,11 @@ files with the default file type.
@@ -755,13 +785,13 @@ No - +
-files_dontaudit_getattr_home_dir( +files_dontaudit_getattr_all_dirs( @@ -775,9 +805,8 @@ No
Summary

-Do not audit attempts to get the -attributes of the home directories root -(/home). +Do not audit attempts to get the attributes +of all directories.

@@ -788,9 +817,9 @@ attributes of the home directories root
@@ -799,13 +828,13 @@ No - +
-files_dontaudit_getattr_non_security_blk_dev( +files_dontaudit_getattr_all_files( @@ -820,7 +849,7 @@ No
Summary

Do not audit attempts to get the attributes -of non security block devices. +of all files.

@@ -831,9 +860,9 @@ of non security block devices.
@@ -842,13 +871,13 @@ No - +
-files_dontaudit_getattr_non_security_chr_dev( +files_dontaudit_getattr_all_pipes( @@ -863,7 +892,7 @@ No
Summary

Do not audit attempts to get the attributes -of non security character devices. +of all named pipes.

@@ -874,9 +903,9 @@ of non security character devices.
@@ -885,13 +914,13 @@ No - +
-files_dontaudit_getattr_non_security_files( +files_dontaudit_getattr_all_sockets( @@ -906,7 +935,7 @@ No
Summary

Do not audit attempts to get the attributes -of non security files. +of all named sockets.

@@ -917,9 +946,9 @@ of non security files.
@@ -928,13 +957,13 @@ No - +
-files_dontaudit_getattr_non_security_pipes( +files_dontaudit_getattr_all_symlinks( @@ -949,7 +978,7 @@ No
Summary

Do not audit attempts to get the attributes -of non security named pipes. +of all symbolic links.

@@ -960,9 +989,9 @@ of non security named pipes.
@@ -971,13 +1000,13 @@ No - +
-files_dontaudit_getattr_non_security_sockets( +files_dontaudit_getattr_boot_dirs( @@ -991,8 +1020,8 @@ No
Summary

-Do not audit attempts to get the attributes -of non security named sockets. +Do not audit attempts to get attributes +of the /boot directory.

@@ -1003,9 +1032,9 @@ of non security named sockets.
@@ -1014,13 +1043,13 @@ No - +
-files_dontaudit_getattr_non_security_symlinks( +files_dontaudit_getattr_default_dirs( @@ -1034,8 +1063,8 @@ No
Summary

-Do not audit attempts to get the attributes -of non security symbolic links. +Do not audit attempts to get the attributes of +directories with the default file type.

@@ -1046,9 +1075,9 @@ of non security symbolic links.
@@ -1057,13 +1086,13 @@ No - +
-files_dontaudit_getattr_pid_dir( +files_dontaudit_getattr_default_files( @@ -1077,8 +1106,8 @@ No
Summary

-Do not audit attempts to get the attributes -of the /var/run directory. +Do not audit attempts to get the attributes of +files with the default file type.

@@ -1089,9 +1118,9 @@ of the /var/run directory.
@@ -1100,13 +1129,13 @@ No - +
-files_dontaudit_getattr_tmp_dir( +files_dontaudit_getattr_home_dir( @@ -1121,7 +1150,8 @@ No
Summary

Do not audit attempts to get the -attributes of the tmp directory (/tmp). +attributes of the home directories root +(/home).

@@ -1132,9 +1162,9 @@ attributes of the tmp directory (/tmp).
@@ -1143,13 +1173,13 @@ No - +
-files_dontaudit_ioctl_all_pids( +files_dontaudit_getattr_non_security_blk_files( @@ -1163,7 +1193,8 @@ No
Summary

-Do not audit attempts to ioctl daemon runtime data files. +Do not audit attempts to get the attributes +of non security block devices.

@@ -1174,9 +1205,9 @@ Do not audit attempts to ioctl daemon runtime data files.
@@ -1185,13 +1216,13 @@ No - +
-files_dontaudit_list_default( +files_dontaudit_getattr_non_security_chr_files( @@ -1205,8 +1236,8 @@ No
Summary

-Do not audit attempts to list contents of -directories with the default file type. +Do not audit attempts to get the attributes +of non security character devices.

@@ -1217,9 +1248,9 @@ directories with the default file type.
@@ -1228,13 +1259,13 @@ No - +
-files_dontaudit_list_home( +files_dontaudit_getattr_non_security_files( @@ -1248,8 +1279,8 @@ No
Summary

-Do not audit attempts to list -home directories root (/home). +Do not audit attempts to get the attributes +of non security files.

@@ -1260,9 +1291,9 @@ home directories root (/home).
@@ -1271,13 +1302,13 @@ No - +
-files_dontaudit_list_non_security( +files_dontaudit_getattr_non_security_pipes( @@ -1291,8 +1322,8 @@ No
Summary

-Do not audit attempts to list all -non-security directories. +Do not audit attempts to get the attributes +of non security named pipes.

@@ -1303,9 +1334,9 @@ non-security directories.
@@ -1314,13 +1345,13 @@ No - +
-files_dontaudit_list_tmp( +files_dontaudit_getattr_non_security_sockets( @@ -1334,7 +1365,8 @@ No
Summary

-Do not audit listing of the tmp directory (/tmp). +Do not audit attempts to get the attributes +of non security named sockets.

@@ -1345,9 +1377,9 @@ Do not audit listing of the tmp directory (/tmp).
@@ -1356,13 +1388,13 @@ No - +
-files_dontaudit_read_default_files( +files_dontaudit_getattr_non_security_symlinks( @@ -1376,8 +1408,8 @@ No
Summary

-Do not audit attempts to read files -with the default file type. +Do not audit attempts to get the attributes +of non security symbolic links.

@@ -1388,9 +1420,9 @@ with the default file type.
@@ -1399,13 +1431,13 @@ No - +
-files_dontaudit_read_etc_runtime_files( +files_dontaudit_getattr_pid_dirs( @@ -1419,9 +1451,8 @@ No
Summary

-Do not audit attempts to read files -in /etc that are dynamically -created on boot, such as mtab. +Do not audit attempts to get the attributes +of the /var/run directory.

@@ -1432,9 +1463,9 @@ created on boot, such as mtab.
@@ -1443,18 +1474,18 @@ No - +
-files_dontaudit_read_root_file( +files_dontaudit_getattr_tmp_dirs( - ? + domain )
@@ -1463,7 +1494,8 @@ No
Summary

-Summary is missing! +Do not audit attempts to get the +attributes of the tmp directory (/tmp).

@@ -1472,11 +1504,11 @@ Summary is missing!
@@ -1485,18 +1517,18 @@ No - +
-files_dontaudit_rw_root_chr_dev( +files_dontaudit_ioctl_all_pids( - ? + domain )
@@ -1505,7 +1537,7 @@ No
Summary

-Summary is missing! +Do not audit attempts to ioctl daemon runtime data files.

@@ -1514,11 +1546,11 @@ Summary is missing!
@@ -1527,18 +1559,18 @@ No - +
-files_dontaudit_rw_root_file( +files_dontaudit_list_default( - ? + domain )
@@ -1547,7 +1579,8 @@ No
Summary

-Summary is missing! +Do not audit attempts to list contents of +directories with the default file type.

@@ -1556,11 +1589,11 @@ Summary is missing!
@@ -1569,18 +1602,18 @@ No - +
-files_dontaudit_search_all_dirs( +files_dontaudit_list_home( - ? + domain )
@@ -1589,7 +1622,8 @@ No
Summary

-Summary is missing! +Do not audit attempts to list +home directories root (/home).

@@ -1598,11 +1632,11 @@ Summary is missing!
@@ -1611,13 +1645,13 @@ No - +
-files_dontaudit_search_home( +files_dontaudit_list_non_security( @@ -1631,8 +1665,8 @@ No
Summary

-Do not audit attempts to search -home directories root (/home). +Do not audit attempts to list all +non-security directories.

@@ -1643,9 +1677,9 @@ home directories root (/home).
@@ -1654,13 +1688,13 @@ No - +
-files_dontaudit_search_isid_type_dir( +files_dontaudit_list_tmp( @@ -1674,8 +1708,7 @@ No
Summary

-Do not audit attempts to search directories on new filesystems -that have not yet been labeled. +Do not audit listing of the tmp directory (/tmp).

@@ -1686,9 +1719,9 @@ that have not yet been labeled.
@@ -1697,13 +1730,13 @@ No - +
-files_dontaudit_search_locks( +files_dontaudit_read_default_files( @@ -1717,8 +1750,8 @@ No
Summary

-Do not audit attempts to search the -locks directory (/var/lock). +Do not audit attempts to read files +with the default file type.

@@ -1729,9 +1762,9 @@ locks directory (/var/lock).
@@ -1740,13 +1773,13 @@ No - +
-files_dontaudit_search_pids( +files_dontaudit_read_etc_runtime_files( @@ -1760,8 +1793,9 @@ No
Summary

-Do not audit attempts to search -the /var/run directory. +Do not audit attempts to read files +in /etc that are dynamically +created on boot, such as mtab.

@@ -1772,9 +1806,9 @@ the /var/run directory.
@@ -1783,13 +1817,13 @@ No - +
-files_dontaudit_search_src( +files_dontaudit_read_root_files( @@ -1814,9 +1848,9 @@ Summary is missing!
@@ -1825,18 +1859,18 @@ No - +
-files_dontaudit_search_var( +files_dontaudit_rw_root_chr_files( - domain + ? )
@@ -1845,8 +1879,7 @@ No
Summary

-Do not audit attempts to search -the contents of /var. +Summary is missing!

@@ -1855,11 +1888,11 @@ the contents of /var.
@@ -1868,18 +1901,18 @@ No - +
-files_dontaudit_write_all_pids( +files_dontaudit_rw_root_files( - domain + ? )
@@ -1888,7 +1921,7 @@ No
Summary

-Do not audit attempts to write to daemon runtime data files. +Summary is missing!

@@ -1897,11 +1930,11 @@ Do not audit attempts to write to daemon runtime data files.
@@ -1910,18 +1943,18 @@ No - +
-files_dontaudit_write_var( +files_dontaudit_search_all_dirs( - domain + ? )
@@ -1930,7 +1963,7 @@ No
Summary

-Do not audit attempts to write to /var. +Summary is missing!

@@ -1939,11 +1972,11 @@ Do not audit attempts to write to /var.
@@ -1952,18 +1985,18 @@ No - +
-files_exec_etc_files( +files_dontaudit_search_boot( - ? + domain )
@@ -1972,7 +2005,7 @@ No
Summary

-Summary is missing! +Do not audit attempts to search the /boot directory.

@@ -1981,11 +2014,11 @@ Summary is missing!
@@ -1994,13 +2027,13 @@ No - +
-files_exec_usr_files( +files_dontaudit_search_home( @@ -2014,7 +2047,8 @@ No
Summary

-Execute generic programs in /usr in the caller domain. +Do not audit attempts to search +home directories root (/home).

@@ -2025,9 +2059,9 @@ Execute generic programs in /usr in the caller domain.
@@ -2036,13 +2070,13 @@ No - +
-files_exec_usr_src_files( +files_dontaudit_search_isid_type_dirs( @@ -2056,7 +2090,8 @@ No
Summary

-Execute programs in /usr/src in the caller domain. +Do not audit attempts to search directories on new filesystems +that have not yet been labeled.

@@ -2067,9 +2102,9 @@ Execute programs in /usr/src in the caller domain.
@@ -2078,18 +2113,18 @@ No - +
-files_filetrans_etc( +files_dontaudit_search_locks( - ? + domain )
@@ -2098,7 +2133,8 @@ No
Summary

-Summary is missing! +Do not audit attempts to search the +locks directory (/var/lock).

@@ -2107,11 +2143,11 @@ Summary is missing!
@@ -2120,13 +2156,13 @@ No - +
-files_filetrans_home( +files_dontaudit_search_pids( @@ -2134,33 +2170,14 @@ No domain - - , - - - - home_type - - - - , - - - - [ - - object - - ] - - )
Summary

-Create objects in /home. +Do not audit attempts to search +the /var/run directory.

@@ -2171,50 +2188,29 @@ Create objects in /home.
- - - -
Parameter:Description:Optional:
-? - - -Parameter descriptions are missing! - No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
file_type - +

Type of the file to associate. - +

 No
Parameter:Description:Optional:
-file_type +domain + +

+Domain allowed access. +

 +No +
+private_type + +

+The type of the object to be created. +

+		 +No +
+object_class + +

+The object class of the object being created. +

 No
Parameter:Description:Optional:
-? +file_type - -Parameter descriptions are missing! - +

+Type to be used as a configuration file. +

 No
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

 No
? - +

Parameter descriptions are missing! - +

 No
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

 No
domain - -The type of the process performing this action. - +

+Domain allowed access. +

 No
? - +

Parameter descriptions are missing! - +

 No
Parameter:Description:Optional:
-domain +? - -Domain to not audit. - +

+Parameter descriptions are missing! +

 No
Parameter:Description:Optional:
-domain +? - -Domain to not audit. - +

+Parameter descriptions are missing! +

 No
domain - -Domain to not audit. - +

+Domain allowed access. +

 No
domain - -Domain to not audit. - +

+Domain allowed access. +

 No
domain - -Domain to not audit. - +

+Domain allowed access. +

 No
domain - -Domain to not audit. - +

+Domain allowed access. +

 No
Parameter:Description:Optional:
-domain +? - -Domain to not audit. - +

+Parameter descriptions are missing! +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - -The type of the process performing this action. - +

+Domain to not audit. +

 No
domain - -The type of the process performing this action. - +

+Domain to not audit. +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - -Domain not to audit. - +

+Domain to not audit. +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

 No
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

 No
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain to not audit. +

 No
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain to not audit. +

 No
domain - +

Domain to not audit. - +

 No
domain - -The type of the process performing this action. - +

+Domain not to audit. +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
? - +

Parameter descriptions are missing! - +

 No
Parameter:Description:Optional:
-domain +? - -Domain to not audit. - +

+Parameter descriptions are missing! +

 No
Parameter:Description:Optional:
-domain +? - -The type of the process performing this action. - +

+Parameter descriptions are missing! +

 No
Parameter:Description:Optional:
-domain +? - -Domain to not audit. - +

+Parameter descriptions are missing! +

 No
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

 No
domain - -The type of the process performing this action. - +

+Domain to not audit. +

 No
domain - -The type of the process performing this action. - +

+Domain allowed access. +

 No
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain to not audit. +

 No
domain - -The type of the process performing this action. - - -No -
-home_type - - -The private type. - +

+Domain to not audit. +

 No
-object - - -The object class of the object being created. If -no class is specified, dir will be used. - - -yes -
- +
-files_filetrans_lock( +files_dontaudit_search_spool( - ? + domain )
@@ -2223,7 +2219,8 @@ yes
Summary

-Summary is missing! +Do not audit attempts to search generic +spool directories.

@@ -2232,11 +2229,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain to not audit. +

No @@ -2245,13 +2242,13 @@ No
- +
-files_filetrans_pid( +files_dontaudit_search_src( @@ -2276,9 +2273,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -2287,13 +2284,13 @@ No
- +
-files_filetrans_root( +files_dontaudit_search_var( @@ -2301,34 +2298,14 @@ No domain - - , - - - - private type - - - - , - - - - [ - - object - - ] - - )
Summary

-Create an object in the root directory, with a private -type. +Do not audit attempts to search +the contents of /var.

@@ -2339,50 +2316,29 @@ type. domain - -The type of the process performing this action. - - -No - - - -private type - - -The type of the object to be created. - +

+Domain to not audit. +

No - -object - - -The object class of the object being created. If -no class is specified, file will be used. - - -yes - -
- +
-files_filetrans_tmp( +files_dontaudit_write_all_pids( - ? + domain )
@@ -2391,7 +2347,7 @@ yes
Summary

-Summary is missing! +Do not audit attempts to write to daemon runtime data files.

@@ -2400,11 +2356,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -2413,13 +2369,13 @@ No
- +
-files_filetrans_usr( +files_dontaudit_write_var_dirs( @@ -2427,33 +2383,13 @@ No domain - - , - - - - file_type - - - - , - - - - [ - - object_class - - ] - - )
Summary

-Create objects in the /usr directory +Do not audit attempts to write to /var.

@@ -2464,69 +2400,29 @@ Create objects in the /usr directory domain - -Domain allowed access. - - -No - - - -file_type - - -The type of the object to be created - +

+Domain to not audit. +

No - -object_class - - -The object class. If not specified, file is used. - - -yes - -
- +
-files_filetrans_var( - - - - - domain - - - - , - - - - file_type - +files_etc_filetrans( - , - - - [ - object_class - - ] + ? )
@@ -2535,7 +2431,723 @@ yes
Summary

-Create objects in the /var directory +Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + +

+Parameter descriptions are missing! +

+		 +No +
+
+
+ + +
+ + +
+ +files_exec_etc_files( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + +

+Parameter descriptions are missing! +

+		 +No +
+
+
+ + +
+ + +
+ +files_exec_usr_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute generic programs in /usr in the caller domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_exec_usr_src_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute programs in /usr/src in the caller domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_all_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_all_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_all_pipes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all named pipes. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_all_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all named sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_all_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all symbolic links. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_boot_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get attributes of the /boot directory. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_default_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Getattr of directories with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_generic_locks( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + +

+Parameter descriptions are missing! +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_home_dir( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of the home directories root +(/home). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_isid_type_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Getattr of directories on new filesystems +that have not yet been labeled. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_kernel_modules( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of kernel module files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_tmp_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of the tmp directory (/tmp). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_usr_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of files in /usr. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +files_getattr_var_lib_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of the /var/lib directory.

@@ -2546,44 +3158,307 @@ Create objects in the /var directory domain +

+Domain allowed access. +

+ +No + + + +
+
+ + +
+ + +
+ +files_home_filetrans( + + + + + domain + + + + , + + + + home_type + + + + , + + + + object + + + )
+
+
+ +
Summary
+

+Create objects in /home. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

Domain allowed access. +

+		 +No +
+home_type + +

+The private type. +

 No
-file_type +object + +

+The class of the object being created. +

+		 +No +
+
+
+ + +
+ + +
+ +files_kernel_modules_filetrans( + + + + + domain + + + + , + + + + private_type + + + + , + + + + object_class + + + )
+
+
+ +
Summary
+

+Create objects in the kernel module directories +with a private type via an automatic type transition. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+private_type + +

+The type of the object to be created. +

+		 +No +
+object_class + +

+The object class of the object being created. +

+		 +No +
+
+
+ + +
+ + +
+ +files_list_all( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + +

+Parameter descriptions are missing! +

+		 +No +
+
+
+ + +
+ + +
+ +files_list_default( + + + + + domain + + + )
+
+
+ +
Summary
+

+List contents of directories with the default file type. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 +No +
+
+
+ + +
+ + +
+ +files_list_etc( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

-The type of the object to be created - -No - +
Parameters
+ +
Parameter:Description:Optional:
-object_class +? - -The object class. If not specified, file is used. - +

+Parameter descriptions are missing! +

 -yes +No
- +
-files_filetrans_var_lib( +files_list_home( @@ -2591,33 +3466,13 @@ yes domain - - , - - - - file_type - - - - , - - - - [ - - object_class - - ] - - )
Summary

-Create objects in the /var/lib directory +Get listing of home directories.

@@ -2628,44 +3483,24 @@ Create objects in the /var/lib directory domain - +

Domain allowed access. - - -No - - - -file_type - - -The type of the object to be created - +

No - -object_class - - -The object class. If not specified, file is used. - - -yes - -
- +
-files_getattr_all_dirs( +files_list_isid_type_dirs( @@ -2679,7 +3514,8 @@ yes
Summary

-Get the attributes of all directories. +List the contents of directories on new filesystems +that have not yet been labeled.

@@ -2690,9 +3526,9 @@ Get the attributes of all directories. domain - +

Domain allowed access. - +

No @@ -2701,13 +3537,13 @@ No
- +
-files_getattr_all_file_type_sockets( +files_list_kernel_modules( @@ -2721,8 +3557,7 @@ No
Summary

-Get the attributes of all sockets -with the type of a file. +List the contents of the kernel module directories.

@@ -2733,9 +3568,9 @@ with the type of a file. domain - +

Domain allowed access. - +

No @@ -2744,18 +3579,18 @@ No
- +
-files_getattr_all_files( +files_list_mnt( - domain + ? )
@@ -2764,7 +3599,7 @@ No
Summary

-Get the attributes of all files. +Summary is missing!

@@ -2773,11 +3608,11 @@ Get the attributes of all files. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -2786,13 +3621,13 @@ No
- +
-files_getattr_all_pipes( +files_list_non_security( @@ -2806,7 +3641,7 @@ No
Summary

-Get the attributes of all named pipes. +List all non-security directories.

@@ -2817,9 +3652,9 @@ Get the attributes of all named pipes. domain - +

Domain allowed access. - +

No @@ -2828,18 +3663,18 @@ No
- +
-files_getattr_all_sockets( +files_list_pids( - domain + ? )
@@ -2848,7 +3683,7 @@ No
Summary

-Get the attributes of all named sockets. +Summary is missing!

@@ -2857,11 +3692,11 @@ Get the attributes of all named sockets. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -2870,18 +3705,18 @@ No
- +
-files_getattr_all_symlinks( +files_list_root( - domain + ? )
@@ -2890,7 +3725,7 @@ No
Summary

-Get the attributes of all symbolic links. +Summary is missing!

@@ -2899,11 +3734,11 @@ Get the attributes of all symbolic links. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -2912,18 +3747,18 @@ No
- +
-files_getattr_default_dir( +files_list_spool( - domain + ? )
@@ -2932,7 +3767,7 @@ No
Summary

-Getattr of directories with the default file type. +Summary is missing!

@@ -2941,11 +3776,11 @@ Getattr of directories with the default file type. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -2954,18 +3789,18 @@ No
- +
-files_getattr_generic_locks( +files_list_tmp( - ? + domain )
@@ -2974,7 +3809,7 @@ No
Summary

-Summary is missing! +Read the tmp directory (/tmp).

@@ -2983,11 +3818,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -2996,13 +3831,13 @@ No
- +
-files_getattr_home_dir( +files_list_usr( @@ -3016,8 +3851,8 @@ No
Summary

-Get the attributes of the home directories root -(/home). +List the contents of generic +directories in /usr.

@@ -3028,9 +3863,9 @@ Get the attributes of the home directories root domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -3039,13 +3874,13 @@ No
- +
-files_getattr_isid_type_dir( +files_list_var( @@ -3059,8 +3894,7 @@ No
Summary

-Getattr of directories on new filesystems -that have not yet been labeled. +List the contents of /var.

@@ -3071,9 +3905,9 @@ that have not yet been labeled. domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -3082,13 +3916,13 @@ No
- +
-files_getattr_tmp_dir( +files_list_var_lib( @@ -3102,7 +3936,7 @@ No
Summary

-Get the attributes of the tmp directory (/tmp). +List the contents of the /var/lib directory.

@@ -3113,9 +3947,9 @@ Get the attributes of the tmp directory (/tmp). domain - +

Domain allowed access. - +

No @@ -3124,13 +3958,13 @@ No
- +
-files_getattr_usr_files( +files_list_world_readable( @@ -3144,7 +3978,7 @@ No
Summary

-Get the attributes of files in /usr. +List world-readable directories.

@@ -3155,9 +3989,9 @@ Get the attributes of files in /usr. domain - +

Domain allowed access. - +

No @@ -3166,18 +4000,18 @@ No
- +
-files_getattr_var_lib_dir( +files_lock_file( - domain + ? )
@@ -3186,7 +4020,7 @@ No
Summary

-Get the attributes of the /var/lib directory. +Summary is missing!

@@ -3195,11 +4029,11 @@ Get the attributes of the /var/lib directory. Parameter:Description:Optional: -domain +? - -The type of the process performing this action. - +

+Parameter descriptions are missing! +

No @@ -3208,18 +4042,18 @@ No
- +
-files_list_all( +files_lock_filetrans( - domain + ? )
@@ -3228,7 +4062,7 @@ No
Summary

-List the contents of all directories. +Summary is missing!

@@ -3237,11 +4071,11 @@ List the contents of all directories. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -3250,18 +4084,26 @@ No
- +
-files_list_all_dirs( +files_manage_all_files( - ? + domain + + + + , + + + + exception_types )
@@ -3270,7 +4112,8 @@ No
Summary

-Summary is missing! +Manage all files on the filesystem, except +the listed exceptions.

@@ -3279,26 +4122,37 @@ Summary is missing! Parameter:Description:Optional: -? +domain + +

+The type of the domain perfoming this action. +

+ +No + + + +exception_types - -Parameter descriptions are missing! - +

+The types to be excluded. Each type or attribute +must be negated by the caller. +

-No +Yes
- +
-files_list_default( +files_manage_boot_files( @@ -3312,7 +4166,8 @@ No
Summary

-List contents of directories with the default file type. +Create, read, write, and delete files +in the /boot directory.

@@ -3323,9 +4178,9 @@ List contents of directories with the default file type. domain - +

Domain allowed access. - +

No @@ -3334,18 +4189,18 @@ No
- +
-files_list_etc( +files_manage_boot_symlinks( - ? + domain )
@@ -3354,7 +4209,8 @@ No
Summary

-Summary is missing! +Create, read, write, and delete symbolic links +in the /boot directory.

@@ -3363,11 +4219,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -3376,18 +4232,18 @@ No
- +
-files_list_home( +files_manage_etc_files( - domain + ? )
@@ -3396,7 +4252,7 @@ No
Summary

-Get listing of home directories. +Summary is missing!

@@ -3405,11 +4261,11 @@ Get listing of home directories. Parameter:Description:Optional: -domain +? - -The type of the process performing this action. - +

+Parameter descriptions are missing! +

No @@ -3418,13 +4274,13 @@ No
- +
-files_list_isid_type_dir( +files_manage_etc_runtime_files( @@ -3438,8 +4294,9 @@ No
Summary

-List the contents of directories on new filesystems -that have not yet been labeled. +Create, read, write, and delete files in +/etc that are dynamically created on boot, +such as mtab.

@@ -3450,9 +4307,9 @@ that have not yet been labeled. domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -3461,13 +4318,13 @@ No
- +
-files_list_mnt( +files_manage_generic_locks( @@ -3492,9 +4349,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -3503,18 +4360,18 @@ No
- +
-files_list_non_security( +files_manage_generic_spool( - domain + ? )
@@ -3523,7 +4380,7 @@ No
Summary

-List all non-security directories. +Summary is missing!

@@ -3532,11 +4389,11 @@ List all non-security directories. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -3545,13 +4402,13 @@ No
- +
-files_list_pids( +files_manage_generic_spool_dirs( @@ -3576,9 +4433,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -3587,18 +4444,18 @@ No
- +
-files_list_root( +files_manage_isid_type_blk_files( - ? + domain )
@@ -3607,7 +4464,8 @@ No
Summary

-Summary is missing! +Create, read, write, and delete block device nodes +on new filesystems that have not yet been labeled.

@@ -3616,11 +4474,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -3629,18 +4487,18 @@ No
- +
-files_list_spool( +files_manage_isid_type_chr_files( - ? + domain )
@@ -3649,7 +4507,8 @@ No
Summary

-Summary is missing! +Create, read, write, and delete character device nodes +on new filesystems that have not yet been labeled.

@@ -3658,11 +4517,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -3671,13 +4530,13 @@ No
- +
-files_list_tmp( +files_manage_isid_type_dirs( @@ -3691,7 +4550,8 @@ No
Summary

-Read the tmp directory (/tmp). +Create, read, write, and delete directories +on new filesystems that have not yet been labeled.

@@ -3702,9 +4562,9 @@ Read the tmp directory (/tmp). domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -3713,13 +4573,13 @@ No
- +
-files_list_usr( +files_manage_isid_type_files( @@ -3733,8 +4593,8 @@ No
Summary

-List the contents of generic -directories in /usr. +Create, read, write, and delete files +on new filesystems that have not yet been labeled.

@@ -3745,9 +4605,9 @@ directories in /usr. domain - +

Domain allowed access. - +

No @@ -3756,13 +4616,13 @@ No
- +
-files_list_var( +files_manage_isid_type_symlinks( @@ -3776,7 +4636,8 @@ No
Summary

-List the contents of /var. +Create, read, write, and delete symbolic links +on new filesystems that have not yet been labeled.

@@ -3787,9 +4648,9 @@ List the contents of /var. domain - +

Domain allowed access. - +

No @@ -3798,13 +4659,13 @@ No
- +
-files_list_var_lib( +files_manage_kernel_modules( @@ -3818,7 +4679,8 @@ No
Summary

-List the contents of the /var/lib directory. +Create, read, write, and delete +kernel module files.

@@ -3829,9 +4691,9 @@ List the contents of the /var/lib directory. domain - +

Domain allowed access. - +

No @@ -3840,13 +4702,13 @@ No
- +
-files_list_world_readable( +files_manage_lost_found( @@ -3860,7 +4722,8 @@ No
Summary

-List world-readable directories. +Create, read, write, and delete objects in +lost+found directories.

@@ -3871,9 +4734,9 @@ List world-readable directories. domain - +

Domain allowed access. - +

No @@ -3882,18 +4745,18 @@ No
- +
-files_lock_file( +files_manage_mnt_dirs( - ? + domain )
@@ -3902,7 +4765,7 @@ No
Summary

-Summary is missing! +Create, read, write, and delete directories in /mnt.

@@ -3911,11 +4774,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -3924,13 +4787,13 @@ No
- +
-files_manage_all_files( +files_manage_mnt_files( @@ -3938,26 +4801,13 @@ No domain - - , - - - - [ - - exception_types - - ] - - )
Summary

-Manage all files on the filesystem, except -the listed exceptions. +Create, read, write, and delete files in /mnt.

@@ -3968,40 +4818,29 @@ the listed exceptions. domain - -The type of the domain perfoming this action. - +

+Domain allowed access. +

No - -exception_types - - -The types to be excluded. Each type or attribute -must be negated by the caller. - - -yes - -
- +
-files_manage_etc_files( +files_manage_mnt_symlinks( - ? + domain )
@@ -4010,7 +4849,7 @@ yes
Summary

-Summary is missing! +Create, read, write, and delete symbolic links in /mnt.

@@ -4019,11 +4858,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -4032,13 +4871,13 @@ No
- +
-files_manage_etc_runtime_files( +files_manage_mounttab( @@ -4052,9 +4891,8 @@ No
Summary

-Create, read, write, and delete files in -/etc that are dynamically created on boot, -such as mtab. +Allow domain to manage mount tables +necessary for rpcd, nfsd, etc.

@@ -4065,9 +4903,9 @@ such as mtab. domain - +

Domain allowed access. - +

No @@ -4076,13 +4914,13 @@ No
- +
-files_manage_generic_locks( +files_manage_urandom_seed( @@ -4107,9 +4945,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -4118,18 +4956,18 @@ No
- +
-files_manage_generic_spool_dirs( +files_manage_var_dirs( - ? + domain )
@@ -4138,7 +4976,8 @@ No
Summary

-Summary is missing! +Create, read, write, and delete directories +in the /var directory.

@@ -4147,11 +4986,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -4160,18 +4999,18 @@ No
- +
-files_manage_generic_spools( +files_manage_var_files( - ? + domain )
@@ -4180,7 +5019,7 @@ No
Summary

-Summary is missing! +Create, read, write, and delete files in the /var directory.

@@ -4189,11 +5028,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -4202,13 +5041,13 @@ No
- +
-files_manage_isid_type_blk_node( +files_manage_var_symlinks( @@ -4222,8 +5061,8 @@ No
Summary

-Create, read, write, and delete block device nodes -on new filesystems that have not yet been labeled. +Create, read, write, and delete symbolic +links in the /var directory.

@@ -4234,9 +5073,9 @@ on new filesystems that have not yet been labeled. domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -4245,18 +5084,18 @@ No
- +
-files_manage_isid_type_chr_node( +files_mount_all_file_type_fs( - domain + ? )
@@ -4265,8 +5104,7 @@ No
Summary

-Create, read, write, and delete character device nodes -on new filesystems that have not yet been labeled. +Summary is missing!

@@ -4275,11 +5113,11 @@ on new filesystems that have not yet been labeled. Parameter:Description:Optional: -domain +? - -The type of the process performing this action. - +

+Parameter descriptions are missing! +

No @@ -4288,18 +5126,18 @@ No
- +
-files_manage_isid_type_dir( +files_mounton_all_mountpoints( - domain + ? )
@@ -4308,8 +5146,7 @@ No
Summary

-Create, read, write, and delete directories -on new filesystems that have not yet been labeled. +Summary is missing!

@@ -4318,11 +5155,11 @@ on new filesystems that have not yet been labeled. Parameter:Description:Optional: -domain +? - -The type of the process performing this action. - +

+Parameter descriptions are missing! +

No @@ -4331,13 +5168,13 @@ No
- +
-files_manage_isid_type_file( +files_mounton_all_poly_members( @@ -4351,8 +5188,8 @@ No
Summary

-Create, read, write, and delete files -on new filesystems that have not yet been labeled. +Mount filesystems on all polyinstantiation +member directories.

@@ -4363,9 +5200,9 @@ on new filesystems that have not yet been labeled. domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -4374,13 +5211,13 @@ No
- +
-files_manage_isid_type_symlink( +files_mounton_default( @@ -4394,8 +5231,7 @@ No
Summary

-Create, read, write, and delete symbolic links -on new filesystems that have not yet been labeled. +Mount a filesystem on a directory with the default file type.

@@ -4406,9 +5242,9 @@ on new filesystems that have not yet been labeled. domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -4417,13 +5253,13 @@ No
- +
-files_manage_lost_found( +files_mounton_isid_type_dirs( @@ -4437,8 +5273,8 @@ No
Summary

-Create, read, write, and delete objects in -lost+found directories. +Mount a filesystem on a directory on new filesystems +that has not yet been labeled.

@@ -4449,9 +5285,9 @@ lost+found directories. domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -4460,13 +5296,13 @@ No
- +
-files_manage_mnt_dirs( +files_mounton_mnt( @@ -4480,7 +5316,7 @@ No
Summary

-Create, read, write, and delete directories in /mnt. +Mount a filesystem on /mnt.

@@ -4491,9 +5327,9 @@ Create, read, write, and delete directories in /mnt. domain - +

Domain allowed access. - +

No @@ -4502,18 +5338,18 @@ No
- +
-files_manage_mnt_files( +files_mountpoint( - domain + ? )
@@ -4522,7 +5358,7 @@ No
Summary

-Create, read, write, and delete files in /mnt. +Summary is missing!

@@ -4531,11 +5367,11 @@ Create, read, write, and delete files in /mnt. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -4544,18 +5380,18 @@ No
- +
-files_manage_mnt_symlinks( +files_pid_file( - domain + ? )
@@ -4564,7 +5400,7 @@ No
Summary

-Create, read, write, and delete symbolic links in /mnt. +Summary is missing!

@@ -4573,11 +5409,11 @@ Create, read, write, and delete symbolic links in /mnt. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -4586,18 +5422,18 @@ No
- +
-files_manage_mounttab( +files_pid_filetrans( - domain + ? )
@@ -4606,8 +5442,7 @@ No
Summary

-Allow domain to manage mount tables -necessary for rpcd, nfsd, etc. +Summary is missing!

@@ -4616,11 +5451,11 @@ necessary for rpcd, nfsd, etc. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -4629,18 +5464,18 @@ No
- +
-files_manage_urandom_seed( +files_poly( - ? + file_type )
@@ -4649,7 +5484,8 @@ No
Summary

-Summary is missing! +Make the specified type a +polyinstantiated directory.

@@ -4658,11 +5494,12 @@ Summary is missing! Parameter:Description:Optional: -? +file_type - -Parameter descriptions are missing! - +

+Type of the file to be used as a +polyinstantiated directory. +

No @@ -4671,18 +5508,18 @@ No
- +
-files_manage_var_dirs( +files_poly_member( - domain + file_type )
@@ -4691,8 +5528,8 @@ No
Summary

-Create, read, write, and delete directories -in the /var directory. +Make the specified type a +polyinstantiation member directory.

@@ -4701,11 +5538,12 @@ in the /var directory. Parameter:Description:Optional: -domain +file_type - -Domain allowed access. - +

+Type of the file to be used as a +member directory. +

No @@ -4714,13 +5552,13 @@ No
- +
-files_manage_var_files( +files_poly_member_tmp( @@ -4728,13 +5566,22 @@ No domain + + , + + + + file_type + + )
Summary

-Create, read, write, and delete files in the /var directory. +Make the domain use the specified +type of polyinstantiated directory.

@@ -4745,9 +5592,21 @@ Create, read, write, and delete files in the /var directory. domain +

+Domain using the polyinstantiated +directory. +

+ +No + -Domain allowed access. - + +file_type + +

+Type of the file to be used as a +member directory. +

No @@ -4756,18 +5615,18 @@ No
- +
-files_manage_var_symlinks( +files_poly_parent( - domain + file_type )
@@ -4776,8 +5635,8 @@ No
Summary

-Create, read, write, and delete symbolic -links in the /var directory. +Make the specified type a parent +of a polyinstantiated directory.

@@ -4786,11 +5645,12 @@ links in the /var directory. Parameter:Description:Optional: -domain +file_type - -Domain allowed access. - +

+Type of the file to be used as a +parent directory. +

No @@ -4799,18 +5659,18 @@ No
- +
-files_mount_all_file_type_fs( +files_polyinstantiate_all( - ? + domain )
@@ -4819,7 +5679,8 @@ No
Summary

-Summary is missing! +Allow access to manage all polyinstantiated +directories on the system.

@@ -4828,11 +5689,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -4841,13 +5702,13 @@ No
- +
-files_mounton_all_mountpoints( +files_purge_tmp( @@ -4872,9 +5733,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -4883,13 +5744,13 @@ No
- +
-files_mounton_all_poly_members( +files_read_all_blk_files( @@ -4903,8 +5764,7 @@ No
Summary

-Mount filesystems on all polyinstantiation -member directories. +Read all block nodes with file types.

@@ -4915,9 +5775,9 @@ member directories. domain - +

Domain allowed access. - +

No @@ -4926,13 +5786,13 @@ No
- +
-files_mounton_default( +files_read_all_chr_files( @@ -4946,7 +5806,7 @@ No
Summary

-Mount a filesystem on a directory with the default file type. +Read all character nodes with file types.

@@ -4957,9 +5817,9 @@ Mount a filesystem on a directory with the default file type. domain - +

Domain allowed access. - +

No @@ -4968,13 +5828,13 @@ No
- +
-files_mounton_isid_type_dir( +files_read_all_dirs_except( @@ -4982,14 +5842,22 @@ No domain + + , + + + + exception_types + + )
Summary

-Mount a filesystem on a directory on new filesystems -that has not yet been labeled. +Read all directories on the filesystem, except +the listed exceptions.

@@ -5000,24 +5868,35 @@ that has not yet been labeled. domain - -The type of the process performing this action. - +

+The type of the domain perfoming this action. +

No + +exception_types + +

+The types to be excluded. Each type or attribute +must be negated by the caller. +

+ +Yes + +
- +
-files_mounton_mnt( +files_read_all_files( @@ -5031,7 +5910,7 @@ No
Summary

-Mount a filesystem on /mnt. +Read all files.

@@ -5042,9 +5921,9 @@ Mount a filesystem on /mnt. domain - +

Domain allowed access. - +

No @@ -5053,18 +5932,26 @@ No
- +
-files_mountpoint( +files_read_all_files_except( - ? + domain + + + + , + + + + exception_types )
@@ -5073,7 +5960,8 @@ No
Summary

-Summary is missing! +Read all files on the filesystem, except +the listed exceptions.

@@ -5082,31 +5970,42 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+The type of the domain perfoming this action. +

No + +exception_types + +

+The types to be excluded. Each type or attribute +must be negated by the caller. +

+ +Yes + +
- +
-files_pid_file( +files_read_all_locks( - ? + domain )
@@ -5115,7 +6014,7 @@ No
Summary

-Summary is missing! +Read all lock files.

@@ -5124,11 +6023,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -5137,18 +6036,18 @@ No
- +
-files_poly( +files_read_all_pids( - file_type + ? )
@@ -5157,8 +6056,7 @@ No
Summary

-Make the specified type a -polyinstantiated directory. +Summary is missing!

@@ -5167,12 +6065,11 @@ polyinstantiated directory. Parameter:Description:Optional: -file_type +? - -Type of the file to be used as a -polyinstantiated directory. - +

+Parameter descriptions are missing! +

No @@ -5181,18 +6078,18 @@ No
- +
-files_poly_member( +files_read_all_symlinks( - file_type + domain )
@@ -5201,8 +6098,7 @@ No
Summary

-Make the specified type a -polyinstantiation member directory. +Read all symbolic links.

@@ -5211,12 +6107,11 @@ polyinstantiation member directory. Parameter:Description:Optional: -file_type +domain - -Type of the file to be used as a -member directory. - +

+Domain allowed access. +

No @@ -5225,13 +6120,13 @@ No
- +
-files_poly_member_tmp( +files_read_all_symlinks_except( @@ -5244,7 +6139,7 @@ No - file_type + exception_types )
@@ -5253,8 +6148,8 @@ No
Summary

-Make the domain use the specified -type of polyinstantiated directory. +Read all symbolic links on the filesystem, except +the listed exceptions.

@@ -5265,80 +6160,35 @@ type of polyinstantiated directory. domain - -Domain using the polyinstantiated -directory. - +

+The type of the domain perfoming this action. +

No -file_type - - -Type of the file to be used as a -member directory. - +exception_types -No - - - -
-
- - -
- - -
- -files_poly_parent( - - - - - file_type - - - )
-
-
- -
Summary

-Make the specified type a parent -of a polyinstantiated directory. +The types to be excluded. Each type or attribute +must be negated by the caller.

- - -
Parameters
- - - -
Parameter:Description:Optional:
-file_type - -Type of the file to be used as a -parent directory. - - -No +Yes
- +
-files_polyinstantiate_all( +files_read_default_files( @@ -5352,8 +6202,7 @@ No
Summary

-Allow access to manage all polyinstantiated -directories on the system. +Read files with the default file type.

@@ -5364,9 +6213,9 @@ directories on the system. domain - +

Domain allowed access. - +

No @@ -5375,18 +6224,18 @@ No
- +
-files_purge_tmp( +files_read_default_pipes( - ? + domain )
@@ -5395,7 +6244,7 @@ No
Summary

-Summary is missing! +Read named pipes with the default file type.

@@ -5404,11 +6253,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -5417,13 +6266,13 @@ No
- +
-files_read_all_blk_nodes( +files_read_default_sockets( @@ -5437,7 +6286,7 @@ No
Summary

-Read all block nodes with file types. +Read sockets with the default file type.

@@ -5448,9 +6297,9 @@ Read all block nodes with file types. domain - +

Domain allowed access. - +

No @@ -5459,13 +6308,13 @@ No
- +
-files_read_all_chr_nodes( +files_read_default_symlinks( @@ -5479,7 +6328,7 @@ No
Summary

-Read all character nodes with file types. +Read symbolic links with the default file type.

@@ -5490,9 +6339,9 @@ Read all character nodes with file types. domain - +

Domain allowed access. - +

No @@ -5501,30 +6350,18 @@ No
- +
-files_read_all_dirs_except( - - - - - domain - +files_read_etc_files( - , - - - [ - - exception_types - ] + ? )
@@ -5533,8 +6370,7 @@ No
Summary

-Read all directories on the filesystem, except -the listed exceptions. +Summary is missing!

@@ -5543,37 +6379,26 @@ the listed exceptions. Parameter:Description:Optional: -domain +? - -The type of the domain perfoming this action. - +

+Parameter descriptions are missing! +

No - -exception_types - - -The types to be excluded. Each type or attribute -must be negated by the caller. - - -yes - -
- +
-files_read_all_files( +files_read_etc_runtime_files( @@ -5587,7 +6412,8 @@ yes
Summary

-Read all files. +Read files in /etc that are dynamically +created on boot, such as mtab.

@@ -5598,9 +6424,9 @@ Read all files. domain - +

Domain allowed access. - +

No @@ -5609,30 +6435,18 @@ No
- +
-files_read_all_files_except( - - - - - domain - +files_read_generic_spool( - , - - - [ - exception_types - - ] + ? )
@@ -5641,8 +6455,7 @@ No
Summary

-Read all files on the filesystem, except -the listed exceptions. +Summary is missing!

@@ -5651,37 +6464,26 @@ the listed exceptions. Parameter:Description:Optional: -domain +? - -The type of the domain perfoming this action. - +

+Parameter descriptions are missing! +

No - -exception_types - - -The types to be excluded. Each type or attribute -must be negated by the caller. - - -yes - -
- +
-files_read_all_locks( +files_read_generic_tmp_files( @@ -5695,7 +6497,7 @@ yes
Summary

-Read all lock files. +Read files in the tmp directory (/tmp).

@@ -5706,9 +6508,9 @@ Read all lock files. domain - +

Domain allowed access. - +

No @@ -5717,18 +6519,18 @@ No
- +
-files_read_all_pids( +files_read_generic_tmp_symlinks( - ? + domain )
@@ -5737,7 +6539,7 @@ No
Summary

-Summary is missing! +Read symbolic links in the tmp directory (/tmp).

@@ -5746,11 +6548,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -5759,13 +6561,13 @@ No
- +
-files_read_all_symlinks( +files_read_isid_type_files( @@ -5779,7 +6581,8 @@ No
Summary

-Read all symbolic links. +Read files on new filesystems +that have not yet been labeled.

@@ -5790,9 +6593,9 @@ Read all symbolic links. domain - +

Domain allowed access. - +

No @@ -5801,13 +6604,13 @@ No
- +
-files_read_all_symlinks_except( +files_read_kernel_modules( @@ -5815,26 +6618,13 @@ No domain - - , - - - - [ - - exception_types - - ] - - )
Summary

-Read all symbolic links on the filesystem, except -the listed exceptions. +Read kernel module files.

@@ -5845,35 +6635,24 @@ the listed exceptions. domain - -The type of the domain perfoming this action. - +

+Domain allowed access. +

No - -exception_types - - -The types to be excluded. Each type or attribute -must be negated by the caller. - - -yes - -
- +
-files_read_default_files( +files_read_kernel_symbol_table( @@ -5887,7 +6666,7 @@ yes
Summary

-Read files with the default file type. +Read system.map in the /boot directory.

@@ -5898,9 +6677,9 @@ Read files with the default file type. domain - +

Domain allowed access. - +

No @@ -5909,13 +6688,13 @@ No
- +
-files_read_default_pipes( +files_read_non_security_files( @@ -5929,7 +6708,7 @@ No
Summary

-Read named pipes with the default file type. +Read all non-security files.

@@ -5940,9 +6719,9 @@ Read named pipes with the default file type. domain - +

Domain allowed access. - +

No @@ -5951,18 +6730,18 @@ No
- +
-files_read_default_sockets( +files_read_usr_files( - domain + ? )
@@ -5971,7 +6750,7 @@ No
Summary

-Read sockets with the default file type. +Summary is missing!

@@ -5980,11 +6759,11 @@ Read sockets with the default file type. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -5993,18 +6772,18 @@ No
- +
-files_read_default_symlinks( +files_read_usr_src_files( - domain + ? )
@@ -6013,7 +6792,7 @@ No
Summary

-Read symbolic links with the default file type. +Summary is missing!

@@ -6022,11 +6801,11 @@ Read symbolic links with the default file type. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -6035,18 +6814,18 @@ No
- +
-files_read_etc_files( +files_read_usr_symlinks( - ? + domain )
@@ -6055,7 +6834,7 @@ No
Summary

-Summary is missing! +Read symbolic links in /usr.

@@ -6064,11 +6843,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -6077,13 +6856,13 @@ No
- +
-files_read_etc_runtime_files( +files_read_var_files( @@ -6097,8 +6876,7 @@ No
Summary

-Read files in /etc that are dynamically -created on boot, such as mtab. +Read files in the /var directory.

@@ -6109,9 +6887,9 @@ created on boot, such as mtab. domain - +

Domain allowed access. - +

No @@ -6120,18 +6898,18 @@ No
- +
-files_read_generic_spools( +files_read_var_lib_files( - ? + domain )
@@ -6140,7 +6918,7 @@ No
Summary

-Summary is missing! +Read generic files in /var/lib.

@@ -6149,11 +6927,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -6162,13 +6940,13 @@ No
- +
-files_read_generic_tmp_files( +files_read_var_lib_symlinks( @@ -6182,7 +6960,7 @@ No
Summary

-Read files in the tmp directory (/tmp). +Read generic symbolic links in /var/lib

@@ -6193,9 +6971,9 @@ Read files in the tmp directory (/tmp). domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -6204,13 +6982,13 @@ No
- +
-files_read_generic_tmp_symlinks( +files_read_var_symlinks( @@ -6224,7 +7002,7 @@ No
Summary

-Read symbolic links in the tmp directory (/tmp). +Read symbolic links in the /var directory.

@@ -6235,9 +7013,9 @@ Read symbolic links in the tmp directory (/tmp). domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -6246,13 +7024,13 @@ No
- +
-files_read_isid_type_file( +files_read_world_readable_files( @@ -6266,8 +7044,7 @@ No
Summary

-Read files on new filesystems -that have not yet been labeled. +Read world-readable files.

@@ -6278,9 +7055,9 @@ that have not yet been labeled. domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -6289,13 +7066,13 @@ No
- +
-files_read_non_security_files( +files_read_world_readable_pipes( @@ -6309,7 +7086,7 @@ No
Summary

-Read all non-security files. +Read world-readable named pipes.

@@ -6320,9 +7097,9 @@ Read all non-security files. domain - +

Domain allowed access. - +

No @@ -6331,18 +7108,18 @@ No
- +
-files_read_usr_files( +files_read_world_readable_sockets( - ? + domain )
@@ -6351,7 +7128,7 @@ No
Summary

-Summary is missing! +Read world-readable sockets.

@@ -6360,11 +7137,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -6373,18 +7150,18 @@ No
- +
-files_read_usr_src_files( +files_read_world_readable_symlinks( - ? + domain )
@@ -6393,7 +7170,7 @@ No
Summary

-Summary is missing! +Read world-readable symbolic links.

@@ -6402,11 +7179,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -6415,13 +7192,13 @@ No
- +
-files_read_usr_symlinks( +files_relabel_all_files( @@ -6429,13 +7206,22 @@ No domain + + , + + + + exception_types + + )
Summary

-Read symbolic links in /usr. +Relabel all files on the filesystem, except +the listed exceptions.

@@ -6446,24 +7232,35 @@ Read symbolic links in /usr. domain - -Domain allowed access. - +

+The type of the domain perfoming this action. +

No + +exception_types + +

+The types to be excluded. Each type or attribute +must be negated by the caller. +

+ +Yes + +
- +
-files_read_var_files( +files_relabel_etc_files( @@ -6477,7 +7274,7 @@ No
Summary

-Read files in the /var directory. +Relabel from and to generic files in /etc.

@@ -6488,9 +7285,9 @@ Read files in the /var directory. domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -6499,13 +7296,13 @@ No
- +
-files_read_var_lib_files( +files_relabel_kernel_modules( @@ -6519,7 +7316,7 @@ No
Summary

-Read generic files in /var/lib. +Relabel from and to kernel module files.

@@ -6530,9 +7327,9 @@ Read generic files in /var/lib. domain - +

Domain allowed access. - +

No @@ -6541,13 +7338,13 @@ No
- +
-files_read_var_lib_symlinks( +files_relabelfrom_boot_files( @@ -6561,7 +7358,7 @@ No
Summary

-Read generic symbolic links in /var/lib +Relabel from files in the /boot directory.

@@ -6572,9 +7369,9 @@ Read generic symbolic links in /var/lib domain - +

Domain allowed access. - +

No @@ -6583,18 +7380,18 @@ No
- +
-files_read_var_symlink( +files_relabelto_all_file_type_fs( - domain + ? )
@@ -6603,7 +7400,7 @@ No
Summary

-Read symbolic links in the /var directory. +Summary is missing!

@@ -6612,11 +7409,11 @@ Read symbolic links in the /var directory. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -6625,13 +7422,13 @@ No
- +
-files_read_world_readable_files( +files_relabelto_usr_files( @@ -6645,7 +7442,7 @@ No
Summary

-Read world-readable files. +Relabel a file to the type used in /usr.

@@ -6656,9 +7453,9 @@ Read world-readable files. domain - +

Domain allowed access. - +

No @@ -6667,13 +7464,13 @@ No
- +
-files_read_world_readable_pipes( +files_root_filetrans( @@ -6681,13 +7478,30 @@ No domain + + , + + + + private type + + + + , + + + + object + + )
Summary

-Read world-readable named pipes. +Create an object in the root directory, with a private +type.

@@ -6698,9 +7512,29 @@ Read world-readable named pipes. domain - +

Domain allowed access. +

+ +No + + + +private type + +

+The type of the object to be created. +

+ +No + + +object + +

+The object class of the object being created. +

No @@ -6709,13 +7543,13 @@ No
- +
-files_read_world_readable_sockets( +files_rw_boot_symlinks( @@ -6729,7 +7563,8 @@ No
Summary

-Read world-readable sockets. +Read and write symbolic links +in the /boot directory.

@@ -6740,9 +7575,9 @@ Read world-readable sockets. domain - +

Domain allowed access. - +

No @@ -6751,18 +7586,18 @@ No
- +
-files_read_world_readable_symlinks( +files_rw_etc_files( - domain + ? )
@@ -6771,7 +7606,7 @@ No
Summary

-Read world-readable symbolic links. +Summary is missing!

@@ -6780,11 +7615,11 @@ Read world-readable symbolic links. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -6793,13 +7628,13 @@ No
- +
-files_relabel_all_files( +files_rw_etc_runtime_files( @@ -6807,26 +7642,14 @@ No domain - - , - - - - [ - - exception_types - - ] - - )
Summary

-Relabel all files on the filesystem, except -the listed exceptions. +Read and write files in /etc that are dynamically +created on boot, such as mtab.

@@ -6837,40 +7660,29 @@ the listed exceptions. domain - -The type of the domain perfoming this action. - +

+Domain allowed access. +

No - -exception_types - - -The types to be excluded. Each type or attribute -must be negated by the caller. - - -yes - -
- +
-files_relabel_etc_files( +files_rw_generic_pids( - domain + ? )
@@ -6879,7 +7691,7 @@ yes
Summary

-Relabel from and to generic files in /etc. +Summary is missing!

@@ -6888,11 +7700,11 @@ Relabel from and to generic files in /etc. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -6901,18 +7713,18 @@ No
- +
-files_relabelto_all_file_type_fs( +files_rw_generic_tmp_sockets( - ? + domain )
@@ -6921,7 +7733,7 @@ No
Summary

-Summary is missing! +Read and write generic named sockets in the tmp directory (/tmp).

@@ -6930,11 +7742,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -6943,13 +7755,13 @@ No
- +
-files_relabelto_usr_files( +files_rw_isid_type_blk_files( @@ -6963,7 +7775,8 @@ No
Summary

-Relabel a file to the type used in /usr. +Read and write block device nodes on new filesystems +that have not yet been labeled.

@@ -6974,9 +7787,9 @@ Relabel a file to the type used in /usr. domain - +

Domain allowed access. - +

No @@ -6985,18 +7798,18 @@ No
- +
-files_rw_etc_files( +files_rw_isid_type_dirs( - ? + domain )
@@ -7005,7 +7818,8 @@ No
Summary

-Summary is missing! +Read and write directories on new filesystems +that have not yet been labeled.

@@ -7014,11 +7828,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -7027,13 +7841,13 @@ No
- +
-files_rw_etc_runtime_files( +files_rw_lock_dirs( @@ -7047,8 +7861,8 @@ No
Summary

-Read and write files in /etc that are dynamically -created on boot, such as mtab. +Add and remove entries in the /var/lock +directories.

@@ -7059,9 +7873,9 @@ created on boot, such as mtab. domain - +

Domain allowed access. - +

No @@ -7070,13 +7884,13 @@ No
- +
-files_rw_generic_pids( +files_search_all( @@ -7101,9 +7915,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -7112,13 +7926,13 @@ No
- +
-files_rw_generic_tmp_sockets( +files_search_boot( @@ -7132,7 +7946,7 @@ No
Summary

-Read and write generic named sockets in the tmp directory (/tmp). +Search the /boot directory.

@@ -7143,9 +7957,9 @@ Read and write generic named sockets in the tmp directory (/tmp). domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -7154,13 +7968,13 @@ No
- +
-files_rw_isid_type_blk_node( +files_search_default( @@ -7174,8 +7988,7 @@ No
Summary

-Read and write block device nodes on new filesystems -that have not yet been labeled. +Search the contents of directories with the default file type.

@@ -7186,9 +7999,9 @@ that have not yet been labeled. domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -7197,18 +8010,18 @@ No
- +
-files_rw_isid_type_dir( +files_search_etc( - domain + ? )
@@ -7217,8 +8030,7 @@ No
Summary

-Read and write directories on new filesystems -that have not yet been labeled. +Summary is missing!

@@ -7227,11 +8039,11 @@ that have not yet been labeled. Parameter:Description:Optional: -domain +? - -The type of the process performing this action. - +

+Parameter descriptions are missing! +

No @@ -7240,13 +8052,13 @@ No
- +
-files_rw_locks_dir( +files_search_home( @@ -7260,8 +8072,7 @@ No
Summary

-Add and remove entries in the /var/lock -directories. +Search home directories root (/home).

@@ -7272,9 +8083,9 @@ directories. domain - +

Domain allowed access. - +

No @@ -7283,13 +8094,13 @@ No
- +
-files_search_all( +files_search_kernel_modules( @@ -7303,7 +8114,7 @@ No
Summary

-Search all directories. +Search the contents of the kernel module directories.

@@ -7314,9 +8125,9 @@ Search all directories. domain - +

Domain allowed access. - +

No @@ -7325,18 +8136,18 @@ No
- +
-files_search_all_dirs( +files_search_locks( - ? + domain )
@@ -7345,7 +8156,7 @@ No
Summary

-Summary is missing! +Search the locks directory (/var/lock).

@@ -7354,11 +8165,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -7367,18 +8178,18 @@ No
- +
-files_search_default( +files_search_mnt( - domain + ? )
@@ -7387,7 +8198,7 @@ No
Summary

-Search the contents of directories with the default file type. +Summary is missing!

@@ -7396,11 +8207,11 @@ Search the contents of directories with the default file type. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -7409,13 +8220,13 @@ No
- +
-files_search_etc( +files_search_pids( @@ -7440,9 +8251,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -7451,18 +8262,18 @@ No
- +
-files_search_home( +files_search_spool( - domain + ? )
@@ -7471,7 +8282,7 @@ No
Summary

-Search home directories root (/home). +Summary is missing!

@@ -7480,11 +8291,11 @@ Search home directories root (/home). Parameter:Description:Optional: -domain +? - -The type of the process performing this action. - +

+Parameter descriptions are missing! +

No @@ -7493,18 +8304,18 @@ No
- +
-files_search_locks( +files_search_tmp( - ? + domain )
@@ -7513,7 +8324,7 @@ No
Summary

-Summary is missing! +Search the tmp directory (/tmp).

@@ -7522,11 +8333,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -7535,13 +8346,13 @@ No
- +
-files_search_mnt( +files_search_usr( @@ -7566,9 +8377,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -7577,18 +8388,18 @@ No
- +
-files_search_pids( +files_search_var( - ? + domain )
@@ -7597,7 +8408,7 @@ No
Summary

-Summary is missing! +Search the contents of /var.

@@ -7606,11 +8417,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -7619,18 +8430,18 @@ No
- +
-files_search_spool( +files_search_var_lib( - ? + domain )
@@ -7639,7 +8450,7 @@ No
Summary

-Summary is missing! +Search the /var/lib directory.

@@ -7648,11 +8459,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -7661,18 +8472,18 @@ No
- +
-files_search_tmp( +files_security_file( - domain + file_type )
@@ -7681,7 +8492,9 @@ No
Summary

-Search the tmp directory (/tmp). +Make the specified type a file that +should not be dontaudited from +browsing from user domains.

@@ -7690,11 +8503,12 @@ Search the tmp directory (/tmp). Parameter:Description:Optional: -domain +file_type - -The type of the process performing this action. - +

+Type of the file to be used as a +member directory. +

No @@ -7703,18 +8517,18 @@ No
- +
-files_search_usr( +files_setattr_all_tmp_dirs( - ? + domain )
@@ -7723,7 +8537,7 @@ No
Summary

-Summary is missing! +Set the attributes of all tmp directories.

@@ -7732,11 +8546,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -7745,13 +8559,13 @@ No
- +
-files_search_var( +files_setattr_etc_dirs( @@ -7765,7 +8579,7 @@ No
Summary

-Search the contents of /var. +Set the attributes of the /etc directories.

@@ -7776,9 +8590,9 @@ Search the contents of /var. domain - +

Domain allowed access. - +

No @@ -7787,18 +8601,18 @@ No
- +
-files_search_var_lib( +files_tmp_file( - domain + file_type )
@@ -7807,7 +8621,8 @@ No
Summary

-Search the /var/lib directory. +Make the specified type a file +used for temporary files.

@@ -7816,11 +8631,12 @@ Search the /var/lib directory. Parameter:Description:Optional: -domain +file_type - -The type of the process performing this action. - +

+Type of the file to be used as a +temporary file. +

No @@ -7829,18 +8645,18 @@ No
- +
-files_search_var_lib_dir( +files_tmp_filetrans( - domain + ? )
@@ -7849,7 +8665,7 @@ No
Summary

-Search directories in /var/lib. +Summary is missing!

@@ -7858,11 +8674,11 @@ Search directories in /var/lib. Parameter:Description:Optional: -domain +? - -The type of the process performing this action. - +

+Parameter descriptions are missing! +

No @@ -7871,18 +8687,18 @@ No
- +
-files_security_file( +files_tmpfs_file( - file_type + type )
@@ -7891,9 +8707,8 @@ No
Summary

-Make the specified type a file that -should not be dontaudited from -browsing from user domains. +Transform the type into a file, for use on a +virtual memory filesystem (tmpfs).

@@ -7902,12 +8717,11 @@ browsing from user domains. Parameter:Description:Optional: -file_type +type - -Type of the file to be used as a -member directory. - +

+The type to be transformed. +

No @@ -7916,18 +8730,18 @@ No
- +
-files_setattr_all_tmp_dirs( +files_type( - domain + type )
@@ -7936,7 +8750,8 @@ No
Summary

-Set the attributes of all tmp directories. +Make the specified type usable for files +in a filesystem.

@@ -7945,11 +8760,11 @@ Set the attributes of all tmp directories. Parameter:Description:Optional: -domain +type - -The type of the process performing this action. - +

+Type to be used for files. +

No @@ -7958,13 +8773,13 @@ No
- +
-files_setattr_etc_dir( +files_unconfined( @@ -7978,7 +8793,7 @@ No
Summary

-Set the attributes of the /etc directories. +Unconfined access to files.

@@ -7989,9 +8804,9 @@ Set the attributes of the /etc directories. domain - +

Domain allowed access. - +

No @@ -8000,18 +8815,18 @@ No
- +
-files_tmp_file( +files_unmount_all_file_type_fs( - file_type + ? )
@@ -8020,8 +8835,7 @@ No
Summary

-Make the specified type a file -used for temporary files. +Summary is missing!

@@ -8030,12 +8844,11 @@ used for temporary files. Parameter:Description:Optional: -file_type +? - -Type of the file to be used as a -temporary file. - +

+Parameter descriptions are missing! +

No @@ -8044,18 +8857,18 @@ No
- +
-files_tmpfs_file( +files_unmount_rootfs( - type + ? )
@@ -8064,8 +8877,7 @@ No
Summary

-Transform the type into a file, for use on a -virtual memory filesystem (tmpfs). +Summary is missing!

@@ -8074,11 +8886,11 @@ virtual memory filesystem (tmpfs). Parameter:Description:Optional: -type +? - -The type to be transformed. - +

+Parameter descriptions are missing! +

No @@ -8087,18 +8899,34 @@ No
- +
-files_type( +files_usr_filetrans( - type + domain + + + + , + + + + file_type + + + + , + + + + object_class )
@@ -8107,8 +8935,7 @@ No
Summary

-Make the specified type usable for files -in a filesystem. +Create objects in the /usr directory

@@ -8117,11 +8944,31 @@ in a filesystem. Parameter:Description:Optional: -type +domain + +

+Domain allowed access. +

+No + -Type to be used for files. + +file_type + +

+The type of the object to be created +

+ +No + + +object_class + +

+The object class. +

No @@ -8130,13 +8977,13 @@ No
- +
-files_unconfined( +files_var_filetrans( @@ -8144,13 +8991,29 @@ No domain + + , + + + + file_type + + + + , + + + + object_class + + )
Summary

-Unconfined access to files. +Create objects in the /var directory

@@ -8161,9 +9024,29 @@ Unconfined access to files. domain - +

Domain allowed access. +

+ +No + + + +file_type + +

+The type of the object to be created +

+ +No + + +object_class + +

+The object class. +

No @@ -8172,18 +9055,34 @@ No
- +
-files_unmount_all_file_type_fs( +files_var_lib_filetrans( - ? + domain + + + + , + + + + file_type + + + + , + + + + object_class )
@@ -8192,7 +9091,7 @@ No
Summary

-Summary is missing! +Create objects in the /var/lib directory

@@ -8201,11 +9100,31 @@ Summary is missing! Parameter:Description:Optional: -? +domain + +

+Domain allowed access. +

+No + -Parameter descriptions are missing! + +file_type + +

+The type of the object to be created +

+ +No + + +object_class + +

+The object class. +

No @@ -8214,18 +9133,18 @@ No
- +
-files_unmount_rootfs( +files_write_kernel_modules( - ? + domain )
@@ -8234,7 +9153,7 @@ No
Summary

-Summary is missing! +Write kernel module files.

@@ -8243,11 +9162,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -8256,13 +9175,13 @@ No
- +
-files_write_non_security_dir( +files_write_non_security_dirs( @@ -8287,9 +9206,9 @@ Allow attempts to modify any directory domain - +

Domain to allow - +

No diff --git a/www/api-docs/kernel_filesystem.html b/www/api-docs/kernel_filesystem.html index 3b6ec3d..140134d 100644 --- a/www/api-docs/kernel_filesystem.html +++ b/www/api-docs/kernel_filesystem.html @@ -25,9 +25,6 @@ kernel
-    -  - bootloader
-    -  corecommands
@@ -49,6 +46,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -137,9 +137,9 @@ a filesystem such as ext3, JFS, and XFS. file_type - +

The type of the to be associated. - +

No @@ -183,9 +183,9 @@ FAT32, and NFS. file_type - +

The type of the to be associated. - +

No @@ -225,9 +225,9 @@ Allow the type to associate to tmpfs filesystems. type - +

The type of the object to be associated. - +

No @@ -297,9 +297,9 @@ in particular used by the ssh-agent policy. domain - +

The type of the process performing this action. - +

No @@ -307,9 +307,9 @@ No target_domain - +

The type of the new process. - +

No @@ -349,9 +349,9 @@ Do not audit attempts to read removable storage files. domain - +

Domain not to audit. - +

No @@ -392,9 +392,9 @@ of all files with a filesystem type. domain - +

Domain allowed access. - +

No @@ -435,9 +435,9 @@ all filesystems. domain - +

The type of the domain to not audit. - +

No @@ -478,9 +478,9 @@ of all named pipes with a filesystem type. domain - +

Domain allowed access. - +

No @@ -521,9 +521,9 @@ of all named sockets with a filesystem type. domain - +

Domain allowed access. - +

No @@ -564,9 +564,9 @@ of all symbolic links with a filesystem type. domain - +

Domain allowed access. - +

No @@ -609,9 +609,9 @@ attributes, such as ext3, JFS, or XFS. domain - +

The type of the domain to not audit. - +

No @@ -652,9 +652,9 @@ mounted filesystems. domain - +

The type of the domain performing this action. - +

No @@ -695,9 +695,9 @@ of directories on a CIFS or SMB filesystem. domain - +

Domain to not audit. - +

No @@ -738,9 +738,9 @@ of directories on a NFS filesystem. domain - +

Domain to not audit. - +

No @@ -749,13 +749,13 @@ No
- +
-fs_dontaudit_list_removable_dirs( +fs_dontaudit_list_removable( @@ -780,9 +780,9 @@ Do not audit attempts to list removable storage directories. domain - +

Domain not to audit. - +

No @@ -823,9 +823,9 @@ contents of generic tmpfs directories. domain - +

Domain to not audit. - +

No @@ -867,9 +867,9 @@ on a CIFS or SMB network filesystem. domain - +

The type of the domain managing the directories. - +

No @@ -911,9 +911,9 @@ on a CIFS or SMB network filesystem. domain - +

Domain to not audit. - +

No @@ -955,9 +955,9 @@ on a NFS filesystem. domain - +

Domain to not audit. - +

No @@ -999,9 +999,9 @@ on a NFS filesystem. domain - +

Domain to not audit. - +

No @@ -1042,9 +1042,9 @@ files on a CIFS or SMB filesystem. domain - +

The type of the domain to not audit. - +

No @@ -1085,9 +1085,9 @@ files on a NFS filesystem. domain - +

The type of the domain to not audit. - +

No @@ -1096,13 +1096,13 @@ No
- +
-fs_dontaudit_rw_cifs_files( +fs_dontaudit_read_ramfs_files( @@ -1116,8 +1116,7 @@ No
Summary

-Do not audit attempts to read or -write files on a CIFS or SMB filesystem. +Dontaudit read on a ramfs files.

@@ -1128,9 +1127,9 @@ write files on a CIFS or SMB filesystem. domain - -The type of the domain to not audit. - +

+Domain allowed access. +

No @@ -1139,13 +1138,13 @@ No
- +
-fs_dontaudit_rw_nfs_files( +fs_dontaudit_read_ramfs_pipes( @@ -1159,8 +1158,7 @@ No
Summary

-Do not audit attempts to read or -write files on a NFS filesystem. +Dontaudit read on a ramfs fifo_files.

@@ -1171,9 +1169,9 @@ write files on a NFS filesystem. domain - -The type of the domain to not audit. - +

+Domain allowed access. +

No @@ -1182,13 +1180,13 @@ No
- +
-fs_dontaudit_rw_tmpfs_files( +fs_dontaudit_rw_cifs_files( @@ -1202,8 +1200,8 @@ No
Summary

-Do not audit attempts to read or write -generic tmpfs files. +Do not audit attempts to read or +write files on a CIFS or SMB filesystem.

@@ -1214,9 +1212,9 @@ generic tmpfs files. domain - -Domain to not audit. - +

+The type of the domain to not audit. +

No @@ -1225,13 +1223,13 @@ No
- +
-fs_dontaudit_use_tmpfs_chr_dev( +fs_dontaudit_rw_nfs_files( @@ -1245,7 +1243,8 @@ No
Summary

-dontaudit Read and write character nodes on tmpfs filesystems. +Do not audit attempts to read or +write files on a NFS filesystem.

@@ -1256,9 +1255,9 @@ dontaudit Read and write character nodes on tmpfs filesystems. domain - -The type of the process performing this action. - +

+The type of the domain to not audit. +

No @@ -1267,13 +1266,13 @@ No
- +
-fs_exec_noxattr( +fs_dontaudit_rw_tmpfs_files( @@ -1287,8 +1286,8 @@ No
Summary

-Execute files on a filesystem that does -not support extended attributes. +Do not audit attempts to read or write +generic tmpfs files.

@@ -1299,9 +1298,9 @@ not support extended attributes. domain - -Domain allowed access. - +

+Domain to not audit. +

No @@ -1310,13 +1309,13 @@ No
- +
-fs_execute_cifs_files( +fs_dontaudit_search_ramfs( @@ -1330,9 +1329,7 @@ No
Summary

-Execute files on a CIFS or SMB -network filesystem, in the caller -domain. +Dontaudit Search directories on a ramfs

@@ -1343,9 +1340,9 @@ domain. domain - -The type of the domain executing the files. - +

+Domain allowed access. +

No @@ -1354,13 +1351,13 @@ No
- +
-fs_execute_nfs_files( +fs_dontaudit_use_tmpfs_chr_dev( @@ -1374,7 +1371,7 @@ No
Summary

-Execute files on a NFS filesystem. +dontaudit Read and write character nodes on tmpfs filesystems.

@@ -1385,9 +1382,9 @@ Execute files on a NFS filesystem. domain - -The type of the domain executing the files. - +

+The type of the process performing this action. +

No @@ -1396,18 +1393,18 @@ No
- +
-fs_filetrans_tmpfs( +fs_exec_cifs_files( - ? + domain )
@@ -1416,7 +1413,9 @@ No
Summary

-Summary is missing! +Execute files on a CIFS or SMB +network filesystem, in the caller +domain.

@@ -1425,11 +1424,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+The type of the domain executing the files. +

No @@ -1438,13 +1437,13 @@ No
- +
-fs_get_all_fs_quotas( +fs_exec_nfs_files( @@ -1458,7 +1457,7 @@ No
Summary

-Get the quotas of all filesystems. +Execute files on a NFS filesystem.

@@ -1469,9 +1468,9 @@ Get the quotas of all filesystems. domain - -The type of the domain getting quotas. - +

+The type of the domain executing the files. +

No @@ -1480,13 +1479,13 @@ No
- +
-fs_get_xattr_fs_quota( +fs_exec_noxattr( @@ -1500,8 +1499,8 @@ No
Summary

-Get the filesystem quotas of a filesystem -with extended attributes. +Execute files on a filesystem that does +not support extended attributes.

@@ -1512,9 +1511,9 @@ with extended attributes. domain - -The type of the domain mounting the filesystem. - +

+Domain allowed access. +

No @@ -1523,13 +1522,13 @@ No
- +
-fs_get_xattr_fs_quotas( +fs_get_all_fs_quotas( @@ -1543,9 +1542,7 @@ No
Summary

-Get the quotas of a persistent -filesystem which has extended -attributes, such as ext3, JFS, or XFS. +Get the quotas of all filesystems.

@@ -1556,9 +1553,9 @@ attributes, such as ext3, JFS, or XFS. domain - +

The type of the domain getting quotas. - +

No @@ -1567,13 +1564,13 @@ No
- +
-fs_getattr_all_dirs( +fs_get_xattr_fs_quotas( @@ -1587,8 +1584,8 @@ No
Summary

-Get the attributes of all directories -with a filesystem type. +Get the filesystem quotas of a filesystem +with extended attributes.

@@ -1599,9 +1596,9 @@ with a filesystem type. domain - -Domain allowed access. - +

+The type of the domain mounting the filesystem. +

No @@ -1610,13 +1607,13 @@ No
- +
-fs_getattr_all_files( +fs_getattr_all_dirs( @@ -1630,8 +1627,8 @@ No
Summary

-Get the attributes of all files with -a filesystem type. +Get the attributes of all directories +with a filesystem type.

@@ -1642,9 +1639,9 @@ a filesystem type. domain - +

Domain allowed access. - +

No @@ -1653,13 +1650,13 @@ No
- +
-fs_getattr_all_fs( +fs_getattr_all_files( @@ -1673,8 +1670,8 @@ No
Summary

-Get the attributes of all persistent -filesystems. +Get the attributes of all files with +a filesystem type.

@@ -1685,10 +1682,53 @@ filesystems. domain - +

+Domain allowed access. +

+ +No + + + +
+
+ + +
+ + +
+ +fs_getattr_all_fs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get the attributes of all persistent +filesystems. +

+ + +
Parameters
+ + + + @@ -1729,9 +1769,9 @@ a filesystem type. @@ -1772,9 +1812,9 @@ a filesystem type. @@ -1815,9 +1855,9 @@ a filesystem type. @@ -1858,10 +1898,10 @@ pseudo filesystem. @@ -1902,10 +1942,10 @@ SMB network filesystem. @@ -1946,10 +1986,10 @@ filesystem, such as FAT32 or NTFS. @@ -1990,10 +2030,10 @@ filesystem, which is usually used on CDs. @@ -2033,10 +2073,10 @@ Get the attributes of a NFS filesystem. @@ -2077,10 +2117,10 @@ pseudo filesystem. @@ -2120,10 +2160,10 @@ Get the attributes of a RAM filesystem. @@ -2164,10 +2204,10 @@ filesystem. @@ -2207,9 +2247,9 @@ Read directories of RPC file system pipes. @@ -2250,10 +2290,10 @@ filesystem. @@ -2294,10 +2334,10 @@ filesystem. @@ -2306,13 +2346,13 @@ No - +
-fs_getattr_tmpfs_dir( +fs_getattr_tmpfs_dirs( @@ -2337,9 +2377,9 @@ Get the attributes of tmpfs directories.
@@ -2381,10 +2421,10 @@ attributes, such as ext3, JFS, or XFS. @@ -2424,9 +2464,9 @@ List all directories with a filesystem type. @@ -2467,9 +2507,9 @@ mounted filesystems. @@ -2510,9 +2550,51 @@ CIFS or SMB filesystem. + +
Parameter:Description:Optional:
+domain + +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

The type of the domain reading the symbolic links. - +

 No
domain - +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the domain performing this action. - +

 No
domain - +

Domain allowed access. +

+		 +No +
+
+
+ +
+ + +
+ +fs_list_inotifyfs( + + + + + domain + + + )
+
+
+ +
Summary
+

+List inotifyfs filesystem. +

+ + +
Parameters
+ + + + @@ -2552,9 +2634,9 @@ List NFS filesystem. @@ -2594,9 +2676,9 @@ Read all noxattrfs directories. @@ -2605,13 +2687,13 @@ No - +
-fs_list_tmpfs( +fs_list_rpc( @@ -2625,7 +2707,7 @@ No
Summary

-List the contents of generic tmpfs directories. +Read directories of RPC file system pipes.

@@ -2636,9 +2718,9 @@ List the contents of generic tmpfs directories.
@@ -2647,13 +2729,13 @@ No - +
-fs_make_noxattr_fs( +fs_list_tmpfs( @@ -2667,9 +2749,7 @@ No
Summary

-Transform specified type into a filesystem -type which does not have extended attribute -support. +List the contents of generic tmpfs directories.

@@ -2680,9 +2760,9 @@ support.
@@ -2723,9 +2803,9 @@ auto moutpoints. @@ -2766,9 +2846,9 @@ on a CIFS or SMB network filesystem. @@ -2809,9 +2889,9 @@ on a CIFS or SMB network filesystem. @@ -2852,9 +2932,9 @@ on a CIFS or SMB network filesystem. @@ -2895,9 +2975,9 @@ on a CIFS or SMB network filesystem. @@ -2938,9 +3018,9 @@ on a CIFS or SMB network filesystem. @@ -2981,9 +3061,9 @@ on a NFS filesystem. @@ -3024,9 +3104,9 @@ on a NFS filesystem. @@ -3067,9 +3147,9 @@ on a NFS filesystem. @@ -3110,9 +3190,9 @@ on a NFS filesystem. @@ -3153,9 +3233,9 @@ on a CIFS or SMB network filesystem. @@ -3164,13 +3244,13 @@ No - +
-fs_manage_tmpfs_blk_dev( +fs_manage_tmpfs_blk_files( @@ -3196,9 +3276,9 @@ on tmpfs filesystems.
@@ -3207,13 +3287,13 @@ No - +
-fs_manage_tmpfs_chr_dev( +fs_manage_tmpfs_chr_files( @@ -3239,9 +3319,9 @@ nodes on tmpfs filesystems.
@@ -3282,9 +3362,9 @@ tmpfs directories @@ -3325,9 +3405,9 @@ files on tmpfs filesystems. @@ -3368,9 +3448,9 @@ files on tmpfs filesystems. @@ -3411,9 +3491,9 @@ links on tmpfs filesystems. @@ -3453,9 +3533,9 @@ Mount all filesystems. @@ -3495,9 +3575,9 @@ Mount an automount pseudo filesystem. @@ -3537,9 +3617,9 @@ Mount a CIFS or SMB network filesystem. @@ -3580,9 +3660,9 @@ FAT32 or NTFS. @@ -3623,9 +3703,9 @@ is usually used on CDs. @@ -3665,9 +3745,9 @@ Mount a NFS filesystem. @@ -3707,9 +3787,9 @@ Mount a NFS server pseudo filesystem. @@ -3749,9 +3829,9 @@ Mount a RAM filesystem. @@ -3791,9 +3871,9 @@ Mount a ROM filesystem. @@ -3833,9 +3913,9 @@ Mount a RPC pipe filesystem. @@ -3875,9 +3955,9 @@ Mount a tmpfs filesystem. @@ -3919,9 +3999,9 @@ ext3, JFS, or XFS. @@ -3991,9 +4071,9 @@ in particular used by the ssh-agent policy. @@ -4001,9 +4081,53 @@ No + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - -Domain allowed access. - +

+The type of the domain reading the symbolic links. +

 No
domain - -The type of the process performing this action. - +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the domain managing the directories. - +

 No
domain - +

The type of the domain managing the files. - +

 No
domain - +

The type of the domain managing the pipes. - +

 No
domain - +

The type of the domain managing the sockets. - +

 No
domain - +

The type of the domain managing the symbolic links. - +

 No
domain - +

The type of the domain managing the directories. - +

 No
domain - +

The type of the domain managing the files. - +

 No
domain - +

The type of the domain managing the pipes. - +

 No
domain - +

The type of the domain managing the sockets. - +

 No
domain - +

The type of the domain managing the symbolic links. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the process performing this action. - +

 No
target_domain - +

The type of the new process. +

+		 +No +
+
+
+ + +
+ + +
+ +fs_noxattr_type( + + + + + domain + + + )
+
+
+ +
Summary
+

+Transform specified type into a filesystem +type which does not have extended attribute +support. +

+ + +
Parameters
+ + + @@ -4043,9 +4167,9 @@ Read files on a CIFS or SMB filesystem. @@ -4085,9 +4209,9 @@ Read symbolic links on a CIFS or SMB filesystem. @@ -4127,9 +4251,9 @@ Read eventpollfs files @@ -4169,9 +4293,9 @@ Read files on a NFS filesystem. @@ -4211,9 +4335,9 @@ Read symbolic links on a NFS filesystem. @@ -4253,9 +4377,9 @@ Read all noxattrfs files. @@ -4295,9 +4419,9 @@ Read all noxattrfs symbolic links. @@ -4337,9 +4461,9 @@ Read removable storage files. @@ -4379,9 +4503,9 @@ Read removable storage symbolic links. @@ -4390,13 +4514,13 @@ No - +
-fs_read_rpc_dirs( +fs_read_rpc_files( @@ -4410,7 +4534,7 @@ No
Summary

-Read directories of RPC file system pipes. +Read files of RPC file system pipes.

@@ -4421,9 +4545,9 @@ Read directories of RPC file system pipes.
@@ -4432,13 +4556,13 @@ No - +
-fs_read_rpc_files( +fs_read_rpc_sockets( @@ -4452,7 +4576,7 @@ No
Summary

-Read files of RPC file system pipes. +Read sockets of RPC file system pipes.

@@ -4463,9 +4587,9 @@ Read files of RPC file system pipes.
@@ -4474,13 +4598,13 @@ No - +
-fs_read_rpc_sockets( +fs_read_rpc_symlinks( @@ -4494,7 +4618,7 @@ No
Summary

-Read sockets of RPC file system pipes. +Read symbolic links of RPC file system pipes.

@@ -4505,9 +4629,9 @@ Read sockets of RPC file system pipes.
@@ -4516,13 +4640,13 @@ No - +
-fs_read_rpc_symlinks( +fs_read_tmpfs_symlinks( @@ -4536,7 +4660,7 @@ No
Summary

-Read symbolic links of RPC file system pipes. +Read tmpfs link files.

@@ -4547,9 +4671,9 @@ Read symbolic links of RPC file system pipes.
@@ -4595,10 +4719,10 @@ without specifying the interpreter. @@ -4607,13 +4731,13 @@ No - +
-fs_relabel_tmpfs_blk_dev( +fs_relabel_tmpfs_blk_file( @@ -4638,9 +4762,9 @@ Relabel block nodes on tmpfs filesystems.
@@ -4649,13 +4773,13 @@ No - +
-fs_relabel_tmpfs_chr_dev( +fs_relabel_tmpfs_chr_file( @@ -4680,9 +4804,9 @@ Relabel character nodes on tmpfs filesystems.
@@ -4722,10 +4846,10 @@ Relabelfrom all filesystems. @@ -4766,9 +4890,9 @@ DOS filesystem using the context= mount option. @@ -4810,9 +4934,9 @@ using the context= mount option. @@ -4853,9 +4977,9 @@ allows some mount options to be changed. @@ -4896,9 +5020,9 @@ This allows some mount options to be changed. @@ -4939,9 +5063,9 @@ This allows some mount options to be changed. @@ -4983,9 +5107,9 @@ some mount options to be changed. @@ -5027,9 +5151,9 @@ some mount options to be changed. @@ -5070,9 +5194,9 @@ some mount options to be changed. @@ -5113,9 +5237,9 @@ This allows some mount options to be changed. @@ -5156,9 +5280,9 @@ some mount options to be changed. @@ -5199,9 +5323,9 @@ some mount options to be changed. @@ -5242,9 +5366,9 @@ allows some mount option to be changed. @@ -5284,9 +5408,9 @@ Remount a tmpfs filesystem. @@ -5329,9 +5453,9 @@ some mount options to be changed. @@ -5371,10 +5495,10 @@ Read and write NFS server files. @@ -5383,13 +5507,13 @@ No - +
-fs_rw_ramfs_pipe( +fs_rw_ramfs_pipes( @@ -5414,9 +5538,9 @@ Read and write a named pipe on a ramfs filesystem.
@@ -5425,13 +5549,13 @@ No - +
-fs_rw_tmpfs_file( +fs_rw_tmpfs_blk_files( @@ -5445,7 +5569,7 @@ No
Summary

-Read and write generic tmpfs files. +Read and write block nodes on tmpfs filesystems.

@@ -5456,9 +5580,93 @@ Read and write generic tmpfs files.
+ +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the domain reading the symbolic links. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the domain reading the symbolic links. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the domain reading the symbolic links. - +

 No
domain - +

The type of the domain reading the symbolic links. - +

 No
domain - +

The type of the domain reading the symbolic links. - +

 No
domain - -The type of the domain reading the symbolic links. - +

+The type of the process performing this action. +

 No
domain - +

The type of the domain registering the interpreter. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the domain doing the getattr on the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain remounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain remounting the filesystem. - +

 No
domain - +

The type of the domain remounting the filesystem. - +

 No
domain - +

The type of the domain remounting the filesystem. - +

 No
domain - +

The type of the domain remounting the filesystem. - +

 No
domain - +

The type of the domain remounting the filesystem. - +

 No
domain - +

The type of the domain remounting the filesystem. - +

 No
domain - +

The type of the domain remounting the filesystem. - +

 No
domain - +

The type of the domain remounting the filesystem. - +

 No
domain - +

The type of the domain remounting the filesystem. - +

 No
domain - +

The type of the domain doing the read or write on nfsd files. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

+		 +No +
+
+
+ + +
+ + +
+ +fs_rw_tmpfs_chr_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write character nodes on tmpfs filesystems. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +fs_rw_tmpfs_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write generic tmpfs files. +

+ + +
Parameters
+ + + + @@ -5498,9 +5706,9 @@ Search all directories with a filesystem type. @@ -5541,9 +5749,9 @@ mounted filesystems. @@ -5583,9 +5791,51 @@ Search directories on a CIFS or SMB filesystem. + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the domain performing this action. - +

 No
domain - +

Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +fs_search_inotifyfs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Search inotifyfs filesystem. +

+ + +
Parameters
+ + + @@ -5625,9 +5875,9 @@ Search directories on a NFS filesystem. @@ -5667,10 +5917,10 @@ Search NFS server directories. @@ -5710,9 +5960,9 @@ Search directories on a ramfs @@ -5721,13 +5971,13 @@ No - +
-fs_search_removable_dirs( +fs_search_removable( @@ -5752,9 +6002,9 @@ Search removable storage directories.
@@ -5763,13 +6013,13 @@ No - +
-fs_search_rpc_dirs( +fs_search_rpc( @@ -5794,9 +6044,9 @@ Search directories of RPC file system pipes.
@@ -5836,9 +6086,9 @@ Search tmpfs directories. @@ -5878,9 +6128,9 @@ Set the quotas of all filesystems. @@ -5889,13 +6139,13 @@ No - +
-fs_set_xattr_fs_quota( +fs_set_xattr_fs_quotas( @@ -5921,9 +6171,9 @@ with extended attributes.
@@ -5932,13 +6182,13 @@ No - +
-fs_setattr_tmpfs_dir( +fs_setattr_tmpfs_dirs( @@ -5963,9 +6213,51 @@ Set the attributes of tmpfs directories.
+ +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the domain doing the search on nfsd directories. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the domain reading the symbolic links. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the domain setting quotas. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

Domain allowed access. +

+		 +No +
+
+
+ + +
+ +
+ +fs_tmpfs_filetrans( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + @@ -6005,9 +6297,9 @@ Transform specified type into a filesystem type. @@ -6047,9 +6339,9 @@ Unconfined access to filesystems @@ -6089,9 +6381,9 @@ Unmount all filesystems. @@ -6131,9 +6423,9 @@ Unmount an automount pseudo filesystem. @@ -6173,9 +6465,9 @@ Unmount a CIFS or SMB network filesystem. @@ -6216,9 +6508,9 @@ FAT32 or NTFS. @@ -6259,9 +6551,9 @@ is usually used on CDs. @@ -6301,9 +6593,9 @@ Unmount a NFS filesystem. @@ -6343,9 +6635,9 @@ Unmount a NFS server pseudo filesystem. @@ -6385,9 +6677,9 @@ Unmount a RAM filesystem. @@ -6427,9 +6719,9 @@ Unmount a ROM filesystem. @@ -6469,9 +6761,9 @@ Unmount a RPC pipe filesystem. @@ -6511,9 +6803,9 @@ Unmount a tmpfs filesystem. @@ -6555,93 +6847,9 @@ ext3, JFS, or XFS. - -
Parameter:Description:Optional:
+? + +

+Parameter descriptions are missing! +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the domain unmounting the filesystem. - +

 No
domain - +

The type of the domain unmounting the filesystem. - +

 No
domain - +

The type of the domain mounting the filesystem. - +

 No
domain - +

The type of the domain unmounting the filesystem. - +

 No
domain - +

The type of the domain unmounting the filesystem. - +

 No
domain - +

The type of the domain unmounting the filesystem. - +

 No
domain - +

The type of the domain unmounting the filesystem. - +

 No
domain - +

The type of the domain unmounting the filesystem. - +

 No
domain - +

The type of the domain unmounting the filesystem. - +

 No
domain - +

The type of the domain unmounting the filesystem. - +

 No
domain - +

The type of the domain unmounting the filesystem. - +

 No
domain - -The type of the domain unmounting the filesystem. - - -No -
-
-
- - -
- - -
- -fs_use_tmpfs_blk_dev( - - - - - domain - - - )
-
-
- -
Summary
-

-Read and write block nodes on tmpfs filesystems. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - - -No -
-
-
- - -
- - -
- -fs_use_tmpfs_chr_dev( - - - - - domain - - - )
-
-
- -
Summary

-Read and write character nodes on tmpfs filesystems. +The type of the domain unmounting the filesystem.

- - -
Parameters
- - - - @@ -6681,9 +6889,9 @@ Read files on a NFS filesystem. @@ -6692,13 +6900,13 @@ No - +
-fs_write_ramfs_pipe( +fs_write_ramfs_pipes( @@ -6723,9 +6931,9 @@ Write to named pipe on a ramfs filesystem.
@@ -6734,13 +6942,13 @@ No - +
-fs_write_ramfs_socket( +fs_write_ramfs_sockets( @@ -6765,9 +6973,9 @@ Write to named socket on a ramfs filesystem.
diff --git a/www/api-docs/kernel_kernel.html b/www/api-docs/kernel_kernel.html index 28965cd..e25b4b0 100644 --- a/www/api-docs/kernel_kernel.html +++ b/www/api-docs/kernel_kernel.html @@ -25,9 +25,6 @@ kernel
-    -  - bootloader
-    -  corecommands
@@ -49,6 +46,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -137,9 +137,9 @@ Change the level of kernel messages logged to the console.
@@ -179,9 +179,112 @@ Allows the caller to clear the ring buffer. + +
Parameter:Description:Optional:
-domain - - -The type of the process performing this action. - No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The process type clearing the buffer. +

+		 +No +
+
+
+ + +
+ + +
+ +kernel_dgram_send( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send messages to kernel unix datagram sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +kernel_domtrans_to( + + + + + domain + + + + , + + + + entrypoint + + + )
+
+
+ +
Summary
+

+Allows to start userland processes +by transitioning to the specified domain. +

+ + +
Parameters
+ + + + + @@ -190,13 +293,13 @@ No - +
-kernel_dontaudit_getattr_core( +kernel_dontaudit_getattr_core_if( @@ -222,9 +325,9 @@ core kernel interfaces.
@@ -265,9 +368,9 @@ message interfaces. @@ -276,13 +379,13 @@ No - +
-kernel_dontaudit_getattr_unlabeled_blk_dev( +kernel_dontaudit_getattr_unlabeled_blk_files( @@ -308,9 +411,9 @@ unlabeled block devices.
@@ -319,13 +422,13 @@ No - +
-kernel_dontaudit_getattr_unlabeled_chr_dev( +kernel_dontaudit_getattr_unlabeled_chr_files( @@ -351,9 +454,9 @@ unlabeled character devices.
@@ -362,13 +465,13 @@ No - +
-kernel_dontaudit_getattr_unlabeled_file( +kernel_dontaudit_getattr_unlabeled_files( @@ -394,9 +497,9 @@ attributes of an unlabeled file.
@@ -437,9 +540,9 @@ attributes of unlabeled named pipes. @@ -480,9 +583,9 @@ attributes of unlabeled named sockets. @@ -523,9 +626,9 @@ attributes of unlabeled symbolic links. @@ -566,9 +669,9 @@ contents of directories in /proc. @@ -608,9 +711,9 @@ Do not audit attempts to list unlabeled directories. @@ -619,13 +722,13 @@ No - +
-kernel_dontaudit_read_proc_symlink( +kernel_dontaudit_read_proc_symlinks( @@ -651,9 +754,9 @@ read system state information in proc.
@@ -693,9 +796,9 @@ Do not audit attempts to read the ring buffer. @@ -736,9 +839,9 @@ read system state information in proc. @@ -747,13 +850,13 @@ No - +
-kernel_dontaudit_read_unlabeled_file( +kernel_dontaudit_read_unlabeled_files( @@ -779,9 +882,9 @@ read an unlabeled file.
@@ -821,9 +924,9 @@ Do not audit attempts to search generic kernel sysctls. @@ -864,9 +967,9 @@ state directory. @@ -906,9 +1009,9 @@ Do not audit attempts by caller to search network sysctl directories. @@ -949,9 +1052,9 @@ the base directory of sysctls. @@ -960,13 +1063,13 @@ No - +
-kernel_dontaudit_use_fd( +kernel_dontaudit_use_fds( @@ -992,9 +1095,9 @@ kernel file descriptors.
@@ -1034,9 +1137,9 @@ Do not audit attempts to write generic kernel sysctls. @@ -1076,9 +1179,9 @@ Get information on all System V IPC objects. @@ -1087,13 +1190,13 @@ No - +
-kernel_getattr_core( +kernel_getattr_core_if( @@ -1118,9 +1221,9 @@ Allows caller to get attribues of core kernel interface.
@@ -1160,9 +1263,9 @@ Get the attributes of a kernel debugging filesystem. @@ -1203,9 +1306,9 @@ interface (/proc/kmsg). @@ -1245,9 +1348,9 @@ Get the attributes of the proc filesystem. @@ -1287,9 +1390,9 @@ Get the attributes of files in /proc. @@ -1329,9 +1432,9 @@ Send a kill signal to unlabeled processes. @@ -1340,18 +1443,18 @@ No - +
-kernel_list_from( +kernel_list_proc( - dir_type + domain )
@@ -1360,8 +1463,7 @@ No
Summary

-Allow the kernel to read the contents -of the specified directory. +List the contents of directories in /proc.

@@ -1370,11 +1472,11 @@ of the specified directory.
@@ -1383,13 +1485,13 @@ No - +
-kernel_list_proc( +kernel_list_unlabeled( @@ -1403,7 +1505,7 @@ No
Summary

-List the contents of directories in /proc. +List unlabeled directories.

@@ -1414,9 +1516,9 @@ List the contents of directories in /proc.
@@ -1425,13 +1527,13 @@ No - +
-kernel_list_unlabeled( +kernel_load_module( @@ -1445,7 +1547,7 @@ No
Summary

-List unlabeled directories. +Allows caller to load kernel modules

@@ -1456,9 +1558,9 @@ List unlabeled directories.
@@ -1467,13 +1569,13 @@ No - +
-kernel_load_module( +kernel_mount_debugfs( @@ -1487,7 +1589,7 @@ No
Summary

-Allows caller to load kernel modules +Mount a kernel debugging filesystem.

@@ -1498,51 +1600,9 @@ Allows caller to load kernel modules
- -
Parameter:Description:Optional:
+domain + +

+The process type entered by kernel. +

+		 +No +
+entrypoint + +

+The executable type for the entrypoint. +

 No
domain - +

The process type to not audit. - +

 No
domain - +

The process type not to audit. - +

 No
domain - +

The process type not to audit. - +

 No
domain - +

The process type not to audit. - +

 No
domain - +

The process type not to audit. - +

 No
domain - +

The process type not to audit. - +

 No
domain - +

The process type not to audit. - +

 No
domain - +

The process type not to audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The process type not to audit. - +

 No
domain - +

The domain to not audit. - +

 No
domain - +

The process type not to audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

The process type reading the state. - +

 No
domain - +

The process type not to audit. - +

 No
domain - +

The process type not to audit. - +

 No
domain - +

The type of process not to audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain +

- - +

 No
domain - +

The process type getting the attibutes. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The process type getting the attributes. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
Parameter:Description:Optional:
-dir_type +domain - -Directory type to list. - +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - -Domain allowed access. - +

+The process type to allow to load kernel modules. +

 No
domain - -The process type to allow to load kernel modules. - - -No -
-
-
- - -
- - -
- -kernel_mount_debugfs( - - - - - domain - - - )
-
-
- -
Summary

-Mount a kernel debugging filesystem. -

- - -
Parameters
- - - - @@ -1551,13 +1611,13 @@ No - +
-kernel_read_all_sysctl( +kernel_read_all_sysctls( @@ -1582,9 +1642,9 @@ Allow caller to read all sysctls.
@@ -1624,9 +1684,9 @@ Read information from the debugging filesystem. @@ -1635,13 +1695,13 @@ No - +
-kernel_read_device_sysctl( +kernel_read_device_sysctls( @@ -1666,52 +1726,9 @@ Allow caller to read the device sysctls.
- -
Parameter:Description:Optional:
-domain - - The type of the domain mounting the filesystem. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - -The process type to allow to read the device sysctls. - - -No -
-
-
- - -
- - -
- -kernel_read_file_from( - - - - - dir_type - - - )
-
-
- -
Summary

-Allow the kernel to read the -specified file. +The process type to allow to read the device sysctls.

- - -
Parameters
- - - - @@ -1720,13 +1737,13 @@ No - +
-kernel_read_fs_sysctl( +kernel_read_fs_sysctls( @@ -1751,9 +1768,9 @@ Read filesystem sysctls.
@@ -1762,13 +1779,13 @@ No - +
-kernel_read_hotplug_sysctl( +kernel_read_hotplug_sysctls( @@ -1793,9 +1810,9 @@ Read the hotplug sysctl.
@@ -1804,13 +1821,13 @@ No - +
-kernel_read_irq_sysctl( +kernel_read_irq_sysctls( @@ -1835,9 +1852,9 @@ Read IRQ sysctls.
@@ -1846,13 +1863,13 @@ No - +
-kernel_read_kernel_sysctl( +kernel_read_kernel_sysctls( @@ -1877,9 +1894,9 @@ Read generic kernel sysctls.
@@ -1920,9 +1937,9 @@ using the /proc/kmsg interface. @@ -1931,13 +1948,13 @@ No - +
-kernel_read_modprobe_sysctl( +kernel_read_modprobe_sysctls( @@ -1962,9 +1979,9 @@ Read the modprobe sysctl.
@@ -1973,13 +1990,13 @@ No - +
-kernel_read_net_sysctl( +kernel_read_net_sysctls( @@ -2004,9 +2021,9 @@ Allow caller to read network sysctls.
@@ -2046,9 +2063,9 @@ Allow caller to read the network state information. @@ -2088,9 +2105,9 @@ Allow caller to read the network state symbolic links. @@ -2130,9 +2147,9 @@ Read symbolic links in /proc. @@ -2172,9 +2189,9 @@ Allows caller to read the ring buffer. @@ -2183,13 +2200,13 @@ No - +
-kernel_read_rpc_sysctl( +kernel_read_rpc_sysctls( @@ -2214,9 +2231,9 @@ Summary is missing!
@@ -2256,9 +2273,9 @@ Allow caller to read the state information for software raid. @@ -2298,9 +2315,9 @@ Allow access to read sysctl directories. @@ -2340,9 +2357,9 @@ Allows caller to read system state information in proc. @@ -2351,13 +2368,13 @@ No - +
-kernel_read_unix_sysctl( +kernel_read_unix_sysctls( @@ -2383,9 +2400,9 @@ socket sysctls.
@@ -2394,13 +2411,13 @@ No - +
-kernel_read_vm_sysctl( +kernel_read_vm_sysctls( @@ -2425,9 +2442,9 @@ Allow caller to read virtual memory sysctls.
@@ -2436,13 +2453,13 @@ No - +
-kernel_relabel_unlabeled( +kernel_relabelfrom_unlabeled_dirs( @@ -2456,7 +2473,7 @@ No
Summary

-Allow caller to relabel unlabeled objects. +Allow caller to relabel unlabeled directories.

@@ -2467,9 +2484,9 @@ Allow caller to relabel unlabeled objects.
@@ -2478,13 +2495,13 @@ No - +
-kernel_remount_debugfs( +kernel_relabelfrom_unlabeled_files( @@ -2498,7 +2515,7 @@ No
Summary

-Remount a kernel debugging filesystem. +Allow caller to relabel unlabeled files.

@@ -2509,9 +2526,9 @@ Remount a kernel debugging filesystem.
@@ -2520,18 +2537,18 @@ No - +
-kernel_rootfs_mountpoint( +kernel_relabelfrom_unlabeled_pipes( - directory_type + domain )
@@ -2540,8 +2557,7 @@ No
Summary

-Allows the kernel to mount filesystems on -the specified directory type. +Allow caller to relabel unlabeled named pipes.

@@ -2550,11 +2566,11 @@ the specified directory type.
@@ -2563,13 +2579,13 @@ No - +
-kernel_rw_all_sysctl( +kernel_relabelfrom_unlabeled_sockets( @@ -2583,7 +2599,7 @@ No
Summary

-Read and write all sysctls. +Allow caller to relabel unlabeled named sockets.

@@ -2594,9 +2610,9 @@ Read and write all sysctls.
@@ -2605,13 +2621,13 @@ No - +
-kernel_rw_device_sysctl( +kernel_relabelfrom_unlabeled_symlinks( @@ -2625,7 +2641,7 @@ No
Summary

-Read and write device sysctls. +Allow caller to relabel unlabeled symbolic links.

@@ -2636,9 +2652,9 @@ Read and write device sysctls.
@@ -2647,13 +2663,13 @@ No - +
-kernel_rw_fs_sysctl( +kernel_remount_debugfs( @@ -2667,7 +2683,7 @@ No
Summary

-Read and write fileystem sysctls. +Remount a kernel debugging filesystem.

@@ -2678,9 +2694,9 @@ Read and write fileystem sysctls.
@@ -2689,18 +2705,18 @@ No - +
-kernel_rw_hotplug_sysctl( +kernel_rootfs_mountpoint( - domain + directory_type )
@@ -2709,7 +2725,8 @@ No
Summary

-Read and write the hotplug sysctl. +Allows the kernel to mount filesystems on +the specified directory type.

@@ -2718,11 +2735,11 @@ Read and write the hotplug sysctl.
@@ -2731,13 +2748,13 @@ No - +
-kernel_rw_irq_sysctl( +kernel_rw_all_sysctls( @@ -2751,7 +2768,7 @@ No
Summary

-Read and write IRQ sysctls. +Read and write all sysctls.

@@ -2762,9 +2779,9 @@ Read and write IRQ sysctls.
@@ -2773,13 +2790,13 @@ No - +
-kernel_rw_kernel_sysctl( +kernel_rw_device_sysctls( @@ -2793,7 +2810,7 @@ No
Summary

-Read and write generic kernel sysctls. +Read and write device sysctls.

@@ -2804,9 +2821,9 @@ Read and write generic kernel sysctls.
@@ -2815,13 +2832,13 @@ No - +
-kernel_rw_modprobe_sysctl( +kernel_rw_fs_sysctls( @@ -2835,7 +2852,7 @@ No
Summary

-Read and write the modprobe sysctl. +Read and write fileystem sysctls.

@@ -2846,9 +2863,9 @@ Read and write the modprobe sysctl.
@@ -2857,13 +2874,13 @@ No - +
-kernel_rw_net_sysctl( +kernel_rw_hotplug_sysctls( @@ -2877,7 +2894,7 @@ No
Summary

-Allow caller to modiry contents of sysctl network files. +Read and write the hotplug sysctl.

@@ -2888,9 +2905,9 @@ Allow caller to modiry contents of sysctl network files.
@@ -2899,13 +2916,13 @@ No - +
-kernel_rw_pipe( +kernel_rw_irq_sysctls( @@ -2919,7 +2936,7 @@ No
Summary

-Read and write kernel unnamed pipes. +Read and write IRQ sysctls.

@@ -2930,9 +2947,9 @@ Read and write kernel unnamed pipes.
@@ -2941,18 +2958,18 @@ No - +
-kernel_rw_rpc_sysctl( +kernel_rw_kernel_sysctl( - ? + domain )
@@ -2961,7 +2978,7 @@ No
Summary

-Summary is missing! +Read and write generic kernel sysctls.

@@ -2970,11 +2987,11 @@ Summary is missing!
@@ -2983,13 +3000,13 @@ No - +
-kernel_rw_software_raid_state( +kernel_rw_modprobe_sysctls( @@ -3003,7 +3020,7 @@ No
Summary

-Allow caller to read and set the state information for software raid. +Read and write the modprobe sysctl.

@@ -3014,9 +3031,9 @@ Allow caller to read and set the state information for software raid.
@@ -3025,13 +3042,13 @@ No - +
-kernel_rw_unix_dgram_socket( +kernel_rw_net_sysctls( @@ -3045,7 +3062,7 @@ No
Summary

-Read and write kernel unix datagram sockets. +Allow caller to modiry contents of sysctl network files.

@@ -3056,9 +3073,9 @@ Read and write kernel unix datagram sockets.
@@ -3067,13 +3084,13 @@ No - +
-kernel_rw_unix_sysctl( +kernel_rw_pipes( @@ -3087,8 +3104,7 @@ No
Summary

-Read and write unix domain -socket sysctls. +Read and write kernel unnamed pipes.

@@ -3099,9 +3115,9 @@ socket sysctls.
@@ -3110,18 +3126,18 @@ No - +
-kernel_rw_unlabeled_dir( +kernel_rw_rpc_sysctls( - domain + ? )
@@ -3130,7 +3146,7 @@ No
Summary

-Read and write unlabeled directories. +Summary is missing!

@@ -3139,11 +3155,11 @@ Read and write unlabeled directories.
@@ -3152,13 +3168,13 @@ No - +
-kernel_rw_vm_sysctl( +kernel_rw_software_raid_state( @@ -3172,7 +3188,7 @@ No
Summary

-Read and write virtual memory sysctls. +Allow caller to read and set the state information for software raid.

@@ -3183,9 +3199,9 @@ Read and write virtual memory sysctls.
@@ -3194,13 +3210,13 @@ No - +
-kernel_search_debugfs( +kernel_rw_unix_dgram_sockets( @@ -3214,7 +3230,7 @@ No
Summary

-Search the contents of a kernel debugging filesystem. +Read and write kernel unix datagram sockets.

@@ -3225,9 +3241,9 @@ Search the contents of a kernel debugging filesystem.
@@ -3236,18 +3252,18 @@ No - +
-kernel_search_from( +kernel_rw_unix_sysctls( - dir_type + domain )
@@ -3256,8 +3272,8 @@ No
Summary

-Allow the kernel to search the -specified directory. +Read and write unix domain +socket sysctls.

@@ -3266,11 +3282,11 @@ specified directory.
@@ -3279,13 +3295,13 @@ No - +
-kernel_search_network_state( +kernel_rw_unlabeled_blk_files( @@ -3299,7 +3315,7 @@ No
Summary

-Allow searching of network state directory. +Read and write unlabeled block device nodes.

@@ -3310,9 +3326,9 @@ Allow searching of network state directory.
@@ -3321,13 +3337,13 @@ No - +
-kernel_search_network_sysctl( +kernel_rw_unlabeled_dirs( @@ -3341,7 +3357,7 @@ No
Summary

-Search network sysctl directories. +Read and write unlabeled directories.

@@ -3352,9 +3368,9 @@ Search network sysctl directories.
@@ -3363,13 +3379,13 @@ No - +
-kernel_search_proc( +kernel_rw_vm_sysctls( @@ -3383,7 +3399,7 @@ No
Summary

-Search directories in /proc. +Read and write virtual memory sysctls.

@@ -3394,9 +3410,9 @@ Search directories in /proc.
@@ -3405,13 +3421,13 @@ No - +
-kernel_search_vm_sysctl( +kernel_search_debugfs( @@ -3425,7 +3441,7 @@ No
Summary

-Allow caller to search virtual memory sysctls. +Search the contents of a kernel debugging filesystem.

@@ -3436,9 +3452,9 @@ Allow caller to search virtual memory sysctls.
@@ -3447,26 +3463,18 @@ No - +
-kernel_send_syslog_msg_from( - - - - - socket - +kernel_search_network_state( - , - - syslog_type + domain )
@@ -3475,10 +3483,7 @@ No
Summary

-Allow the kernel to send a syslog -message to the specified domain, -connecting over the specified named -socket. +Allow searching of network state directory.

@@ -3487,21 +3492,11 @@ socket.
- - @@ -3510,13 +3505,13 @@ No - +
-kernel_sendrecv_unlabeled_association( +kernel_search_network_sysctl( @@ -3530,27 +3525,10 @@ No
Summary

-Send and receive messages from an -unlabeled IPSEC association. +Search network sysctl directories.

-
Description
-

-

-Send and receive messages from an -unlabeled IPSEC association. Network -connections that are not protected -by IPSEC have use an unlabeled -assocation. -

-

-The corenetwork interface -corenet_non_ipsec_sendrecv() should -be used instead of this one. -

-

-
Parameters
Parameter:Description:Optional:
-dir_type - - -Directory type to list. - No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The process type reading the messages. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The process type reading the state. - +

 No
domain - +

The process type reading the state. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The process type allowed to read the ring buffer. - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

The process type reading software raid state. - +

 No
domain - +

The process type to allow to read sysctl directories. - +

 No
domain - +

The process type reading the system state information. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The process type relabeling the objects. - +

 No
domain - -The type of the domain remounting the filesystem. - +

+The process type relabeling the objects. +

 No
Parameter:Description:Optional:
-directory_type +domain - -The type of the directory to use as a mountpoint. - +

+The process type relabeling the objects. +

 No
domain - -Domain allowed access. - +

+The process type relabeling the objects. +

 No
domain - -Domain allowed access. - +

+The process type relabeling the objects. +

 No
domain - -Domain allowed access. - +

+The type of the domain remounting the filesystem. +

 No
Parameter:Description:Optional:
-domain +directory_type - -Domain allowed access. - +

+The type of the directory to use as a mountpoint. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

 No
domain - -The process type reading software raid state. - +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
Parameter:Description:Optional:
-domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

 No
domain - -Domain allowed access. - +

+The process type reading software raid state. +

 No
domain - +

Domain allowed access. - +

 No
Parameter:Description:Optional:
-dir_type +domain - -Directory type to search. - +

+Domain allowed access. +

 No
domain - -The process type reading the state. - +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
Parameter:Description:Optional:
-socket - - -The type of the named socket file. - - -No -
-syslog_type +domain - -The domain of the syslog daemon. - +

+The process type reading the state. +

 No
@@ -3558,9 +3536,9 @@ be used instead of this one. @@ -3569,13 +3547,13 @@ No - +
-kernel_sendto_unix_dgram_socket( +kernel_search_proc( @@ -3589,7 +3567,7 @@ No
Summary

-Send messages to kernel unix datagram sockets. +Search directories in /proc.

@@ -3600,9 +3578,9 @@ Send messages to kernel unix datagram sockets.
@@ -3611,13 +3589,13 @@ No - +
-kernel_setpgid( +kernel_search_vm_sysctl( @@ -3631,7 +3609,7 @@ No
Summary

-Set the process group of kernel threads. +Allow caller to search virtual memory sysctls.

@@ -3642,9 +3620,9 @@ Set the process group of kernel threads.
@@ -3653,13 +3631,13 @@ No - +
-kernel_share_state( +kernel_sendrecv_unlabeled_association( @@ -3673,11 +3651,27 @@ No
Summary

-Allows the kernel to share state information with -the caller. +Send and receive messages from an +unlabeled IPSEC association.

+
Description
+

+

+Send and receive messages from an +unlabeled IPSEC association. Network +connections that are not protected +by IPSEC have use an unlabeled +assocation. +

+

+The corenetwork interface +corenet_non_ipsec_sendrecv() should +be used instead of this one. +

+

+
Parameters
Parameter:Description:Optional:
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
@@ -3685,9 +3679,9 @@ the caller. @@ -3696,13 +3690,13 @@ No - +
-kernel_sigchld( +kernel_setpgid( @@ -3716,7 +3710,7 @@ No
Summary

-Send a SIGCHLD signal to kernel threads. +Set the process group of kernel threads.

@@ -3727,9 +3721,9 @@ Send a SIGCHLD signal to kernel threads.
@@ -3738,13 +3732,13 @@ No - +
-kernel_sigchld_from( +kernel_share_state( @@ -3758,8 +3752,8 @@ No
Summary

-Allow the kernel to send a SIGCHLD -signal to the specified domain. +Allows the kernel to share state information with +the caller.

@@ -3770,9 +3764,9 @@ signal to the specified domain.
@@ -3781,13 +3775,13 @@ No - +
-kernel_sigchld_from_unlabeled( +kernel_sigchld( @@ -3801,8 +3795,7 @@ No
Summary

-Allow unlabeled processes to send a SIGCHLD -signal to the specified domain. +Send a SIGCHLD signal to kernel threads.

@@ -3813,9 +3806,9 @@ signal to the specified domain.
@@ -3855,9 +3848,9 @@ Send a child terminated signal to unlabeled processes. @@ -3897,9 +3890,9 @@ Send a generic signal to kernel threads. @@ -3939,9 +3932,9 @@ Send general signals to unlabeled processes. @@ -3981,9 +3974,9 @@ Send a null signal to unlabeled processes. @@ -4023,9 +4016,9 @@ Send a stop signal to unlabeled processes. @@ -4065,9 +4058,9 @@ Receive messages from kernel TCP sockets. @@ -4107,9 +4100,9 @@ Receive messages from kernel UDP sockets. @@ -4118,13 +4111,13 @@ No - +
-kernel_udp_sendfrom( +kernel_udp_send( @@ -4138,8 +4131,7 @@ No
Summary

-Allow the kernel to send UDP network traffic -the specified domain. +Send UDP network traffic to the kernel.

@@ -4150,9 +4142,9 @@ the specified domain.
@@ -4192,9 +4184,9 @@ Unconfined access to kernel module resources. @@ -4234,193 +4226,9 @@ Unmount a kernel debugging filesystem. - -
Parameter:Description:Optional:
domain - -The type of the process with which to share state information. - +

+Domain allowed access. +

 No
domain - -The type of the process sending the signal. - +

+Domain allowed access. +

 No
domain - -Domain receiving the SIGCHLD. - +

+The type of the process with which to share state information. +

 No
domain - -Domain receiving the SIGCHLD. - +

+The type of the process sending the signal. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process sending the signal. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - -The type of the receiving domain. - +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - -The type of the domain unmounting the filesystem. - - -No -
-
-
- - -
- - -
- -kernel_use_fd( - - - - - domain - - - )
-
-
- -
Summary
-

-Permits caller to use kernel file descriptors. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -The type of the process using the descriptors. - - -No -
-
-
- - -
- - -
- -kernel_use_ld_so_from( - - - - - lib_type - - - - , - - - - ld_type - - - - , - - - - cache_type - - - )
-
-
- -
Summary
-

-Use the specified types for /lib directory -and use the dynamic link/loader for automatic loading -of shared libraries, and the link/loader -cache. -

- - -
Parameters
- - - - - - - - - -
Parameter:Description:Optional:
-lib_type - - -The type of the lib directories. - - -No -
-ld_type - - -The type of the dynamic link/loader. - - -No -
-cache_type - - -The type of the dynamic link/loader cache. - - -No -
-
-
- - -
- - -
- -kernel_use_shared_libs_from( - - - - - lib_dir_type - - - - , - - - - shlib_type - - - )
-
-
- -
Summary

-Allow the kernel to load and execute -functions from the specified shared libraries. +The type of the domain unmounting the filesystem.

- - -
Parameters
- - - - - - @@ -4429,13 +4237,13 @@ No - +
-kernel_use_unlabeled_blk_dev( +kernel_use_fds( @@ -4449,7 +4257,7 @@ No
Summary

-Read and write unlabeled block device nodes. +Permits caller to use kernel file descriptors.

@@ -4460,70 +4268,9 @@ Read and write unlabeled block device nodes.
- -
Parameter:Description:Optional:
-lib_dir_type - - -The type of the lib directories. - - -No -
-shlib_type - - -Shared library type. - No
domain - -Domain allowed access. - - -No -
-
-
- - -
- - -
- -kernel_userland_entry( - - - - - domain - - - - , - - - - entrypoint - - - )
-
-
- -
Summary

-Allows to start userland processes -by transitioning to the specified domain. +The type of the process using the descriptors.

- - -
Parameters
- - - - - - @@ -4532,13 +4279,13 @@ No - +
-kernel_write_proc_file( +kernel_write_proc_files( @@ -4563,9 +4310,9 @@ Write to generic proc entries.
diff --git a/www/api-docs/kernel_mcs.html b/www/api-docs/kernel_mcs.html new file mode 100644 index 0000000..49d1be6 --- /dev/null +++ b/www/api-docs/kernel_mcs.html @@ -0,0 +1,157 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: kernel

+

Module: mcs

+ +

Description:

+ +

Multicategory security policy

+ + +

This module is required to be included in all policies.

+ + + +

Interfaces:

+ + +
+ + +
+ +mcs_killall( + + + + + domain + + + )
+
+
+ +
Summary
+

+This domain is allowed to sigkill and sigstop +all domains regardless of their MCS level. +

+ + +
Parameters
+
Parameter:Description:Optional:
-domain - - -The process type entered by kernel. - - -No -
-entrypoint - - -The executable type for the entrypoint. - No
domain - +

Domain allowed access. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+Domain target for user exemption. +

+		 +No +
+
+
+ + +Return + + + + +
+ + diff --git a/www/api-docs/kernel_mls.html b/www/api-docs/kernel_mls.html index c8c820b..01643c7 100644 --- a/www/api-docs/kernel_mls.html +++ b/www/api-docs/kernel_mls.html @@ -25,9 +25,6 @@ kernel
-    -  - bootloader
-    -  corecommands
@@ -49,6 +46,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -142,9 +142,9 @@ for lowering the level of files. domain - +

The type of the process performing this action. - +

No @@ -185,9 +185,9 @@ for reading from files at higher levels. domain - +

The type of the process performing this action. - +

No @@ -228,9 +228,9 @@ for raising the level of files. domain - +

The type of the process performing this action. - +

No @@ -271,9 +271,9 @@ for writing to files at lower levels. domain - +

The type of the process performing this action. - +

No @@ -314,9 +314,9 @@ for reading from processes at higher levels. domain - +

The type of the process performing this action. - +

No @@ -358,9 +358,9 @@ it executes. domain - +

The type of the process performing this action. - +

No @@ -401,9 +401,9 @@ for writing to processes at lower levels. domain - +

The type of the process performing this action. - +

No @@ -445,9 +445,9 @@ the current level. domain - +

The type of the process performing this action. - +

No @@ -489,9 +489,9 @@ the current level. domain - +

The type of the process performing this action. - +

No @@ -544,9 +544,9 @@ objects, for example, files and directories. domain - +

The type of the object. - +

No diff --git a/www/api-docs/kernel_selinux.html b/www/api-docs/kernel_selinux.html index de51cbf..96fb982 100644 --- a/www/api-docs/kernel_selinux.html +++ b/www/api-docs/kernel_selinux.html @@ -25,9 +25,6 @@ kernel
-    -  - bootloader
-    -  corecommands
@@ -49,6 +46,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -136,9 +136,9 @@ Allows caller to compute an access vector. domain - +

The process type allowed to compute an access vector. - +

No @@ -178,9 +178,9 @@ Calculate the default type for object creation. domain - +

Domain allowed access. - +

No @@ -221,9 +221,9 @@ directory members. domain - +

Domain allowed access. - +

No @@ -274,9 +274,9 @@ a terminal when a user logs in. domain - +

Domain allowed access. - +

No @@ -316,9 +316,9 @@ Allows caller to compute possible contexts for a user. domain - +

The process type allowed to compute user contexts. - +

No @@ -359,9 +359,9 @@ attributes of the selinuxfs directory. domain - +

Domain to not audit. - +

No @@ -402,9 +402,9 @@ generic selinuxfs entries domain - +

Domain to not audit. - +

No @@ -444,9 +444,9 @@ Do not audit attempts to search selinuxfs. domain - +

Domain to not audit. - +

No @@ -487,9 +487,9 @@ Allows the caller to get the mode of policy enforcement domain - +

The process type to allow to get the enforcing mode. - +

No @@ -529,9 +529,9 @@ Gets the caller the mountpoint of the selinuxfs filesystem. domain - +

The process type requesting the selinuxfs mountpoint. - +

No @@ -571,9 +571,9 @@ Allow caller to load the policy into the kernel. domain - +

The process type that will load the policy. - +

No @@ -613,9 +613,9 @@ Search selinuxfs. domain - +

Domain allowed access. - +

No @@ -668,9 +668,9 @@ always audited. domain - +

The process type allowed to set the Boolean. - +

No @@ -723,9 +723,9 @@ always audited. domain - +

The process type to allow to set the enforcement mode. - +

No @@ -778,9 +778,9 @@ always audited. domain - +

The process type to allow to set security parameters. - +

No @@ -820,9 +820,9 @@ Unconfined access to the SELinux kernel security server. domain - +

Domain allowed access. - +

No @@ -862,9 +862,9 @@ Allows caller to validate security contexts. domain - +

The process type permitted to validate contexts. - +

No diff --git a/www/api-docs/kernel_storage.html b/www/api-docs/kernel_storage.html index 0996017..dfdda44 100644 --- a/www/api-docs/kernel_storage.html +++ b/www/api-docs/kernel_storage.html @@ -25,9 +25,6 @@ kernel
-    -  - bootloader
-    -  corecommands
@@ -49,6 +46,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -101,13 +101,13 @@

Interfaces:

- +
-storage_create_fixed_disk( +storage_dev_filetrans_fixed_disk( @@ -121,7 +121,8 @@
Summary

-Create block devices in /dev with the fixed disk type. +Create block devices in /dev with the fixed disk type +via an automatic type transition.

@@ -132,9 +133,9 @@ Create block devices in /dev with the fixed disk type. domain - +

The type of the process performing this action. - +

No @@ -143,13 +144,13 @@ No
- +
-storage_create_fixed_disk_tmpfs( +storage_dontaudit_getattr_fixed_disk_dev( @@ -163,7 +164,8 @@ No
Summary

-Create fixed disk device nodes on a tmpfs filesystem. +Do not audit attempts made by the caller to get +the attributes of fixed disk device nodes.

@@ -174,9 +176,9 @@ Create fixed disk device nodes on a tmpfs filesystem. domain - -The type of the process performing this action. - +

+The type of the process to not audit. +

No @@ -185,13 +187,13 @@ No
- +
-storage_dontaudit_getattr_fixed_disk( +storage_dontaudit_getattr_removable_dev( @@ -206,7 +208,7 @@ No
Summary

Do not audit attempts made by the caller to get -the attributes of fixed disk device nodes. +the attributes of removable devices device nodes.

@@ -217,9 +219,9 @@ the attributes of fixed disk device nodes. domain - +

The type of the process to not audit. - +

No @@ -228,13 +230,13 @@ No
- +
-storage_dontaudit_getattr_removable_device( +storage_dontaudit_raw_read_removable_device( @@ -248,8 +250,7 @@ No
Summary

-Do not audit attempts made by the caller to get -the attributes of removable devices device nodes. +Do not audit attempts to directly read removable devices.

@@ -260,9 +261,51 @@ the attributes of removable devices device nodes. domain +

+Domain to not audit. +

+ +No + -The type of the process to not audit. + +
+
+ + +
+ + +
+storage_dontaudit_raw_write_removable_device( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to directly write removable devices. +

+ + +
Parameters
+ + + + @@ -303,9 +346,9 @@ fixed disk device nodes. @@ -346,9 +389,9 @@ removable devices device nodes. @@ -357,13 +400,13 @@ No - +
-storage_dontaudit_setattr_fixed_disk( +storage_dontaudit_rw_scsi_generic( @@ -377,8 +420,8 @@ No
Summary

-Do not audit attempts made by the caller to set -the attributes of fixed disk device nodes. +Do not audit attempts to read or write +SCSI generic device interfaces.

@@ -389,9 +432,9 @@ the attributes of fixed disk device nodes.
@@ -400,13 +443,13 @@ No - +
-storage_dontaudit_setattr_removable_device( +storage_dontaudit_setattr_fixed_disk_dev( @@ -421,7 +464,7 @@ No
Summary

Do not audit attempts made by the caller to set -the attributes of removable devices device nodes. +the attributes of fixed disk device nodes.

@@ -432,9 +475,9 @@ the attributes of removable devices device nodes.
@@ -443,13 +486,13 @@ No - +
-storage_getattr_fixed_disk( +storage_dontaudit_setattr_removable_dev( @@ -463,8 +506,8 @@ No
Summary

-Allow the caller to get the attributes of fixed disk -device nodes. +Do not audit attempts made by the caller to set +the attributes of removable devices device nodes.

@@ -475,9 +518,9 @@ device nodes.
@@ -486,13 +529,13 @@ No - +
-storage_getattr_removable_device( +storage_dontaudit_write_fixed_disk( @@ -506,8 +549,8 @@ No
Summary

-Allow the caller to get the attributes of removable -devices device nodes. +Do not audit attempts made by the caller to write +fixed disk device nodes.

@@ -518,9 +561,9 @@ devices device nodes.
@@ -529,13 +572,13 @@ No - +
-storage_getattr_scsi_generic( +storage_getattr_fixed_disk_dev( @@ -549,8 +592,8 @@ No
Summary

-Allow the caller to get the attributes of -the generic SCSI interface device nodes. +Allow the caller to get the attributes of fixed disk +device nodes.

@@ -561,9 +604,9 @@ the generic SCSI interface device nodes.
@@ -572,13 +615,13 @@ No - +
-storage_getattr_tape_device( +storage_getattr_removable_dev( @@ -592,8 +635,8 @@ No
Summary

-Allow the caller to get the attributes -of device nodes of tape devices. +Allow the caller to get the attributes of removable +devices device nodes.

@@ -604,9 +647,9 @@ of device nodes of tape devices.
@@ -615,13 +658,13 @@ No - +
-storage_manage_fixed_disk( +storage_getattr_scsi_generic_dev( @@ -635,7 +678,8 @@ No
Summary

-Create, read, write, and delete fixed disk device nodes. +Allow the caller to get the attributes of +the generic SCSI interface device nodes.

@@ -646,9 +690,9 @@ Create, read, write, and delete fixed disk device nodes.
@@ -657,13 +701,13 @@ No - +
-storage_raw_read_fixed_disk( +storage_getattr_tape_dev( @@ -677,10 +721,8 @@ No
Summary

-Allow the caller to directly read from a fixed disk. -This is extremly dangerous as it can bypass the -SELinux protections for filesystem objects, and -should only be used by trusted domains. +Allow the caller to get the attributes +of device nodes of tape devices.

@@ -691,9 +733,9 @@ should only be used by trusted domains.
@@ -702,13 +744,13 @@ No - +
-storage_raw_read_lvm_volume( +storage_manage_fixed_disk( @@ -722,10 +764,7 @@ No
Summary

-Allow the caller to directly read from a logical volume. -This is extremly dangerous as it can bypass the -SELinux protections for filesystem objects, and -should only be used by trusted domains. +Create, read, write, and delete fixed disk device nodes.

@@ -736,9 +775,9 @@ should only be used by trusted domains.
@@ -747,13 +786,13 @@ No - +
-storage_raw_read_removable_device( +storage_raw_read_fixed_disk( @@ -767,8 +806,7 @@ No
Summary

-Allow the caller to directly read from -a removable device. +Allow the caller to directly read from a fixed disk. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains. @@ -782,9 +820,9 @@ should only be used by trusted domains.

@@ -793,13 +831,13 @@ No - +
-storage_raw_write_fixed_disk( +storage_raw_read_removable_device( @@ -813,7 +851,8 @@ No
Summary

-Allow the caller to directly write to a fixed disk. +Allow the caller to directly read from +a removable device. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains. @@ -827,9 +866,9 @@ should only be used by trusted domains.

@@ -838,13 +877,13 @@ No - +
-storage_raw_write_lvm_volume( +storage_raw_write_fixed_disk( @@ -858,7 +897,7 @@ No
Summary

-Allow the caller to directly read from a logical volume. +Allow the caller to directly write to a fixed disk. This is extremly dangerous as it can bypass the SELinux protections for filesystem objects, and should only be used by trusted domains. @@ -872,9 +911,9 @@ should only be used by trusted domains.

@@ -918,9 +957,9 @@ should only be used by trusted domains. @@ -964,9 +1003,9 @@ should only be used by trusted domains. @@ -975,13 +1014,13 @@ No - +
-storage_read_tape_device( +storage_read_tape( @@ -1007,9 +1046,9 @@ a tape device.
@@ -1049,9 +1088,9 @@ Relabel fixed disk device nodes. @@ -1060,13 +1099,13 @@ No - +
-storage_set_scsi_generic_attributes( +storage_setattr_fixed_disk_dev( @@ -1080,8 +1119,8 @@ No
Summary

-Set attributes of the device nodes -for the SCSI generic inerface. +Allow the caller to set the attributes of fixed disk +device nodes.

@@ -1092,9 +1131,9 @@ for the SCSI generic inerface.
@@ -1103,13 +1142,13 @@ No - +
-storage_setattr_fixed_disk( +storage_setattr_removable_dev( @@ -1123,8 +1162,8 @@ No
Summary

-Allow the caller to set the attributes of fixed disk -device nodes. +Allow the caller to set the attributes of removable +devices device nodes.

@@ -1135,9 +1174,9 @@ device nodes.
@@ -1146,13 +1185,13 @@ No - +
-storage_setattr_removable_device( +storage_setattr_scsi_generic_dev( @@ -1166,8 +1205,8 @@ No
Summary

-Allow the caller to set the attributes of removable -devices device nodes. +Allow the caller to set the attributes of +the generic SCSI interface device nodes.

@@ -1178,9 +1217,9 @@ devices device nodes.
@@ -1189,13 +1228,13 @@ No - +
-storage_setattr_scsi_generic( +storage_setattr_scsi_generic_dev_dev( @@ -1209,8 +1248,8 @@ No
Summary

-Allow the caller to set the attributes of -the generic SCSI interface device nodes. +Set attributes of the device nodes +for the SCSI generic inerface.

@@ -1221,9 +1260,9 @@ the generic SCSI interface device nodes.
@@ -1232,13 +1271,13 @@ No - +
-storage_setattr_tape_device( +storage_setattr_tape_dev( @@ -1264,9 +1303,9 @@ of device nodes of tape devices.
@@ -1306,9 +1345,52 @@ Enable a fixed disk device as swap space + +
Parameter:Description:Optional:
+domain + +

+Domain to not audit. +

 No
domain - +

The type of the process to not audit. - +

 No
domain - +

The type of the process to not audit. - +

 No
domain - -The type of the process to not audit. - +

+Domain to not audit. +

 No
domain - +

The type of the process to not audit. - +

 No
domain - -The type of the process performing this action. - +

+The type of the process to not audit. +

 No
domain - -The type of the process performing this action. - +

+Domain to not audit. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +storage_tmpfs_filetrans_fixed_disk( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create block devices in on a tmpfs filesystem with the +fixed disk type via an automatic type transition. +

+ +
Parameters
+ + + + @@ -1348,9 +1430,9 @@ Unconfined access to storage devices. @@ -1394,9 +1476,9 @@ should only be used by trusted domains. @@ -1405,13 +1487,13 @@ No - +
-storage_write_tape_device( +storage_write_tape( @@ -1437,9 +1519,9 @@ a tape device.
diff --git a/www/api-docs/kernel_terminal.html b/www/api-docs/kernel_terminal.html index 5915faa..037110c 100644 --- a/www/api-docs/kernel_terminal.html +++ b/www/api-docs/kernel_terminal.html @@ -25,9 +25,6 @@ kernel
-    -  - bootloader
-    -  corecommands
@@ -49,6 +46,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -142,9 +142,9 @@ Create a pty in the /dev/pts directory.
@@ -152,9 +152,9 @@ No @@ -196,9 +196,9 @@ device nodes. @@ -240,9 +240,9 @@ device nodes. @@ -251,13 +251,13 @@ No - +
-term_dontaudit_getattr_pty_dir( +term_dontaudit_getattr_pty_dirs( @@ -283,9 +283,9 @@ attributes of the /dev/pts directory.
@@ -326,9 +326,9 @@ of all unallocated tty device nodes. @@ -369,9 +369,9 @@ unallocated tty device nodes. @@ -412,9 +412,9 @@ Do not audit attempts to read the @@ -423,13 +423,13 @@ No - +
-term_dontaudit_manage_pty_dir( +term_dontaudit_manage_pty_dirs( @@ -455,9 +455,9 @@ write, or delete the /dev/pts directory.
@@ -498,9 +498,9 @@ contents of the /dev/pts directory. @@ -541,9 +541,9 @@ user ptys. @@ -584,9 +584,9 @@ any user ttys. @@ -627,9 +627,9 @@ or write to the console. @@ -638,13 +638,13 @@ No - +
-term_dontaudit_use_generic_pty( +term_dontaudit_use_generic_ptys( @@ -671,9 +671,9 @@ generally only used in the targeted policy.
@@ -714,9 +714,9 @@ write the pty multiplexor (/dev/ptmx). @@ -725,13 +725,13 @@ No - +
-term_dontaudit_use_unallocated_tty( +term_dontaudit_use_unallocated_ttys( @@ -757,9 +757,9 @@ write unallocated ttys.
@@ -800,9 +800,9 @@ pty device nodes. @@ -843,9 +843,9 @@ device nodes. @@ -886,9 +886,9 @@ tty device nodes. @@ -897,13 +897,13 @@ No - +
-term_ioctl_generic_pty( +term_ioctl_generic_ptys( @@ -928,9 +928,9 @@ ioctl of generic pty types.
@@ -971,9 +971,9 @@ list all ptys. @@ -1014,9 +1014,9 @@ used by login programs, such as sshd. @@ -1056,9 +1056,9 @@ Transform specified type into a pty type. @@ -1098,9 +1098,9 @@ Read from the console. @@ -1141,9 +1141,9 @@ user pty device nodes. @@ -1184,9 +1184,9 @@ user tty device nodes. @@ -1227,9 +1227,9 @@ tty type. @@ -1269,9 +1269,9 @@ Relabel to all user ptys. @@ -1312,9 +1312,9 @@ the unallocated tty type. @@ -1354,9 +1354,9 @@ Search the contents of the /dev/pts directory. @@ -1397,9 +1397,9 @@ pty device nodes. @@ -1440,9 +1440,9 @@ device nodes. @@ -1483,9 +1483,9 @@ device node. @@ -1526,9 +1526,9 @@ tty device nodes. @@ -1568,9 +1568,9 @@ Transform specified type into a tty type. @@ -1611,9 +1611,9 @@ ttys and all ptys. @@ -1653,9 +1653,9 @@ Read and write all user ptys. @@ -1695,9 +1695,9 @@ Read and write all user to all user ttys. @@ -1737,9 +1737,9 @@ Read from and write to the console. @@ -1780,9 +1780,9 @@ terminal (/dev/tty). @@ -1791,13 +1791,13 @@ No - +
-term_use_generic_pty( +term_use_generic_ptys( @@ -1824,9 +1824,9 @@ the targeted policy.
@@ -1866,9 +1866,9 @@ Read and write the pty multiplexor (/dev/ptmx). @@ -1877,13 +1877,13 @@ No - +
-term_use_unallocated_tty( +term_use_unallocated_ttys( @@ -1908,9 +1908,9 @@ Read and write unallocated ttys.
@@ -1960,10 +1960,10 @@ type change by login programs such as ssh. @@ -1971,9 +1971,9 @@ No @@ -2013,9 +2013,9 @@ Write to all user ttys. @@ -2055,9 +2055,9 @@ Write to the console. @@ -2097,9 +2097,9 @@ Write to unallocated ttys. diff --git a/www/api-docs/services.html b/www/api-docs/services.html index cd38764..4b549ae 100644 --- a/www/api-docs/services.html +++ b/www/api-docs/services.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -704,16 +704,16 @@ from Windows NT servers. - - - + + + diff --git a/www/api-docs/services_apache.html b/www/api-docs/services_apache.html index 2b2fcc1..85409b7 100644 --- a/www/api-docs/services_apache.html +++ b/www/api-docs/services_apache.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -340,9 +340,9 @@ apache squirrelmail data. @@ -382,9 +382,9 @@ Transition to apache. @@ -425,9 +425,9 @@ script domain. @@ -468,9 +468,9 @@ a domain transition. @@ -511,9 +511,9 @@ script domain. @@ -554,9 +554,9 @@ Apache logs. @@ -565,13 +565,13 @@ No - +
-apache_dontaudit_rw_stream_socket( +apache_dontaudit_rw_stream_sockets( @@ -597,9 +597,9 @@ unix domain stream sockets.
@@ -608,13 +608,13 @@ No - +
-apache_dontaudit_rw_sys_script_stream_socket( +apache_dontaudit_rw_sys_script_stream_sockets( @@ -640,9 +640,9 @@ system script unix domain stream sockets.
@@ -651,13 +651,13 @@ No - +
-apache_dontaudit_rw_tcp_socket( +apache_dontaudit_rw_tcp_sockets( @@ -683,9 +683,9 @@ TCP sockets.
@@ -726,9 +726,52 @@ module directories. + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process creating the pty. - +

 No
pty_type - +

The type of the pty. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process to not audit. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process to not audit. - +

 No
domain - +

The type of the process to not audit. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process to not audit. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process to not audit. - +

 No
domain - +

The type of the process to not audit. - +

 No
domain - +

The type of the process to not audit. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
pty_type - +

An object type that will applied to a pty. - +

 No
pty_type - +

An object type that will applied to a pty. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
tty_type - +

An object type that will applied to a tty. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process to allow access. - +

 No
domain - +

Domain allowed access. - +

 No
userdomain - +

The type of the user domain associated with this pty. - +

 No
object_type - +

An object type that will applied to a pty. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No

Unix to Unix Copy
- - xdm

X windows login display manager

xfs

X Windows Font Server

+ + xserver

X Windows Server

zebra

Zebra border gateway protocol network routing service

domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain to not audit. +

+		 +No +
+
+
+ + +
+ + +
+ +apache_exec_modules( + + + + + domain + + + )
+
+
+ +
Summary
+

+Allow the specified domain to execute +apache modules. +

+ +
Parameters
+ + + + @@ -770,9 +813,9 @@ directory. @@ -813,9 +856,9 @@ apache system content files. @@ -856,9 +899,9 @@ apache configuration files. @@ -899,9 +942,9 @@ apache log files. @@ -942,9 +985,51 @@ apache squirrelmail data. + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+apache_read_sys_content( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read apache system content +

+ + +
Parameters
+ + + + @@ -994,9 +1079,9 @@ to the specified role. @@ -1004,9 +1089,9 @@ No @@ -1064,9 +1149,9 @@ specified role the dmidecode domain. @@ -1074,9 +1159,9 @@ No @@ -1084,9 +1169,9 @@ No @@ -1126,9 +1211,9 @@ Search system script state directory. @@ -1168,9 +1253,9 @@ Send a SIGCHLD signal to apache. @@ -1210,9 +1295,9 @@ Send a null signal to apache. @@ -1221,13 +1306,13 @@ No - +
-apache_use_fd( +apache_use_fds( @@ -1252,9 +1337,9 @@ Inherit and use file descriptors from Apache.
@@ -1302,9 +1387,9 @@ web content. @@ -1373,10 +1458,10 @@ by policy writers. @@ -1384,9 +1469,9 @@ No @@ -1394,9 +1479,9 @@ No diff --git a/www/api-docs/services_apm.html b/www/api-docs/services_apm.html index d169cd5..91da64b 100644 --- a/www/api-docs/services_apm.html +++ b/www/api-docs/services_apm.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Append to apm's log file. @@ -378,9 +378,9 @@ Execute APM in the apm domain. @@ -389,13 +389,13 @@ No - +
-apm_rw_stream_socket( +apm_rw_stream_sockets( @@ -420,9 +420,9 @@ Read and write to an apm unix stream socket.
@@ -462,9 +462,9 @@ Connect to apmd over an unix stream socket. @@ -473,13 +473,13 @@ No - +
-apm_use_fd( +apm_use_fds( @@ -504,9 +504,9 @@ Use file descriptors for apmd.
@@ -515,13 +515,13 @@ No - +
-apm_write_pipe( +apm_write_pipes( @@ -546,9 +546,9 @@ Write to apmd unnamed pipes.
diff --git a/www/api-docs/services_arpwatch.html b/www/api-docs/services_arpwatch.html index 48266bf..ea5858d 100644 --- a/www/api-docs/services_arpwatch.html +++ b/www/api-docs/services_arpwatch.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -305,13 +305,13 @@

Interfaces:

- +
-arpwatch_dontaudit_rw_packet_socket( +arpwatch_dontaudit_rw_packet_sockets( @@ -337,9 +337,9 @@ arpwatch packet sockets.
@@ -379,9 +379,9 @@ Create arpwatch data files. @@ -421,9 +421,9 @@ Read and write arpwatch temporary files. @@ -463,9 +463,9 @@ Read and write arpwatch temporary files. @@ -505,9 +505,9 @@ Search arpwatch's data file directories. diff --git a/www/api-docs/services_automount.html b/www/api-docs/services_automount.html index 8b57fd2..cb768e5 100644 --- a/www/api-docs/services_automount.html +++ b/www/api-docs/services_automount.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,52 @@ Execute automount in the automount domain. + +
Parameter:Description:Optional:
+domain + +

+Domain to not audit. +

 No
domain - +

Domain allowed access. - +

 No
role - +

The role to be allowed the script domains. - +

 No
domain - +

Domain allowed access. - +

 No
role - +

The role to be allowed the dmidecode domain. - +

 No
terminal - +

The type of the terminal allow the dmidecode domain to use. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
prefix - +

The prefix to be used for deriving type names. - +

 No
userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

 No
user_domain - +

The type of the user domain. - +

 No
user_role - +

The role associated with the user domain. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +automount_dontaudit_getattr_tmp_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to get the attributes +of automount temporary directories. +

+ +
Parameters
+ + + + @@ -378,9 +421,9 @@ Execute automount in the caller domain. diff --git a/www/api-docs/services_avahi.html b/www/api-docs/services_avahi.html index 0fb2104..9385e9d 100644 --- a/www/api-docs/services_avahi.html +++ b/www/api-docs/services_avahi.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -337,9 +337,9 @@ avahi over dbus. diff --git a/www/api-docs/services_bind.html b/www/api-docs/services_bind.html index ce9952e..1f9ae98 100644 --- a/www/api-docs/services_bind.html +++ b/www/api-docs/services_bind.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Execute bind in the named domain. @@ -378,9 +378,9 @@ Execute ndc in the ndc domain. @@ -421,9 +421,9 @@ BIND cache files. @@ -432,13 +432,13 @@ No - +
-bind_manage_config_dir( +bind_manage_config_dirs( @@ -464,9 +464,9 @@ BIND configuration directories.
@@ -506,9 +506,9 @@ Read BIND named configuration files. @@ -548,9 +548,9 @@ Read DNSSEC keys. @@ -590,9 +590,9 @@ Read BIND zone files. @@ -649,9 +649,9 @@ allow the specified role the ndc domain. @@ -659,9 +659,9 @@ No @@ -669,9 +669,9 @@ No @@ -711,9 +711,9 @@ Search the BIND cache directory. @@ -722,13 +722,13 @@ No - +
-bind_setattr_pid_dir( +bind_setattr_pid_dirs( @@ -754,9 +754,9 @@ of the BIND pid directory.
@@ -796,9 +796,9 @@ Send generic signals to BIND. @@ -838,9 +838,9 @@ Write BIND named configuration files. diff --git a/www/api-docs/services_bluetooth.html b/www/api-docs/services_bluetooth.html index 7d047a7..96eb95e 100644 --- a/www/api-docs/services_bluetooth.html +++ b/www/api-docs/services_bluetooth.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -337,9 +337,9 @@ bluetooth over dbus. @@ -379,9 +379,9 @@ Execute bluetooth_helper in the bluetooth_helper domain. @@ -421,9 +421,9 @@ Read bluetooth helper files. @@ -463,9 +463,9 @@ Read bluetooth daemon configuration. @@ -522,9 +522,9 @@ allow the specified role the bluetooth_helper domain. @@ -532,9 +532,9 @@ No @@ -542,9 +542,9 @@ No diff --git a/www/api-docs/services_canna.html b/www/api-docs/services_canna.html index 65f9814..b153def 100644 --- a/www/api-docs/services_canna.html +++ b/www/api-docs/services_canna.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Connect to Canna using a unix domain stream socket. diff --git a/www/api-docs/services_comsat.html b/www/api-docs/services_comsat.html index 94ba93d..4471af6 100644 --- a/www/api-docs/services_comsat.html +++ b/www/api-docs/services_comsat.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_cpucontrol.html b/www/api-docs/services_cpucontrol.html index 1862b08..3f0a41a 100644 --- a/www/api-docs/services_cpucontrol.html +++ b/www/api-docs/services_cpucontrol.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -316,12 +316,8 @@ - [ - domain - ] - )
@@ -340,11 +336,11 @@ CPUcontrol stub interface. No access allowed.
Parameter:Description:Optional:
+domain + +

+Domain to not audit. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
role - +

The role to be allowed the bind domain. - +

 No
terminal - +

The type of the terminal allow the bind domain to use. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the bluetooth_helper domain. - +

 No
terminal - +

The type of the terminal allow the bluetooth_helper domain to use. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

N/A - +

 -yes +Yes
diff --git a/www/api-docs/services_cron.html b/www/api-docs/services_cron.html index edff2da..71f91af 100644 --- a/www/api-docs/services_cron.html +++ b/www/api-docs/services_cron.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -308,13 +308,13 @@

Interfaces:

- +
-cron_crw_tcp_socket( +cron_anacron_domtrans_system_job( @@ -328,7 +328,7 @@
Summary

-Create, read, and write a cron daemon TCP socket. +Execute APM in the apm domain.

@@ -339,9 +339,9 @@ Create, read, and write a cron daemon TCP socket. domain - +

Domain allowed access. - +

No @@ -350,13 +350,13 @@ No
- +
-cron_domtrans_anacron_system_job( +cron_dontaudit_append_system_job_tmp_files( @@ -370,7 +370,8 @@ No
Summary

-Execute APM in the apm domain. +Do not audit attempts to append temporary +files from the system cron jobs.

@@ -381,9 +382,9 @@ Execute APM in the apm domain. domain - -Domain allowed access. - +

+Domain to not audit. +

No @@ -392,13 +393,13 @@ No
- +
-cron_dontaudit_append_system_job_tmp_files( +cron_dontaudit_write_pipes( @@ -412,8 +413,7 @@ No
Summary

-Do not audit attempts to append temporary -files from the system cron jobs. +Do not audit attempts to write cron daemon unnamed pipes.

@@ -424,9 +424,9 @@ files from the system cron jobs. domain - -Domain to not audit. - +

+Domain allowed access. +

No @@ -435,13 +435,13 @@ No
- +
-cron_dontaudit_write_pipe( +cron_read_pipes( @@ -455,7 +455,7 @@ No
Summary

-Do not audit attempts to write cron daemon unnamed pipes. +Read a cron daemon unnamed pipe.

@@ -466,9 +466,9 @@ Do not audit attempts to write cron daemon unnamed pipes. domain - +

Domain allowed access. - +

No @@ -477,13 +477,13 @@ No
- +
-cron_read_pipe( +cron_read_system_job_tmp_files( @@ -497,7 +497,7 @@ No
Summary

-Read a cron daemon unnamed pipe. +Read temporary files from the system cron jobs.

@@ -508,9 +508,9 @@ Read a cron daemon unnamed pipe. domain - +

Domain allowed access. - +

No @@ -519,13 +519,13 @@ No
- +
-cron_read_system_job_tmp_files( +cron_rw_pipes( @@ -539,7 +539,7 @@ No
Summary

-Read temporary files from the system cron jobs. +Read and write a cron daemon unnamed pipe.

@@ -550,9 +550,9 @@ Read temporary files from the system cron jobs. domain - +

Domain allowed access. - +

No @@ -561,13 +561,13 @@ No
- +
-cron_rw_pipe( +cron_rw_system_job_pipes( @@ -581,7 +581,7 @@ No
Summary

-Read and write a cron daemon unnamed pipe. +Read and write a system cron job unnamed pipe.

@@ -592,9 +592,9 @@ Read and write a cron daemon unnamed pipe. domain - +

Domain allowed access. - +

No @@ -603,13 +603,13 @@ No
- +
-cron_rw_system_job_pipe( +cron_rw_tcp_sockets( @@ -623,7 +623,7 @@ No
Summary

-Read and write a system cron job unnamed pipe. +Read, and write cron daemon TCP sockets.

@@ -634,9 +634,9 @@ Read and write a system cron job unnamed pipe. domain - +

Domain allowed access. - +

No @@ -676,9 +676,9 @@ Search the directory containing user cron tables. domain - +

The type of the process to performing this action. - +

No @@ -718,9 +718,9 @@ Send a SIGCHLD signal to the cron daemon. domain - +

Domain allowed access. - +

No @@ -769,9 +769,9 @@ from the system cron jobs. domain - +

The type of the process to transition to. - +

No @@ -779,9 +779,9 @@ No entrypoint - +

The type of the file used as an entrypoint to this domain. - +

No @@ -790,13 +790,13 @@ No
- +
-cron_use_fd( +cron_use_fds( @@ -822,9 +822,9 @@ from the cron daemon. domain - +

Domain allowed access. - +

No @@ -833,13 +833,13 @@ No
- +
-cron_use_system_job_fd( +cron_use_system_job_fds( @@ -865,9 +865,9 @@ from system cron jobs. domain - +

Domain allowed access. - +

No @@ -876,13 +876,13 @@ No
- +
-cron_write_system_job_pipe( +cron_write_system_job_pipes( @@ -907,9 +907,9 @@ Write a system cron job unnamed pipe. domain - +

Domain allowed access. - +

No @@ -964,10 +964,10 @@ allowing the specified user to manage other user crontabs. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -1037,10 +1037,10 @@ by policy writers. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -1048,9 +1048,9 @@ No user_domain - +

The type of the user domain. - +

No @@ -1058,9 +1058,9 @@ No user_role - +

The role associated with the user domain. - +

No diff --git a/www/api-docs/services_cups.html b/www/api-docs/services_cups.html index 388b501..9e4a727 100644 --- a/www/api-docs/services_cups.html +++ b/www/api-docs/services_cups.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -337,9 +337,9 @@ cups over dbus. domain - +

Domain allowed access. - +

No @@ -380,9 +380,9 @@ cupsd_config over dbus. domain - +

Domain allowed access. - +

No @@ -422,9 +422,9 @@ Execute cups in the cups domain. domain - +

The type of the process performing this action. - +

No @@ -464,9 +464,51 @@ Execute cups_config in the cups_config domain. domain - +

The type of the process performing this action. +

+ +No + + + +
+
+ + +
+ + +
+cups_read_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read cups configuration files. +

+ + +
Parameters
+ + + + @@ -506,9 +548,9 @@ Read cups log files. @@ -548,9 +590,9 @@ Read cups-writable configuration files. @@ -591,9 +633,9 @@ configuration daemon. @@ -633,9 +675,93 @@ Connect to ptal over an unix domain stream socket. +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +cups_tcp_connect( + + + + + domain + + + )
+
+
+ +
Summary
+

+Connect to cups over TCP. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +cups_write_log( + + + + + domain + + + )
+
+
+ +
Summary
+

+Write cups log files. +

+ + +
Parameters
+ + + diff --git a/www/api-docs/services_cvs.html b/www/api-docs/services_cvs.html index fa3eb7c..23b545b 100644 --- a/www/api-docs/services_cvs.html +++ b/www/api-docs/services_cvs.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Read the CVS data and metadata. diff --git a/www/api-docs/services_cyrus.html b/www/api-docs/services_cyrus.html index 5d91df8..c0a953b 100644 --- a/www/api-docs/services_cyrus.html +++ b/www/api-docs/services_cyrus.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -337,9 +337,9 @@ and delete cyrus data files. diff --git a/www/api-docs/services_dbskk.html b/www/api-docs/services_dbskk.html index 8eeb9dd..7e47230 100644 --- a/www/api-docs/services_dbskk.html +++ b/www/api-docs/services_dbskk.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_dbus.html b/www/api-docs/services_dbus.html index 87739f1..665ab9e 100644 --- a/www/api-docs/services_dbus.html +++ b/www/api-docs/services_dbus.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -340,9 +340,9 @@ for service (acquire_svc). @@ -382,9 +382,9 @@ Read dbus configuration. @@ -393,13 +393,13 @@ No - +
-dbus_send_system_bus_msg( +dbus_send_system_bus( @@ -424,9 +424,9 @@ Send a message on the system DBUS.
@@ -446,12 +446,8 @@ No - [ - domain - ] - )
@@ -470,11 +466,11 @@ DBUS stub interface. No access allowed.
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

N/A - +

 -yes +Yes
@@ -512,9 +508,9 @@ Allow unconfined access to the system DBUS. domain - +

Domain allowed access. - +

No @@ -590,10 +586,10 @@ by policy writers. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -601,9 +597,9 @@ No user_domain - +

The type of the user domain. - +

No @@ -611,9 +607,9 @@ No user_role - +

The role associated with the user domain. - +

No @@ -662,10 +658,10 @@ the system DBUS. domain_prefix - +

The prefix of the domain (e.g., user is the prefix for user_t). - +

No @@ -673,9 +669,9 @@ No domain - +

The type of the domain. - +

No diff --git a/www/api-docs/services_dhcp.html b/www/api-docs/services_dhcp.html index 0974ce8..33f9dad 100644 --- a/www/api-docs/services_dhcp.html +++ b/www/api-docs/services_dhcp.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -337,9 +337,9 @@ server state files. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/services_dictd.html b/www/api-docs/services_dictd.html index b8e2fd6..21b5f78 100644 --- a/www/api-docs/services_dictd.html +++ b/www/api-docs/services_dictd.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -305,13 +305,13 @@

Interfaces:

- +
-dictd_use( +dictd_tcp_connect( @@ -337,9 +337,9 @@ over TCP. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/services_distcc.html b/www/api-docs/services_distcc.html index e774d37..38838c1 100644 --- a/www/api-docs/services_distcc.html +++ b/www/api-docs/services_distcc.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_djbdns.html b/www/api-docs/services_djbdns.html index d38b50c..6454e31 100644 --- a/www/api-docs/services_djbdns.html +++ b/www/api-docs/services_djbdns.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -338,9 +338,9 @@ components that are directly supervised by daemontools. prefix - +

The prefix to be used for deriving type names. - +

No diff --git a/www/api-docs/services_dovecot.html b/www/api-docs/services_dovecot.html index 234d06e..d0bda22 100644 --- a/www/api-docs/services_dovecot.html +++ b/www/api-docs/services_dovecot.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Create, read, write, and delete the dovecot spool files. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/services_fetchmail.html b/www/api-docs/services_fetchmail.html index 2115aad..663ddea 100644 --- a/www/api-docs/services_fetchmail.html +++ b/www/api-docs/services_fetchmail.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_finger.html b/www/api-docs/services_finger.html index 7367b29..6a79f9b 100644 --- a/www/api-docs/services_finger.html +++ b/www/api-docs/services_finger.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Execute fingerd in the fingerd domain. domain - +

The type of the process performing this action. - +

No @@ -378,9 +378,9 @@ Allow the specified domain to connect to fingerd with a tcp socket. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/services_ftp.html b/www/api-docs/services_ftp.html index 34147ad..496f943 100644 --- a/www/api-docs/services_ftp.html +++ b/www/api-docs/services_ftp.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -339,9 +339,9 @@ Execute FTP daemon entry point programs. domain - +

Domain allowed access. - +

No @@ -381,9 +381,9 @@ Read ftpd etc files domain - +

Domain allowed access. - +

No @@ -423,9 +423,9 @@ Read FTP transfer logs domain - +

Domain allowed access. - +

No @@ -465,9 +465,9 @@ Use ftp by connecting over TCP. domain - +

Domain allowed access. - +

No @@ -528,10 +528,10 @@ by policy writers. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No diff --git a/www/api-docs/services_gpm.html b/www/api-docs/services_gpm.html index 1e59ca4..30587ac 100644 --- a/www/api-docs/services_gpm.html +++ b/www/api-docs/services_gpm.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -338,9 +338,9 @@ named socket. domain - +

Domain allowed access. - +

No @@ -381,9 +381,9 @@ control channel named socket. domain - +

Domain allowed access. - +

No @@ -424,9 +424,52 @@ control channel named socket. domain - +

Domain allowed access. +

+ +No + + + +
+
+ +
+ + +
+ +gpm_stream_connect( + + + + + domain + + + )
+
+
+ +
Summary
+

+Connect to GPM over a unix domain +stream socket. +

+ + +
Parameters
+ + + + diff --git a/www/api-docs/services_hal.html b/www/api-docs/services_hal.html index 0454f4c..b6ba2df 100644 --- a/www/api-docs/services_hal.html +++ b/www/api-docs/services_hal.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -337,9 +337,9 @@ hal over dbus. @@ -379,9 +379,9 @@ Send a dbus message to hal. @@ -390,13 +390,13 @@ No - +
-hal_dgram_sendto( +hal_dgram_send( @@ -422,9 +422,9 @@ datagram socket.
@@ -464,9 +464,9 @@ Execute hal in the hal domain. @@ -507,9 +507,9 @@ stream socket. diff --git a/www/api-docs/services_howl.html b/www/api-docs/services_howl.html index f1b1ad7..55402c4 100644 --- a/www/api-docs/services_howl.html +++ b/www/api-docs/services_howl.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Send generic signals to howl. diff --git a/www/api-docs/services_i18n_input.html b/www/api-docs/services_i18n_input.html index 1f190c7..69458c3 100644 --- a/www/api-docs/services_i18n_input.html +++ b/www/api-docs/services_i18n_input.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Use i18n_input over a TCP connection. diff --git a/www/api-docs/services_inetd.html b/www/api-docs/services_inetd.html index a110089..e3aa1ad 100644 --- a/www/api-docs/services_inetd.html +++ b/www/api-docs/services_inetd.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -339,11 +339,13 @@ Define the specified domain as a inetd service.
Description

+

Define the specified domain as a inetd service. The inetd_service_domain(), inetd_tcp_service_domain(), or inetd_udp_service_domain() interfaces should be used instead of this interface, as this interface only provides the common rules to these three interfaces. +

Parameters
@@ -353,9 +355,9 @@ the common rules to these three interfaces. @@ -363,9 +365,9 @@ No @@ -405,9 +407,9 @@ Run inetd child process in the inet child domain @@ -416,13 +418,13 @@ No - +
-inetd_rw_tcp_socket( +inetd_rw_tcp_sockets( @@ -447,9 +449,9 @@ Read and write inetd TCP sockets.
@@ -497,9 +499,9 @@ Define the specified domain as a TCP and UDP inetd service. @@ -507,9 +509,9 @@ No @@ -549,9 +551,9 @@ Connect to the inetd service using a TCP connection. @@ -599,9 +601,9 @@ Define the specified domain as a TCP inetd service. @@ -609,9 +611,9 @@ No @@ -620,13 +622,13 @@ No - +
-inetd_udp_sendto( +inetd_udp_send( @@ -651,9 +653,9 @@ Send UDP network traffic to inetd.
@@ -701,9 +703,9 @@ Define the specified domain as a UDP inetd service. @@ -711,9 +713,9 @@ No @@ -722,13 +724,13 @@ No - +
-inetd_use_fd( +inetd_use_fds( @@ -753,9 +755,9 @@ Inherit and use file descriptors from inetd.
diff --git a/www/api-docs/services_inn.html b/www/api-docs/services_inn.html index 411f719..d81ecd3 100644 --- a/www/api-docs/services_inn.html +++ b/www/api-docs/services_inn.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -305,13 +305,13 @@

Interfaces:

- +
-inn_exec( +inn_dgram_send( @@ -325,8 +325,7 @@
Summary

-Allow the specified domain to execute innd -in the caller domain. +Send to a innd unix dgram socket.

@@ -337,9 +336,9 @@ in the caller domain.
@@ -348,13 +347,13 @@ No - +
-inn_exec_config( +inn_exec( @@ -368,8 +367,8 @@ No
Summary

-Allow the specified domain to execute -inn configuration files in /etc. +Allow the specified domain to execute innd +in the caller domain.

@@ -380,9 +379,9 @@ inn configuration files in /etc.
@@ -391,13 +390,13 @@ No - +
-inn_manage_log( +inn_exec_config( @@ -411,7 +410,8 @@ No
Summary

-Create, read, write, and delete the innd log. +Allow the specified domain to execute +inn configuration files in /etc.

@@ -422,9 +422,9 @@ Create, read, write, and delete the innd log.
@@ -433,13 +433,13 @@ No - +
-inn_manage_pid( +inn_manage_log( @@ -453,7 +453,7 @@ No
Summary

-Create, read, write, and delete the innd pid files. +Create, read, write, and delete the innd log.

@@ -464,9 +464,9 @@ Create, read, write, and delete the innd pid files.
@@ -475,13 +475,13 @@ No - +
-inn_read_config( +inn_manage_pid( @@ -495,7 +495,7 @@ No
Summary

-Read innd configuration files. +Create, read, write, and delete the innd pid files.

@@ -506,9 +506,9 @@ Read innd configuration files.
@@ -517,13 +517,13 @@ No - +
-inn_read_news_lib( +inn_read_config( @@ -537,7 +537,7 @@ No
Summary

-Read innd news library files. +Read innd configuration files.

@@ -548,9 +548,9 @@ Read innd news library files.
@@ -559,13 +559,13 @@ No - +
-inn_read_news_spool( +inn_read_news_lib( @@ -590,9 +590,9 @@ Read innd news library files.
@@ -601,13 +601,13 @@ No - +
-inn_sendto_unix_dgram_socket( +inn_read_news_spool( @@ -621,7 +621,7 @@ No
Summary

-Send to a innd unix dgram socket. +Read innd news library files.

@@ -632,9 +632,9 @@ Send to a innd unix dgram socket.
diff --git a/www/api-docs/services_irqbalance.html b/www/api-docs/services_irqbalance.html index 97ee46b..a55294e 100644 --- a/www/api-docs/services_irqbalance.html +++ b/www/api-docs/services_irqbalance.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_kerberos.html b/www/api-docs/services_kerberos.html index 68ea859..44d40be 100644 --- a/www/api-docs/services_kerberos.html +++ b/www/api-docs/services_kerberos.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -357,9 +357,9 @@ configuration file (/etc/krb5.conf). @@ -399,9 +399,9 @@ Read the kerberos configuration file (/etc/krb5.conf). @@ -441,9 +441,9 @@ Read the kerberos key table. @@ -483,9 +483,9 @@ Read and write the kerberos configuration file (/etc/krb5.conf). @@ -525,9 +525,9 @@ Use kerberos services diff --git a/www/api-docs/services_ktalk.html b/www/api-docs/services_ktalk.html index 8a66795..7d2f9b0 100644 --- a/www/api-docs/services_ktalk.html +++ b/www/api-docs/services_ktalk.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_ldap.html b/www/api-docs/services_ldap.html index 4b9ace7..291537c 100644 --- a/www/api-docs/services_ldap.html +++ b/www/api-docs/services_ldap.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -305,13 +305,13 @@

Interfaces:

- +
-ldap_list_db_dir( +ldap_list_db( @@ -337,9 +337,9 @@ database directories.
@@ -379,9 +379,9 @@ Read the OpenLDAP configuration files. @@ -421,9 +421,9 @@ Use LDAP over TCP connection. diff --git a/www/api-docs/services_lpd.html b/www/api-docs/services_lpd.html index dafce81..8863ba0 100644 --- a/www/api-docs/services_lpd.html +++ b/www/api-docs/services_lpd.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -296,6 +296,9 @@

Layer: services

Module: lpd

+Interfaces +Templates +

Description:

Line printer daemon

@@ -336,9 +339,9 @@ Execute lpd in the lpd domain. @@ -378,9 +381,9 @@ List the contents of the printer spool directories. @@ -420,9 +423,9 @@ Create, read, write, and delete printer spool files. @@ -462,9 +465,9 @@ List the contents of the printer spool directories. @@ -521,9 +524,9 @@ allow the specified role the lpd domain. @@ -531,9 +534,9 @@ No @@ -541,9 +544,9 @@ No @@ -556,6 +559,155 @@ No Return + +

Templates:

+ + +
+ + +
+ +lpd_per_userdomain_template( + + + + + userdomain_prefix + + + + , + + + + user_domain + + + + , + + + + user_role + + + )
+
+
+ +
Summary
+

+The per user domain template for the lpd module. +

+ + +
Description
+

+

+This template creates a derived domains which are used +for lpr printing client. +

+

+This template is invoked automatically for each user, and +generally does not need to be invoked directly +by policy writers. +

+

+ +
Parameters
+
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type associated with the inetd service process. - +

 No
entrypoint - +

The type associated with the process program. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type associated with the inetd service process. - +

 No
entrypoint - +

The type associated with the process program. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type associated with the inetd service process. - +

 No
entrypoint - +

The type associated with the process program. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type associated with the inetd service process. - +

 No
entrypoint - +

The type associated with the process program. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
role - +

The role to be allowed the lpd domain. - +

 No
terminal - +

The type of the terminal allow the lpd domain to use. - +

 No
+ + + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+user_domain + +

+The type of the user domain. +

+		 +No +
+user_role + +

+The role associated with the user domain. +

+		 +No +
+
+
+ + +
+ + +
+ +lpr_admin_template( + + + + + userdomain_prefix + + + )
+
+
+ +
Summary
+

+The administrative functions template for the lpd module. +

+ + +
Description
+

+

+This template creates rules for administrating the ldp service, +allowing the specified user to manage lpr files. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+
+
+ + +Return +
diff --git a/www/api-docs/services_mailman.html b/www/api-docs/services_mailman.html index 133746d..c7f16cb 100644 --- a/www/api-docs/services_mailman.html +++ b/www/api-docs/services_mailman.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -339,9 +339,9 @@ Execute mailman in the mailman domain. domain - +

Domain allowed access. - +

No @@ -382,9 +382,9 @@ mailman CGI domain. domain - +

Domain allowed access. - +

No @@ -424,9 +424,9 @@ Execute mailman in the caller domain. domain - +

Domain allowd access. - +

No @@ -466,9 +466,9 @@ List the contents of mailman data directories. domain - +

Domain allowed access. - +

No @@ -509,9 +509,9 @@ mailman logs. domain - +

Domain allowed access. - +

No @@ -551,9 +551,9 @@ Allow domain to read mailman archive files. domain - +

Domain allowed access. - +

No @@ -593,9 +593,9 @@ Allow read acces to mailman data symbolic links. domain - +

Domain allowed access. - +

No @@ -635,9 +635,9 @@ Allow domain to search data directories. domain - +

Domain allowed access. - +

No @@ -677,9 +677,9 @@ Send generic signals to the mailman cgi domain. domain - +

Domain allowed access. - +

No @@ -734,9 +734,9 @@ a new mailman daemon. userdomain_prefix - +

The type of daemon to be used eg, cgi would give mailman_cgi_ - +

No diff --git a/www/api-docs/services_mta.html b/www/api-docs/services_mta.html index 05afb9d..d4101aa 100644 --- a/www/api-docs/services_mta.html +++ b/www/api-docs/services_mta.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -339,9 +339,9 @@ Create, read, and write the mail spool. domain - +

Domain allowed access. - +

No @@ -381,9 +381,9 @@ Delete from the mail spool. domain - +

Domain allowed access. - +

No @@ -392,18 +392,18 @@ No
- +
-mta_dontaudit_read_spool_symlink( +mta_dontaudit_getattr_spool_files( - domain + ? )
@@ -412,8 +412,7 @@ No
Summary

-Do not audit attempts to read a symlink -in the mail spool. +Summary is missing!

@@ -422,11 +421,11 @@ in the mail spool. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -435,13 +434,13 @@ No
- +
-mta_dontaudit_rw_delivery_tcp_socket( +mta_dontaudit_read_spool_symlinks( @@ -455,8 +454,8 @@ No
Summary

-Do not audit attempts to read and write TCP -sockets of mail delivery domains. +Do not audit attempts to read a symlink +in the mail spool.

@@ -467,9 +466,9 @@ sockets of mail delivery domains. domain - -Mail server domain. - +

+Domain allowed access. +

No @@ -478,13 +477,13 @@ No
- +
-mta_dontaudit_rw_queue( +mta_dontaudit_rw_delivery_tcp_sockets( @@ -498,8 +497,8 @@ No
Summary

-Do not audit attempts to read and -write the mail queue. +Do not audit attempts to read and write TCP +sockets of mail delivery domains.

@@ -510,9 +509,9 @@ write the mail queue. domain - -Domain to not audit. - +

+Mail server domain. +

No @@ -521,18 +520,18 @@ No
- +
-mta_exec( +mta_dontaudit_rw_queue( - ? + domain )
@@ -541,7 +540,8 @@ No
Summary

-Summary is missing! +Do not audit attempts to read and +write the mail queue.

@@ -550,11 +550,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain to not audit. +

No @@ -563,13 +563,13 @@ No
- +
-mta_filetrans_etc_aliases( +mta_etc_filetrans_aliases( @@ -595,9 +595,9 @@ to the mail address aliases type. domain - +

Domain allowed access. - +

No @@ -606,38 +606,18 @@ No
- +
-mta_filetrans_spool( - - - - - domain - - - - , - - - - private type - +mta_exec( - , - - - [ - - object - ] + ? )
@@ -646,8 +626,7 @@ No
Summary

-Create private objects in the -mail spool directory. +Summary is missing!

@@ -656,36 +635,15 @@ mail spool directory. Parameter:Description:Optional: -domain - - -Domain allowed access. - - -No - - - -private type +? - -The type of the object to be created. - +

+Parameter descriptions are missing! +

No - -object - - -The object class of the object being created. If -no class is specified, file will be used. - - -yes - -
@@ -721,9 +679,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -763,9 +721,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -806,9 +764,9 @@ for delivering mail to local users. domain - +

Mail server domain type used for delivering mail. - +

No @@ -849,9 +807,9 @@ for sending mail. domain - +

Mail server domain type used for sending mail. - +

No @@ -893,9 +851,9 @@ users to the local mail spool. domain - +

Mail server domain type used for sending local mail. - +

No @@ -935,9 +893,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -977,9 +935,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1019,9 +977,9 @@ Read mail address aliases. domain - +

Domain allowed access. - +

No @@ -1061,9 +1019,9 @@ Read mail server configuration. domain - +

Domain allowed access. - +

No @@ -1103,9 +1061,9 @@ Read sendmail binary. domain - +

Domain allowed access. - +

No @@ -1145,9 +1103,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1187,9 +1145,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1198,13 +1156,13 @@ No
- +
-mta_rw_user_mail_stream_socket( +mta_rw_user_mail_stream_sockets( @@ -1230,9 +1188,9 @@ of user mail domains. domain - +

Domain allowed access. - +

No @@ -1272,9 +1230,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1339,9 +1297,9 @@ by the sendmail policy. domain - +

The type to be used for the mail server. - +

No @@ -1349,9 +1307,88 @@ No entry_point - +

The type to be used for the domain entry point program. +

+ +No + + + +
+
+ + +
+ + +
+ +mta_spool_filetrans( + + + + + domain + + + + , + + + + private type + + + + , + + + + object + + + )
+
+
+ +
Summary
+

+Create private objects in the +mail spool directory. +

+ + +
Parameters
+ + + + + + + @@ -1371,12 +1408,8 @@ No - [ - domain - ] - )
@@ -1395,11 +1428,11 @@ MTA stub interface. No access allowed.
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+private type + +

+The type of the object to be created. +

+		 +No +
+object + +

+The object class of the object being created. +

 No
domain - +

N/A - +

 -yes +Yes
@@ -1437,9 +1470,9 @@ Connect to all mail servers over TCP. domain - +

Mail server domain. - +

No @@ -1495,10 +1528,10 @@ mail domain. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -1506,9 +1539,9 @@ No user_domain - +

The type of the user domain. - +

No @@ -1561,10 +1594,10 @@ to the system agent and user agents. domain_prefix - +

The prefix of the domain (e.g., user is the prefix for user_t). - +

No @@ -1634,10 +1667,10 @@ by policy writers. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -1645,9 +1678,9 @@ No user_domain - +

The type of the user domain. - +

No @@ -1655,9 +1688,9 @@ No user_role - +

The role associated with the user domain. - +

No diff --git a/www/api-docs/services_mysql.html b/www/api-docs/services_mysql.html index 5bcafc7..f561414 100644 --- a/www/api-docs/services_mysql.html +++ b/www/api-docs/services_mysql.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -305,13 +305,13 @@

Interfaces:

- +
-mysql_manage_db_dir( +mysql_manage_db_dirs( @@ -336,9 +336,9 @@ Create, read, write, and delete MySQL database directories. domain - +

Domain allowed access. - +

No @@ -378,9 +378,9 @@ Read MySQL configuration files. domain - +

Domain allowed access. - +

No @@ -389,13 +389,13 @@ No
- +
-mysql_rw_db_dir( +mysql_rw_db_dirs( @@ -420,9 +420,9 @@ Read and write to the MySQL database directory. domain - +

Domain allowed access. - +

No @@ -431,13 +431,13 @@ No
- +
-mysql_rw_db_socket( +mysql_rw_db_sockets( @@ -463,9 +463,9 @@ named socket. domain - +

Domain allowed access. - +

No @@ -474,13 +474,13 @@ No
- +
-mysql_search_db_dir( +mysql_search_db( @@ -506,9 +506,9 @@ database storage. domain - +

Domain allowed access. - +

No @@ -548,9 +548,9 @@ Send a generic signal to MySQL. domain - +

Domain allowed access. - +

No @@ -590,9 +590,9 @@ Connect to MySQL using a unix domain stream socket. domain - +

Domain allowed access. - +

No @@ -632,9 +632,9 @@ Write to the MySQL log. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/services_networkmanager.html b/www/api-docs/services_networkmanager.html index 4feec98..190d4aa 100644 --- a/www/api-docs/services_networkmanager.html +++ b/www/api-docs/services_networkmanager.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -337,9 +337,9 @@ NetworkManager over dbus. domain - +

Domain allowed access. - +

No @@ -348,13 +348,13 @@ No
- +
-networkmanager_rw_packet_socket( +networkmanager_rw_packet_sockets( @@ -379,9 +379,9 @@ Read and write NetworkManager packet sockets. domain - +

Domain allowed access. - +

No @@ -390,13 +390,13 @@ No
- +
-networkmanager_rw_routing_socket( +networkmanager_rw_routing_sockets( @@ -422,9 +422,9 @@ routing sockets. domain - +

Domain allowed access. - +

No @@ -433,13 +433,13 @@ No
- +
-networkmanager_rw_udp_socket( +networkmanager_rw_udp_sockets( @@ -464,9 +464,9 @@ Read and write NetworkManager UDP sockets. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/services_nis.html b/www/api-docs/services_nis.html index 22560d6..f2bb4e4 100644 --- a/www/api-docs/services_nis.html +++ b/www/api-docs/services_nis.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Delete ypbind pid files. domain - +

Domain allowed access. - +

No @@ -378,9 +378,9 @@ Execute ypbind in the ypbind domain. domain - +

Domain allowed access. - +

No @@ -420,9 +420,9 @@ List the contents of the NIS data directory. domain - +

The type of the process performing this action. - +

No @@ -462,9 +462,9 @@ Read ypbind pid files. domain - +

Domain allowed access. - +

No @@ -504,9 +504,9 @@ Read ypserv configuration files. domain - +

Domain allowed access. - +

No @@ -546,9 +546,9 @@ Send generic signals to ypbind. domain - +

The type of the process performing this action. - +

No @@ -588,9 +588,9 @@ Connect to ypbind over TCP. domain - +

Domain allowed access. - +

No @@ -599,13 +599,13 @@ No
- +
-nis_udp_sendto_ypbind( +nis_udp_send_ypbind( @@ -630,9 +630,9 @@ Send UDP network traffic to NIS clients. domain - +

The type of the process performing this action. - +

No @@ -672,9 +672,9 @@ Use the ypbind service to access NIS services. domain - +

The type of the process performing this action. - +

No @@ -729,9 +729,9 @@ and the regular interface should be used. domain - +

The type of the process performing this action. - +

No diff --git a/www/api-docs/services_nscd.html b/www/api-docs/services_nscd.html index c846b3b..845964f 100644 --- a/www/api-docs/services_nscd.html +++ b/www/api-docs/services_nscd.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Execute NSCD in the nscd domain. domain - +

The type of the process performing this action. - +

No @@ -378,9 +378,9 @@ Read NSCD pid file. domain - +

Domain allowed access. - +

No @@ -389,13 +389,13 @@ No
- +
-nscd_unconfined( +nscd_shm_use( @@ -409,7 +409,8 @@ No
Summary

-Unconfined access to NSCD services. +Use NSCD services by mapping the database from +an inherited NSCD file descriptor.

@@ -420,9 +421,9 @@ Unconfined access to NSCD services. domain - +

Domain allowed access. - +

No @@ -431,13 +432,13 @@ No
- +
-nscd_use_shared_mem( +nscd_socket_use( @@ -451,8 +452,8 @@ No
Summary

-Use NSCD services by mapping the database from -an inherited NSCD file descriptor. +Use NSCD services by connecting using +a unix stream socket.

@@ -463,9 +464,9 @@ an inherited NSCD file descriptor. domain - +

Domain allowed access. - +

No @@ -474,13 +475,13 @@ No
- +
-nscd_use_socket( +nscd_unconfined( @@ -494,8 +495,7 @@ No
Summary

-Use NSCD services by connecting using -a unix stream socket. +Unconfined access to NSCD services.

@@ -506,9 +506,9 @@ a unix stream socket. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/services_ntp.html b/www/api-docs/services_ntp.html index 3e47897..21c4d29 100644 --- a/www/api-docs/services_ntp.html +++ b/www/api-docs/services_ntp.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Execute ntp server in the ntpd domain. domain - +

The type of the process performing this action. - +

No @@ -378,9 +378,9 @@ Execute ntp server in the ntpd domain. domain - +

The type of the process performing this action. - +

No @@ -400,12 +400,8 @@ No - [ - domain - ] - )
@@ -424,11 +420,11 @@ NTP stub interface. No access allowed. domain - +

N/A - +

-yes +Yes diff --git a/www/api-docs/services_openct.html b/www/api-docs/services_openct.html index 69539aa..fccf66e 100644 --- a/www/api-docs/services_openct.html +++ b/www/api-docs/services_openct.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_pegasus.html b/www/api-docs/services_pegasus.html index da6530c..2d7e842 100644 --- a/www/api-docs/services_pegasus.html +++ b/www/api-docs/services_pegasus.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_portmap.html b/www/api-docs/services_portmap.html index ecd695a..2e85d71 100644 --- a/www/api-docs/services_portmap.html +++ b/www/api-docs/services_portmap.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Execute portmap_helper in the helper domain. domain - +

Domain allowed access. - +

No @@ -396,9 +396,9 @@ Communicate with portmap. domain - +

Domain allowed access. - +

No @@ -406,9 +406,9 @@ No role - +

The role to be allowed the portmap domain. - +

No @@ -416,9 +416,9 @@ No terminal - +

The type of the terminal allow the portmap domain to use. - +

No @@ -458,9 +458,9 @@ Connect to portmap over a TCP socket domain - +

The type of the process performing this action. - +

No @@ -469,13 +469,13 @@ No
- +
-portmap_udp_sendrecv( +portmap_udp_chat( @@ -500,9 +500,9 @@ Send and receive UDP network traffic from portmap. domain - +

Domain allowed access. - +

No @@ -511,13 +511,13 @@ No
- +
-portmap_udp_sendto( +portmap_udp_send( @@ -542,9 +542,9 @@ Send UDP network traffic to portmap. domain - +

The type of the process performing this action. - +

No diff --git a/www/api-docs/services_postfix.html b/www/api-docs/services_postfix.html index d6bf20c..3561d79 100644 --- a/www/api-docs/services_postfix.html +++ b/www/api-docs/services_postfix.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -308,13 +308,13 @@

Interfaces:

- +
-postfix_domtrans_map( +postfix_config_filetrans( @@ -322,13 +322,30 @@ domain + + , + + + + private type + + + + , + + + + object + + )
Summary

-Execute postfix_map in the postfix_map domain. +Create files with the specified type in +the postfix configuration directories.

@@ -339,9 +356,29 @@ Execute postfix_map in the postfix_map domain. domain - +

Domain allowed access. +

+ +No + + +private type + +

+The type of the object to be created. +

+ +No + + + +object + +

+The object class of the object being created. +

No @@ -350,13 +387,13 @@ No
- +
-postfix_domtrans_master( +postfix_domtrans_map( @@ -370,8 +407,7 @@ No
Summary

-Execute the master postfix program in the -postfix_master domain. +Execute postfix_map in the postfix_map domain.

@@ -382,9 +418,9 @@ postfix_master domain. domain - +

Domain allowed access. - +

No @@ -393,13 +429,13 @@ No
- +
-postfix_domtrans_user_mail_handler( +postfix_domtrans_master( @@ -413,8 +449,8 @@ No
Summary

-Execute postfix user mail programs -in their respective domains. +Execute the master postfix program in the +postfix_master domain.

@@ -425,9 +461,9 @@ in their respective domains. domain - +

Domain allowed access. - +

No @@ -436,13 +472,13 @@ No
- +
-postfix_dontaudit_rw_local_tcp_socket( +postfix_domtrans_user_mail_handler( @@ -456,9 +492,8 @@ No
Summary

-Do not audit attempts to read and -write postfix local delivery -TCP sockets. +Execute postfix user mail programs +in their respective domains.

@@ -469,9 +504,9 @@ TCP sockets. domain - -Domain to not audit. - +

+Domain allowed access. +

No @@ -480,13 +515,13 @@ No
- +
-postfix_dontaudit_use_fd( +postfix_dontaudit_rw_local_tcp_sockets( @@ -500,9 +535,9 @@ No
Summary

-Do not audit attempts to use -postfix master process file -file descriptors. +Do not audit attempts to read and +write postfix local delivery +TCP sockets.

@@ -513,9 +548,9 @@ file descriptors. domain - +

Domain to not audit. - +

No @@ -524,13 +559,13 @@ No
- +
-postfix_exec_master( +postfix_dontaudit_use_fds( @@ -544,8 +579,9 @@ No
Summary

-Execute the master postfix program in the -caller domain. +Do not audit attempts to use +postfix master process file +file descriptors.

@@ -556,9 +592,9 @@ caller domain. domain - -Domain allowed access. - +

+Domain to not audit. +

No @@ -567,13 +603,13 @@ No
- +
-postfix_filetrans_config( +postfix_exec_master( @@ -581,34 +617,14 @@ No domain - - , - - - - private type - - - - , - - - - [ - - object - - ] - - )
Summary

-Create files with the specified type in -the postfix configuration directories. +Execute the master postfix program in the +caller domain.

@@ -619,34 +635,13 @@ the postfix configuration directories. domain - +

Domain allowed access. - - -No - - - -private type - - -The type of the object to be created. - +

No - -object - - -The object class of the object being created. If -no class is specified, file will be used. - - -yes - -
@@ -682,9 +677,9 @@ List postfix mail spool directories. domain - +

Domain allowed access. - +

No @@ -724,9 +719,9 @@ Read postfix configuration files. domain - +

Domain allowed access. - +

No @@ -783,9 +778,9 @@ allow the specified role the postfix_map domain. domain - +

Domain allowed access. - +

No @@ -793,9 +788,9 @@ No role - +

The role to be allowed the postfix_map domain. - +

No @@ -803,9 +798,9 @@ No terminal - +

The type of the terminal allow the postfix_map domain to use. - +

No @@ -845,9 +840,9 @@ Search postfix mail spool directories. domain - +

Domain allowed access. - +

No @@ -867,12 +862,8 @@ No - [ - domain - ] - )
@@ -891,11 +882,11 @@ Postfix stub interface. No access allowed. domain - +

N/A - +

-yes +Yes @@ -940,9 +931,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -982,9 +973,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1024,9 +1015,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1066,9 +1057,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1108,9 +1099,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No diff --git a/www/api-docs/services_postgresql.html b/www/api-docs/services_postgresql.html index 8cb81b1..38ae591 100644 --- a/www/api-docs/services_postgresql.html +++ b/www/api-docs/services_postgresql.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Execute postgresql in the postgresql domain. domain - +

The type of the process performing this action. - +

No @@ -378,9 +378,9 @@ Allow the specified domain to manage postgresql's database. domain - +

Domain allowed access. - +

No @@ -420,9 +420,9 @@ Allow the specified domain to read postgresql's etc. domain - +

Domain allowed access. - +

No @@ -431,13 +431,13 @@ No
- +
-postgresql_search_db_dir( +postgresql_search_db( @@ -462,9 +462,9 @@ Allow the specified domain to search postgresql's database directory. domain - +

Domain allowed access. - +

No @@ -473,13 +473,13 @@ No
- +
-postgresql_tcp_connect( +postgresql_stream_connect( @@ -493,7 +493,7 @@ No
Summary

-Allow the specified domain to connect to postgresql with a tcp socket. +Allow the specified domain to connect to postgresql with a unix socket.

@@ -504,9 +504,9 @@ Allow the specified domain to connect to postgresql with a tcp socket. domain - +

Domain allowed access. - +

No @@ -515,13 +515,13 @@ No
- +
-postgresql_unix_connect( +postgresql_tcp_connect( @@ -535,7 +535,7 @@ No
Summary

-Allow the specified domain to connect to postgresql with a unix socket. +Allow the specified domain to connect to postgresql with a tcp socket.

@@ -546,9 +546,9 @@ Allow the specified domain to connect to postgresql with a unix socket. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/services_ppp.html b/www/api-docs/services_ppp.html index a63f79c..a71a4cc 100644 --- a/www/api-docs/services_ppp.html +++ b/www/api-docs/services_ppp.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Execute domain in the ppp domain. domain - +

Domain allowed access. - +

No @@ -347,13 +347,13 @@ No
- +
-ppp_dontaudit_use_fd( +ppp_dontaudit_use_fds( @@ -379,9 +379,9 @@ and use PPP file discriptors. domain - +

Domain to not audit. - +

No @@ -421,9 +421,9 @@ Unconditionally execute ppp daemon on behalf of a user or staff type. domain - +

Domain allowed access. - +

No @@ -463,9 +463,9 @@ Conditionally execute ppp daemon on behalf of a user or staff type. domain - +

Domain allowed access. - +

No @@ -505,9 +505,9 @@ Send a SIGCHLD signal to PPP. domain - +

Domain allowed access. - +

No @@ -547,9 +547,9 @@ Send a generic signal to PPP. domain - +

Domain allowed access. - +

No @@ -558,13 +558,13 @@ No
- +
-ppp_use_fd( +ppp_use_fds( @@ -589,9 +589,9 @@ Use PPP file discriptors. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/services_privoxy.html b/www/api-docs/services_privoxy.html index fa64e0e..0db57dc 100644 --- a/www/api-docs/services_privoxy.html +++ b/www/api-docs/services_privoxy.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_procmail.html b/www/api-docs/services_procmail.html index e9a5869..bb00dd4 100644 --- a/www/api-docs/services_procmail.html +++ b/www/api-docs/services_procmail.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Execute procmail with a domain transition. domain - +

Domain allowed access. - +

No @@ -378,9 +378,9 @@ Execute procmail in the caller domain. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/services_publicfile.html b/www/api-docs/services_publicfile.html index 4cead32..430ab15 100644 --- a/www/api-docs/services_publicfile.html +++ b/www/api-docs/services_publicfile.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_radius.html b/www/api-docs/services_radius.html index 349b827..b7ae22a 100644 --- a/www/api-docs/services_radius.html +++ b/www/api-docs/services_radius.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Use radius over a UDP connection. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/services_radvd.html b/www/api-docs/services_radvd.html index 7a346fa..11b446c 100644 --- a/www/api-docs/services_radvd.html +++ b/www/api-docs/services_radvd.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_rdisc.html b/www/api-docs/services_rdisc.html index 3083c2f..7596239 100644 --- a/www/api-docs/services_rdisc.html +++ b/www/api-docs/services_rdisc.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_remotelogin.html b/www/api-docs/services_remotelogin.html index 2c57654..1764018 100644 --- a/www/api-docs/services_remotelogin.html +++ b/www/api-docs/services_remotelogin.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Domain transition to the remote login domain. domain - +

The type of the process performing this action. - +

No diff --git a/www/api-docs/services_rlogin.html b/www/api-docs/services_rlogin.html index a62d51f..49fbf2f 100644 --- a/www/api-docs/services_rlogin.html +++ b/www/api-docs/services_rlogin.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Execute rlogind in the rlogin domain. domain - +

The type of the process performing this action. - +

No diff --git a/www/api-docs/services_roundup.html b/www/api-docs/services_roundup.html index 6c3088a..2b28ead 100644 --- a/www/api-docs/services_roundup.html +++ b/www/api-docs/services_roundup.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_rpc.html b/www/api-docs/services_rpc.html index 7b13383..b1d53ac 100644 --- a/www/api-docs/services_rpc.html +++ b/www/api-docs/services_rpc.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -339,9 +339,9 @@ Execute domain in nfsd domain. domain - +

The type of the process performing this action. - +

No @@ -382,9 +382,9 @@ of the NFS export file. domain - +

The type of the process performing this action. - +

No @@ -424,9 +424,9 @@ Allow domain to create read and write NFS directories. domain - +

Domain allowed access. - +

No @@ -466,9 +466,9 @@ Allow domain to create read and write NFS directories. domain - +

Domain allowed access. - +

No @@ -508,9 +508,9 @@ Allow read access to exports. domain - +

The type of the process performing this action. - +

No @@ -550,9 +550,9 @@ Search NFS state data in /var/lib/nfs. domain - +

Domain allowed access. - +

No @@ -592,9 +592,9 @@ Allow domain to read and write to an NFS UDP socket. domain - +

Domain allowed access. - +

No @@ -603,13 +603,13 @@ No
- +
-rpc_udp_sendto( +rpc_udp_send( @@ -634,9 +634,9 @@ Send UDP network traffic to rpc and recieve UDP traffic from rpc. domain - +

The type of the process performing this action. - +

No @@ -645,13 +645,13 @@ No
- +
-rpc_udp_sendto_nfs( +rpc_udp_send_nfs( @@ -665,8 +665,7 @@ No
Summary

-Allow NFS to send UDP network traffic -the specified domain and recieve from it. +Send UDP traffic to NFSd.

@@ -677,9 +676,9 @@ the specified domain and recieve from it. domain - -The type of the receiving domain. - +

+Domain allowed access. +

No @@ -719,9 +718,9 @@ Allow write access to exports. domain - +

The type of the process performing this action. - +

No @@ -776,9 +775,9 @@ a new rpc daemon. userdomain_prefix - +

The type of daemon to be used. - +

No diff --git a/www/api-docs/services_rshd.html b/www/api-docs/services_rshd.html index add52d9..6012c4c 100644 --- a/www/api-docs/services_rshd.html +++ b/www/api-docs/services_rshd.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Domain transition to rshd. domain - +

The type of the process performing this action. - +

No diff --git a/www/api-docs/services_rsync.html b/www/api-docs/services_rsync.html index 3c06a63..902689d 100644 --- a/www/api-docs/services_rsync.html +++ b/www/api-docs/services_rsync.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_samba.html b/www/api-docs/services_samba.html index bf7c0da..3c2609a 100644 --- a/www/api-docs/services_samba.html +++ b/www/api-docs/services_samba.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -312,48 +312,6 @@ from Windows NT servers.

Interfaces:

- -
- - -
- -samba_connect_winbind( - - - - - domain - - - )
-
-
- -
Summary
-

-Connect to winbind. -

- - -
Parameters
- - - - - -
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-
-
-
@@ -385,9 +343,9 @@ Execute samba net in the samba_net domain. domain - +

The type of the process performing this action. - +

No @@ -427,9 +385,9 @@ Execute smbmount in the smbmount domain. domain - +

The type of the process performing this action. - +

No @@ -469,9 +427,9 @@ Execute winbind_helper in the winbind_helper domain. domain - +

The type of the process performing this action. - +

No @@ -511,9 +469,9 @@ Execute samba log in the caller domain. domain - +

The type of the process performing this action. - +

No @@ -554,9 +512,9 @@ samba configuration files. domain - +

Domain allowed access. - +

No @@ -596,9 +554,9 @@ Allow the specified domain to read samba's log files. domain - +

Domain allowed access. - +

No @@ -638,9 +596,9 @@ Allow the specified domain to read samba's secrets. domain - +

Domain allowed access. - +

No @@ -680,9 +638,9 @@ Allow the specified domain to read the winbind pid files. domain - +

Domain allowed access. - +

No @@ -739,9 +697,9 @@ allow the specified role the samba_net domain. domain - +

The type of the process performing this action. - +

No @@ -749,9 +707,9 @@ No role - +

The role to be allowed the samba_net domain. - +

No @@ -759,9 +717,9 @@ No terminal - +

The type of the terminal allow the samba_net domain to use. - +

No @@ -818,9 +776,9 @@ allow the specified role the winbind_helper domain. domain - +

The type of the process performing this action. - +

No @@ -828,9 +786,9 @@ No role - +

The role to be allowed the winbind_helper domain. - +

No @@ -838,9 +796,9 @@ No terminal - +

The type of the terminal allow the winbind_helper domain to use. - +

No @@ -881,9 +839,9 @@ and write samba configuration files. domain - +

Domain allowed access. - +

No @@ -892,13 +850,13 @@ No
- +
-samba_rw_smbmount_tcp_socket( +samba_rw_smbmount_tcp_sockets( @@ -923,9 +881,9 @@ Allow the specified domain to read and write to smbmount tcp sockets. domain - +

Domain allowed access. - +

No @@ -966,9 +924,9 @@ read and write samba /var files. domain - +

Domain allowed access. - +

No @@ -1009,9 +967,51 @@ samba /var directories. domain - +

Domain allowed access. +

+ +No + + + +
+
+ +
+ + +
+ +samba_stream_connect_winbind( + + + + + domain + + + )
+
+
+ +
Summary
+

+Connect to winbind. +

+ + +
Parameters
+ + + + @@ -1020,13 +1020,13 @@ No - +
-samba_write_smbmount_tcp_socket( +samba_write_smbmount_tcp_sockets( @@ -1051,9 +1051,9 @@ Allow the specified domain to write to smbmount tcp sockets.
@@ -1114,10 +1114,10 @@ by policy writers. diff --git a/www/api-docs/services_sasl.html b/www/api-docs/services_sasl.html index ea35ce2..0f58dfe 100644 --- a/www/api-docs/services_sasl.html +++ b/www/api-docs/services_sasl.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Connect to SASL. diff --git a/www/api-docs/services_sendmail.html b/www/api-docs/services_sendmail.html index e545f23..69379ba 100644 --- a/www/api-docs/services_sendmail.html +++ b/www/api-docs/services_sendmail.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Create sendmail logs with the correct type. @@ -378,9 +378,9 @@ Domain transition to sendmail. @@ -420,9 +420,9 @@ Create, read, write, and delete sendmail logs. @@ -431,13 +431,13 @@ No - +
-sendmail_rw_tcp_socket( +sendmail_rw_tcp_sockets( @@ -462,9 +462,51 @@ Read and write sendmail TCP sockets.
+ +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. +

+		 +No +
+
+
+ +
+ + +
+ +sendmail_rw_unix_stream_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write sendmail unix_stream_sockets. +

+ + +
Parameters
+ + + + @@ -484,12 +526,8 @@ No - [ - domain - ] - )
@@ -508,11 +546,11 @@ Sendmail stub interface. No access allowed.
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

N/A - +

 -yes +Yes
diff --git a/www/api-docs/services_slrnpull.html b/www/api-docs/services_slrnpull.html index 830422d..59c4353 100644 --- a/www/api-docs/services_slrnpull.html +++ b/www/api-docs/services_slrnpull.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -337,9 +337,9 @@ write, and delete slrnpull spools. pty_type - +

domain allowed access - +

No @@ -379,9 +379,9 @@ Allow the domain to search slrnpull spools. pty_type - +

domain allowed access - +

No diff --git a/www/api-docs/services_smartmon.html b/www/api-docs/services_smartmon.html index 0429d46..b5d8ea9 100644 --- a/www/api-docs/services_smartmon.html +++ b/www/api-docs/services_smartmon.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -305,13 +305,13 @@

Interfaces:

- +
-smartmon_read_tmp( +smartmon_read_tmp_files( @@ -336,9 +336,9 @@ Allow caller to read smartmon temporary files. domain - +

The process type reading the temporary files. - +

No diff --git a/www/api-docs/services_snmp.html b/www/api-docs/services_snmp.html index bc0bbfb..602a07f 100644 --- a/www/api-docs/services_snmp.html +++ b/www/api-docs/services_snmp.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -305,13 +305,13 @@

Interfaces:

- +
-snmp_use( +snmp_read_snmp_var_lib_files( @@ -325,7 +325,7 @@
Summary

-Use snmp over a TCP connection. +Read snmpd libraries.

@@ -336,9 +336,93 @@ Use snmp over a TCP connection. domain +

+Domain allowed access. +

+ +No + + +
+
+ + +
+ + +
+ +snmp_tcp_connect( + + + + + domain + + + )
+
+
+ +
Summary
+

+Use snmp over a TCP connection. +

+ + +
Parameters
+ + + + +
Parameter:Description:Optional:
+domain + +

Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +snmp_udp_chat( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send and receive UDP traffic to SNMP +

+ + +
Parameters
+ + + + diff --git a/www/api-docs/services_spamassassin.html b/www/api-docs/services_spamassassin.html index ba8cf6d..4d54f0f 100644 --- a/www/api-docs/services_spamassassin.html +++ b/www/api-docs/services_spamassassin.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -340,9 +340,9 @@ program in the caller directory. @@ -383,9 +383,9 @@ program in the caller directory. @@ -460,10 +460,10 @@ by policy writers. @@ -471,9 +471,9 @@ No @@ -481,9 +481,9 @@ No diff --git a/www/api-docs/services_squid.html b/www/api-docs/services_squid.html index 7019ea1..2293bc6 100644 --- a/www/api-docs/services_squid.html +++ b/www/api-docs/services_squid.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Append squid logs. @@ -378,9 +378,9 @@ Execute squid in the squid domain. @@ -421,9 +421,9 @@ squid logs. @@ -463,9 +463,9 @@ Read squid configuration file. @@ -505,9 +505,9 @@ Append squid logs. @@ -547,9 +547,9 @@ Use squid services by connecting over TCP. diff --git a/www/api-docs/services_ssh.html b/www/api-docs/services_ssh.html index 437a9af..e4a974f 100644 --- a/www/api-docs/services_ssh.html +++ b/www/api-docs/services_ssh.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -327,7 +327,136 @@
Summary
-

Read ssh server keys

+

+Read ssh server keys +

+ + +
Parameters
+
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

 No
user_domain - +

The type of the user domain. - +

 No
user_role - +

The role associated with the user domain. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +ssh_dontaudit_rw_tcp_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read and write +ssh server TCP sockets. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain to not audit. +

+		 +No +
+
+
+ + +
+ + +
+ +ssh_read_pipes( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read a ssh server unnamed pipe. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +ssh_sigchld( + + + + + domain + + + )
+
+
+ +
Summary
+

+Send a SIGCHLD signal to the ssh server. +

Parameters
@@ -337,9 +466,51 @@ domain +

+Domain allowed access. +

+ +No + + + +
+
+ + +
-The type of the process performing this action. +
+ +ssh_tcp_connect( + + + + + domain + + + )
+
+
+ +
Summary
+

+Connect to SSH daemons over TCP sockets. +

+ + +
Parameters
+ + + + @@ -416,10 +587,10 @@ by policy writers. @@ -427,9 +598,9 @@ No @@ -437,9 +608,9 @@ No @@ -490,10 +661,10 @@ a external network-facing ssh server. diff --git a/www/api-docs/services_stunnel.html b/www/api-docs/services_stunnel.html index a17c45b..00b77cc 100644 --- a/www/api-docs/services_stunnel.html +++ b/www/api-docs/services_stunnel.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_sysstat.html b/www/api-docs/services_sysstat.html index 4d7c576..591919f 100644 --- a/www/api-docs/services_sysstat.html +++ b/www/api-docs/services_sysstat.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Manage sysstat logs. diff --git a/www/api-docs/services_tcpd.html b/www/api-docs/services_tcpd.html index e58c5df..757a6fa 100644 --- a/www/api-docs/services_tcpd.html +++ b/www/api-docs/services_tcpd.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Execute tcpd in the tcpd domain. diff --git a/www/api-docs/services_telnet.html b/www/api-docs/services_telnet.html index 8a7ff0b..e71ed0e 100644 --- a/www/api-docs/services_telnet.html +++ b/www/api-docs/services_telnet.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_tftp.html b/www/api-docs/services_tftp.html index 8b0d554..f89542c 100644 --- a/www/api-docs/services_tftp.html +++ b/www/api-docs/services_tftp.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_timidity.html b/www/api-docs/services_timidity.html index be9e71a..01f47ff 100644 --- a/www/api-docs/services_timidity.html +++ b/www/api-docs/services_timidity.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_ucspitcp.html b/www/api-docs/services_ucspitcp.html index c04cf98..0f86b1f 100644 --- a/www/api-docs/services_ucspitcp.html +++ b/www/api-docs/services_ucspitcp.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -348,9 +348,9 @@ Define a specified domain as a ucspitcp service. @@ -358,9 +358,9 @@ No diff --git a/www/api-docs/services_uucp.html b/www/api-docs/services_uucp.html index 6836fa0..f49c09f 100644 --- a/www/api-docs/services_uucp.html +++ b/www/api-docs/services_uucp.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
diff --git a/www/api-docs/services_xdm.html b/www/api-docs/services_xdm.html deleted file mode 100644 index 01e0011..0000000 --- a/www/api-docs/services_xdm.html +++ /dev/null @@ -1,312 +0,0 @@ - - - - Security Enhanced Linux Reference Policy - - - - - - - -
- -

Layer: services

-

Module: xdm

- -

Description:

- -

X windows login display manager

- - - - - -

No interfaces or templates.

- - -
- - diff --git a/www/api-docs/services_xfs.html b/www/api-docs/services_xfs.html index 506bb31..99e8b33 100644 --- a/www/api-docs/services_xfs.html +++ b/www/api-docs/services_xfs.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -305,13 +305,13 @@

Interfaces:

- +
-xfs_read_socket( +xfs_read_sockets( @@ -336,9 +336,52 @@ Read a X font server named socket.
+ +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

 No
user_domain - +

The type of the user domain. - +

 No
user_role - +

The role associated with the user domain. - +

 No
userdomain_prefix - +

The prefix of the server domain (e.g., sshd is the prefix for sshd_t). - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
entrypoint - +

The type associated with the process program. - +

 No
domain - +

Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+xfs_stream_connect( + + + + + domain + + + )
+
+
+ +
Summary
+

+Connect to a X font server over +a unix domain stream socket. +

+ + +
Parameters
+ + + + diff --git a/www/api-docs/services_xserver.html b/www/api-docs/services_xserver.html new file mode 100644 index 0000000..4160777 --- /dev/null +++ b/www/api-docs/services_xserver.html @@ -0,0 +1,1236 @@ + + + + Security Enhanced Linux Reference Policy + + + + + + + +
+ +

Layer: services

+

Module: xserver

+ +Interfaces +Templates + +

Description:

+ +

X Windows Server

+ + + + +

Interfaces:

+ + +
+ + +
+ +xserver_create_xdm_tmp_sockets( + + + + + domain + + + )
+
+
+ +
Summary
+

+Create a named socket in a XDM +temporary directory. +

+ + +
Parameters
+
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_delete_log( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to write the X server +log files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain to not audit +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_domtrans_xdm_xserver( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute the X server in the XDM X server domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_dontaudit_write_log( + + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to write the X server +log files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain to not audit +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_read_xdm_pid( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read XDM pid files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_read_xdm_rw_config( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read xdm-writable configuration files. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_setattr_xdm_tmp_dirs( + + + + + domain + + + )
+
+
+ +
Summary
+

+Set the attributes of XDM temporary directories. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_stream_connect_xdm( + + + + + domain + + + )
+
+
+ +
Summary
+

+Connect to XDM over a unix domain +stream socket. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_xsession_entry_type( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make an X session script an entrypoint for the specified domain. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+The domain for which the shell is an entrypoint. +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_xsession_spec_domtrans( + + + + + domain + + + + , + + + + target_domain + + + )
+
+
+ +
Summary
+

+Execute an X session in the target domain. This +is an explicit transition, requiring the +caller to use setexeccon(). +

+ + +
Description
+

+

+Execute an Xsession in the target domain. This +is an explicit transition, requiring the +caller to use setexeccon(). +

+

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+target_domain + +

+The type of the shell process. +

+		 +No +
+
+
+ + +Return + + + +

Templates:

+ + +
+ + +
+ +xserver_common_domain_template( + + + + + prefix + + + )
+
+
+ +
Summary
+

+Template to create types and rules common to +all X server domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+prefix + +

+The prefix of the domain (e.g., user +is the prefix for user_t). +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_domtrans_user_xauth( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+
+ +
Summary
+

+Transition to a user Xauthority domain. +

+ + +
Description
+

+

+Transition to a user Xauthority domain. +

+

+This is a templated interface, and should only +be called from a per-userdomain template. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_per_userdomain_template( + + + + + prefix + + + + , + + + + user_domain + + + + , + + + + user_role + + + )
+
+
+ +
Summary
+

+The per user domain template for the xserver module. +

+ + +
Description
+

+

+Define a derived domain for the X server when executed +by a user domain (e.g. via startx). See the xdm module +if using an X Display Manager. +

+

+This is invoked automatically for each user and +generally does not need to be invoked directly +by policy writers. +

+

+ +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+user_domain + +

+The type of the user domain. +

+		 +No +
+user_role + +

+The role associated with the user domain. +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_ro_session_template( + + + + + prefix + + + + , + + + + domain + + + + , + + + + tmpfs_type + + + )
+
+
+ +
Summary
+

+Template for creating sessions on a +prefix X server, with read-only +access to the X server shared +memory segments. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+prefix + +

+The prefix of the domain (e.g., user +is the prefix for user_t). +

+		 +No +
+domain + +

+Domain allowed access. +

+		 +No +
+tmpfs_type + +

+The type of the domain SYSV tmpfs files. +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_rw_session_template( + + + + + prefix + + + + , + + + + domain + + + + , + + + + tmpfs_type + + + )
+
+
+ +
Summary
+

+Template for creating sessions on a +prefix X server, with read and write +access to the X server shared +memory segments. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+prefix + +

+The prefix of the domain (e.g., user +is the prefix for user_t). +

+		 +No +
+domain + +

+Domain allowed access. +

+		 +No +
+tmpfs_type + +

+The type of the domain SYSV tmpfs files. +

+		 +No +
+
+
+ + +
+ + +
+ +xserver_user_client_template( + + + + + prefix + + + + , + + + + domain + + + + , + + + + tmpfs_type + + + )
+
+
+ +
Summary
+

+Template for creating full client sessions +on a user X server. +

+ + +
Parameters
+ + + + + + + + + +
Parameter:Description:Optional:
+prefix + +

+The prefix of the domain (e.g., user +is the prefix for user_t). +

+		 +No +
+domain + +

+Domain allowed access. +

+		 +No +
+tmpfs_type + +

+The type of the domain SYSV tmpfs files. +

+		 +No +
+
+
+ + +Return + + + +
+ + diff --git a/www/api-docs/services_zebra.html b/www/api-docs/services_zebra.html index ecc6a8a..9dba3a5 100644 --- a/www/api-docs/services_zebra.html +++ b/www/api-docs/services_zebra.html @@ -262,12 +262,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -336,9 +336,9 @@ Read the configuration files for zebra. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/system_authlogin.html b/www/api-docs/system_authlogin.html index dec0da3..35bc4ac 100644 --- a/www/api-docs/system_authlogin.html +++ b/www/api-docs/system_authlogin.html @@ -171,9 +171,9 @@ Append to the login failure log. domain - +

Domain allowed access. - +

No @@ -213,9 +213,9 @@ Append only to the last logins log. domain - +

Domain allowed access. - +

No @@ -255,9 +255,9 @@ Append to login records (wtmp). domain - +

Domain allowed access. - +

No @@ -297,9 +297,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -339,9 +339,9 @@ Delete pam_console data. domain - +

Domain allowed access. - +

No @@ -381,9 +381,9 @@ Delete pam PID files. domain - +

The type of the process performing this action. - +

No @@ -423,9 +423,9 @@ Run unix_chkpwd to check a password. domain - +

The type of the process performing this action. - +

No @@ -473,9 +473,9 @@ Execute a login_program in the target domain. domain - +

The type of the process performing this action. - +

No @@ -483,9 +483,9 @@ No target_domain - +

The type of the login_program process. - +

No @@ -525,9 +525,9 @@ Execute pam programs in the pam domain. domain - +

The type of the process performing this action. - +

No @@ -567,9 +567,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -609,9 +609,9 @@ Execute utempter programs in the utempter domain. domain - +

The type of the process performing this action. - +

No @@ -651,9 +651,9 @@ Do not audit attemps to execute utempter executable. domain - +

Domain to not audit. - +

No @@ -694,9 +694,9 @@ of the shadow passwords file. domain - +

Domain to not audit. - +

No @@ -736,9 +736,9 @@ Do not audit attemps to read PAM pid files. domain - +

Domain to not audit. - +

No @@ -779,9 +779,9 @@ password file (/etc/shadow). domain - +

The type of the domain to not audit. - +

No @@ -821,9 +821,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -863,9 +863,9 @@ Execute the pam program. domain - +

The type of the process performing this action. - +

No @@ -874,18 +874,18 @@ No
- +
-auth_filetrans_login_records( +auth_getattr_shadow( - ? + domain )
@@ -894,7 +894,7 @@ No
Summary

-Summary is missing! +Get the attributes of the shadow passwords file.

@@ -903,11 +903,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+The type of the process performing this action. +

No @@ -916,18 +916,18 @@ No
- +
-auth_getattr_shadow( +auth_list_pam_console_data( - domain + ? )
@@ -936,7 +936,7 @@ No
Summary

-Get the attributes of the shadow passwords file. +Summary is missing!

@@ -945,11 +945,11 @@ Get the attributes of the shadow passwords file. Parameter:Description:Optional: -domain +? - -The type of the process performing this action. - +

+Parameter descriptions are missing! +

No @@ -958,13 +958,13 @@ No
- +
-auth_list_pam_console_data( +auth_log_filetrans_login_records( @@ -989,9 +989,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1031,9 +1031,9 @@ Use the login program as an entry point program. domain - +

The type of process using the login program as entry point. - +

No @@ -1061,12 +1061,8 @@ No - [ - exception_types - ] - )
@@ -1086,9 +1082,9 @@ the shadow passwords and listed exceptions. domain - +

The type of the domain perfoming this action. - +

No @@ -1096,12 +1092,12 @@ No exception_types - +

The types to be excluded. Each type or attribute must be negated by the caller. - +

-yes +Yes @@ -1139,9 +1135,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1181,9 +1177,51 @@ Summary is missing! ? - +

Parameter descriptions are missing! +

+ +No + + +
+
+ + +
+ + +
+ +auth_manage_pam_pid( + + + + + domain + + + )
+
+
+ +
Summary
+

+Manage pam PID files. +

+ + +
Parameters
+ + + + @@ -1223,9 +1261,52 @@ Summary is missing! + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
? - +

Parameter descriptions are missing! +

+		 +No +
+
+
+ + +
+ + +
+auth_manage_var_auth( + + + + + domain + + + )
+
+
+ +
Summary
+

+Manage var auth files. Used by various other applications +and pam applets etc. +

+ + +
Parameters
+ + + + @@ -1253,12 +1334,8 @@ No - [ - exception_types - ] - )
@@ -1278,9 +1355,9 @@ the shadow passwords and listed exceptions. @@ -1288,12 +1365,12 @@ No
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

 No
domain - +

The type of the domain perfoming this action. - +

 No
exception_types - +

The types to be excluded. Each type or attribute must be negated by the caller. - +

 -yes +Yes
@@ -1319,12 +1396,8 @@ yes - [ - exception_types - ] - )
@@ -1344,9 +1417,9 @@ the shadow passwords and listed exceptions. domain - +

The type of the domain perfoming this action. - +

No @@ -1354,12 +1427,12 @@ No exception_types - +

The types to be excluded. Each type or attribute must be negated by the caller. - +

-yes +Yes @@ -1385,12 +1458,8 @@ yes - [ - exception_types - ] - )
@@ -1410,9 +1479,9 @@ the shadow passwords and listed exceptions. domain - +

The type of the domain perfoming this action. - +

No @@ -1420,12 +1489,12 @@ No exception_types - +

The types to be excluded. Each type or attribute must be negated by the caller. - +

-yes +Yes @@ -1463,9 +1532,9 @@ Read the last logins log. domain - +

Domain allowed access. - +

No @@ -1505,9 +1574,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1547,9 +1616,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1589,9 +1658,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1631,9 +1700,9 @@ Read the shadow passwords file (/etc/shadow) domain - +

The type of the process performing this action. - +

No @@ -1661,12 +1730,8 @@ No - [ - exception_types - ] - )
@@ -1686,9 +1751,9 @@ the shadow passwords and listed exceptions. domain - +

The type of the domain perfoming this action. - +

No @@ -1696,12 +1761,12 @@ No exception_types - +

The types to be excluded. Each type or attribute must be negated by the caller. - +

-yes +Yes @@ -1740,9 +1805,9 @@ password file type. domain - +

Domain allowed access. - +

No @@ -1783,9 +1848,9 @@ password file type. domain - +

Domain allowed access. - +

No @@ -1841,9 +1906,9 @@ Execute pam programs in the PAM domain. domain - +

The type of the process performing this action. - +

No @@ -1851,9 +1916,9 @@ No role - +

The role to allow the PAM domain. - +

No @@ -1861,9 +1926,9 @@ No terminal - +

The type of the terminal allow the PAM domain to use. - +

No @@ -1919,9 +1984,9 @@ Execute utempter programs in the utempter domain. domain - +

The type of the process performing this action. - +

No @@ -1929,9 +1994,9 @@ No role - +

The role to allow the utempter domain. - +

No @@ -1939,9 +2004,9 @@ No terminal - +

The type of the terminal allow the utempter domain to use. - +

No @@ -1981,9 +2046,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -2023,9 +2088,9 @@ Read and write to the last logins log. domain - +

Domain allowed access. - +

No @@ -2065,9 +2130,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -2107,9 +2172,9 @@ Read and write the shadow password file (/etc/shadow). domain - +

The type of the process performing this action. - +

No @@ -2150,9 +2215,9 @@ pam_console data directory. domain - +

The type of the process performing this action. - +

No @@ -2192,9 +2257,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -2234,9 +2299,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -2288,9 +2353,9 @@ be passed. No access is granted yet. domain - +

Domain allowed access. - +

No @@ -2330,9 +2395,9 @@ Use nsswitch to look up uid-username mappings. domain - +

Domain allowed access. - +

No @@ -2372,9 +2437,9 @@ Write to login records (wtmp). domain - +

Domain allowed access. - +

No @@ -2442,10 +2507,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -2453,9 +2518,9 @@ No domain - +

The type of the process performing this action. - +

No @@ -2503,10 +2568,10 @@ to authenticate users by using PAM unix_chkpwd support. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -2577,10 +2642,10 @@ by policy writers. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -2588,9 +2653,9 @@ No user_domain - +

The type of the user domain. - +

No @@ -2598,9 +2663,9 @@ No user_role - +

The role associated with the user domain. - +

No diff --git a/www/api-docs/system_clock.html b/www/api-docs/system_clock.html index a33a0f3..ea7f38f 100644 --- a/www/api-docs/system_clock.html +++ b/www/api-docs/system_clock.html @@ -168,9 +168,9 @@ Execute hwclock in the clock domain. domain - +

The type of the process performing this action. - +

No @@ -210,9 +210,9 @@ Execute hwclock in the caller domain. domain - +

The type of the process performing this action. - +

No @@ -269,9 +269,9 @@ allow the specified role the hwclock domain. domain - +

The type of the process performing this action. - +

No @@ -279,9 +279,9 @@ No role - +

The role to be allowed the clock domain. - +

No @@ -289,9 +289,9 @@ No terminal - +

The type of the terminal allow the clock domain to use. - +

No @@ -331,9 +331,9 @@ Allow executing domain to modify clock drift domain - +

The type of the process performing this action. - +

No diff --git a/www/api-docs/system_daemontools.html b/www/api-docs/system_daemontools.html index ea91cb2..557632a 100644 --- a/www/api-docs/system_daemontools.html +++ b/www/api-docs/system_daemontools.html @@ -172,9 +172,9 @@ Execute in the svc_multilog_t domain. domain - +

Domain allowed access. - +

No @@ -214,9 +214,9 @@ Execute in the svc_run_t domain. domain - +

Domain allowed access. - +

No @@ -256,9 +256,9 @@ Execute in the svc_start_t domain. domain - +

Domain allowed access. - +

No @@ -298,9 +298,9 @@ An ipc channel between the supervised domain and svc_start_t domain - +

Domain allowed access to svc_start_t. - +

No @@ -340,9 +340,9 @@ Allow a domain to create svc_svc_t files. domain - +

Domain allowed access. - +

No @@ -382,9 +382,9 @@ Allow a domain to read svc_svc_t files. domain - +

Domain allowed access. - +

No @@ -432,9 +432,9 @@ Define a specified domain as a supervised service. domain - +

Domain allowed access. - +

No @@ -442,9 +442,9 @@ No entrypoint - +

The type associated with the process program. - +

No diff --git a/www/api-docs/system_fstools.html b/www/api-docs/system_fstools.html index 984d2d2..c05e520 100644 --- a/www/api-docs/system_fstools.html +++ b/www/api-docs/system_fstools.html @@ -168,9 +168,9 @@ Execute fs tools in the fstools domain. domain - +

The type of the process performing this action. - +

No @@ -210,9 +210,9 @@ Execute fsadm in the caller domain. domain - +

The type of the process performing this action. - +

No @@ -253,9 +253,9 @@ filesystem tools programs. domain - +

The type of the process performing this action. - +

No @@ -296,9 +296,9 @@ filesystem tools programs. domain - +

The type of the process performing this action. - +

No @@ -355,9 +355,9 @@ allow the specified role the fs tools domain. domain - +

The type of the process performing this action. - +

No @@ -365,9 +365,9 @@ No role - +

The role to be allowed the fs tools domain. - +

No @@ -375,9 +375,9 @@ No terminal - +

The type of the terminal allow the fs tools domain to use. - +

No diff --git a/www/api-docs/system_getty.html b/www/api-docs/system_getty.html index d1fa34f..18da826 100644 --- a/www/api-docs/system_getty.html +++ b/www/api-docs/system_getty.html @@ -168,9 +168,9 @@ Execute gettys in the getty domain. domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -179,13 +179,13 @@ No
- +
-getty_modify_config( +getty_read_config( @@ -199,7 +199,7 @@ No
Summary

-Allow process to edit getty config file. +Allow process to read getty config file.

@@ -210,9 +210,9 @@ Allow process to edit getty config file. domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -221,13 +221,13 @@ No
- +
-getty_read_config( +getty_read_log( @@ -241,7 +241,7 @@ No
Summary

-Allow process to read getty config file. +Allow process to read getty log file.

@@ -252,9 +252,9 @@ Allow process to read getty config file. domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -263,13 +263,13 @@ No
- +
-getty_read_log( +getty_rw_config( @@ -283,7 +283,7 @@ No
Summary

-Allow process to read getty log file. +Allow process to edit getty config file.

@@ -294,9 +294,51 @@ Allow process to read getty log file. domain +

+Domain allowed access. +

+ +No + + + +
+
+ + +
+ + +
+ +getty_use_fds( + + + + + domain + + + )
+
+
+ +
Summary
+

+Inherit and use getty file descriptors. +

+ -The type of the process performing this action. +
Parameters
+ + + diff --git a/www/api-docs/system_hostname.html b/www/api-docs/system_hostname.html index 71fa6cc..e185fc7 100644 --- a/www/api-docs/system_hostname.html +++ b/www/api-docs/system_hostname.html @@ -168,9 +168,9 @@ Execute hostname in the hostname domain. @@ -210,9 +210,9 @@ Execute hostname in the caller domain. @@ -269,9 +269,9 @@ allow the specified role the hostname domain. @@ -279,9 +279,9 @@ No @@ -289,9 +289,9 @@ No diff --git a/www/api-docs/system_hotplug.html b/www/api-docs/system_hotplug.html index 6f78a6c..4c7efb4 100644 --- a/www/api-docs/system_hotplug.html +++ b/www/api-docs/system_hotplug.html @@ -171,9 +171,9 @@ Summary is missing! @@ -213,9 +213,9 @@ Summary is missing! @@ -224,13 +224,13 @@ No - +
-hotplug_dontaudit_use_fd( +hotplug_dontaudit_use_fds( @@ -255,9 +255,9 @@ Summary is missing!
@@ -297,9 +297,9 @@ Summary is missing! @@ -308,13 +308,13 @@ No - +
-hotplug_getattr_config_dir( +hotplug_getattr_config_dirs( @@ -339,9 +339,9 @@ Get the attributes of the hotplug configuration directory.
@@ -381,9 +381,9 @@ Read the configuration files for hotplug. @@ -423,9 +423,9 @@ Search the hotplug configuration directory. @@ -434,13 +434,13 @@ No - +
-hotplug_use_fd( +hotplug_use_fds( @@ -465,9 +465,9 @@ Summary is missing!
diff --git a/www/api-docs/system_init.html b/www/api-docs/system_init.html index 63e0941..375b549 100644 --- a/www/api-docs/system_init.html +++ b/www/api-docs/system_init.html @@ -177,9 +177,9 @@ Create a domain for long running processes @@ -187,9 +187,9 @@ No @@ -230,9 +230,9 @@ init scripts over dbus. @@ -280,9 +280,9 @@ Create a domain which can be started by init. @@ -290,9 +290,9 @@ No @@ -332,9 +332,9 @@ Summary is missing! @@ -374,9 +374,9 @@ Summary is missing! @@ -416,9 +416,9 @@ Summary is missing! @@ -427,13 +427,13 @@ No - +
-init_dontaudit_lock_pid( +init_dontaudit_lock_utmp( @@ -459,9 +459,9 @@ init script pid files.
@@ -470,13 +470,13 @@ No - +
-init_dontaudit_rw_script_pid( +init_dontaudit_rw_initctl( @@ -501,9 +501,9 @@ Summary is missing!
@@ -512,18 +512,18 @@ No - +
-init_dontaudit_unix_connect_script( +init_dontaudit_rw_utmp( - domain + ? )
@@ -532,8 +532,7 @@ No
Summary

-Dont audit the specified domain connecting to -init scripts with a unix domain stream socket. +Summary is missing!

@@ -542,11 +541,11 @@ init scripts with a unix domain stream socket.
@@ -555,18 +554,18 @@ No - +
-init_dontaudit_use_fd( +init_dontaudit_stream_connect_script( - ? + domain )
@@ -575,7 +574,8 @@ No
Summary

-Summary is missing! +Dont audit the specified domain connecting to +init scripts with a unix domain stream socket.

@@ -584,11 +584,11 @@ Summary is missing!
@@ -597,13 +597,13 @@ No - +
-init_dontaudit_use_initctl( +init_dontaudit_use_fds( @@ -628,9 +628,9 @@ Summary is missing!
@@ -639,13 +639,13 @@ No - +
-init_dontaudit_use_script_fd( +init_dontaudit_use_script_fds( @@ -670,9 +670,9 @@ Summary is missing!
@@ -681,13 +681,13 @@ No - +
-init_dontaudit_use_script_pty( +init_dontaudit_use_script_ptys( @@ -713,9 +713,9 @@ write the init script pty.
@@ -724,13 +724,13 @@ No - +
-init_dontaudit_write_script_pid( +init_dontaudit_write_utmp( @@ -755,9 +755,9 @@ Summary is missing!
@@ -797,9 +797,9 @@ Execute the init program in the caller domain. @@ -808,13 +808,13 @@ No - +
-init_exec_script( +init_exec_script_files( @@ -839,9 +839,9 @@ Summary is missing!
@@ -850,38 +850,18 @@ No - +
-init_filetrans_script_tmp( - - - - - domain - - - - , - - - - file_type - +init_getattr_initctl( - , - - [ - - object_class - - ] + ? )
@@ -890,8 +870,7 @@ No
Summary

-Create files in a init script -temporary data directory. +Summary is missing!

@@ -900,51 +879,31 @@ temporary data directory.
- - - -
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the hostname domain. - +

 No
terminal - +

The type of the terminal allow the hostname domain to use. - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain allowed access. - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Type to be used as a domain. - +

 No
entry_point - +

Type of the program to be used as an entry point to this domain. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Type to be used as a domain. - +

 No
entry_point - +

Type of the program to be used as an entry point to this domain. - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain allowed access. - +

 No
? - +

Parameter descriptions are missing! - +

 No
Parameter:Description:Optional:
-domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

 No
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain to not audit. - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain allowed access. - +

 No
? - +

Parameter descriptions are missing! - +

 No
Parameter:Description:Optional:
-domain - - -Domain allowed access. - - -No -
-file_type +? - -The type of the object to be created - +

+Parameter descriptions are missing! +

 No
-object_class - - -The object class. If not specified, file is used. - - -yes -
- +
-init_get_process_group( +init_getattr_script_files( - ? + domain )
@@ -953,7 +912,7 @@ yes
Summary

-Summary is missing! +Get the attribute of init script entrypoint files.

@@ -962,11 +921,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -975,18 +934,18 @@ No
- +
-init_get_script_process_group( +init_getattr_utmp( - ? + domain )
@@ -995,7 +954,7 @@ No
Summary

-Summary is missing! +Get the attributes of init script process id files.

@@ -1004,11 +963,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -1017,13 +976,13 @@ No
- +
-init_getattr_initctl( +init_getpgid( @@ -1048,9 +1007,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -1059,18 +1018,18 @@ No
- +
-init_getattr_script_entry_file( +init_getpgid_script( - domain + ? )
@@ -1079,7 +1038,7 @@ No
Summary

-Get the attribute of init script entrypoint files. +Summary is missing!

@@ -1088,11 +1047,11 @@ Get the attribute of init script entrypoint files. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -1101,13 +1060,13 @@ No
- +
-init_getattr_script_pids( +init_manage_utmp( @@ -1121,7 +1080,7 @@ No
Summary

-Get the attributes of init script process id files. +Create, read, write, and delete utmp.

@@ -1132,9 +1091,9 @@ Get the attributes of init script process id files. domain - -Domain allowed access. - +

+Domain access allowed. +

No @@ -1143,13 +1102,13 @@ No
- +
-init_list_script_pids( +init_read_script_files( @@ -1163,8 +1122,7 @@ No
Summary

-List the contents of an init script -process id directory. +Read init scripts.

@@ -1175,9 +1133,9 @@ process id directory. domain - +

Domain allowed access. - +

No @@ -1186,13 +1144,13 @@ No
- +
-init_read_script( +init_read_script_state( @@ -1206,7 +1164,7 @@ No
Summary

-Read init scripts. +Read the process state (/proc/pid) of the init scripts.

@@ -1217,9 +1175,9 @@ Read init scripts. domain - +

Domain allowed access. - +

No @@ -1228,18 +1186,18 @@ No
- +
-init_read_script_file( +init_read_utmp( - domain + ? )
@@ -1248,7 +1206,7 @@ No
Summary

-Read init scripts. +Summary is missing!

@@ -1257,11 +1215,11 @@ Read init scripts. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -1270,18 +1228,34 @@ No
- +
-init_read_script_pid( +init_run_daemon( - ? + domain + + + + , + + + + role + + + + , + + + + terminal )
@@ -1290,40 +1264,69 @@ No
Summary

-Summary is missing! +Start and stop daemon programs directly.

+
Description
+

+

+Start and stop daemon programs directly +in the traditional "/etc/init.d/daemon start" +style, and do not require run_init. +

+

+
Parameters
-
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

 No
-
-
- - -
+ +role + +

+The role to be performing this action. +

+ +No + + + +terminal + +

+The type of the terminal of the user. +

+ +No + + + +
+
+ + +
-init_read_script_process_state( +init_rw_initctl( - domain + ? )
@@ -1332,7 +1335,7 @@ No
Summary

-Read the process state (/proc/pid) of the init scripts. +Summary is missing!

@@ -1341,11 +1344,11 @@ Read the process state (/proc/pid) of the init scripts. Parameter:Description:Optional: -domain +? - -Domain allowed access. - +

+Parameter descriptions are missing! +

No @@ -1354,13 +1357,13 @@ No
- +
-init_run_daemon( +init_rw_script_pipes( @@ -1368,41 +1371,16 @@ No domain - - , - - - - role - - - - , - - - - terminal - - )
Summary

-Start and stop daemon programs directly. +Read and write init script unnamed pipes.

-
Description
-

-

-Start and stop daemon programs directly -in the traditional "/etc/init.d/daemon start" -style, and do not require run_init. -

-

-
Parameters
@@ -1410,29 +1388,51 @@ style, and do not require run_init. -
Parameter:Description:Optional:
domain - +

Domain allowed access. - +

 No
-role - +
+
+
-The role to be performing this action. + +
- -No - - -terminal - +
-The type of the terminal of the user. +init_rw_script_tmp_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write init script temporary data. +

+ + +
Parameters
+ + + @@ -1441,13 +1441,13 @@ No - +
-init_rw_script_pid( +init_rw_utmp( @@ -1472,9 +1472,9 @@ Summary is missing!
@@ -1483,18 +1483,26 @@ No - +
-init_rw_script_pipe( +init_script_file_domtrans( - domain + source_domain + + + + , + + + + target_domain )
@@ -1503,20 +1511,42 @@ No
Summary

-Read and write init script unnamed pipes. +Execute a init script in a specified domain.

+
Description
+

+

+Execute a init script in a specified domain. +

+

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+

+
Parameters
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
? - +

Parameter descriptions are missing! - +

 No
-Domain allowed access. - + @@ -1525,13 +1555,13 @@ No - +
-init_rw_script_tmp_files( +init_script_file_entry_type( @@ -1545,7 +1575,8 @@ No
Summary

-Read and write init script temporary data. +Make init scripts an entry point for +the specified domain.

@@ -1556,9 +1587,9 @@ Read and write init script temporary data.
@@ -1567,13 +1598,13 @@ No - +
-init_sigchld( +init_script_tmp_filetrans( @@ -1581,13 +1612,30 @@ No domain + + , + + + + file_type + + + + , + + + + object_class + + )
Summary

-Send init a SIGCHLD signal. +Create files in a init script +temporary data directory.

@@ -1598,9 +1646,29 @@ Send init a SIGCHLD signal.
+ + + @@ -1609,13 +1677,13 @@ No - +
-init_sigchld_script( +init_sigchld( @@ -1629,7 +1697,7 @@ No
Summary

-Send SIGCHLD signals to init scripts. +Send init a SIGCHLD signal.

@@ -1640,9 +1708,9 @@ Send SIGCHLD signals to init scripts.
@@ -1651,13 +1719,13 @@ No - +
-init_signal_script( +init_sigchld_script( @@ -1671,7 +1739,7 @@ No
Summary

-Send generic signals to init scripts. +Send SIGCHLD signals to init scripts.

@@ -1682,9 +1750,9 @@ Send generic signals to init scripts.
@@ -1693,13 +1761,13 @@ No - +
-init_signull( +init_signal_script( @@ -1713,7 +1781,7 @@ No
Summary

-Send init a null signal. +Send generic signals to init scripts.

@@ -1724,9 +1792,9 @@ Send init a null signal.
@@ -1735,13 +1803,13 @@ No - +
-init_signull_script( +init_signull( @@ -1755,7 +1823,7 @@ No
Summary

-Send null signals to init scripts. +Send init a null signal.

@@ -1766,9 +1834,9 @@ Send null signals to init scripts.
@@ -1777,13 +1845,13 @@ No - +
-init_system_domain( +init_signull_script( @@ -1791,22 +1859,13 @@ No domain - - , - - - - entry_point - - )
Summary

-Create a domain for short running processes -which can be started by init scripts. +Send null signals to init scripts.

@@ -1817,19 +1876,9 @@ which can be started by init scripts.
- - @@ -1838,13 +1887,13 @@ No - +
-init_udp_sendto( +init_stream_connect_script( @@ -1858,7 +1907,8 @@ No
Summary

-Send UDP network traffic to init. +Allow the specified domain to connect to +init scripts with a unix socket.

@@ -1869,9 +1919,9 @@ Send UDP network traffic to init.
@@ -1880,13 +1930,13 @@ No - +
-init_udp_sendto_script( +init_system_domain( @@ -1894,13 +1944,22 @@ No domain + + , + + + + entry_point + + )
Summary

-Send UDP network traffic to init scripts. +Create a domain for short running processes +which can be started by init scripts.

@@ -1911,9 +1970,19 @@ Send UDP network traffic to init scripts.
-Domain allowed access. - + @@ -1922,13 +1991,13 @@ No - +
-init_unix_connect_script( +init_udp_send( @@ -1942,8 +2011,7 @@ No
Summary

-Allow the specified domain to connect to -init scripts with a unix socket. +Send UDP network traffic to init.

@@ -1954,9 +2022,9 @@ init scripts with a unix socket.
@@ -1965,18 +2033,18 @@ No - +
-init_use_fd( +init_udp_send_script( - ? + domain )
@@ -1985,7 +2053,7 @@ No
Summary

-Summary is missing! +Send UDP network traffic to init scripts.

@@ -1994,11 +2062,11 @@ Summary is missing!
@@ -2007,13 +2075,13 @@ No - +
-init_use_initctl( +init_use_fds( @@ -2038,9 +2106,9 @@ Summary is missing!
@@ -2049,13 +2117,13 @@ No - +
-init_use_script_fd( +init_use_script_fds( @@ -2080,9 +2148,9 @@ Summary is missing!
@@ -2091,13 +2159,13 @@ No - +
-init_use_script_pty( +init_use_script_ptys( @@ -2133,9 +2201,9 @@ the administrator terminal.
@@ -2175,9 +2243,9 @@ Summary is missing! @@ -2186,13 +2254,13 @@ No - +
-init_write_script_pipe( +init_write_script_pipes( @@ -2217,9 +2285,9 @@ Write an init script unnamed pipe.
diff --git a/www/api-docs/system_ipsec.html b/www/api-docs/system_ipsec.html index e26d0a2..a5e8dd8 100644 --- a/www/api-docs/system_ipsec.html +++ b/www/api-docs/system_ipsec.html @@ -168,9 +168,9 @@ Execute ipsec in the ipsec domain. @@ -210,9 +210,9 @@ Execute the IPSEC management program in the caller domain. @@ -221,13 +221,13 @@ No - +
-ipsec_getattr_key_socket( +ipsec_getattr_key_sockets( @@ -252,9 +252,9 @@ Get the attributes of an IPSEC key socket.
@@ -294,9 +294,9 @@ Create, read, write, and delete the IPSEC pid files. @@ -336,9 +336,9 @@ Read the IPSEC configuration @@ -378,9 +378,9 @@ Connect to IPSEC using a unix domain stream socket. diff --git a/www/api-docs/system_iptables.html b/www/api-docs/system_iptables.html index 02b8701..e19e775 100644 --- a/www/api-docs/system_iptables.html +++ b/www/api-docs/system_iptables.html @@ -168,9 +168,9 @@ Execute iptables in the iptables domain. @@ -210,9 +210,9 @@ Execute iptables in the caller domain. @@ -269,9 +269,9 @@ allow the specified role the iptables domain. @@ -279,9 +279,9 @@ No @@ -289,9 +289,9 @@ No diff --git a/www/api-docs/system_libraries.html b/www/api-docs/system_libraries.html index c50a752..8b60e8d 100644 --- a/www/api-docs/system_libraries.html +++ b/www/api-docs/system_libraries.html @@ -137,6 +137,48 @@

Interfaces:

+ +
+ + +
+ +libs_delete_lib_symlinks( + + + + + domain + + + )
+
+
+ +
Summary
+

+Delete generic symlinks in library directories. +

+ + +
Parameters
+
Parameter:Description:Optional:
-domain +source_domain +

+Domain to transition from. +

+		 +No +
+target_domain + +

+Domain to transition to. +

 No
domain - -Domain allowed access. - +

+The domain for which init scripts are an entrypoint. +

 No
domain - +

Domain allowed access. +

+		 +No +
+file_type + +

+The type of the object to be created +

+		 +No +
+object_class + +

+The object class. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - -Type to be used as a domain. - - -No -
-entry_point - - -Type of the program to be used as an entry point to this domain. - +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain +

+Type to be used as a domain. +

+		 +No +
+entry_point + +

+Type of the program to be used as an entry point to this domain. +

 No
domain - +

Domain allowed access. - +

 No
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain allowed access. - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - -The type of the process performing this action. - +

+Domain allowed access. +

 No
domain - -The type of the process performing this action. - +

+Domain allowed access. +

 No
domain - -The type of the process performing this action. - +

+Domain allowed access. +

 No
role - +

The role to be allowed the iptables domain. - +

 No
terminal - +

The type of the terminal allow the iptables domain to use. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+
@@ -168,9 +210,9 @@ Execute ldconfig in the ldconfig domain. domain - +

The type of the process performing this action. - +

No @@ -210,9 +252,9 @@ Execute the dynamic link/loader in the caller's domain. domain - +

The type of the process performing this action. - +

No @@ -252,9 +294,9 @@ Execute library scripts in the caller domain. domain - +

The type of the process performing this action. - +

No @@ -295,9 +337,9 @@ of shared libraries with legacy support. domain - +

The type of the process performing this action. - +

No @@ -338,9 +380,9 @@ with legacy support. domain - +

The type of the process performing this action. - +

No @@ -381,9 +423,9 @@ dynamic link/loader. domain - +

Domain allowed access. - +

No @@ -424,9 +466,9 @@ files in library directories. domain - +

Domain allowed access. - +

No @@ -466,9 +508,9 @@ Create, read, write, and delete shared libraries. domain - +

Domain allowed access. - +

No @@ -477,13 +519,13 @@ No
- +
-libs_read_lib( +libs_read_lib_files( @@ -509,9 +551,9 @@ as static libraries. domain - +

The type of the process performing this action. - +

No @@ -552,9 +594,9 @@ the dynamic link/loader. domain - +

Domain allowed access. - +

No @@ -595,9 +637,9 @@ for generic lib files. domain - +

Domain allowed access. - +

No @@ -638,9 +680,9 @@ shared libraries. domain - +

Domain allowed access. - +

No @@ -680,9 +722,9 @@ Relabel files to the type used in library directories. domain - +

The type of the process performing this action. - +

No @@ -738,9 +780,9 @@ Execute ldconfig in the ldconfig domain. domain - +

The type of the process performing this action. - +

No @@ -748,9 +790,9 @@ No role - +

The role to allow the ldconfig domain. - +

No @@ -758,9 +800,9 @@ No terminal - +

The type of the terminal allow the ldconfig domain to use. - +

No @@ -801,9 +843,9 @@ of shared libraries. domain - +

The type of the process performing this action. - +

No @@ -843,9 +885,9 @@ Search lib directories. domain - +

The type of the process performing this action. - +

No @@ -886,9 +928,9 @@ of shared libraries. domain - +

The type of the process performing this action. - +

No @@ -897,13 +939,13 @@ No
- +
-libs_use_lib( +libs_use_lib_files( @@ -929,9 +971,9 @@ lib files as shared libraries. domain - +

The type of the process performing this action. - +

No @@ -971,9 +1013,9 @@ Load and execute functions from shared libraries. domain - +

The type of the process performing this action. - +

No diff --git a/www/api-docs/system_locallogin.html b/www/api-docs/system_locallogin.html index 1bac391..33c630c 100644 --- a/www/api-docs/system_locallogin.html +++ b/www/api-docs/system_locallogin.html @@ -168,9 +168,9 @@ Execute local logins in the local login domain. domain - +

The type of the process performing this action. - +

No @@ -179,13 +179,13 @@ No
- +
-locallogin_dontaudit_use_fd( +locallogin_dontaudit_use_fds( @@ -210,9 +210,9 @@ Do not audit attempts to inherit local login file descriptors. domain - +

Domain to not audit. - +

No @@ -252,9 +252,9 @@ Send a null signal to local login processes. domain - +

Domain allowed access. - +

No @@ -263,13 +263,13 @@ No
- +
-locallogin_use_fd( +locallogin_use_fds( @@ -294,9 +294,9 @@ Allow processes to inherit local login file descriptors. domain - +

The type of the process performing this action. - +

No diff --git a/www/api-docs/system_logging.html b/www/api-docs/system_logging.html index a3ed069..20e6ab6 100644 --- a/www/api-docs/system_logging.html +++ b/www/api-docs/system_logging.html @@ -168,9 +168,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -210,9 +210,9 @@ Execute auditctl in the auditctl domain. domain - +

Domain allowed access. - +

No @@ -252,9 +252,9 @@ Execute syslogd in the syslog domain. domain - +

The type of the process performing this action. - +

No @@ -294,9 +294,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -336,9 +336,9 @@ Execute all log files in the caller domain. domain - +

The type of the process performing this action. - +

No @@ -347,18 +347,18 @@ No
- +
-logging_filetrans_log( +logging_list_logs( - ? + domain )
@@ -367,7 +367,7 @@ No
Summary

-Summary is missing! +List the contents of the generic log directory (/var/log).

@@ -376,11 +376,11 @@ Summary is missing! Parameter:Description:Optional: -? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

No @@ -389,18 +389,18 @@ No
- +
-logging_list_logs( +logging_log_file( - domain + file_type )
@@ -409,7 +409,8 @@ No
Summary

-List the contents of the generic log directory (/var/log). +Make the specified type a file +used for logs.

@@ -418,11 +419,11 @@ List the contents of the generic log directory (/var/log). Parameter:Description:Optional: -domain +file_type - -Domain allowed access. - +

+Type of the file to be used as a log. +

No @@ -431,18 +432,18 @@ No
- +
-logging_log_file( +logging_log_filetrans( - file_type + ? )
@@ -451,8 +452,7 @@ No
Summary

-Make the specified type a file -used for logs. +Summary is missing!

@@ -461,11 +461,11 @@ used for logs. Parameter:Description:Optional: -file_type +? - -Type of the file to be used as a log. - +

+Parameter descriptions are missing! +

No @@ -505,9 +505,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -548,9 +548,9 @@ generic log files. domain - +

Domain allowed access. - +

No @@ -590,9 +590,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -601,13 +601,13 @@ No
- +
-logging_read_audit_log( +logging_read_audit_config( @@ -621,7 +621,7 @@ No
Summary

-Read the audit log. +Read the auditd configuration files.

@@ -632,9 +632,9 @@ Read the audit log. domain - +

Domain allowed access. - +

No @@ -643,13 +643,13 @@ No
- +
-logging_read_auditd_config( +logging_read_audit_log( @@ -663,7 +663,7 @@ No
Summary

-Read the auditd configuration files. +Read the audit log.

@@ -674,9 +674,9 @@ Read the auditd configuration files. domain - +

Domain allowed access. - +

No @@ -716,9 +716,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -727,13 +727,13 @@ No
- +
-logging_rw_generic_logs( +logging_rw_generic_log_dirs( @@ -747,7 +747,7 @@ No
Summary

-Read and write generic log files. +Read and write the generic log directory (/var/log).

@@ -758,9 +758,9 @@ Read and write generic log files. domain - -Domain allowed access. - +

+The type of the process performing this action. +

No @@ -769,13 +769,13 @@ No
- +
-logging_rw_log_dir( +logging_rw_generic_logs( @@ -789,7 +789,7 @@ No
Summary

-Read and write the generic log directory (/var/log). +Read and write generic log files.

@@ -800,9 +800,9 @@ Read and write the generic log directory (/var/log). domain - -The type of the process performing this action. - +

+Domain allowed access. +

No @@ -844,9 +844,9 @@ of the contents of the log directory. domain - +

The type of the process performing this action. - +

No @@ -886,9 +886,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -928,9 +928,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No diff --git a/www/api-docs/system_lvm.html b/www/api-docs/system_lvm.html index 25e356d..c245996 100644 --- a/www/api-docs/system_lvm.html +++ b/www/api-docs/system_lvm.html @@ -168,9 +168,9 @@ Execute lvm programs in the lvm domain. domain - +

The type of the process performing this action. - +

No @@ -210,9 +210,9 @@ Read LVM configuration files. domain - +

The type of the process performing this action. - +

No @@ -268,9 +268,9 @@ Execute lvm programs in the lvm domain. domain - +

The type of the process performing this action. - +

No @@ -278,9 +278,9 @@ No role - +

The role to allow the LVM domain. - +

No @@ -288,9 +288,9 @@ No terminal - +

The type of the terminal allow the LVM domain to use. - +

No diff --git a/www/api-docs/system_miscfiles.html b/www/api-docs/system_miscfiles.html index 6d68d01..9be30f8 100644 --- a/www/api-docs/system_miscfiles.html +++ b/www/api-docs/system_miscfiles.html @@ -168,9 +168,9 @@ Delete man pages domain - +

Domain allowed access. - +

No @@ -210,9 +210,9 @@ Do not audit attempts to search man pages. domain - +

Domain to not audit. - +

No @@ -252,9 +252,9 @@ Execute TeX data programs in the caller domain. domain - +

Domain allowed access. - +

No @@ -294,9 +294,9 @@ Allow process to read legacy time localization info domain - +

Domain allowed access. - +

No @@ -336,9 +336,9 @@ Create, read, write, and delete fonts. domain - +

Domain allowed access. - +

No @@ -378,9 +378,9 @@ Create, read, write, and delete man pages domain - +

Domain allowed access. - +

No @@ -421,9 +421,9 @@ and directories used for file transfer services. domain - +

Domain allowed access. - +

No @@ -463,9 +463,9 @@ Read system SSL certificates. domain - +

Domain allowed access. - +

No @@ -505,9 +505,9 @@ Read fonts. domain - +

Domain allowed access. - +

No @@ -547,9 +547,9 @@ Read hardware identification data. domain - +

Domain allowed access. - +

No @@ -589,9 +589,9 @@ Allow process to read localization info domain - +

Domain allowed access. - +

No @@ -631,9 +631,9 @@ Read man pages domain - +

Domain allowed access. - +

No @@ -674,9 +674,9 @@ transfer services. domain - +

Domain allowed access. - +

No @@ -716,9 +716,9 @@ Read TeX data domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/system_modutils.html b/www/api-docs/system_modutils.html index 71e40c4..b23cca1 100644 --- a/www/api-docs/system_modutils.html +++ b/www/api-docs/system_modutils.html @@ -168,9 +168,9 @@ Execute depmod in the depmod domain. domain - +

The type of the process performing this action. - +

No @@ -210,9 +210,9 @@ Execute insmod in the insmod domain. domain - +

The type of the process performing this action. - +

No @@ -252,9 +252,9 @@ Unconditionally execute insmod in the insmod domain. domain - +

The type of the process performing this action. - +

No @@ -294,9 +294,9 @@ Execute depmod in the depmod domain. domain - +

The type of the process performing this action. - +

No @@ -336,9 +336,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -378,9 +378,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -420,9 +420,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -431,13 +431,13 @@ No
- +
-modutils_read_mods_deps( +modutils_read_module_config( @@ -451,7 +451,8 @@ No
Summary

-Read the dependencies of kernel modules. +Read the configuration options used when +loading modules.

@@ -462,9 +463,9 @@ Read the dependencies of kernel modules. domain - +

The type of the process performing this action. - +

No @@ -473,13 +474,13 @@ No
- +
-modutils_read_module_conf( +modutils_read_module_deps( @@ -493,8 +494,7 @@ No
Summary

-Read the configuration options used when -loading modules. +Read the dependencies of kernel modules.

@@ -505,9 +505,9 @@ loading modules. domain - +

The type of the process performing this action. - +

No @@ -516,13 +516,13 @@ No
- +
-modutils_rename_module_conf( +modutils_rename_module_config( @@ -548,9 +548,9 @@ loading modules. domain - +

The type of the process performing this action. - +

No @@ -606,9 +606,9 @@ Execute depmod in the depmod domain. domain - +

The type of the process performing this action. - +

No @@ -616,9 +616,9 @@ No role - +

The role to be allowed the depmod domain. - +

No @@ -626,9 +626,9 @@ No terminal - +

The type of the terminal allow the depmod domain to use. - +

No @@ -687,9 +687,9 @@ backchannel. domain - +

The type of the process performing this action. - +

No @@ -697,9 +697,9 @@ No role - +

The role to be allowed the insmod domain. - +

No @@ -707,9 +707,9 @@ No terminal - +

The type of the terminal allow the insmod domain to use. - +

No @@ -765,9 +765,9 @@ Execute update_modules in the update_modules domain. domain - +

The type of the process performing this action. - +

No @@ -775,9 +775,9 @@ No role - +

The role to be allowed the update_modules domain. - +

No @@ -785,9 +785,9 @@ No terminal - +

The type of the terminal allow the update_modules domain to use. - +

No diff --git a/www/api-docs/system_mount.html b/www/api-docs/system_mount.html index cff208a..2f5233e 100644 --- a/www/api-docs/system_mount.html +++ b/www/api-docs/system_mount.html @@ -168,9 +168,9 @@ Execute mount in the mount domain. domain - +

The type of the process performing this action. - +

No @@ -210,9 +210,9 @@ Execute mount in the caller domain. domain - +

The type of the process performing this action. - +

No @@ -270,9 +270,9 @@ and use the caller's terminal. domain - +

The type of the process performing this action. - +

No @@ -280,9 +280,9 @@ No role - +

The role to be allowed the mount domain. - +

No @@ -290,9 +290,9 @@ No terminal - +

The type of the terminal allow the mount domain to use. - +

No @@ -333,9 +333,9 @@ network drives domain - +

The type of the process performing this action. - +

No @@ -344,13 +344,13 @@ No
- +
-mount_use_fd( +mount_use_fds( @@ -375,9 +375,9 @@ Use file descriptors for mount. domain - +

The type of the process performing this action. - +

No diff --git a/www/api-docs/system_pcmcia.html b/www/api-docs/system_pcmcia.html index 4b15f40..25b4cf6 100644 --- a/www/api-docs/system_pcmcia.html +++ b/www/api-docs/system_pcmcia.html @@ -168,9 +168,9 @@ Execute cardctl in the cardmgr domain. domain - +

The type of the process performing this action. - +

No @@ -210,9 +210,9 @@ Execute cardmgr in the cardmgr domain. domain - +

The type of the process performing this action. - +

No @@ -253,9 +253,9 @@ cardmgr pid files. domain - +

Domain allowed access. - +

No @@ -264,13 +264,13 @@ No
- +
-pcmcia_manage_runtime_chr( +pcmcia_manage_pid_chr_files( @@ -296,9 +296,9 @@ cardmgr runtime character nodes. domain - +

Domain allowed access. - +

No @@ -338,9 +338,9 @@ Read cardmgr pid files. domain - +

Domain allowed access. - +

No @@ -397,9 +397,9 @@ allow the specified role the cardmgr domain. domain - +

The type of the process performing this action. - +

No @@ -407,9 +407,9 @@ No role - +

The role to be allowed the cardmgr domain. - +

No @@ -417,9 +417,9 @@ No terminal - +

The type of the terminal allow the cardmgr domain to use. - +

No @@ -439,12 +439,8 @@ No - [ - domain - ] - )
@@ -463,24 +459,24 @@ PCMCIA stub interface. No access allowed. domain - +

N/A - +

-yes +Yes
- +
-pcmcia_use_cardmgr_fd( +pcmcia_use_cardmgr_fds( @@ -505,9 +501,9 @@ Inherit and use file descriptors from cardmgr. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/system_raid.html b/www/api-docs/system_raid.html index 368bb1b..13e1949 100644 --- a/www/api-docs/system_raid.html +++ b/www/api-docs/system_raid.html @@ -168,9 +168,9 @@ Execute software raid tools in the mdadm domain. domain - +

The type of the process performing this action. - +

No @@ -220,9 +220,9 @@ Added for use in the init module. domain - +

The type of the process performing this action. - +

No diff --git a/www/api-docs/system_selinuxutil.html b/www/api-docs/system_selinuxutil.html index e05bfad..2a0e9ad 100644 --- a/www/api-docs/system_selinuxutil.html +++ b/www/api-docs/system_selinuxutil.html @@ -137,13 +137,13 @@

Interfaces:

- +
-seutil_create_binary_pol( +seutil_create_bin_policy( @@ -168,9 +168,9 @@ Summary is missing! ? - +

Parameter descriptions are missing! - +

No @@ -179,13 +179,13 @@ No
- +
-seutil_domtrans_checkpol( +seutil_domtrans_checkpolicy( @@ -210,9 +210,9 @@ Execute checkpolicy in the checkpolicy domain. domain - +

The type of the process performing this action. - +

No @@ -221,13 +221,13 @@ No
- +
-seutil_domtrans_loadpol( +seutil_domtrans_loadpolicy( @@ -252,9 +252,9 @@ Execute load_policy in the load_policy domain. domain - +

The type of the process performing this action. - +

No @@ -294,9 +294,9 @@ Execute newrole in the load_policy domain. domain - +

The type of the process performing this action. - +

No @@ -336,9 +336,9 @@ Execute restorecon in the restorecon domain. domain - +

The type of the process performing this action. - +

No @@ -378,9 +378,51 @@ Execute run_init in the run_init domain. domain - +

The type of the process performing this action. +

+ +No + + + +
+
+ + +
+ + +
+ +seutil_domtrans_semanage( + + + + + domain + + + )
+
+
+
Summary
+

+Execute a domain transition to run semanage. +

+ + +
Parameters
+ + + + @@ -420,9 +462,9 @@ Execute setfiles in the setfiles domain. @@ -463,9 +505,9 @@ userland configuration (/etc/selinux). @@ -506,9 +548,9 @@ configuration directory (/etc/selinux). @@ -549,9 +591,9 @@ a signal to newrole. @@ -560,13 +602,13 @@ No - +
-seutil_exec_checkpol( +seutil_exec_checkpolicy( @@ -591,9 +633,9 @@ Summary is missing!
@@ -602,13 +644,13 @@ No - +
-seutil_exec_loadpol( +seutil_exec_loadpolicy( @@ -633,9 +675,9 @@ Summary is missing!
@@ -675,9 +717,9 @@ Summary is missing! @@ -715,11 +757,279 @@ Summary is missing! + +
Parameter:Description:Optional:
+domain + +

+Domain allowed to transition. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

The type of the process performing this action. - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
Parameter:Description:Optional:
-? +? + +

+Parameter descriptions are missing! +

+		 +No +
+
+
+ + +
+ + +
+ +seutil_exec_setfiles( + + + + + ? + + + )
+
+
+ +
Summary
+

+Summary is missing! +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+? + +

+Parameter descriptions are missing! +

+		 +No +
+
+
+ + +
+ + +
+ +seutil_get_semanage_read_lock( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get read lock on module store +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +seutil_get_semanage_trans_lock( + + + + + domain + + + )
+
+
+ +
Summary
+

+Get trans lock on module store +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+
+
+ + +
+ + +
+ +seutil_init_script_domtrans_runinit( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute init scripts in the run_init domain. +

+ + +
Description
+

+

+Execute init scripts in the run_init domain. +This is used for the Gentoo integrated run_init. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +seutil_init_script_run_runinit( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+
+ +
Summary
+

+Execute init scripts in the run_init domain, and +allow the specified role the run_init domain, +and use the caller's terminal. +

+ + +
Description
+

+

+Execute init scripts in the run_init domain, and +allow the specified role the run_init domain, +and use the caller's terminal. +

+

+This is used for the Gentoo integrated run_init. +

+

+ +
Parameters
+ + + + + + + + @@ -728,13 +1038,13 @@ No - +
-seutil_exec_setfiles( +seutil_manage_bin_policy( @@ -759,9 +1069,9 @@ Summary is missing!
@@ -770,18 +1080,18 @@ No - +
-seutil_manage_binary_pol( +seutil_manage_module_store( - ? + domain )
@@ -790,7 +1100,8 @@ No
Summary

-Summary is missing! +Full management of the semanage +module store.

@@ -799,11 +1110,11 @@ Summary is missing!
@@ -812,13 +1123,13 @@ No - +
-seutil_manage_src_pol( +seutil_manage_src_policy( @@ -843,9 +1154,9 @@ Summary is missing!
@@ -854,13 +1165,13 @@ No - +
-seutil_read_binary_pol( +seutil_read_bin_policy( @@ -885,9 +1196,9 @@ Summary is missing!
@@ -927,9 +1238,9 @@ Summary is missing! @@ -969,9 +1280,9 @@ Summary is missing! @@ -1011,9 +1322,9 @@ Summary is missing! @@ -1022,13 +1333,13 @@ No - +
-seutil_read_loadpol( +seutil_read_loadpolicy( @@ -1053,9 +1364,9 @@ Summary is missing!
@@ -1064,13 +1375,13 @@ No - +
-seutil_read_src_pol( +seutil_read_src_policy( @@ -1095,9 +1406,9 @@ Summary is missing!
@@ -1106,13 +1417,13 @@ No - +
-seutil_relabelto_binary_pol( +seutil_relabelto_bin_policy( @@ -1137,9 +1448,9 @@ Allow the caller to relabel a file to the binary policy type.
@@ -1148,13 +1459,13 @@ No - +
-seutil_run_checkpol( +seutil_run_checkpolicy( @@ -1197,9 +1508,9 @@ and use the caller's terminal.
@@ -1207,9 +1518,9 @@ No @@ -1217,9 +1528,9 @@ No @@ -1228,13 +1539,13 @@ No - +
-seutil_run_loadpol( +seutil_run_loadpolicy( @@ -1278,9 +1589,9 @@ Has a SIGCHLD signal backchannel.
@@ -1288,9 +1599,9 @@ No @@ -1298,9 +1609,9 @@ No @@ -1358,9 +1669,9 @@ and use the caller's terminal. @@ -1368,9 +1679,9 @@ No @@ -1378,9 +1689,9 @@ No @@ -1438,9 +1749,9 @@ and use the caller's terminal. @@ -1448,9 +1759,9 @@ No @@ -1458,9 +1769,9 @@ No @@ -1518,9 +1829,9 @@ and use the caller's terminal. @@ -1528,9 +1839,9 @@ No @@ -1538,9 +1849,89 @@ No + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+role + +

+The role to be allowed the run_init domain. +

+		 +No +
+terminal - -Parameter descriptions are missing! - +

+The type of the terminal allow the run_init domain to use. +

 No
? - +

Parameter descriptions are missing! - +

 No
Parameter:Description:Optional:
-? +domain - -Parameter descriptions are missing! - +

+Domain allowed access. +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

The type of the process performing this action. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the checkpolicy domain. - +

 No
terminal - +

The type of the terminal allow the checkpolicy domain to use. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the load_policy domain. - +

 No
terminal - +

The type of the terminal allow the load_policy domain to use. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the newrole domain. - +

 No
terminal - +

The type of the terminal allow the newrole domain to use. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the restorecon domain. - +

 No
terminal - +

The type of the terminal allow the restorecon domain to use. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the run_init domain. - +

 No
terminal - +

The type of the terminal allow the run_init domain to use. +

+		 +No +
+
+
+ + +
+ +
+ +seutil_run_semanage( + + + + + domain + + + + , + + + + role + + + + , + + + + terminal + + + )
+
+
+ +
Summary
+

+Execute semanage in the semanage domain, and +allow the specified role the semanage domain, +and use the caller's terminal. +

+ + +
Parameters
+ + + + + + + + @@ -1598,9 +1989,9 @@ and use the caller's terminal. @@ -1608,9 +1999,9 @@ No @@ -1618,9 +2009,51 @@ No + +
Parameter:Description:Optional:
+domain + +

+The type of the process performing this action. +

+		 +No +
+role + +

+The role to be allowed the checkpolicy domain. +

+		 +No +
+terminal + +

+The type of the terminal allow the semanage domain to use. +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to be allowed the setfiles domain. - +

 No
terminal - +

The type of the terminal allow the setfiles domain to use. +

+		 +No +
+
+
+ + +
+ + +
+ +seutil_rw_file_contexts( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write the file_contexts files. +

+ + +
Parameters
+ + + @@ -1660,9 +2093,9 @@ Search the policy directory with default_context files. @@ -1702,9 +2135,9 @@ Summary is missing! @@ -1713,13 +2146,13 @@ No - +
-seutil_use_newrole_fd( +seutil_use_newrole_fds( @@ -1744,9 +2177,9 @@ Summary is missing!
@@ -1755,13 +2188,13 @@ No - +
-seutil_use_runinit_fd( +seutil_use_runinit_fds( @@ -1786,9 +2219,9 @@ Summary is missing!
diff --git a/www/api-docs/system_sysnetwork.html b/www/api-docs/system_sysnetwork.html index 47a4655..2bdfdd9 100644 --- a/www/api-docs/system_sysnetwork.html +++ b/www/api-docs/system_sysnetwork.html @@ -169,9 +169,9 @@ dhcpc over dbus. @@ -211,9 +211,9 @@ Delete the dhcp client pid file. @@ -222,13 +222,13 @@ No - +
-sysnet_dns_name_resolve( +sysnet_dhcp_state_filetrans( @@ -236,16 +236,44 @@ No domain + + , + + + + file_type + + + + , + + + + object_class + + )
Summary

-Perform a DNS name resolution. +Create DHCP state data.

+
Description
+

+

+Create DHCP state data. +

+

+This is added for DHCP server, as +the server and client put their state +files in the same directory. +

+

+
Parameters
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

 No
domain - +

The type of the process performing this action. - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
? - +

Parameter descriptions are missing! - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
@@ -253,9 +281,29 @@ Perform a DNS name resolution. + + + @@ -264,13 +312,13 @@ No - +
-sysnet_domtrans_dhcpc( +sysnet_dns_name_resolve( @@ -284,7 +332,7 @@ No
Summary

-Execute dhcp client in dhcpc domain. +Perform a DNS name resolution.

@@ -295,9 +343,9 @@ Execute dhcp client in dhcpc domain.
@@ -306,13 +354,13 @@ No - +
-sysnet_domtrans_ifconfig( +sysnet_domtrans_dhcpc( @@ -326,7 +374,7 @@ No
Summary

-Execute ifconfig in the ifconfig domain. +Execute dhcp client in dhcpc domain.

@@ -337,9 +385,9 @@ Execute ifconfig in the ifconfig domain.
@@ -348,13 +396,13 @@ No - +
-sysnet_dontaudit_read_config( +sysnet_domtrans_ifconfig( @@ -368,7 +416,7 @@ No
Summary

-Do not audit attempts to read network config files. +Execute ifconfig in the ifconfig domain.

@@ -379,9 +427,9 @@ Do not audit attempts to read network config files.
@@ -390,13 +438,13 @@ No - +
-sysnet_exec_ifconfig( +sysnet_dontaudit_read_config( @@ -410,7 +458,7 @@ No
Summary

-Execute ifconfig in the caller domain. +Do not audit attempts to read network config files.

@@ -421,9 +469,9 @@ Execute ifconfig in the caller domain.
@@ -432,13 +480,13 @@ No - +
-sysnet_filetrans_config( +sysnet_etc_filetrans_config( @@ -464,9 +512,9 @@ the network config files.
@@ -475,13 +523,13 @@ No - +
-sysnet_filetrans_dhcp_state( +sysnet_exec_ifconfig( @@ -489,48 +537,16 @@ No domain - - , - - - - file_type - - - - , - - - - [ - - object_class - - ] - - )
Summary

-Create DHCP state data. +Execute ifconfig in the caller domain.

-
Description
-

-

-Create DHCP state data. -

-

-This is added for DHCP server, as -the server and client put their state -files in the same directory. -

-

-
Parameters
Parameter:Description:Optional:
domain - +

Domain allowed access. +

+		 +No +
+file_type + +

+The type of the object to be created +

+		 +No +
+object_class + +

+The object class. +

 No
domain - -The type of the process performing this action. - +

+Domain allowed access. +

 No
domain - +

The type of the process performing this action. - +

 No
domain - -Domain to not audit. - +

+The type of the process performing this action. +

 No
domain - -Domain allowed access. - +

+Domain to not audit. +

 No
domain - +

The type of the process performing this action. - +

 No
@@ -538,33 +554,13 @@ files in the same directory. - - - -
Parameter:Description:Optional:
domain - +

Domain allowed access. - -

 -No -
-file_type - - -The type of the object to be created - +

 No
-object_class - - -The object class. If not specified, file is used. - - -yes -
@@ -600,9 +596,9 @@ Send a kill signal to the dhcp client. domain - +

The domain sending the SIGKILL. - +

No @@ -642,9 +638,9 @@ Create, read, write, and delete network config files. domain - +

The type of the process performing this action. - +

No @@ -684,9 +680,9 @@ Allow network init to read network config files. domain - +

The type of the process performing this action. - +

No @@ -726,9 +722,9 @@ Read the DHCP configuration files. domain - +

Domain allowed access. - +

No @@ -768,9 +764,9 @@ Read the dhcp client pid file. domain - +

The type of the process performing this action. - +

No @@ -810,9 +806,9 @@ Read dhcp client state files. domain - +

The domain allowed access. - +

No @@ -869,9 +865,9 @@ allow the specified role the dhcpc domain. domain - +

The type of the process performing this action. - +

No @@ -879,9 +875,9 @@ No role - +

The role to be allowed the clock domain. - +

No @@ -889,9 +885,9 @@ No terminal - +

The type of the terminal allow the clock domain to use. - +

No @@ -949,9 +945,9 @@ and use the caller's terminal. domain - +

The type of the process performing this action. - +

No @@ -959,9 +955,9 @@ No role - +

The role to be allowed the ifconfig domain. - +

No @@ -969,9 +965,9 @@ No terminal - +

The type of the terminal allow the ifconfig domain to use. - +

No @@ -1011,9 +1007,9 @@ Read and write dhcp configuration files. domain - +

The domain allowed access. - +

No @@ -1053,9 +1049,9 @@ Search the DHCP state data directory. domain - +

Domain allowed access. - +

No @@ -1095,9 +1091,9 @@ Send a SIGCHLD signal to the dhcp client. domain - +

The domain sending the SIGCHLD. - +

No @@ -1137,9 +1133,9 @@ Send a generic signal to the dhcp client. domain - +

The domain sending the signal. - +

No @@ -1179,9 +1175,9 @@ Send a null signal to the dhcp client. domain - +

The domain sending the null signal. - +

No @@ -1221,9 +1217,9 @@ Send a SIGSTOP signal to the dhcp client. domain - +

The domain sending the SIGSTOP. - +

No @@ -1263,9 +1259,9 @@ Connect and use a LDAP server. domain - +

Domain allowed access. - +

No @@ -1305,9 +1301,9 @@ Connect and use remote port mappers. domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/system_udev.html b/www/api-docs/system_udev.html index e87ec3d..4e3547d 100644 --- a/www/api-docs/system_udev.html +++ b/www/api-docs/system_udev.html @@ -168,9 +168,9 @@ Execute udev in the udev domain. domain - +

The type of the process performing this action. - +

No @@ -179,13 +179,13 @@ No
- +
-udev_dontaudit_rw_unix_dgram_socket( +udev_dontaudit_rw_dgram_sockets( @@ -211,9 +211,9 @@ to a udev unix datagram socket. domain - +

Domain to not audit. - +

No @@ -222,13 +222,13 @@ No
- +
-udev_dontaudit_use_fd( +udev_dontaudit_use_fds( @@ -254,9 +254,9 @@ udev file descriptor. domain - +

Domain to not audit. - +

No @@ -296,9 +296,9 @@ Execute a udev helper in the udev domain. domain - +

The type of the process performing this action. - +

No @@ -338,9 +338,9 @@ Allow process to read list of devices. domain - +

The type of the process performing this action. - +

No @@ -380,9 +380,9 @@ Allow process to read udev process state. domain - +

Domain allowed access. - +

No @@ -422,9 +422,9 @@ Allow process to modify list of devices. domain - +

The type of the process performing this action. - +

No diff --git a/www/api-docs/system_unconfined.html b/www/api-docs/system_unconfined.html index c800bef..ce82257 100644 --- a/www/api-docs/system_unconfined.html +++ b/www/api-docs/system_unconfined.html @@ -128,9 +128,6 @@

Layer: system

Module: unconfined

-Interfaces -Templates -

Description:

The unconfined domain.

@@ -183,9 +180,9 @@ on the strict policy. domain - +

New alias of the unconfined domain. - +

No @@ -225,9 +222,95 @@ Send messages to the unconfined domain over dbus. domain - +

Domain allowed access. +

+ +No + + + +
+
+ + +
+ + +
+ +unconfined_domain( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make the specified domain unconfined and +audit executable memory and executable heap +usage. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain to make unconfined. +

+		 +No +
+
+
+ + +
+ + +
+ +unconfined_domain_noaudit( + + + + + domain + + + )
+
+
+ +
Summary
+

+Make the specified domain unconfined. +

+ + +
Parameters
+ + + @@ -267,9 +350,9 @@ Transition to the unconfined domain. @@ -278,13 +361,13 @@ No - +
-unconfined_dontaudit_read_pipe( +unconfined_dontaudit_read_pipes( @@ -309,9 +392,9 @@ Do not audit attempts to read unconfined domain unnamed pipes.
@@ -320,13 +403,13 @@ No - +
-unconfined_dontaudit_rw_tcp_socket( +unconfined_dontaudit_rw_tcp_sockets( @@ -364,9 +447,9 @@ symptom in ldconfig.
@@ -375,13 +458,13 @@ No - +
-unconfined_read_pipe( +unconfined_read_pipes( @@ -406,9 +489,9 @@ Read unconfined domain unnamed pipes.
@@ -464,9 +547,9 @@ Execute specified programs in the unconfined domain. @@ -474,9 +557,9 @@ No @@ -484,9 +567,9 @@ No @@ -495,13 +578,13 @@ No - +
-unconfined_rw_pipe( +unconfined_rw_pipes( @@ -526,9 +609,9 @@ Read and write unconfined domain unnamed pipes.
@@ -568,9 +651,9 @@ Transition to the unconfined domain by executing a shell. @@ -610,9 +693,9 @@ Send a SIGCHLD signal to the unconfined domain. @@ -652,9 +735,9 @@ Send generic signals to the unconfined domain. @@ -663,13 +746,13 @@ No - +
-unconfined_use_fd( +unconfined_use_fds( @@ -694,58 +777,9 @@ Inherit file descriptors from the unconfined domain.
- -
Parameter:Description:Optional:
+domain + +

+Domain to make unconfined. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain to not audit. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

The type of the process performing this action. - +

 No
role - +

The role to allow the unconfined domain. - +

 No
terminal - +

The type of the terminal allow the unconfined domain to use. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - -Domain allowed access. - - -No -
-
-
- - -Return - - - -

Templates:

- - -
- - -
- -unconfined_domain_template( - - - - - domain - - - )
-
-
- -
Summary

-A template to make the specified domain unconfined. +Domain allowed access.

- - -
Parameters
- - - - @@ -759,6 +793,7 @@ No + diff --git a/www/api-docs/system_userdomain.html b/www/api-docs/system_userdomain.html index d20b699..13f8554 100644 --- a/www/api-docs/system_userdomain.html +++ b/www/api-docs/system_userdomain.html @@ -140,13 +140,13 @@

Interfaces:

- +
-userdom_create_sysadm_home( +userdom_bin_spec_domtrans_sysadm( @@ -154,26 +154,13 @@ domain - - , - - - - [ - - object_class - - ] - - )
Summary

-Create objects in sysadm home directories -with automatic file type transition. +Execute a generic bin program in the sysadm domain.

@@ -184,35 +171,24 @@ with automatic file type transition.
- -
Parameter:Description:Optional:
-domain - - -Domain to make unconfined. - No
domain - +

Domain allowed access. - +

 No
-object_class - - -The class of the object to be created. -If not specified, file is used. - - -yes -
- +
-userdom_dbus_send_all_users( +userdom_bin_spec_domtrans_unpriv_users( @@ -226,7 +202,9 @@ yes
Summary

-Send a dbus message to all user domains. +Execute bin_t in the unprivileged user domains. This +is an explicit transition, requiring the +caller to use setexeccon().

@@ -237,9 +215,9 @@ Send a dbus message to all user domains. domain - +

Domain allowed access. - +

No @@ -248,13 +226,13 @@ No
- +
-userdom_dontaudit_getattr_sysadm_home_dir( +userdom_dbus_send_all_users( @@ -268,9 +246,7 @@ No
Summary

-Do not audit attempts to get the -attributes of the sysadm users -home directory. +Send a dbus message to all user domains.

@@ -281,9 +257,9 @@ home directory. domain - -Domain to not audit. - +

+Domain allowed access. +

No @@ -292,13 +268,13 @@ No
- +
-userdom_dontaudit_getattr_sysadm_tty( +userdom_dontaudit_append_staff_home_content_files( @@ -312,8 +288,8 @@ No
Summary

-Do not audit attepts to get the attributes -of sysadm ttys. +Do not audit attempts to append to the staff +users home directory.

@@ -324,9 +300,9 @@ of sysadm ttys. domain - -Domain allowed access. - +

+Domain to not audit. +

No @@ -335,13 +311,13 @@ No
- +
-userdom_dontaudit_list_sysadm_home_dir( +userdom_dontaudit_getattr_sysadm_home_dirs( @@ -355,8 +331,9 @@ No
Summary

-Do not audit attempts to list the sysadm -users home directory. +Do not audit attempts to get the +attributes of the sysadm users +home directory.

@@ -367,9 +344,9 @@ users home directory. domain - +

Domain to not audit. - +

No @@ -378,13 +355,13 @@ No
- +
-userdom_dontaudit_search_all_users_home( +userdom_dontaudit_getattr_sysadm_ttys( @@ -398,7 +375,8 @@ No
Summary

-Do not audit attempts to search all users home directories. +Do not audit attepts to get the attributes +of sysadm ttys.

@@ -409,9 +387,9 @@ Do not audit attempts to search all users home directories. domain - -Domain to not audit. - +

+Domain allowed access. +

No @@ -420,13 +398,13 @@ No
- +
-userdom_dontaudit_search_staff_home_dir( +userdom_dontaudit_list_sysadm_home_dirs( @@ -440,7 +418,7 @@ No
Summary

-Do not audit attempts to search the staff +Do not audit attempts to list the sysadm users home directory.

@@ -452,9 +430,9 @@ users home directory. domain - +

Domain to not audit. - +

No @@ -463,13 +441,13 @@ No
- +
-userdom_dontaudit_search_sysadm_home_dir( +userdom_dontaudit_read_sysadm_home_content_files( @@ -495,9 +473,9 @@ users home directory. domain - +

Domain to not audit. - +

No @@ -506,13 +484,13 @@ No
- +
-userdom_dontaudit_search_user_home_dirs( +userdom_dontaudit_relabelfrom_unpriv_users_ptys( @@ -526,7 +504,8 @@ No
Summary

-Don't audit search on the user home subdirectory. +Do not audit attempts to relabel files from +unprivileged user pty types.

@@ -537,9 +516,9 @@ Don't audit search on the user home subdirectory. domain - +

Domain allowed access. - +

No @@ -548,13 +527,13 @@ No
- +
-userdom_dontaudit_use_all_user_fd( +userdom_dontaudit_search_all_users_home_content( @@ -568,8 +547,7 @@ No
Summary

-Do not audit attempts to inherit the file -descriptors from any user domains. +Do not audit attempts to search all users home directories.

@@ -580,9 +558,9 @@ descriptors from any user domains. domain - +

Domain to not audit. - +

No @@ -591,13 +569,13 @@ No
- +
-userdom_dontaudit_use_sysadm_pty( +userdom_dontaudit_search_generic_user_home_dirs( @@ -611,7 +589,7 @@ No
Summary

-Dont audit attempts to read and write sysadm ptys. +Don't audit search on the user home subdirectory.

@@ -622,9 +600,9 @@ Dont audit attempts to read and write sysadm ptys. domain - -Domain to not audit. - +

+Domain allowed access. +

No @@ -633,13 +611,13 @@ No
- +
-userdom_dontaudit_use_sysadm_terms( +userdom_dontaudit_search_staff_home_dirs( @@ -653,7 +631,8 @@ No
Summary

-Do not audit attempts to use sysadm ttys and ptys. +Do not audit attempts to search the staff +users home directory.

@@ -664,9 +643,9 @@ Do not audit attempts to use sysadm ttys and ptys. domain - +

Domain to not audit. - +

No @@ -675,13 +654,13 @@ No
- +
-userdom_dontaudit_use_sysadm_tty( +userdom_dontaudit_search_sysadm_home_dirs( @@ -695,7 +674,8 @@ No
Summary

-Do not audit attempts to use sysadm ttys. +Do not audit attempts to search the sysadm +users home directory.

@@ -706,9 +686,9 @@ Do not audit attempts to use sysadm ttys. domain - +

Domain to not audit. - +

No @@ -717,13 +697,13 @@ No
- +
-userdom_dontaudit_use_unpriv_user_fd( +userdom_dontaudit_use_all_users_fds( @@ -737,8 +717,8 @@ No
Summary

-Do not audit attempts to inherit the -file descriptors from all user domains. +Do not audit attempts to inherit the file +descriptors from any user domains.

@@ -749,9 +729,9 @@ file descriptors from all user domains. domain - -Domain allowed access. - +

+Domain to not audit. +

No @@ -760,13 +740,13 @@ No
- +
-userdom_dontaudit_use_unpriv_user_pty( +userdom_dontaudit_use_sysadm_ptys( @@ -780,8 +760,7 @@ No
Summary

-Do not audit attempts to use unprivileged -user ptys. +Dont audit attempts to read and write sysadm ptys.

@@ -792,9 +771,9 @@ user ptys. domain - +

Domain to not audit. - +

No @@ -803,13 +782,13 @@ No
- +
-userdom_dontaudit_use_unpriv_user_tty( +userdom_dontaudit_use_sysadm_terms( @@ -823,8 +802,7 @@ No
Summary

-Do not audit attempts to use unprivileged -user ttys. +Do not audit attempts to use sysadm ttys and ptys.

@@ -835,9 +813,9 @@ user ttys. domain - -Domain allowed access. - +

+Domain to not audit. +

No @@ -846,13 +824,13 @@ No
- +
-userdom_filetrans_generic_user_home( +userdom_dontaudit_use_sysadm_ttys( @@ -860,26 +838,13 @@ No domain - - , - - - - [ - - object_class - - ] - - )
Summary

-Create objects in generic user home directories -with automatic file type transition. +Do not audit attempts to use sysadm ttys.

@@ -890,35 +855,24 @@ with automatic file type transition. domain - -Domain allowed access. - +

+Domain to not audit. +

No - -object_class - - -The class of the object to be created. -If not specified, file is used. - - -yes - -
- +
-userdom_filetrans_generic_user_home_dir( +userdom_dontaudit_use_unpriv_user_fds( @@ -932,8 +886,8 @@ yes
Summary

-Create generic user home directories -with automatic file type transition. +Do not audit attempts to inherit the +file descriptors from all user domains.

@@ -944,9 +898,9 @@ with automatic file type transition. domain - +

Domain allowed access. - +

No @@ -955,13 +909,13 @@ No
- +
-userdom_getattr_all_userdomains( +userdom_dontaudit_use_unpriv_users_ptys( @@ -975,7 +929,8 @@ No
Summary

-Get the attributes of all user domains. +Do not audit attempts to use unprivileged +user ptys.

@@ -986,9 +941,9 @@ Get the attributes of all user domains. domain - -Domain allowed access. - +

+Domain to not audit. +

No @@ -997,13 +952,13 @@ No
- +
-userdom_getattr_sysadm_home_dir( +userdom_dontaudit_use_unpriv_users_ttys( @@ -1017,8 +972,8 @@ No
Summary

-Get the attributes of the sysadm users -home directory. +Do not audit attempts to use unprivileged +user ttys.

@@ -1029,9 +984,9 @@ home directory. domain - +

Domain allowed access. - +

No @@ -1040,13 +995,13 @@ No
- +
-userdom_list_sysadm_home_dir( +userdom_entry_spec_domtrans_sysadm( @@ -1060,7 +1015,9 @@ No
Summary

-List the sysadm users home directory. +Execute all entrypoint files in the sysadm domain. This +is an explicit transition, requiring the +caller to use setexeccon().

@@ -1071,9 +1028,9 @@ List the sysadm users home directory. domain - +

Domain allowed access. - +

No @@ -1082,13 +1039,13 @@ No
- +
-userdom_list_unpriv_user_tmp( +userdom_entry_spec_domtrans_unpriv_users( @@ -1102,7 +1059,9 @@ No
Summary

-Read all unprivileged users temporary directories. +Execute all entrypoint files in unprivileged user +domains. This is an explicit transition, requiring the +caller to use setexeccon().

@@ -1113,9 +1072,9 @@ Read all unprivileged users temporary directories. domain - +

Domain allowed access. - +

No @@ -1124,13 +1083,13 @@ No
- +
-userdom_manage_all_user_dirs( +userdom_generic_user_home_dir_filetrans_generic_user_home_content( @@ -1138,14 +1097,22 @@ No domain + + , + + + + object_class + + )
Summary

-Create, read, write, and delete all directories -in all users home directories. +Create objects in generic user home directories +with automatic file type transition.

@@ -1156,9 +1123,20 @@ in all users home directories. domain - +

Domain allowed access. +

+ +No + + +object_class + +

+The class of the object to be created. +If not specified, file is used. +

No @@ -1167,13 +1145,13 @@ No
- +
-userdom_manage_all_user_files( +userdom_getattr_all_users( @@ -1187,8 +1165,7 @@ No
Summary

-Create, read, write, and delete all files -in all users home directories. +Get the attributes of all user domains.

@@ -1199,9 +1176,9 @@ in all users home directories. domain - +

Domain allowed access. - +

No @@ -1210,13 +1187,13 @@ No
- +
-userdom_manage_all_user_symlinks( +userdom_getattr_sysadm_home_dirs( @@ -1230,8 +1207,8 @@ No
Summary

-Create, read, write, and delete all symlinks -in all users home directories. +Get the attributes of the sysadm users +home directory.

@@ -1242,9 +1219,9 @@ in all users home directories. domain - +

Domain allowed access. - +

No @@ -1253,13 +1230,13 @@ No
- +
-userdom_manage_generic_user_home_dir( +userdom_home_filetrans_generic_user_home_dir( @@ -1273,8 +1250,8 @@ No
Summary

-Create, read, write, and delete -generic user home directories. +Create generic user home directories +with automatic file type transition.

@@ -1285,9 +1262,9 @@ generic user home directories. domain - +

Domain allowed access. - +

No @@ -1296,13 +1273,13 @@ No
- +
-userdom_manage_generic_user_home_dirs( +userdom_list_all_users_home_dirs( @@ -1316,9 +1293,7 @@ No
Summary

-Create, read, write, and delete -subdirectories of generic user -home directories. +List all users home directories.

@@ -1329,9 +1304,9 @@ home directories. domain - +

Domain allowed access. - +

No @@ -1340,13 +1315,13 @@ No
- +
-userdom_manage_generic_user_home_files( +userdom_list_sysadm_home_dirs( @@ -1360,8 +1335,7 @@ No
Summary

-Create, read, write, and delete files -in generic user home directories. +List the sysadm users home directory.

@@ -1372,9 +1346,9 @@ in generic user home directories. domain - +

Domain allowed access. - +

No @@ -1383,13 +1357,13 @@ No
- +
-userdom_manage_generic_user_home_pipes( +userdom_list_unpriv_users_tmp( @@ -1403,8 +1377,7 @@ No
Summary

-Create, read, write, and delete named -pipes in generic user home directories. +Read all unprivileged users temporary directories.

@@ -1415,9 +1388,9 @@ pipes in generic user home directories. domain - +

Domain allowed access. - +

No @@ -1426,13 +1399,13 @@ No
- +
-userdom_manage_generic_user_home_sockets( +userdom_manage_all_users_home_content_dirs( @@ -1446,8 +1419,8 @@ No
Summary

-Create, read, write, and delete named -sockets in generic user home directories. +Create, read, write, and delete all directories +in all users home directories.

@@ -1458,9 +1431,9 @@ sockets in generic user home directories. domain - +

Domain allowed access. - +

No @@ -1469,13 +1442,13 @@ No
- +
-userdom_manage_generic_user_home_symlinks( +userdom_manage_all_users_home_content_files( @@ -1489,8 +1462,8 @@ No
Summary

-Create, read, write, and delete symbolic -links in generic user home directories. +Create, read, write, and delete all files +in all users home directories.

@@ -1501,9 +1474,9 @@ links in generic user home directories. domain - +

Domain allowed access. - +

No @@ -1512,13 +1485,13 @@ No
- +
-userdom_manage_unpriv_user_semaphores( +userdom_manage_all_users_home_content_symlinks( @@ -1532,7 +1505,8 @@ No
Summary

-Manage unpriviledged user SysV sempaphores. +Create, read, write, and delete all symlinks +in all users home directories.

@@ -1543,9 +1517,9 @@ Manage unpriviledged user SysV sempaphores. domain - +

Domain allowed access. - +

No @@ -1554,13 +1528,13 @@ No
- +
-userdom_manage_unpriv_user_shared_mem( +userdom_manage_generic_user_home_content_dirs( @@ -1574,8 +1548,9 @@ No
Summary

-Manage unpriviledged user SysV shared -memory segments. +Create, read, write, and delete +subdirectories of generic user +home directories.

@@ -1586,9 +1561,9 @@ memory segments. domain - +

Domain allowed access. - +

No @@ -1597,13 +1572,13 @@ No
- +
-userdom_priveleged_home_dir_manager( +userdom_manage_generic_user_home_content_files( @@ -1617,22 +1592,11 @@ No
Summary

-Make the specified domain a privileged -home directory manager. +Create, read, write, and delete files +in generic user home directories.

-
Description
-

-

-Make the specified domain a privileged -home directory manager. This domain will be -able to manage the contents of all users -general home directory content, and create -files with the correct context. -

-

-
Parameters
@@ -1640,9 +1604,9 @@ files with the correct context. @@ -1651,13 +1615,13 @@ No - +
-userdom_read_all_user_files( +userdom_manage_generic_user_home_content_pipes( @@ -1671,7 +1635,8 @@ No
Summary

-Read all files in all users home directories. +Create, read, write, and delete named +pipes in generic user home directories.

@@ -1682,9 +1647,9 @@ Read all files in all users home directories.
@@ -1693,13 +1658,13 @@ No - +
-userdom_read_all_userdomains_state( +userdom_manage_generic_user_home_content_sockets( @@ -1713,7 +1678,8 @@ No
Summary

-Read the process state of all user domains. +Create, read, write, and delete named +sockets in generic user home directories.

@@ -1724,9 +1690,9 @@ Read the process state of all user domains.
@@ -1735,13 +1701,13 @@ No - +
-userdom_read_staff_home_files( +userdom_manage_generic_user_home_content_symlinks( @@ -1755,7 +1721,8 @@ No
Summary

-Read files in the staff users home directory. +Create, read, write, and delete symbolic +links in generic user home directories.

@@ -1766,9 +1733,9 @@ Read files in the staff users home directory.
@@ -1777,13 +1744,13 @@ No - +
-userdom_read_sysadm_home_files( +userdom_manage_unpriv_user_semaphores( @@ -1797,7 +1764,7 @@ No
Summary

-Read files in the sysadm users home directory. +Manage unpriviledged user SysV sempaphores.

@@ -1808,9 +1775,9 @@ Read files in the sysadm users home directory.
@@ -1819,13 +1786,13 @@ No - +
-userdom_read_unpriv_user_home_files( +userdom_manage_unpriv_user_shared_mem( @@ -1839,8 +1806,8 @@ No
Summary

-Read all unprivileged users home directory -files. +Manage unpriviledged user SysV shared +memory segments.

@@ -1851,9 +1818,9 @@ files.
@@ -1862,13 +1829,13 @@ No - +
-userdom_read_unpriv_user_tmp_files( +userdom_priveleged_home_dir_manager( @@ -1882,10 +1849,22 @@ No
Summary

-Read all unprivileged users temporary files. +Make the specified domain a privileged +home directory manager.

+
Description
+

+

+Make the specified domain a privileged +home directory manager. This domain will be +able to manage the contents of all users +general home directory content, and create +files with the correct context. +

+

+
Parameters
Parameter:Description:Optional:
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
@@ -1893,9 +1872,9 @@ Read all unprivileged users temporary files. @@ -1904,13 +1883,13 @@ No - +
-userdom_read_unpriv_user_tmp_symlinks( +userdom_read_all_tmp_untrusted_content( @@ -1924,7 +1903,7 @@ No
Summary

-Read all unprivileged users temporary symbolic links. +Read all user temporary untrusted content files.

@@ -1935,9 +1914,9 @@ Read all unprivileged users temporary symbolic links.
@@ -1946,13 +1925,13 @@ No - +
-userdom_rw_sysadm_pipe( +userdom_read_all_untrusted_content( @@ -1966,7 +1945,7 @@ No
Summary

-Read and write sysadm user unnamed pipes. +Read all user untrusted content files.

@@ -1977,9 +1956,9 @@ Read and write sysadm user unnamed pipes.
@@ -1988,13 +1967,13 @@ No - +
-userdom_search_all_users_home( +userdom_read_all_users_home_content_files( @@ -2008,7 +1987,7 @@ No
Summary

-Search all users home directories. +Read all files in all users home directories.

@@ -2019,9 +1998,9 @@ Search all users home directories.
@@ -2030,13 +2009,13 @@ No - +
-userdom_search_generic_user_home_dir( +userdom_read_all_users_state( @@ -2050,7 +2029,7 @@ No
Summary

-Search generic user home directories. +Read the process state of all user domains.

@@ -2061,9 +2040,9 @@ Search generic user home directories.
@@ -2072,13 +2051,13 @@ No - +
-userdom_search_staff_home_dir( +userdom_read_staff_home_content_files( @@ -2092,7 +2071,7 @@ No
Summary

-Search the staff users home directory. +Read files in the staff users home directory.

@@ -2103,9 +2082,9 @@ Search the staff users home directory.
@@ -2114,13 +2093,13 @@ No - +
-userdom_search_sysadm_home_dir( +userdom_read_sysadm_home_content_files( @@ -2134,7 +2113,7 @@ No
Summary

-Search the sysadm users home directory. +Read files in the sysadm users home directory.

@@ -2145,9 +2124,9 @@ Search the sysadm users home directory.
@@ -2156,13 +2135,13 @@ No - +
-userdom_search_sysadm_home_subdirs( +userdom_read_unpriv_users_home_content_files( @@ -2176,7 +2155,8 @@ No
Summary

-Search the sysadm users home sub directories. +Read all unprivileged users home directory +files.

@@ -2187,9 +2167,9 @@ Search the sysadm users home sub directories.
@@ -2198,13 +2178,13 @@ No - +
-userdom_search_unpriv_user_home_dirs( +userdom_read_unpriv_users_tmp_files( @@ -2218,7 +2198,7 @@ No
Summary

-Search all unprivileged users home directories. +Read all unprivileged users temporary files.

@@ -2229,9 +2209,9 @@ Search all unprivileged users home directories.
@@ -2240,13 +2220,13 @@ No - +
-userdom_setattr_unpriv_user_pty( +userdom_read_unpriv_users_tmp_symlinks( @@ -2260,7 +2240,7 @@ No
Summary

-Set the attributes of user ptys. +Read all unprivileged users temporary symbolic links.

@@ -2271,9 +2251,9 @@ Set the attributes of user ptys.
@@ -2282,13 +2262,13 @@ No - +
-userdom_shell_domtrans_sysadm( +userdom_relabelto_unpriv_users_ptys( @@ -2302,7 +2282,7 @@ No
Summary

-Execute a shell in the sysadm domain. +Relabel files to unprivileged user pty types.

@@ -2313,9 +2293,9 @@ Execute a shell in the sysadm domain.
@@ -2324,13 +2304,13 @@ No - +
-userdom_sigchld_all_users( +userdom_rw_sysadm_pipes( @@ -2344,7 +2324,7 @@ No
Summary

-Send a SIGCHLD signal to all user domains. +Read and write sysadm user unnamed pipes.

@@ -2355,9 +2335,9 @@ Send a SIGCHLD signal to all user domains.
@@ -2366,13 +2346,13 @@ No - +
-userdom_sigchld_sysadm( +userdom_sbin_spec_domtrans_sysadm( @@ -2386,7 +2366,7 @@ No
Summary

-Send a SIGCHLD signal to sysadm users. +Execute a generic sbin program in the sysadm domain.

@@ -2397,9 +2377,9 @@ Send a SIGCHLD signal to sysadm users.
@@ -2408,13 +2388,13 @@ No - +
-userdom_signal_all_users( +userdom_sbin_spec_domtrans_unpriv_users( @@ -2428,7 +2408,9 @@ No
Summary

-Send general signals to all user domains. +Execute generic sbin programs in all unprivileged user +domains. This is an explicit transition, requiring the +caller to use setexeccon().

@@ -2439,9 +2421,9 @@ Send general signals to all user domains.
@@ -2450,13 +2432,13 @@ No - +
-userdom_signal_unpriv_users( +userdom_search_all_users_home_content( @@ -2470,7 +2452,7 @@ No
Summary

-Send general signals to unprivileged user domains. +Search all users home directories.

@@ -2481,9 +2463,9 @@ Send general signals to unprivileged user domains.
@@ -2492,13 +2474,13 @@ No - +
-userdom_spec_domtrans_all_users( +userdom_search_generic_user_home_dirs( @@ -2512,9 +2494,7 @@ No
Summary

-Execute a shell in all user domains. This -is an explicit transition, requiring the -caller to use setexeccon(). +Search generic user home directories.

@@ -2525,9 +2505,9 @@ caller to use setexeccon().
@@ -2536,13 +2516,13 @@ No - +
-userdom_spec_domtrans_unpriv_users( +userdom_search_staff_home_dirs( @@ -2556,9 +2536,7 @@ No
Summary

-Execute a shell in all unprivileged user domains. This -is an explicit transition, requiring the -caller to use setexeccon(). +Search the staff users home directory.

@@ -2569,9 +2547,9 @@ caller to use setexeccon().
@@ -2580,13 +2558,13 @@ No - +
-userdom_unconfined( +userdom_search_sysadm_home_content_dirs( @@ -2600,7 +2578,7 @@ No
Summary

-Unconfined access to user domains. +Search the sysadm users home sub directories.

@@ -2611,9 +2589,9 @@ Unconfined access to user domains.
@@ -2622,13 +2600,13 @@ No - +
-userdom_use_all_user_fd( +userdom_search_sysadm_home_dirs( @@ -2642,7 +2620,7 @@ No
Summary

-Inherit the file descriptors from all user domains +Search the sysadm users home directory.

@@ -2653,9 +2631,9 @@ Inherit the file descriptors from all user domains
@@ -2664,13 +2642,13 @@ No - +
-userdom_use_sysadm_fd( +userdom_search_unpriv_users_home_dirs( @@ -2684,7 +2662,7 @@ No
Summary

-Inherit and use sysadm file descriptors +Search all unprivileged users home directories.

@@ -2695,9 +2673,9 @@ Inherit and use sysadm file descriptors
@@ -2706,13 +2684,13 @@ No - +
-userdom_use_sysadm_pty( +userdom_setattr_unpriv_users_ptys( @@ -2726,7 +2704,7 @@ No
Summary

-Read and write sysadm ptys. +Set the attributes of user ptys.

@@ -2737,9 +2715,9 @@ Read and write sysadm ptys.
@@ -2748,13 +2726,13 @@ No - +
-userdom_use_sysadm_terms( +userdom_shell_domtrans_sysadm( @@ -2768,7 +2746,7 @@ No
Summary

-Read and write sysadm ttys and ptys. +Execute a shell in the sysadm domain.

@@ -2779,9 +2757,9 @@ Read and write sysadm ttys and ptys.
@@ -2790,13 +2768,13 @@ No - +
-userdom_use_sysadm_tty( +userdom_sigchld_all_users( @@ -2810,7 +2788,7 @@ No
Summary

-Read and write sysadm ttys. +Send a SIGCHLD signal to all user domains.

@@ -2821,9 +2799,9 @@ Read and write sysadm ttys.
@@ -2832,13 +2810,13 @@ No - +
-userdom_use_unpriv_user_pty( +userdom_sigchld_sysadm( @@ -2852,7 +2830,7 @@ No
Summary

-Read and write unprivileged user ptys. +Send a SIGCHLD signal to sysadm users.

@@ -2863,9 +2841,9 @@ Read and write unprivileged user ptys.
@@ -2874,13 +2852,13 @@ No - +
-userdom_use_unpriv_users_fd( +userdom_signal_all_users( @@ -2894,7 +2872,7 @@ No
Summary

-Inherit the file descriptors from unprivileged user domains. +Send general signals to all user domains.

@@ -2905,9 +2883,9 @@ Inherit the file descriptors from unprivileged user domains.
@@ -2916,13 +2894,13 @@ No - +
-userdom_write_unpriv_user_tmp( +userdom_signal_unpriv_users( @@ -2936,7 +2914,7 @@ No
Summary

-Write all unprivileged users files in /tmp +Send general signals to unprivileged user domains.

@@ -2947,9 +2925,9 @@ Write all unprivileged users files in /tmp
@@ -2958,25 +2936,62 @@ No + +
-Return +
- -

Templates:

+userdom_spec_domtrans_all_users( + + + + + domain + + + )
+
+
- -
+
Summary
+

+Execute a shell in all user domains. This +is an explicit transition, requiring the +caller to use setexeccon(). +

+ + +
Parameters
+
Parameter:Description:Optional:
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - -Domain to not audit. - +

+Domain allowed access. +

 No
domain - -Domain to not audit. - +

+Domain allowed access. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - -Domain allowed access. - +

+Domain to not audit. +

 No
domain - -Domain allowed access. - +

+Domain to not audit. +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
domain - +

Domain allowed access. - +

 No
+ + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
-admin_user_template( +userdom_spec_domtrans_unpriv_users( - userdomain_prefix + domain )
@@ -2985,44 +3000,22 @@ No
Summary

-The template for creating an administrative user. +Execute a shell in all unprivileged user domains. This +is an explicit transition, requiring the +caller to use setexeccon().

-
Description
-

-

-This template creates a user domain, types, and -rules for the user's tty, pty, home directories, -tmp, and tmpfs files. -

-

-The privileges given to administrative users are: -

    -

  • Raw disk access

    • -

  • Set all sysctls

    • -

  • All kernel ring buffer controls

    • -

  • Set SELinux enforcement mode (enforcing/permissive)

    • -

  • Set SELinux booleans

    • -

  • Relabel all files but shadow

    • -

  • Create, read, write, and delete all files but shadow

    • -

  • Manage source and binary format SELinux policy

    • -

  • Run insmod

    • -

-

-

-
Parameters
@@ -3031,18 +3024,34 @@ No - -
+ +
-base_user_template( +userdom_sysadm_home_dir_filetrans( - userdomain_prefix + domain + + + + , + + + + private type + + + + , + + + + object_class )
@@ -3051,36 +3060,42 @@ No
Summary

-The template containing rules common to unprivileged -users and administrative users. +Create objects in sysadm home directories +with automatic file type transition.

-
Description
-

-

-This template creates a user domain, types, and -rules for the user's tty, pty, home directories, -tmp, and tmpfs files. -

-

-This generally should not be used, rather the -unpriv_user_template or admin_user_template should -be used. -

-

-
Parameters
Parameter:Description:Optional:
-userdomain_prefix +domain - -The prefix of the user domain (e.g., sysadm -is the prefix for sysadm_t). - +

+Domain allowed access. +

 No
-The prefix of the user domain (e.g., user -is the prefix for user_t). + + @@ -3089,18 +3104,18 @@ No - -
+ +
-unpriv_user_template( +userdom_unconfined( - userdomain_prefix + domain )
@@ -3109,16 +3124,1187 @@ No
Summary

-The template for creating a unprivileged user. +Unconfined access to user domains.

-
Description
+
Parameters
+
Parameter:Description:Optional:
-userdomain_prefix +domain + +

+Domain allowed access. +

 +No +
+private type + +

+The type of the object to be created. +

+		 +No +
+object_class + +

+The class of the object to be created. +If not specified, file is used. +

 No
+ + + + +
Parameter:Description:Optional:
+domain +

-

-This template creates a user domain, types, and -rules for the user's tty, pty, home directories, -tmp, and tmpfs files. +Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_use_all_users_fds( + + + + + domain + + + )
+
+
+ +
Summary
+

+Inherit the file descriptors from all user domains +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_use_sysadm_fds( + + + + + domain + + + )
+
+
+ +
Summary
+

+Inherit and use sysadm file descriptors +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_use_sysadm_ptys( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write sysadm ptys. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_use_sysadm_terms( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write sysadm ttys and ptys. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_use_sysadm_ttys( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write sysadm ttys. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_use_unpriv_users_fds( + + + + + domain + + + )
+
+
+ +
Summary
+

+Inherit the file descriptors from unprivileged user domains. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_use_unpriv_users_ptys( + + + + + domain + + + )
+
+
+ +
Summary
+

+Read and write unprivileged user ptys. +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_write_unpriv_users_tmp_files( + + + + + domain + + + )
+
+
+ +
Summary
+

+Write all unprivileged users files in /tmp +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_xsession_spec_domtrans_all_users( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute an Xserver session in all unprivileged user domains. This +is an explicit transition, requiring the +caller to use setexeccon(). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_xsession_spec_domtrans_unpriv_users( + + + + + domain + + + )
+
+
+ +
Summary
+

+Execute an Xserver session in all unprivileged user domains. This +is an explicit transition, requiring the +caller to use setexeccon(). +

+ + +
Parameters
+ + + + + +
Parameter:Description:Optional:
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +Return + + + +

Templates:

+ + +
+ + +
+ +admin_user_template( + + + + + userdomain_prefix + + + )
+
+
+ +
Summary
+

+The template for creating an administrative user. +

+ + +
Description
+

+

+This template creates a user domain, types, and +rules for the user's tty, pty, home directories, +tmp, and tmpfs files. +

+

+The privileges given to administrative users are: +

    +

  • Raw disk access

    • +

  • Set all sysctls

    • +

  • All kernel ring buffer controls

    • +

  • Set SELinux enforcement mode (enforcing/permissive)

    • +

  • Set SELinux booleans

    • +

  • Relabel all files but shadow

    • +

  • Create, read, write, and delete all files but shadow

    • +

  • Manage source and binary format SELinux policy

    • +

  • Run insmod

    • +

+

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., sysadm +is the prefix for sysadm_t). +

+		 +No +
+
+
+ + +
+ + +
+ +base_user_template( + + + + + userdomain_prefix + + + )
+
+
+ +
Summary
+

+The template containing rules common to unprivileged +users and administrative users. +

+ + +
Description
+

+

+This template creates a user domain, types, and +rules for the user's tty, pty, home directories, +tmp, and tmpfs files. +

+

+This generally should not be used, rather the +unpriv_user_template or admin_user_template should +be used. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+
+
+ + +
+ + +
+ +unpriv_user_template( + + + + + userdomain_prefix + + + )
+
+
+ +
Summary
+

+The template for creating a unprivileged user. +

+ + +
Description
+

+

+This template creates a user domain, types, and +rules for the user's tty, pty, home directories, +tmp, and tmpfs files. +

+

+ +
Parameters
+ + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_create_user_pty( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+
+ +
Summary
+

+Create a user pty. +

+ + +
Description
+

+

+Create a user pty. +

+

+This is a templated interface, and should only +be called from a per-userdomain template. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_dontaudit_append_user_tmp_files( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to append users +temporary files. +

+ + +
Description
+

+

+Do not audit attempts to append users +temporary files. +

+

+This is a templated interface, and should only +be called from a per-userdomain template. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+domain + +

+Domain to not audit. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_dontaudit_exec_user_home_content_files( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to execute user home files. +

+ + +
Description
+

+

+Do not audit attempts to execute user home files. +

+

+This is a templated interface, and should only +be called from a per-userdomain template. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+domain + +

+Domain allowed access. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_dontaudit_list_user_home_dirs( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to list user home subdirectories. +

+ + +
Description
+

+

+Do not audit attempts to list user home subdirectories. +

+

+This is a templated interface, and should only +be called from a per-userdomain template. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+domain + +

+Domain to not audit +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_dontaudit_list_user_tmp( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to list user +temporary directories. +

+ + +
Description
+

+

+Do not audit attempts to list user +temporary directories. +

+

+This is a templated interface, and should only +be called from a per-userdomain template. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+domain + +

+Domain to not audit. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_dontaudit_list_user_tmp_untrusted_content( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to list user +temporary untrusted directories. +

+ + +
Description
+

+

+Do not audit attempts to list user +temporary directories. +

+

+This is a templated interface, and should only +be called from a per-userdomain template. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+domain + +

+Domain to not audit. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_dontaudit_list_user_untrusted_content( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to list user +untrusted directories. +

+ + +
Description
+

+

+Do not audit attempts to read user +untrusted directories. +

+

+This is a templated interface, and should only +be called from a per-userdomain template. +

+

+ +
Parameters
+ + + + + + + +
Parameter:Description:Optional:
+userdomain_prefix + +

+The prefix of the user domain (e.g., user +is the prefix for user_t). +

+		 +No +
+domain + +

+Domain to not audit. +

+		 +No +
+
+
+ + +
+ + +
+ +userdom_dontaudit_read_user_home_content_files( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+
+ +
Summary
+

+Do not audit attempts to read user home files. +

+ + +
Description
+

+

+Do not audit attempts to read user home files. +

+

+This is a templated interface, and should only +be called from a per-userdomain template.

@@ -3129,10 +4315,20 @@ tmp, and tmpfs files. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). +

+ +No + + +domain + +

+Domain to not audit. +

No @@ -3141,13 +4337,13 @@ No
- +
-userdom_create_user_home( +userdom_dontaudit_read_user_tmp_files( @@ -3163,45 +4359,22 @@ No domain - - , - - - - [ - - object_class - - ] - - - - , - - - - [ - - private_type - - ] - - )
Summary

- +Do not audit attempts to read users +temporary files.

Description

-Create, read, write, and delete named sockets -in a user home subdirectory. +Do not audit attempts to read users +temporary files.

This is a templated interface, and should only @@ -3216,10 +4389,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -3227,47 +4400,24 @@ No domain - -Domain allowed access. - +

+Domain to not audit. +

No - -object_class - - -The class of the object to be created. If not -specified, file is used. - - -yes - - - -private_type - - -The type of the object to create. If this is -not specified, the regular home directory -type is used. - - -yes - -
- +
-userdom_create_user_pty( +userdom_dontaudit_read_user_tmp_untrusted_content_files( @@ -3289,14 +4439,16 @@ yes
Summary

-Create a user pty. +Do not audit attempts to read users +temporary untrusted files.

Description

-Create a user pty. +Do not audit attempts to read users +temporary untrusted files.

This is a templated interface, and should only @@ -3311,10 +4463,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -3322,9 +4474,9 @@ No domain - -Domain allowed access. - +

+Domain to not audit. +

No @@ -3333,13 +4485,13 @@ No
- +
-userdom_dontaudit_exec_user_home_files( +userdom_dontaudit_read_user_untrusted_content_files( @@ -3361,14 +4513,16 @@ No
Summary

-Do not audit attempts to execute user home files. +Do not audit attempts to read users +untrusted files.

Description

-Do not audit attempts to execute user home files. +Do not audit attempts to read users +untrusted files.

This is a templated interface, and should only @@ -3383,10 +4537,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -3394,9 +4548,9 @@ No domain - -Domain allowed access. - +

+Domain to not audit. +

No @@ -3405,13 +4559,13 @@ No
- +
-userdom_dontaudit_list_user_home_dir( +userdom_dontaudit_setattr_user_home_content_files( @@ -3433,14 +4587,16 @@ No
Summary

-Do not audit attempts to list user home subdirectories. +Do not audit attempts to set the +attributes of user home files.

Description

-Do not audit attempts to list user home subdirectories. +Do not audit attempts to set the +attributes of user home files.

This is a templated interface, and should only @@ -3455,10 +4611,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -3466,9 +4622,9 @@ No domain - -Domain to not audit - +

+Domain allowed access. +

No @@ -3477,13 +4633,13 @@ No
- +
-userdom_dontaudit_list_user_tmp( +userdom_dontaudit_use_user_terminals( @@ -3505,16 +4661,16 @@ No
Summary

-Do not audit attempts to list user -temporary directories. +Do not audit attempts to read and write +a user domain tty and pty.

Description

-Do not audit attempts to list user -temporary directories. +Do not audit attempts to read and write +a user domain tty and pty.

This is a templated interface, and should only @@ -3529,10 +4685,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -3540,9 +4696,9 @@ No domain - -Domain to not audit. - +

+Domain allowed access. +

No @@ -3551,13 +4707,13 @@ No
- +
-userdom_dontaudit_list_user_tmp_untrusted_content( +userdom_dontaudit_write_user_home_content_files( @@ -3579,16 +4735,14 @@ No
Summary

-Do not audit attempts to list user -temporary untrusted directories. +Do not audit attempts to write user home files.

Description

-Do not audit attempts to list user -temporary directories. +Do not audit attempts to write user home files.

This is a templated interface, and should only @@ -3603,10 +4757,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -3614,9 +4768,9 @@ No domain - +

Domain to not audit. - +

No @@ -3625,13 +4779,13 @@ No
- +
-userdom_dontaudit_list_user_untrusted_content( +userdom_exec_user_home_content_files( @@ -3653,16 +4807,14 @@ No
Summary

-Do not audit attempts to list user -untrusted directories. +Execute user home files.

Description

-Do not audit attempts to read user -untrusted directories. +Execute user home files.

This is a templated interface, and should only @@ -3677,10 +4829,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -3688,9 +4840,9 @@ No domain - -Domain to not audit. - +

+Domain allowed access. +

No @@ -3699,13 +4851,13 @@ No
- +
-userdom_dontaudit_read_user_home_files( +userdom_list_user_home_dirs( @@ -3727,14 +4879,14 @@ No
Summary

-Do not audit attempts to read user home files. +List user home directories.

Description

-Do not audit attempts to read user home files. +List user home directories.

This is a templated interface, and should only @@ -3749,10 +4901,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -3760,9 +4912,9 @@ No domain - -Domain to not audit. - +

+Domain allowed access. +

No @@ -3771,13 +4923,13 @@ No
- +
-userdom_dontaudit_read_user_tmp_files( +userdom_list_user_tmp( @@ -3799,16 +4951,14 @@ No
Summary

-Do not audit attempts to read users -temporary files. +List user temporary directories.

Description

-Do not audit attempts to read users -temporary files. +List user temporary directories.

This is a templated interface, and should only @@ -3823,10 +4973,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -3834,9 +4984,9 @@ No domain - -Domain to not audit. - +

+Domain allowed access. +

No @@ -3845,13 +4995,13 @@ No
- +
-userdom_dontaudit_read_user_tmp_untrusted_content_files( +userdom_list_user_tmp_untrusted_content( @@ -3873,16 +5023,14 @@ No
Summary

-Do not audit attempts to read users -temporary untrusted files. +List users temporary untrusted directories.

Description

-Do not audit attempts to read users -temporary untrusted files. +List users temporary untrusted directories.

This is a templated interface, and should only @@ -3897,10 +5045,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -3908,9 +5056,9 @@ No domain - -Domain to not audit. - +

+Domain allowed access. +

No @@ -3919,13 +5067,13 @@ No
- +
-userdom_dontaudit_read_user_untrusted_content_files( +userdom_list_user_untrusted_content( @@ -3947,16 +5095,14 @@ No
Summary

-Do not audit attempts to read users -untrusted files. +List users untrusted directories.

Description

-Do not audit attempts to read users -untrusted files. +List users untrusted directories.

This is a templated interface, and should only @@ -3971,10 +5117,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -3982,9 +5128,9 @@ No domain - -Domain to not audit. - +

+Domain allowed access. +

No @@ -3993,13 +5139,13 @@ No
- +
-userdom_dontaudit_setattr_user_home_files( +userdom_manage_user_home_content_dirs( @@ -4021,17 +5167,17 @@ No
Summary

-Do not audit attempts to set the -attributes of user home files. +Create, read, write, and delete directories +in a user home subdirectory.

Description

-Do not audit attempts to set the -attributes of user home files. -

+Create, read, write, and delete directories +in a user home subdirectory. +

This is a templated interface, and should only be called from a per-userdomain template. @@ -4045,10 +5191,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -4056,9 +5202,9 @@ No domain - +

Domain allowed access. - +

No @@ -4067,13 +5213,13 @@ No
- +
-userdom_dontaudit_use_user_terminals( +userdom_manage_user_home_content_files( @@ -4095,16 +5241,16 @@ No
Summary

-Do not audit attempts to read and write -a user domain tty and pty. +Create, read, write, and delete files +in a user home subdirectory.

Description

-Do not audit attempts to read and write -a user domain tty and pty. +Create, read, write, and delete files +in a user home subdirectory.

This is a templated interface, and should only @@ -4119,10 +5265,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -4130,9 +5276,9 @@ No domain - +

Domain allowed access. - +

No @@ -4141,13 +5287,13 @@ No
- +
-userdom_exec_user_home_files( +userdom_manage_user_home_content_pipes( @@ -4169,14 +5315,16 @@ No
Summary

-Execute user home files. +Create, read, write, and delete named pipes +in a user home subdirectory.

Description

-Execute user home files. +Create, read, write, and delete named pipes +in a user home subdirectory.

This is a templated interface, and should only @@ -4191,10 +5339,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -4202,9 +5350,9 @@ No domain - +

Domain allowed access. - +

No @@ -4213,13 +5361,13 @@ No
- +
-userdom_home_file( +userdom_manage_user_home_content_sockets( @@ -4232,7 +5380,7 @@ No - type + domain )
@@ -4241,16 +5389,16 @@ No
Summary

-Make the specified type usable in a -user home directory. +Create, read, write, and delete named sockets +in a user home subdirectory.

Description

-Make the specified type usable in a -user home directory. +Create, read, write, and delete named sockets +in a user home subdirectory.

This is a templated interface, and should only @@ -4265,21 +5413,20 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No -type +domain - -Type to be used as a file in the -user home directory. - +

+Domain allowed access. +

No @@ -4288,13 +5435,13 @@ No
- +
-userdom_list_user_tmp( +userdom_manage_user_home_content_symlinks( @@ -4316,14 +5463,16 @@ No
Summary

-List user temporary directories. +Create, read, write, and delete symbolic links +in a user home subdirectory.

Description

-List user temporary directories. +Create, read, write, and delete symbolic links +in a user home subdirectory.

This is a templated interface, and should only @@ -4338,10 +5487,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -4349,9 +5498,9 @@ No domain - +

Domain allowed access. - +

No @@ -4360,13 +5509,13 @@ No
- +
-userdom_list_user_tmp_untrusted_content( +userdom_manage_user_tmp_dirs( @@ -4388,14 +5537,16 @@ No
Summary

-List users temporary untrusted directories. +Create, read, write, and delete user +temporary directories.

Description

-List users temporary untrusted directories. +Create, read, write, and delete user +temporary directories.

This is a templated interface, and should only @@ -4410,10 +5561,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -4421,9 +5572,9 @@ No domain - +

Domain allowed access. - +

No @@ -4432,13 +5583,13 @@ No
- +
-userdom_list_user_untrusted_content( +userdom_manage_user_tmp_files( @@ -4460,14 +5611,16 @@ No
Summary

-List users untrusted directories. +Create, read, write, and delete user +temporary files.

Description

-List users untrusted directories. +Create, read, write, and delete user +temporary files.

This is a templated interface, and should only @@ -4482,10 +5635,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -4493,9 +5646,9 @@ No domain - +

Domain allowed access. - +

No @@ -4504,13 +5657,13 @@ No
- +
-userdom_manage_user_home_subdir_files( +userdom_manage_user_tmp_pipes( @@ -4532,16 +5685,16 @@ No
Summary

-Create, read, write, and delete files -in a user home subdirectory. +Create, read, write, and delete user +temporary named pipes.

Description

-Create, read, write, and delete files -in a user home subdirectory. +Create, read, write, and delete user +temporary named pipes.

This is a templated interface, and should only @@ -4556,10 +5709,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -4567,9 +5720,9 @@ No domain - +

Domain allowed access. - +

No @@ -4578,13 +5731,13 @@ No
- +
-userdom_manage_user_home_subdir_pipes( +userdom_manage_user_tmp_sockets( @@ -4606,16 +5759,16 @@ No
Summary

-Create, read, write, and delete named pipes -in a user home subdirectory. +Create, read, write, and delete user +temporary named sockets.

Description

-Create, read, write, and delete named pipes -in a user home subdirectory. +Create, read, write, and delete user +temporary named sockets.

This is a templated interface, and should only @@ -4630,10 +5783,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -4641,9 +5794,9 @@ No domain - +

Domain allowed access. - +

No @@ -4652,13 +5805,13 @@ No
- +
-userdom_manage_user_home_subdir_sockets( +userdom_manage_user_tmp_symlinks( @@ -4680,16 +5833,16 @@ No
Summary

-Create, read, write, and delete named sockets -in a user home subdirectory. +Create, read, write, and delete user +temporary symbolic links.

Description

-Create, read, write, and delete named sockets -in a user home subdirectory. +Create, read, write, and delete user +temporary symbolic links.

This is a templated interface, and should only @@ -4704,10 +5857,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -4715,9 +5868,9 @@ No domain - +

Domain allowed access. - +

No @@ -4726,13 +5879,13 @@ No
- +
-userdom_manage_user_home_subdir_symlinks( +userdom_read_user_home_content_files( @@ -4754,16 +5907,14 @@ No
Summary

-Create, read, write, and delete symbolic links -in a user home subdirectory. +Read user home files.

Description

-Create, read, write, and delete symbolic links -in a user home subdirectory. +Read user home files.

This is a templated interface, and should only @@ -4778,10 +5929,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -4789,9 +5940,9 @@ No domain - +

Domain allowed access. - +

No @@ -4800,13 +5951,13 @@ No
- +
-userdom_manage_user_home_subdirs( +userdom_read_user_home_content_symlinks( @@ -4828,16 +5979,14 @@ No
Summary

-Create, read, write, and delete directories -in a user home subdirectory. +Read user home subdirectory symbolic links.

Description

-Create, read, write, and delete directories -in a user home subdirectory. +Read user home subdirectory symbolic links.

This is a templated interface, and should only @@ -4852,10 +6001,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -4863,9 +6012,9 @@ No domain - +

Domain allowed access. - +

No @@ -4874,13 +6023,13 @@ No
- +
-userdom_manage_user_tmp_dirs( +userdom_read_user_tmp_files( @@ -4902,16 +6051,14 @@ No
Summary

-Create, read, write, and delete user -temporary directories. +Read user temporary files.

Description

-Create, read, write, and delete user -temporary directories. +Read user temporary files.

This is a templated interface, and should only @@ -4926,10 +6073,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -4937,9 +6084,9 @@ No domain - +

Domain allowed access. - +

No @@ -4948,13 +6095,13 @@ No
- +
-userdom_manage_user_tmp_files( +userdom_read_user_tmp_symlinks( @@ -4976,16 +6123,16 @@ No
Summary

-Create, read, write, and delete user -temporary files. +Read user +temporary symbolic links.

Description

-Create, read, write, and delete user -temporary files. +Read user +temporary symbolic links.

This is a templated interface, and should only @@ -5000,10 +6147,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5011,9 +6158,9 @@ No domain - +

Domain allowed access. - +

No @@ -5022,13 +6169,13 @@ No
- +
-userdom_manage_user_tmp_pipes( +userdom_read_user_tmp_untrusted_content_files( @@ -5050,16 +6197,14 @@ No
Summary

-Create, read, write, and delete user -temporary named pipes. +Read user temporary untrusted files.

Description

-Create, read, write, and delete user -temporary named pipes. +Read user temporary untrusted files.

This is a templated interface, and should only @@ -5074,10 +6219,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5085,9 +6230,9 @@ No domain - +

Domain allowed access. - +

No @@ -5096,13 +6241,13 @@ No
- +
-userdom_manage_user_tmp_sockets( +userdom_read_user_tmp_untrusted_content_symlinks( @@ -5124,16 +6269,14 @@ No
Summary

-Create, read, write, and delete user -temporary named sockets. +Read user temporary untrusted symbolic links.

Description

-Create, read, write, and delete user -temporary named sockets. +Read user temporary untrusted symbolic links.

This is a templated interface, and should only @@ -5148,10 +6291,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5159,9 +6302,9 @@ No domain - +

Domain allowed access. - +

No @@ -5170,13 +6313,13 @@ No
- +
-userdom_manage_user_tmp_symlinks( +userdom_read_user_untrusted_content_files( @@ -5198,16 +6341,14 @@ No
Summary

-Create, read, write, and delete user -temporary symbolic links. +Read user untrusted files.

Description

-Create, read, write, and delete user -temporary symbolic links. +Read user untrusted files.

This is a templated interface, and should only @@ -5222,10 +6363,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5233,9 +6374,9 @@ No domain - +

Domain allowed access. - +

No @@ -5244,13 +6385,13 @@ No
- +
-userdom_read_user_home_files( +userdom_read_user_untrusted_content_symlinks( @@ -5272,14 +6413,14 @@ No
Summary

-Read user home files. +Read user untrusted symbolic links.

Description

-Read user home files. +Read user untrusted symbolic links.

This is a templated interface, and should only @@ -5294,10 +6435,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5305,9 +6446,9 @@ No domain - +

Domain allowed access. - +

No @@ -5316,13 +6457,13 @@ No
- +
-userdom_read_user_home_symlinks( +userdom_rw_user_tmp_files( @@ -5344,14 +6485,14 @@ No
Summary

-Read user home subdirectory symbolic links. +Read and write user temporary files.

Description

-Read user home subdirectory symbolic links. +Read and write user temporary files.

This is a templated interface, and should only @@ -5366,10 +6507,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5377,9 +6518,9 @@ No domain - +

Domain allowed access. - +

No @@ -5388,13 +6529,13 @@ No
- +
-userdom_read_user_tmp_files( +userdom_rw_user_tmpfs_files( @@ -5416,14 +6557,14 @@ No
Summary

-Read user temporary files. +Read user tmpfs files.

Description

-Read user temporary files. +Read user tmpfs files.

This is a templated interface, and should only @@ -5438,10 +6579,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5449,9 +6590,9 @@ No domain - +

Domain allowed access. - +

No @@ -5460,13 +6601,13 @@ No
- +
-userdom_read_user_tmp_symlinks( +userdom_search_user_home_dirs( @@ -5488,16 +6629,14 @@ No
Summary

-Read user -temporary symbolic links. +Search user home directories.

Description

-Read user -temporary symbolic links. +Search user home directories.

This is a templated interface, and should only @@ -5512,10 +6651,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5523,9 +6662,9 @@ No domain - +

Domain allowed access. - +

No @@ -5534,13 +6673,13 @@ No
- +
-userdom_read_user_tmp_untrusted_content_files( +userdom_setattr_user_ptys( @@ -5562,14 +6701,14 @@ No
Summary

-Read user temporary untrusted files. +Set the attributes of a user pty.

Description

-Read user temporary untrusted files. +Set the attributes of a user pty.

This is a templated interface, and should only @@ -5584,10 +6723,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5595,9 +6734,9 @@ No domain - +

Domain allowed access. - +

No @@ -5606,13 +6745,13 @@ No
- +
-userdom_read_user_tmp_untrusted_content_symlinks( +userdom_setattr_user_ttys( @@ -5634,14 +6773,14 @@ No
Summary

-Read user temporary untrusted symbolic links. +Set the attributes of a user domain tty.

Description

-Read user temporary untrusted symbolic links. +Set the attributes of a user domain tty.

This is a templated interface, and should only @@ -5656,10 +6795,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5667,9 +6806,9 @@ No domain - +

Domain allowed access. - +

No @@ -5678,13 +6817,13 @@ No
- +
-userdom_read_user_untrusted_content_files( +userdom_use_user_terminals( @@ -5706,14 +6845,14 @@ No
Summary

-Read user untrusted files. +Read and write a user domain tty and pty.

Description

-Read user untrusted files. +Read and write a user domain tty and pty.

This is a templated interface, and should only @@ -5728,10 +6867,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5739,9 +6878,9 @@ No domain - +

Domain allowed access. - +

No @@ -5750,13 +6889,13 @@ No
- +
-userdom_read_user_untrusted_content_symlinks( +userdom_use_user_ttys( @@ -5778,14 +6917,14 @@ No
Summary

-Read user untrusted symbolic links. +Read and write a user domain tty.

Description

-Read user untrusted symbolic links. +Read and write a user domain tty.

This is a templated interface, and should only @@ -5800,10 +6939,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5811,9 +6950,9 @@ No domain - +

Domain allowed access. - +

No @@ -5822,13 +6961,13 @@ No
- +
-userdom_search_user_home( +userdom_user_home_content( @@ -5841,7 +6980,7 @@ No - domain + type )
@@ -5850,14 +6989,16 @@ No
Summary

-Search user home directories. +Make the specified type usable in a +user home directory.

Description

-Search user home directories. +Make the specified type usable in a +user home directory.

This is a templated interface, and should only @@ -5872,20 +7013,21 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No -domain +type - -Domain allowed access. - +

+Type to be used as a file in the +user home directory. +

No @@ -5894,13 +7036,13 @@ No
- +
-userdom_setattr_user_pty( +userdom_user_home_dir_filetrans( @@ -5916,20 +7058,40 @@ No domain + + , + + + + private_type + + + + , + + + + object_class + + )
Summary

-Set the attributes of a user pty. +Create objects in a user home directory +with an automatic type transition to +a specified private type.

Description

-Set the attributes of a user pty. +Create objects in a user home directory +with an automatic type transition to +a specified private type.

This is a templated interface, and should only @@ -5944,10 +7106,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -5955,9 +7117,30 @@ No domain - +

Domain allowed access. +

+ +No + + + +private_type + +

+The type of the object to create. +

+ +No + + +object_class + +

+The class of the object to be created. If not +specified, file is used. +

No @@ -5966,13 +7149,13 @@ No
- +
-userdom_use_user_terminals( +userdom_user_home_dir_filetrans_user_home_content( @@ -5988,20 +7171,32 @@ No domain + + , + + + + object_class + + )
Summary

-Read and write a user domain tty and pty. +Create objects in a user home directory +with an automatic type transition to +the user home file type.

Description

-Read and write a user domain tty and pty. +Create objects in a user home directory +with an automatic type transition to +the user home file type.

This is a templated interface, and should only @@ -6016,10 +7211,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -6027,9 +7222,20 @@ No domain - +

Domain allowed access. +

+ +No + + +object_class + +

+The class of the object to be created. If not +specified, file is used. +

No @@ -6105,10 +7311,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -6116,9 +7322,9 @@ No source_domain - +

Domain allowed access. - +

No @@ -6126,9 +7332,9 @@ No target_domain - +

Domain to transition to. - +

No @@ -6187,10 +7393,10 @@ be called from a per-userdomain template. userdomain_prefix - +

The prefix of the user domain (e.g., user is the prefix for user_t). - +

No @@ -6198,9 +7404,9 @@ No domain - +

Domain allowed access. - +

No diff --git a/www/api-docs/templates.html b/www/api-docs/templates.html index 59bdb3b..10c481a 100644 --- a/www/api-docs/templates.html +++ b/www/api-docs/templates.html @@ -25,6 +25,12 @@    -  anaconda
+    -  + bootloader
+ +    -  + certwatch
+    -  consoletype
@@ -49,9 +55,15 @@    -  logwatch
+    -  + mrtg
+    -  netutils
+    -  + portage
+    -  prelink
@@ -112,24 +124,39 @@    -  lockdev
+    -  + mono
+    -  screen
   -  slocate
+    -  + tvtime
+ +    -  + uml
+ +    -  + userhelper
+ +    -  + usernetctl
+    -  webalizer
+    -  + wine
+
+  kernel
-    -  - bootloader
-    -  corecommands
@@ -151,6 +178,9 @@    -  kernel
+    -  + mcs
+    -  mls
@@ -400,12 +430,12 @@    -  uucp
-    -  - xdm
-    -  xfs
+    -  + xserver
+    -  zebra
@@ -1042,7 +1072,7 @@ apps

- userdomain_prefix + userdomain @@ -1050,7 +1080,7 @@ apps

- domain + role )
@@ -1191,6 +1221,74 @@ The per user domain template for the lockdev module.

+Module: +lpd

+Layer: +services

+

+ +lpd_per_userdomain_template( + + + + + userdomain_prefix + + + + , + + + + user_domain + + + + , + + + + user_role + + + )
+
+ +
+

+The per user domain template for the lpd module. +

+
+ +
+ +
+Module: +lpd

+Layer: +services

+

+ +lpr_admin_template( + + + + + userdomain_prefix + + + )
+
+ +
+

+The administrative functions template for the lpd module. +

+
+ +
+ +
+Module: +portage

+Layer: +admin

+

+ +portage_compile_domain_template( + + + + + prefix + + + )
+
+ +
+

+Template for portage sandbox. +

+
+ +
+ +
-Module: -unconfined

-Layer: -system

+Module: +tvtime

+Layer: +apps

-unconfined_domain_template( +tvtime_per_userdomain_template( - domain + userdomain_prefix + + + + , + + + + user_domain + + + + , + + + + user_role + + + )
+
+ +
+

+The per user domain template for the tvtime module. +

+
+ +
+ +
+Module: +uml

+Layer: +apps

+

+ +uml_per_userdomain_template( + + + + + userdomain_prefix + + + + , + + + + user_domain + + + + , + + + + user_role )
@@ -1783,7 +1965,7 @@ system

-A template to make the specified domain unconfined. +The per user domain template for the uml module.

@@ -1816,13 +1998,13 @@ The template for creating a unprivileged user.
-Module: +Module: userdomain

Layer: system

-userdom_create_user_home( +userdom_create_user_pty( @@ -1838,49 +2020,25 @@ system

domain - - , - - - - [ - - object_class - - ] - - - - , - - - - [ - - private_type - - ] - - )

- +Create a user pty.

-Module: +Module: userdomain

Layer: system

-userdom_create_user_pty( +userdom_dontaudit_append_user_tmp_files( @@ -1901,20 +2059,21 @@ system

-Create a user pty. +Do not audit attempts to append users +temporary files.

-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_exec_user_home_files( +userdom_dontaudit_exec_user_home_content_files( @@ -1942,13 +2101,13 @@ Do not audit attempts to execute user home files.
-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_list_user_home_dir( +userdom_dontaudit_list_user_home_dirs( @@ -2081,13 +2240,13 @@ untrusted directories.
-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_read_user_home_files( +userdom_dontaudit_read_user_home_content_files( @@ -2220,13 +2379,13 @@ untrusted files.
-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_setattr_user_home_files( +userdom_dontaudit_setattr_user_home_content_files( @@ -2290,13 +2449,47 @@ a user domain tty and pty.
-Module: +Module: +userdomain

+Layer: +system

+

+ +userdom_dontaudit_write_user_home_content_files( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+ +
+

+Do not audit attempts to write user home files. +

+
+ +
+ +
+Module: userdomain

Layer: system

-userdom_exec_user_home_files( +userdom_exec_user_home_content_files( @@ -2324,13 +2517,13 @@ Execute user home files.
-Module: +Module: userdomain

Layer: system

-userdom_home_file( +userdom_list_user_home_dirs( @@ -2343,7 +2536,7 @@ system

- type + domain )
@@ -2351,8 +2544,7 @@ system

-Make the specified type usable in a -user home directory. +List user home directories.

@@ -2461,13 +2653,13 @@ List users untrusted directories.
-Module: +Module: userdomain

Layer: system

-userdom_manage_user_home_subdir_files( +userdom_manage_user_home_content_dirs( @@ -2488,7 +2680,7 @@ system

-Create, read, write, and delete files +Create, read, write, and delete directories in a user home subdirectory.

@@ -2496,13 +2688,13 @@ in a user home subdirectory.
-Module: +Module: userdomain

Layer: system

-userdom_manage_user_home_subdir_pipes( +userdom_manage_user_home_content_files( @@ -2523,7 +2715,7 @@ system

-Create, read, write, and delete named pipes +Create, read, write, and delete files in a user home subdirectory.

@@ -2531,13 +2723,13 @@ in a user home subdirectory.
-Module: +Module: userdomain

Layer: system

-userdom_manage_user_home_subdir_sockets( +userdom_manage_user_home_content_pipes( @@ -2558,7 +2750,7 @@ system

-Create, read, write, and delete named sockets +Create, read, write, and delete named pipes in a user home subdirectory.

@@ -2566,13 +2758,13 @@ in a user home subdirectory.
-Module: +Module: userdomain

Layer: system

-userdom_manage_user_home_subdir_symlinks( +userdom_manage_user_home_content_sockets( @@ -2593,7 +2785,7 @@ system

-Create, read, write, and delete symbolic links +Create, read, write, and delete named sockets in a user home subdirectory.

@@ -2601,13 +2793,13 @@ in a user home subdirectory.
-Module: +Module: userdomain

Layer: system

-userdom_manage_user_home_subdirs( +userdom_manage_user_home_content_symlinks( @@ -2628,7 +2820,7 @@ system

-Create, read, write, and delete directories +Create, read, write, and delete symbolic links in a user home subdirectory.

@@ -2811,13 +3003,13 @@ temporary symbolic links.
-Module: +Module: userdomain

Layer: system

-userdom_read_user_home_files( +userdom_read_user_home_content_files( @@ -2845,13 +3037,13 @@ Read user home files.
-Module: +Module: userdomain

Layer: system

-userdom_read_user_home_symlinks( +userdom_read_user_home_content_symlinks( @@ -3084,13 +3276,13 @@ Read user untrusted symbolic links.
-Module: +Module: userdomain

Layer: system

-userdom_search_user_home( +userdom_rw_user_tmp_files( @@ -3111,20 +3303,20 @@ system

-Search user home directories. +Read and write user temporary files.

-Module: +Module: userdomain

Layer: system

-userdom_setattr_user_pty( +userdom_rw_user_tmpfs_files( @@ -3145,20 +3337,20 @@ system

-Set the attributes of a user pty. +Read user tmpfs files.

-Module: +Module: userdomain

Layer: system

-userdom_use_user_terminals( +userdom_search_user_home_dirs( @@ -3179,20 +3371,20 @@ system

-Read and write a user domain tty and pty. +Search user home directories.

-Module: +Module: userdomain

Layer: system

-userdom_user_home_domtrans( +userdom_setattr_user_ptys( @@ -3205,15 +3397,7 @@ system

- source_domain - - - - , - - - - target_domain + domain )
@@ -3221,16 +3405,291 @@ system

-Do a domain transition to the specified -domain when executing a program in the -user home directory. +Set the attributes of a user pty.

-Module: +Module: +userdomain

+Layer: +system

+

+ +userdom_setattr_user_ttys( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+ +
+

+Set the attributes of a user domain tty. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_use_user_terminals( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+ +
+

+Read and write a user domain tty and pty. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_use_user_ttys( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+ +
+

+Read and write a user domain tty. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_user_home_content( + + + + + userdomain_prefix + + + + , + + + + type + + + )
+
+ +
+

+Make the specified type usable in a +user home directory. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_user_home_dir_filetrans( + + + + + userdomain_prefix + + + + , + + + + domain + + + + , + + + + private_type + + + + , + + + + object_class + + + )
+
+ +
+

+Create objects in a user home directory +with an automatic type transition to +a specified private type. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_user_home_dir_filetrans_user_home_content( + + + + + userdomain_prefix + + + + , + + + + domain + + + + , + + + + object_class + + + )
+
+ +
+

+Create objects in a user home directory +with an automatic type transition to +the user home file type. +

+
+ +
+ +
+Module: +userdomain

+Layer: +system

+

+ +userdom_user_home_domtrans( + + + + + userdomain_prefix + + + + , + + + + source_domain + + + + , + + + + target_domain + + + )
+
+ +
+

+Do a domain transition to the specified +domain when executing a program in the +user home directory. +

+
+ +
+ +
+Module: userdomain

Layer: system

@@ -3263,6 +3722,284 @@ Write to user temporary named sockets.

+
+Module: +userhelper

+Layer: +apps

+

+ +userhelper_per_userdomain_template( + + + + + userdomain_prefix + + + + , + + + + user_domain + + + + , + + + + user_role + + + )
+
+ +
+

+The per user domain template for the userhelper module. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_common_domain_template( + + + + + prefix + + + )
+
+ +
+

+Template to create types and rules common to +all X server domains. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_domtrans_user_xauth( + + + + + userdomain_prefix + + + + , + + + + domain + + + )
+
+ +
+

+Transition to a user Xauthority domain. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_per_userdomain_template( + + + + + prefix + + + + , + + + + user_domain + + + + , + + + + user_role + + + )
+
+ +
+

+The per user domain template for the xserver module. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_ro_session_template( + + + + + prefix + + + + , + + + + domain + + + + , + + + + tmpfs_type + + + )
+
+ +
+

+Template for creating sessions on a +prefix X server, with read-only +access to the X server shared +memory segments. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_rw_session_template( + + + + + prefix + + + + , + + + + domain + + + + , + + + + tmpfs_type + + + )
+
+ +
+

+Template for creating sessions on a +prefix X server, with read and write +access to the X server shared +memory segments. +

+
+ +
+ +
+Module: +xserver

+Layer: +services

+

+ +xserver_user_client_template( + + + + + prefix + + + + , + + + + domain + + + + , + + + + tmpfs_type + + + )
+
+ +
+

+Template for creating full client sessions +on a user X server. +

+
+ +
+