diff --git a/www/api-docs/admin_su.html b/www/api-docs/admin_su.html
index 3028881..93c3a61 100644
--- a/www/api-docs/admin_su.html
+++ b/www/api-docs/admin_su.html
@@ -16,6 +16,9 @@
-
acct
+ -
+ alsa
+
-
amanda
@@ -25,6 +28,9 @@
-
consoletype
+ -
+ ddcprobe
+
-
dmesg
@@ -40,12 +46,21 @@
-
logrotate
+ -
+ logwatch
+
-
netutils
+ -
+ prelink
+
-
quota
+ -
+ readahead
+
-
rpm
@@ -61,9 +76,15 @@
-
updfstab
+ -
+ usbmodules
+
-
usermanage
+ -
+ vbetool
+
-
vpn
diff --git a/www/api-docs/admin_sudo.html b/www/api-docs/admin_sudo.html
index 83b6769..1aebe36 100644
--- a/www/api-docs/admin_sudo.html
+++ b/www/api-docs/admin_sudo.html
@@ -16,6 +16,9 @@
-
acct
+ -
+ alsa
+
-
amanda
@@ -25,6 +28,9 @@
-
consoletype
+ -
+ ddcprobe
+
-
dmesg
@@ -40,12 +46,21 @@
-
logrotate
+ -
+ logwatch
+
-
netutils
+ -
+ prelink
+
-
quota
+ -
+ readahead
+
-
rpm
@@ -61,9 +76,15 @@
-
updfstab
+ -
+ usbmodules
+
-
usermanage
+ -
+ vbetool
+
-
vpn
diff --git a/www/api-docs/admin_tmpreaper.html b/www/api-docs/admin_tmpreaper.html
index 27645cf..f54460a 100644
--- a/www/api-docs/admin_tmpreaper.html
+++ b/www/api-docs/admin_tmpreaper.html
@@ -16,6 +16,9 @@
-
acct
+ -
+ alsa
+
-
amanda
@@ -25,6 +28,9 @@
-
consoletype
+ -
+ ddcprobe
+
-
dmesg
@@ -40,12 +46,21 @@
-
logrotate
+ -
+ logwatch
+
-
netutils
+ -
+ prelink
+
-
quota
+ -
+ readahead
+
-
rpm
@@ -61,9 +76,15 @@
-
updfstab
+ -
+ usbmodules
+
-
usermanage
+ -
+ vbetool
+
-
vpn
diff --git a/www/api-docs/admin_updfstab.html b/www/api-docs/admin_updfstab.html
index aa1bd3b..51c67f4 100644
--- a/www/api-docs/admin_updfstab.html
+++ b/www/api-docs/admin_updfstab.html
@@ -16,6 +16,9 @@
-
acct
+ -
+ alsa
+
-
amanda
@@ -25,6 +28,9 @@
-
consoletype
+ -
+ ddcprobe
+
-
dmesg
@@ -40,12 +46,21 @@
-
logrotate
+ -
+ logwatch
+
-
netutils
+ -
+ prelink
+
-
quota
+ -
+ readahead
+
-
rpm
@@ -61,9 +76,15 @@
-
updfstab
+ -
+ usbmodules
+
-
usermanage
+ -
+ vbetool
+
-
vpn
diff --git a/www/api-docs/admin_usbmodules.html b/www/api-docs/admin_usbmodules.html
new file mode 100644
index 0000000..bc12979
--- /dev/null
+++ b/www/api-docs/admin_usbmodules.html
@@ -0,0 +1,273 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+
Layer: admin
+
Module: usbmodules
+
+
Description:
+
+
List kernel modules of USB devices
+
+
+
+
+
Interfaces:
+
+
+
+
+
+
+
+usbmodules_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Execute usbmodules in the usbmodules domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+usbmodules_run(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ role
+
+
+
+ ,
+
+
+
+ terminal
+
+
+ )
+
+
+
+
Summary
+
+Execute usbmodules in the usbmodules domain, and
+allow the specified role the usbmodules domain,
+and use the caller's terminal.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+|
+role
+ |
+
+The role to be allowed the usbmodules domain.
+
+ |
+No
+ |
+
+|
+terminal
+ |
+
+The type of the terminal allow the usbmodules domain to use.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
+
+
+
diff --git a/www/api-docs/admin_usermanage.html b/www/api-docs/admin_usermanage.html
index c613425..35249de 100644
--- a/www/api-docs/admin_usermanage.html
+++ b/www/api-docs/admin_usermanage.html
@@ -16,6 +16,9 @@
-
acct
+ -
+ alsa
+
-
amanda
@@ -25,6 +28,9 @@
-
consoletype
+ -
+ ddcprobe
+
-
dmesg
@@ -40,12 +46,21 @@
-
logrotate
+ -
+ logwatch
+
-
netutils
+ -
+ prelink
+
-
quota
+ -
+ readahead
+
-
rpm
@@ -61,9 +76,15 @@
-
updfstab
+ -
+ usbmodules
+
-
usermanage
+ -
+ vbetool
+
-
vpn
diff --git a/www/api-docs/admin_vbetool.html b/www/api-docs/admin_vbetool.html
new file mode 100644
index 0000000..a17a807
--- /dev/null
+++ b/www/api-docs/admin_vbetool.html
@@ -0,0 +1,197 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+
Layer: admin
+
Module: vbetool
+
+
Description:
+
+
run real-mode video BIOS code to alter hardware state
+
+
+
+
+
Interfaces:
+
+
+
+
+
+
+
+vbetool_domtrans(
+
+
+
+
+ [
+
+ domain
+
+ ]
+
+
+ )
+
+
+
+
Summary
+
+Execute vbetool application in the vbetool domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+N/A
+
+ |
+yes
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
+
+
+
diff --git a/www/api-docs/admin_vpn.html b/www/api-docs/admin_vpn.html
index 67af56e..0083db7 100644
--- a/www/api-docs/admin_vpn.html
+++ b/www/api-docs/admin_vpn.html
@@ -16,6 +16,9 @@
-
acct
+ -
+ alsa
+
-
amanda
@@ -25,6 +28,9 @@
-
consoletype
+ -
+ ddcprobe
+
-
dmesg
@@ -40,12 +46,21 @@
-
logrotate
+ -
+ logwatch
+
-
netutils
+ -
+ prelink
+
-
quota
+ -
+ readahead
+
-
rpm
@@ -61,9 +76,15 @@
-
updfstab
+ -
+ usbmodules
+
-
usermanage
+ -
+ vbetool
+
-
vpn
@@ -151,7 +172,7 @@ Execute VPN clients in the vpnc domain.
domain
-The type of the process performing this action.
+Domain allowed access.
|
No
@@ -210,7 +231,7 @@ allow the specified role the vpnc domain.
domain
|
-The type of the process performing this action.
+Domain allowed access.
|
No
@@ -240,6 +261,48 @@ No
+
+
+
+
+
+
+vpn_signal(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Send generic signals to VPN clients.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+ -
+ cdrecord
+
-
gpg
+ -
+ irc
+
+ -
+ java
+
-
loadkeys
+ -
+ lockdev
+
+ -
+ screen
+
+ -
+ slocate
+
-
webalizer
@@ -75,16 +93,46 @@
|
+
+ cdrecord |
+ Policy for cdrecord |
+
+ |
gpg |
Policy for GNU Privacy Guard and related programs. |
|
+
+ irc |
+ IRC client policy |
+
+ |
+
+ java |
+ Java virtual machine |
+
+ |
loadkeys |
Load keyboard mappings. |
|
+
+ lockdev |
+ device locking policy for lockdev |
+
+ |
+
+ screen |
+ GNU terminal multiplexer |
+
+ |
+
+ slocate |
+ Update database for mlocate |
+
+ |
webalizer |
Web server log analysis |
diff --git a/www/api-docs/apps_cdrecord.html b/www/api-docs/apps_cdrecord.html
new file mode 100644
index 0000000..de446cb
--- /dev/null
+++ b/www/api-docs/apps_cdrecord.html
@@ -0,0 +1,195 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: apps
+ Module: cdrecord
+
+ Description:
+
+ Policy for cdrecord
+
+
+
+
+
+ Templates:
+
+
+
+
+
+
+
+cdrecord_per_userdomain_template(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ user_domain
+
+
+
+ ,
+
+
+
+ user_role
+
+
+ )
+
+
+
+ Summary
+
+The per user domain template for the cdrecord module.
+
+
+
+ Description
+
+
+This template creates derived domains which are used
+for cdrecord.
+
+
+This template is invoked automatically for each user, and
+generally does not need to be invoked directly
+by policy writers.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+user_domain
+ |
+
+The type of the user domain.
+
+ |
+No
+ |
+
+|
+user_role
+ |
+
+The role associated with the user domain.
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+ -
+ cdrecord
+
-
gpg
+ -
+ irc
+
+ -
+ java
+
-
loadkeys
+ -
+ lockdev
+
+ -
+ screen
+
+ -
+ slocate
+
-
webalizer
diff --git a/www/api-docs/apps_irc.html b/www/api-docs/apps_irc.html
new file mode 100644
index 0000000..a3f5cbf
--- /dev/null
+++ b/www/api-docs/apps_irc.html
@@ -0,0 +1,195 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: apps
+ Module: irc
+
+ Description:
+
+ IRC client policy
+
+
+
+
+
+ Templates:
+
+
+
+
+
+
+
+irc_per_userdomain_template(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ user_domain
+
+
+
+ ,
+
+
+
+ user_role
+
+
+ )
+
+
+
+ Summary
+
+The per user domain template for the irc module.
+
+
+
+ Description
+
+
+This template creates a derived domains which are used
+for an irc client sessions.
+
+
+This template is invoked automatically for each user, and
+generally does not need to be invoked directly
+by policy writers.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+user_domain
+ |
+
+The type of the user domain.
+
+ |
+No
+ |
+
+|
+user_role
+ |
+
+The role associated with the user domain.
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+
+
diff --git a/www/api-docs/apps_java.html b/www/api-docs/apps_java.html
new file mode 100644
index 0000000..b9a8e77
--- /dev/null
+++ b/www/api-docs/apps_java.html
@@ -0,0 +1,195 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: apps
+ Module: java
+
+ Description:
+
+ Java virtual machine
+
+
+
+
+
+ Templates:
+
+
+
+
+
+
+
+java_per_userdomain_template(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ user_domain
+
+
+
+ ,
+
+
+
+ user_role
+
+
+ )
+
+
+
+ Summary
+
+The per user domain template for the java module.
+
+
+
+ Description
+
+
+This template creates a derived domains which are used
+for java plugins that are executed by a browser.
+
+
+This template is invoked automatically for each user, and
+generally does not need to be invoked directly
+by policy writers.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+user_domain
+ |
+
+The type of the user domain.
+
+ |
+No
+ |
+
+|
+user_role
+ |
+
+The role associated with the user domain.
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+
+
diff --git a/www/api-docs/apps_loadkeys.html b/www/api-docs/apps_loadkeys.html
index 44b768c..5dbab61 100644
--- a/www/api-docs/apps_loadkeys.html
+++ b/www/api-docs/apps_loadkeys.html
@@ -19,12 +19,30 @@
apps
+ -
+ cdrecord
+
-
gpg
+ -
+ irc
+
+ -
+ java
+
-
loadkeys
+ -
+ lockdev
+
+ -
+ screen
+
+ -
+ slocate
+
-
webalizer
diff --git a/www/api-docs/apps_lockdev.html b/www/api-docs/apps_lockdev.html
new file mode 100644
index 0000000..4b9dd81
--- /dev/null
+++ b/www/api-docs/apps_lockdev.html
@@ -0,0 +1,196 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: apps
+ Module: lockdev
+
+ Description:
+
+ device locking policy for lockdev
+
+
+
+
+
+ Templates:
+
+
+
+
+
+
+
+lockdev_per_userdomain_template(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ user_domain
+
+
+
+ ,
+
+
+
+ user_role
+
+
+ )
+
+
+
+ Summary
+
+The per user domain template for the lockdev module.
+
+
+
+ Description
+
+
+This template creates derived domains which are used
+for lockdev. A derived type is also created to protect
+the user's device locks.
+
+
+This template is invoked automatically for each user, and
+generally does not need to be invoked directly
+by policy writers.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+user_domain
+ |
+
+The type of the user domain.
+
+ |
+No
+ |
+
+|
+user_role
+ |
+
+The role associated with the user domain.
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+
+
diff --git a/www/api-docs/apps_screen.html b/www/api-docs/apps_screen.html
new file mode 100644
index 0000000..c7ab2d6
--- /dev/null
+++ b/www/api-docs/apps_screen.html
@@ -0,0 +1,195 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: apps
+ Module: screen
+
+ Description:
+
+ GNU terminal multiplexer
+
+
+
+
+
+ Templates:
+
+
+
+
+
+
+
+screen_per_userdomain_template(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ user_domain
+
+
+
+ ,
+
+
+
+ user_role
+
+
+ )
+
+
+
+ Summary
+
+The per user domain template for the screen module.
+
+
+
+ Description
+
+
+This template creates a derived domains which are used
+for screen sessions.
+
+
+This template is invoked automatically for each user, and
+generally does not need to be invoked directly
+by policy writers.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+user_domain
+ |
+
+The type of the user domain.
+
+ |
+No
+ |
+
+|
+user_role
+ |
+
+The role associated with the user domain.
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+
+
diff --git a/www/api-docs/apps_slocate.html b/www/api-docs/apps_slocate.html
new file mode 100644
index 0000000..0dcf640
--- /dev/null
+++ b/www/api-docs/apps_slocate.html
@@ -0,0 +1,145 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: apps
+ Module: slocate
+
+ Description:
+
+ Update database for mlocate
+
+
+
+
+ Interfaces:
+
+
+
+
+
+
+
+slocate_create_append_log(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create the locate log with append mode.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+
+
+
diff --git a/www/api-docs/apps_webalizer.html b/www/api-docs/apps_webalizer.html
index c97a25b..af33a67 100644
--- a/www/api-docs/apps_webalizer.html
+++ b/www/api-docs/apps_webalizer.html
@@ -19,12 +19,30 @@
apps
+ -
+ cdrecord
+
-
gpg
+ -
+ irc
+
+ -
+ java
+
-
loadkeys
+ -
+ lockdev
+
+ -
+ screen
+
+ -
+ slocate
+
-
webalizer
diff --git a/www/api-docs/global_booleans.html b/www/api-docs/global_booleans.html
index 78bfbdc..8aa51d2 100644
--- a/www/api-docs/global_booleans.html
+++ b/www/api-docs/global_booleans.html
@@ -16,6 +16,9 @@
-
acct
+ -
+ alsa
+
-
amanda
@@ -25,6 +28,9 @@
-
consoletype
+ -
+ ddcprobe
+
-
dmesg
@@ -40,12 +46,21 @@
-
logrotate
+ -
+ logwatch
+
-
netutils
+ -
+ prelink
+
-
quota
+ -
+ readahead
+
-
rpm
@@ -61,9 +76,15 @@
-
updfstab
+ -
+ usbmodules
+
-
usermanage
+ -
+ vbetool
+
-
vpn
@@ -73,12 +94,30 @@
apps
+ -
+ cdrecord
+
-
gpg
+ -
+ irc
+
+ -
+ java
+
-
loadkeys
+ -
+ lockdev
+
+ -
+ screen
+
+ -
+ slocate
+
-
webalizer
@@ -139,6 +178,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -184,9 +226,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -247,6 +295,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -268,6 +319,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -283,6 +337,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -301,6 +358,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -316,6 +379,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -328,6 +394,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
@@ -352,6 +421,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/global_tunables.html b/www/api-docs/global_tunables.html
index a418493..c22677c 100644
--- a/www/api-docs/global_tunables.html
+++ b/www/api-docs/global_tunables.html
@@ -16,6 +16,9 @@
-
acct
+ -
+ alsa
+
-
amanda
@@ -25,6 +28,9 @@
-
consoletype
+ -
+ ddcprobe
+
-
dmesg
@@ -40,12 +46,21 @@
-
logrotate
+ -
+ logwatch
+
-
netutils
+ -
+ prelink
+
-
quota
+ -
+ readahead
+
-
rpm
@@ -61,9 +76,15 @@
-
updfstab
+ -
+ usbmodules
+
-
usermanage
+ -
+ vbetool
+
-
vpn
@@ -73,12 +94,30 @@
apps
+ -
+ cdrecord
+
-
gpg
+ -
+ irc
+
+ -
+ java
+
-
loadkeys
+ -
+ lockdev
+
+ -
+ screen
+
+ -
+ slocate
+
-
webalizer
@@ -139,6 +178,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -184,9 +226,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -247,6 +295,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -268,6 +319,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -283,6 +337,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -301,6 +358,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -316,6 +379,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -328,6 +394,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
@@ -352,6 +421,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
@@ -434,6 +506,18 @@
+ allow_cvs_read_shadow
+
+ Default value
+ false
+
+ Description
+
+Allow cvs daemon to read shadow
+
+
+
+
allow_execmem
Default value
@@ -518,6 +602,18 @@ Allow Apache to modify public filesused for public file transfer services.
+ allow_java_execstack
+
+ Default value
+ false
+
+ Description
+
+Allow java executable stack
+
+
+
+
allow_kerberos
Default value
@@ -614,6 +710,18 @@ Allow system to run with NIS
+ cdrecord_read_content
+
+ Default value
+ false
+
+ Description
+
+Allow cdrecord to read various content.nfs, samba, removable devices, user tempand untrusted content files
+
+
+
+
cron_can_relabel
Default value
@@ -686,6 +794,30 @@ Allow http daemon to tcp connect
+ httpd_can_network_connect_db
+
+ Default value
+ false
+
+ Description
+
+allow httpd to connect to mysql/posgresql
+
+
+
+
+ httpd_can_network_relay
+
+ Default value
+ false
+
+ Description
+
+allow httpd to act as a relay
+
+
+
+
httpd_enable_cgi
Default value
diff --git a/www/api-docs/index.html b/www/api-docs/index.html
index f88b88a..bb55645 100644
--- a/www/api-docs/index.html
+++ b/www/api-docs/index.html
@@ -16,6 +16,9 @@
-
acct
+ -
+ alsa
+
-
amanda
@@ -25,6 +28,9 @@
-
consoletype
+ -
+ ddcprobe
+
-
dmesg
@@ -40,12 +46,21 @@
-
logrotate
+ -
+ logwatch
+
-
netutils
+ -
+ prelink
+
-
quota
+ -
+ readahead
+
-
rpm
@@ -61,9 +76,15 @@
-
updfstab
+ -
+ usbmodules
+
-
usermanage
+ -
+ vbetool
+
-
vpn
@@ -73,12 +94,30 @@
apps
+ -
+ cdrecord
+
-
gpg
+ -
+ irc
+
+ -
+ java
+
-
loadkeys
+ -
+ lockdev
+
+ -
+ screen
+
+ -
+ slocate
+
-
webalizer
@@ -139,6 +178,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -184,9 +226,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -247,6 +295,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -268,6 +319,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -283,6 +337,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -301,6 +358,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -316,6 +379,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -328,6 +394,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
@@ -352,6 +421,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
@@ -448,6 +520,11 @@
Berkeley process accounting |
|
+
+ alsa |
+ Ainit ALSA configuration tool |
+
+ |
amanda |
Automated backup program. |
@@ -465,6 +542,11 @@ Determine of the console connected to the controlling terminal.
|
+
+ ddcprobe |
+ ddcprobe retrieves monitor and graphics card information |
+
+ |
dmesg |
Policy for dmesg. |
@@ -493,16 +575,31 @@ after installation of Red Hat/Fedora systems.
Rotate and archive system logs |
|
+
+ logwatch |
+ System log analyzer and reporter |
+
+ |
netutils |
Network analysis utilities |
|
+
+ prelink |
+ Prelink ELF shared library mappings. |
+
+ |
quota |
File system quota management |
|
+
+ readahead |
+ Readahead, read files into page cache for improved performance |
+
+ |
rpm |
Policy for the RPM package manager. |
@@ -528,11 +625,21 @@ after installation of Red Hat/Fedora systems.
Red Hat utility to change /etc/fstab. |
|
+
+ usbmodules |
+ List kernel modules of USB devices |
+
+ |
usermanage |
Policy for managing user accounts. |
|
+
+ vbetool |
+ run real-mode video BIOS code to alter hardware state |
+
+ |
vpn |
Virtual Private Networking client |
@@ -557,7 +664,8 @@ after installation of Red Hat/Fedora systems.
Layer: kernel
-Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
+Policy for kernel threads, proc filesystem,
+and unlabeled processes and objects.
@@ -617,7 +725,8 @@ Basic filesystem types and interfaces.
kernel
-Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
+Policy for kernel threads, proc filesystem,
+and unlabeled processes and objects.
|
|
@@ -666,16 +775,46 @@ Policy for kernel security interface, in particular, selinuxfs.
| |
+
+ cdrecord |
+ Policy for cdrecord |
+
+ |
gpg |
Policy for GNU Privacy Guard and related programs. |
|
+
+ irc |
+ IRC client policy |
+
+ |
+
+ java |
+ Java virtual machine |
+
+ |
loadkeys |
Load keyboard mappings. |
|
+
+ lockdev |
+ device locking policy for lockdev |
+
+ |
+
+ screen |
+ GNU terminal multiplexer |
+
+ |
+
+ slocate |
+ Update database for mlocate |
+
+ |
webalizer |
Web server log analysis |
@@ -728,6 +867,11 @@ Policy for kernel security interface, in particular, selinuxfs.
Policy for reading and setting the hardware clock. |
|
+
+ daemontools |
+ Collection of tools for managing UNIX services |
+
+ |
fstools |
Tools for filesystem management, such as mkfs and fsck. |
@@ -877,6 +1021,11 @@ connection and disconnection of devices at runtime.
Ethernet activity monitor. |
|
+
+ automount |
+ Filesystem automounter service. |
+
+ |
avahi |
mDNS/DNS-SD daemon implementing Apple ZeroConf architecture |
@@ -952,11 +1101,21 @@ connection and disconnection of devices at runtime.
Distributed compiler daemon |
|
+
+ djbdns |
+ small and secure DNS daemon |
+
+ |
dovecot |
Dovecot POP and IMAP mail server |
|
+
+ fetchmail |
+ Remote-mail retrieval and forwarding utility |
+
+ |
finger |
Finger user information service. |
@@ -1057,6 +1216,11 @@ connection and disconnection of devices at runtime.
Network time protocol daemon |
|
+
+ openct |
+ Service for handling smart card readers. |
+
+ |
pegasus |
The Open Group Pegasus CIM/WBEM Server. |
@@ -1092,6 +1256,11 @@ connection and disconnection of devices at runtime.
Procmail mail delivery agent |
|
+
+ publicfile |
+ publicfile supplies files to the public through HTTP and FTP |
+
+ |
radius |
RADIUS authentication and accounting server. |
@@ -1117,6 +1286,11 @@ connection and disconnection of devices at runtime.
Remote login daemon |
|
+
+ roundup |
+ Roundup Issue Tracking System policy |
+
+ |
rpc |
Remote Procedure Call Daemon for managment of network based process communication |
@@ -1151,6 +1325,16 @@ from Windows NT servers.
Policy for sendmail. |
|
+
+ slrnpull |
+ Service for downloading news feeds the slrn newsreader. |
+
+ |
+
+ smartmon |
+ Smart disk monitoring daemon policy |
+
+ |
snmp |
Simple network management protocol services |
@@ -1176,6 +1360,11 @@ from Windows NT servers.
SSL Tunneling Proxy |
|
+
+ sysstat |
+ Policy for sysstat. Reports on various system states |
+
+ |
tcpd |
Policy for TCP daemon. |
@@ -1196,6 +1385,11 @@ from Windows NT servers.
MIDI to WAV converter and player configured as a service |
|
+
+ ucspitcp |
+ ucspitcp policy |
+
+ |
uucp |
Unix to Unix Copy |
diff --git a/www/api-docs/interfaces.html b/www/api-docs/interfaces.html
index 05bc884..adfe364 100644
--- a/www/api-docs/interfaces.html
+++ b/www/api-docs/interfaces.html
@@ -16,6 +16,9 @@
-
acct
+ -
+ alsa
+
-
amanda
@@ -25,6 +28,9 @@
-
consoletype
+ -
+ ddcprobe
+
-
dmesg
@@ -40,12 +46,21 @@
-
logrotate
+ -
+ logwatch
+
-
netutils
+ -
+ prelink
+
-
quota
+ -
+ readahead
+
-
rpm
@@ -61,9 +76,15 @@
-
updfstab
+ -
+ usbmodules
+
-
usermanage
+ -
+ vbetool
+
-
vpn
@@ -73,12 +94,30 @@
apps
+ -
+ cdrecord
+
-
gpg
+ -
+ irc
+
+ -
+ java
+
-
loadkeys
+ -
+ lockdev
+
+ -
+ screen
+
+ -
+ slocate
+
-
webalizer
@@ -139,6 +178,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -184,9 +226,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -247,6 +295,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -268,6 +319,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -283,6 +337,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -301,6 +358,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -316,6 +379,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -328,6 +394,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
@@ -352,6 +421,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
@@ -538,6 +610,84 @@ Create, read, write, and delete process accounting data.
+Module:
+alsa
+Layer:
+admin
+
+
+alsa_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Domain transition to alsa
+
+
+
+
+Module:
+alsa
+Layer:
+admin
+
+
+alsa_rw_semaphores(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Allow read and write access to alsa semaphores.
+
+
+
+
+Module:
+alsa
+Layer:
+admin
+
+
+alsa_rw_shared_mem(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Allow read and write access to alsa shared memory.
+
+
+
+
-Module:
+Module:
authlogin
Layer:
system
-auth_create_login_records(
+auth_can_read_shadow_passwords(
@@ -1829,6 +1979,32 @@ Execute utempter programs in the utempter domain.
+Module:
+authlogin
+Layer:
+system
+
+
+auth_dontaudit_exec_utempter(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attemps to execute utempter executable.
+
+
+
+
+
+
+Module:
+authlogin
+Layer:
+system
+
+
+auth_filetrans_login_records(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+
+Summary is missing!
+
+
+
+
+
+
+Module:
+authlogin
+Layer:
+system
+
+
+auth_setattr_login_records(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+
+Summary is missing!
+
+
+
+
+
+
+Module:
+authlogin
+Layer:
+system
+
+
+auth_tunable_read_shadow(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+
+Summary is missing!
+
+
+
+
+
+
+Module:
+automount
+Layer:
+services
+
+
+automount_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Execute automount in the automount domain.
+
+
+
+
+
+
+Module:
+automount
+Layer:
+services
+
+
+automount_exec_config(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Execute automount in the caller domain.
+
+
+
+
+
+
+Module:
+bind
+Layer:
+services
+
+
+bind_read_zone(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read BIND zone files.
+
+
+
+
+
+
+Module:
+bind
+Layer:
+services
+
+
+bind_search_cache(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Search the BIND cache directory.
+
+
+
+
+
+
+Module:
+bluetooth
+Layer:
+services
+
+
+bluetooth_read_config(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read bluetooth daemon configuration.
+
+
+
+
+
+
-Module:
+Module:
bootloader
Layer:
kernel
-bootloader_create_kernel(
+bootloader_create_kernel_img(
@@ -3270,18 +3654,18 @@ Install a system.map into the /boot directory.
-Module:
+Module:
bootloader
Layer:
kernel
- bootloader_create_modules(
+ bootloader_create_runtime_file(
- ?
+ domain
)
@@ -3289,20 +3673,21 @@ kernel
-Summary is missing!
+Read and write the bootloader
+temporary data in /tmp.
-Module:
+Module:
bootloader
Layer:
kernel
- bootloader_create_runtime_file(
+ bootloader_delete_kernel(
@@ -3315,21 +3700,20 @@ kernel
-Read and write the bootloader
-temporary data in /tmp.
+Delete a kernel from /boot.
-Module:
+Module:
bootloader
Layer:
kernel
- bootloader_delete_kernel(
+ bootloader_delete_kernel_symbol_table(
@@ -3342,20 +3726,20 @@ kernel
-Delete a kernel from /boot.
+Delete a system.map in the /boot directory.
-Module:
+Module:
bootloader
Layer:
kernel
- bootloader_delete_kernel_symbol_table(
+ bootloader_domtrans(
@@ -3368,20 +3752,20 @@ kernel
-Delete a system.map in the /boot directory.
+Execute bootloader in the bootloader domain.
-Module:
+Module:
bootloader
Layer:
kernel
- bootloader_domtrans(
+ bootloader_dontaudit_getattr_boot_dir(
@@ -3394,20 +3778,21 @@ kernel
-Execute bootloader in the bootloader domain.
+Do not audit attempts to get attributes
+of the /boot directory.
-Module:
+Module:
bootloader
Layer:
kernel
- bootloader_dontaudit_getattr_boot_dir(
+ bootloader_dontaudit_search_boot(
@@ -3420,21 +3805,46 @@ kernel
-Do not audit attempts to get attributes
-of the /boot directory.
+Do not audit attempts to search the /boot directory.
-Module:
+Module:
bootloader
Layer:
kernel
-bootloader_dontaudit_search_boot(
+bootloader_filetrans_modules(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+
+Summary is missing!
+
+
+
+
+
+
+Module:
+bootloader
+Layer:
+kernel
+
+
+ bootloader_getattr_boot_dir(
@@ -3447,7 +3857,7 @@ kernel
-Do not audit attempts to search the /boot directory.
+Get attributes of the /boot directory.
@@ -4386,6 +4796,110 @@ Summary is missing!
+Module:
+corecommands
+Layer:
+kernel
+
+
+corecmd_manage_bin_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete bin files.
+
+
+
+
+
+
+Module:
+corecommands
+Layer:
+kernel
+
+
+corecmd_manage_sbin_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete sbin files.
+
+
+
+
+
+
+Module:
+corecommands
+Layer:
+kernel
+
+
+corecmd_mmap_bin_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Mmap a bin file as executable.
+
+
+
+
+
+
+Module:
+corecommands
+Layer:
+kernel
+
+
+corecmd_mmap_sbin_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Mmap a sbin file as executable.
+
+
+
+
+
+
+Module:
+corecommands
+Layer:
+kernel
+
+
+corecmd_relabel_bin_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Relabel to and from the bin type.
+
+
+
+
+
+
+Module:
+corecommands
+Layer:
+kernel
+
+
+corecmd_relabel_sbin_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Relabel to and from the sbin type.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_raw_receive_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Receive raw IP packets on the lo interface.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_raw_send_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Send raw IP packets on the lo interface.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_raw_sendrecv_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Send and receive raw IP packets on the lo interface.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_tcp_sendrecv_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Send and receive TCP network traffic on the lo interface.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_udp_receive_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Receive UDP network traffic on the lo interface.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_udp_send_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Send UDP network traffic on the lo interface.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_udp_sendrecv_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Send and receive UDP network traffic on the lo interface.
+
+
+
+
+
+
+Module:
+cron
+Layer:
+services
+
+
+cron_dontaudit_write_pipe(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to write cron daemon unnamed pipes.
+
+
+
+
+
+
+Module:
+daemontools
+Layer:
+system
+
+
+daemontools_domtrans_multilog(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Execute in the svc_multilog_t domain.
+
+
+
+
+
+
+Module:
+daemontools
+Layer:
+system
+
+
+daemontools_domtrans_run(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Execute in the svc_run_t domain.
+
+
+
+
+
+
+Module:
+daemontools
+Layer:
+system
+
+
+daemontools_domtrans_start(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Execute in the svc_start_t domain.
+
+
+
+
+
+
+Module:
+daemontools
+Layer:
+system
+
+
+daemontools_ipc_domain(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+An ipc channel between the supervised domain and svc_start_t
+
+
+
+
+
+
+Module:
+daemontools
+Layer:
+system
+
+
+daemontools_manage_svc(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Allow a domain to create svc_svc_t files.
+
+
+
+
+
+
+Module:
+daemontools
+Layer:
+system
+
+
+daemontools_read_svc(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Allow a domain to read svc_svc_t files.
+
+
+
+
+
+
+Module:
+daemontools
+Layer:
+system
+
+
+daemontools_service_domain(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ entrypoint
+
+
+ )
+
+
+
+
+Define a specified domain as a supervised service.
+
+
+
+
+
+
+Module:
+dbus
+Layer:
+services
+
+
+dbus_read_config(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read dbus configuration.
+
+
+
+
+
+
-Module:
-devices
-Layer:
-kernel
+Module:
+ddcprobe
+Layer:
+admin
- dev_append_printer(
+ ddcprobe_domtrans(
@@ -24662,20 +25652,20 @@ kernel
-Append the printer device.
+Execute ddcprobe in the ddcprobe domain.
-Module:
-devices
-Layer:
-kernel
+Module:
+ddcprobe
+Layer:
+admin
- dev_associate_usbfs(
+ ddcprobe_run(
@@ -24683,25 +25673,42 @@ kernel
domain
+
+ ,
+
+
+
+ role
+
+
+
+ ,
+
+
+
+ terminal
+
+
)
-Mount a usbfs filesystem.
+Execute ddcprobe in the ddcprobe domain, and
+allow the specified role the ddcprobe domain.
-Module:
+Module:
devices
Layer:
kernel
- dev_create_cardmgr(
+ dev_append_printer(
@@ -24714,22 +25721,20 @@ kernel
-Create, read, write, and delete
-the PCMCIA card manager device
-with the correct type.
+Append the printer device.
-Module:
+Module:
devices
Layer:
kernel
- dev_create_dev_node(
+ dev_associate_usbfs(
@@ -24737,20 +25742,30 @@ kernel
domain
-
- ,
-
-
-
- file
-
+ )
+
+
+
+
+Mount a usbfs filesystem.
+
+
+
+
+
+
+Module:
+devices
+Layer:
+kernel
+
+
+ dev_create_cardmgr(
- ,
-
- objectclass(es)
+ domain
)
@@ -24758,8 +25773,9 @@ kernel
-Create, read, and write device nodes. The node
-will be transitioned to the type provided.
+Create, read, write, and delete
+the PCMCIA card manager device
+with the correct type.
@@ -25053,6 +26069,32 @@ Dontaudit getattr on generic pipes.
+Module:
+devices
+Layer:
+kernel
+
+
+dev_dontaudit_getattr_memory_dev(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+dontaudit getattr raw memory devices (e.g. /dev/mem).
+
+
+
+
+
+
+Module:
+devices
+Layer:
+kernel
+
+
+dev_filetrans_dev_node(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ file
+
+
+
+ ,
+
+
+
+ objectclass(es)
+
+
+ )
+
+
+
+
+Create, read, and write device nodes. The node
+will be transitioned to the type provided.
+
+
+
+
+
+
+Module:
+domain
+Layer:
+kernel
+
+
+domain_manage_all_entry_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete all
+entrypoint files.
+
+
+
+
+
+
+Module:
+domain
+Layer:
+kernel
+
+
+domain_mmap_all_entry_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Mmap all entry point files as executable.
+
+
+
+
+
+
+Module:
+domain
+Layer:
+kernel
+
+
+domain_relabel_all_entry_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Relabel to and from all entry point
+file types.
+
+
+
+
+
+
-Module:
+Module:
files
Layer:
kernel
-files_create_etc_config(
+files_delete_all_locks(
@@ -29685,26 +30850,18 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
- files_create_home_dirs(
-
-
-
-
- domain
-
+ files_delete_all_pid_dirs(
- ,
-
- home_type
+ ?
)
@@ -29712,20 +30869,20 @@ kernel
-Create home directories
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-files_create_lock(
+files_delete_all_pids(
@@ -29745,18 +30902,18 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
- files_create_pid(
+ files_delete_etc_files(
- ?
+ domain
)
@@ -29764,49 +30921,25 @@ kernel
-Summary is missing!
+Delete system configuration files in /etc.
-Module:
+Module:
files
Layer:
kernel
- files_create_root(
-
-
-
-
- domain
-
-
-
- ,
-
-
-
- [
-
- private type
-
- ]
-
+ files_delete_root_dir_entry(
- ,
-
- [
-
- object
-
- ]
+ ?
)
@@ -29814,27 +30947,25 @@ kernel
-Create an object in the root directory, with a private
-type. If no object class is specified, the
-default is file.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
- files_create_tmp_files(
+ files_dontaudit_getattr_all_dirs(
- ?
+ domain
)
@@ -29842,20 +30973,21 @@ kernel
-Summary is missing!
+Do not audit attempts to get the attributes
+of all directories.
-Module:
+Module:
files
Layer:
kernel
- files_create_usr(
+ files_dontaudit_getattr_all_files(
@@ -29863,24 +30995,31 @@ kernel
domain
-
- ,
-
-
-
- file_type
-
+ )
+
+
+
+
+Do not audit attempts to get the attributes
+of all files.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+ files_dontaudit_getattr_all_pipes(
- ,
-
- [
-
- object_class
-
- ]
+ domain
)
@@ -29888,20 +31027,21 @@ kernel
-Create objects in the /usr directory
+Do not audit attempts to get the attributes
+of all named pipes.
-Module:
+Module:
files
Layer:
kernel
- files_create_var(
+ files_dontaudit_getattr_all_sockets(
@@ -29909,24 +31049,31 @@ kernel
domain
-
- ,
-
-
-
- file_type
-
+ )
+
+
+
+
+Do not audit attempts to get the attributes
+of all named sockets.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+ files_dontaudit_getattr_all_symlinks(
- ,
-
- [
-
- object_class
-
- ]
+ domain
)
@@ -29934,20 +31081,21 @@ kernel
-Create objects in the /var directory
+Do not audit attempts to get the attributes
+of all symbolic links.
-Module:
+Module:
files
Layer:
kernel
- files_create_var_lib(
+ files_dontaudit_getattr_default_dir(
@@ -29955,24 +31103,31 @@ kernel
domain
-
- ,
-
-
-
- file_type
-
+ )
+
+
+
+
+Do not audit attempts to get the attributes of
+directories with the default file type.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+ files_dontaudit_getattr_default_files(
- ,
-
- [
-
- object_class
-
- ]
+ domain
)
@@ -29980,25 +31135,26 @@ kernel
-Create objects in the /var/lib directory
+Do not audit attempts to get the attributes of
+files with the default file type.
-Module:
+Module:
files
Layer:
kernel
- files_delete_all_locks(
+ files_dontaudit_getattr_home_dir(
- ?
+ domain
)
@@ -30006,25 +31162,27 @@ kernel
-Summary is missing!
+Do not audit attempts to get the
+attributes of the home directories root
+(/home).
-Module:
+Module:
files
Layer:
kernel
- files_delete_all_pid_dirs(
+ files_dontaudit_getattr_non_security_blk_dev(
- ?
+ domain
)
@@ -30032,25 +31190,26 @@ kernel
-Summary is missing!
+Do not audit attempts to get the attributes
+of non security block devices.
-Module:
+Module:
files
Layer:
kernel
- files_delete_all_pids(
+ files_dontaudit_getattr_non_security_chr_dev(
- ?
+ domain
)
@@ -30058,20 +31217,21 @@ kernel
-Summary is missing!
+Do not audit attempts to get the attributes
+of non security character devices.
-Module:
+Module:
files
Layer:
kernel
- files_delete_etc_files(
+ files_dontaudit_getattr_non_security_files(
@@ -30084,25 +31244,26 @@ kernel
-Delete system configuration files in /etc.
+Do not audit attempts to get the attributes
+of non security files.
-Module:
+Module:
files
Layer:
kernel
- files_delete_root_dir_entry(
+ files_dontaudit_getattr_non_security_pipes(
- ?
+ domain
)
@@ -30110,20 +31271,21 @@ kernel
-Summary is missing!
+Do not audit attempts to get the attributes
+of non security named pipes.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_all_dirs(
+ files_dontaudit_getattr_non_security_sockets(
@@ -30137,20 +31299,20 @@ kernel
Do not audit attempts to get the attributes
-of all directories.
+of non security named sockets.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_all_files(
+ files_dontaudit_getattr_non_security_symlinks(
@@ -30164,20 +31326,20 @@ kernel
Do not audit attempts to get the attributes
-of all files.
+of non security symbolic links.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_all_pipes(
+ files_dontaudit_getattr_pid_dir(
@@ -30191,20 +31353,20 @@ kernel
Do not audit attempts to get the attributes
-of all named pipes.
+of the /var/run directory.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_all_sockets(
+ files_dontaudit_getattr_tmp_dir(
@@ -30217,21 +31379,21 @@ kernel
-Do not audit attempts to get the attributes
-of all named sockets.
+Do not audit attempts to get the
+attributes of the tmp directory (/tmp).
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_all_symlinks(
+ files_dontaudit_ioctl_all_pids(
@@ -30244,21 +31406,20 @@ kernel
-Do not audit attempts to get the attributes
-of all symbolic links.
+Do not audit attempts to ioctl daemon runtime data files.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_default_dir(
+ files_dontaudit_list_default(
@@ -30271,7 +31432,7 @@ kernel
-Do not audit attempts to get the attributes of
+Do not audit attempts to list contents of
directories with the default file type.
@@ -30279,13 +31440,13 @@ directories with the default file type.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_default_files(
+ files_dontaudit_list_home(
@@ -30298,21 +31459,21 @@ kernel
-Do not audit attempts to get the attributes of
-files with the default file type.
+Do not audit attempts to list
+home directories root (/home).
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_home_dir(
+ files_dontaudit_list_non_security(
@@ -30325,22 +31486,21 @@ kernel
-Do not audit attempts to get the
-attributes of the home directories root
-(/home).
+Do not audit attempts to list all
+non-security directories.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_non_security_blk_dev(
+ files_dontaudit_list_tmp(
@@ -30353,21 +31513,20 @@ kernel
-Do not audit attempts to get the attributes
-of non security block devices.
+Do not audit listing of the tmp directory (/tmp).
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_non_security_chr_dev(
+ files_dontaudit_read_default_files(
@@ -30380,21 +31539,21 @@ kernel
-Do not audit attempts to get the attributes
-of non security character devices.
+Do not audit attempts to read files
+with the default file type.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_non_security_files(
+ files_dontaudit_read_etc_runtime_files(
@@ -30407,26 +31566,27 @@ kernel
-Do not audit attempts to get the attributes
-of non security files.
+Do not audit attempts to read files
+in /etc that are dynamically
+created on boot, such as mtab.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_non_security_pipes(
+ files_dontaudit_read_root_file(
- domain
+ ?
)
@@ -30434,26 +31594,25 @@ kernel
-Do not audit attempts to get the attributes
-of non security named pipes.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_non_security_sockets(
+ files_dontaudit_rw_root_chr_dev(
- domain
+ ?
)
@@ -30461,26 +31620,25 @@ kernel
-Do not audit attempts to get the attributes
-of non security named sockets.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_non_security_symlinks(
+ files_dontaudit_rw_root_file(
- domain
+ ?
)
@@ -30488,26 +31646,25 @@ kernel
-Do not audit attempts to get the attributes
-of non security symbolic links.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_pid_dir(
+ files_dontaudit_search_all_dirs(
- domain
+ ?
)
@@ -30515,21 +31672,20 @@ kernel
-Do not audit attempts to get the attributes
-of the /var/run directory.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_getattr_tmp_dir(
+ files_dontaudit_search_home(
@@ -30542,21 +31698,21 @@ kernel
-Do not audit attempts to get the
-attributes of the tmp directory (/tmp).
+Do not audit attempts to search
+home directories root (/home).
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_ioctl_all_pids(
+ files_dontaudit_search_isid_type_dir(
@@ -30569,20 +31725,21 @@ kernel
-Do not audit attempts to ioctl daemon runtime data files.
+Do not audit attempts to search directories on new filesystems
+that have not yet been labeled.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_list_default(
+ files_dontaudit_search_locks(
@@ -30595,21 +31752,21 @@ kernel
-Do not audit attempts to list contents of
-directories with the default file type.
+Do not audit attempts to search the
+locks directory (/var/lock).
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_list_non_security(
+ files_dontaudit_search_pids(
@@ -30622,26 +31779,26 @@ kernel
-Do not audit attempts to list all
-non security directories.
+Do not audit attempts to search
+the /var/run directory.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_read_default_files(
+ files_dontaudit_search_src(
- domain
+ ?
)
@@ -30649,21 +31806,20 @@ kernel
-Do not audit attempts to read files
-with the default file type.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_read_etc_runtime_files(
+ files_dontaudit_search_var(
@@ -30676,27 +31832,26 @@ kernel
-Do not audit attempts to read files
-in /etc that are dynamically
-created on boot, such as mtab.
+Do not audit attempts to search
+the contents of /var.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_read_root_file(
+ files_dontaudit_write_all_pids(
- ?
+ domain
)
@@ -30704,25 +31859,25 @@ kernel
-Summary is missing!
+Do not audit attempts to write to daemon runtime data files.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_rw_root_chr_dev(
+ files_dontaudit_write_var(
- ?
+ domain
)
@@ -30730,20 +31885,20 @@ kernel
-Summary is missing!
+Do not audit attempts to write to /var.
-Module:
+Module:
files
Layer:
kernel
-files_dontaudit_rw_root_file(
+files_exec_etc_files(
@@ -30763,18 +31918,18 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_search_all_dirs(
+ files_exec_usr_files(
- ?
+ domain
)
@@ -30782,20 +31937,20 @@ kernel
-Summary is missing!
+Execute generic programs in /usr in the caller domain.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_search_home(
+ files_exec_usr_src_files(
@@ -30808,26 +31963,25 @@ kernel
-Do not audit attempts to search
-home directories root (/home).
+Execute programs in /usr/src in the caller domain.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_search_isid_type_dir(
+ files_filetrans_etc(
- domain
+ ?
)
@@ -30835,21 +31989,20 @@ kernel
-Do not audit attempts to search directories on new filesystems
-that have not yet been labeled.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_search_locks(
+ files_filetrans_home(
@@ -30857,31 +32010,50 @@ kernel
domain
+
+ ,
+
+
+
+ home_type
+
+
+
+ ,
+
+
+
+ [
+
+ object
+
+ ]
+
+
)
-Do not audit attempts to search the
-locks directory (/var/lock).
+Create objects in /home.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_search_pids(
+ files_filetrans_lock(
- domain
+ ?
)
@@ -30889,21 +32061,20 @@ kernel
-Do not audit attempts to search
-the /var/run directory.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-files_dontaudit_search_src(
+files_filetrans_pid(
@@ -30923,13 +32094,13 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_search_var(
+ files_filetrans_root(
@@ -30937,31 +32108,51 @@ kernel
domain
+
+ ,
+
+
+
+ private type
+
+
+
+ ,
+
+
+
+ [
+
+ object
+
+ ]
+
+
)
-Do not audit attempts to search
-the contents of /var.
+Create an object in the root directory, with a private
+type.
-Module:
+Module:
files
Layer:
kernel
- files_dontaudit_write_all_pids(
+ files_filetrans_tmp(
- domain
+ ?
)
@@ -30969,25 +32160,45 @@ kernel
-Do not audit attempts to write to daemon runtime data files.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
- files_exec_etc_files(
+ files_filetrans_usr(
- ?
+ domain
+
+
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ [
+
+ object_class
+
+ ]
)
@@ -30995,20 +32206,20 @@ kernel
-Summary is missing!
+Create objects in the /usr directory
-Module:
+Module:
files
Layer:
kernel
- files_exec_usr_files(
+ files_filetrans_var(
@@ -31016,25 +32227,45 @@ kernel
domain
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ [
+
+ object_class
+
+ ]
+
+
)
-Execute generic programs in /usr in the caller domain.
+Create objects in the /var directory
-Module:
+Module:
files
Layer:
kernel
- files_exec_usr_src_files(
+ files_filetrans_var_lib(
@@ -31042,12 +32273,32 @@ kernel
domain
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ [
+
+ object_class
+
+ ]
+
+
)
-Execute programs in /usr/src in the caller domain.
+Create objects in the /var/lib directory
@@ -31211,6 +32462,32 @@ Get the attributes of all symbolic links.
+Module:
+files
+Layer:
+kernel
+
+
+files_getattr_default_dir(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Getattr of directories with the default file type.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_getattr_isid_type_dir(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Getattr of directories on new filesystems
+that have not yet been labeled.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_list_non_security(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+List all non-security directories.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_mounton_all_poly_members(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Mount filesystems on all polyinstantiation
+member directories.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_polyinstantiate_all(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Allow access to manage all polyinstantiated
+directories on the system.
+
+
+
+
+
+
Module:
files
Layer:
@@ -32712,7 +34096,72 @@ kernel
-Read all directories on the filesystem, except
+Read all directories on the filesystem, except
+the listed exceptions.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_read_all_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_read_all_files_except(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ [
+
+ exception_types
+
+ ]
+
+
+ )
+
+
+
+
+Read all files on the filesystem, except
the listed exceptions.
@@ -32720,13 +34169,13 @@ the listed exceptions.
-Module:
+Module:
files
Layer:
kernel
- files_read_all_files(
+ files_read_all_locks(
@@ -32739,46 +34188,7 @@ kernel
-
-
-
-
-Module:
-files
-Layer:
-kernel
-
-
-files_read_all_files_except(
-
-
-
-
- domain
-
-
-
- ,
-
-
-
- [
-
- exception_types
-
- ]
-
-
- )
-
-
-
-
-Read all files on the filesystem, except
-the listed exceptions.
+Read all lock files.
@@ -32868,7 +34278,7 @@ kernel
-Read all symbloic links on the filesystem, except
+Read all symbolic links on the filesystem, except
the listed exceptions.
@@ -33138,6 +34548,32 @@ that have not yet been labeled.
+Module:
+files
+Layer:
+kernel
+
+
+files_read_non_security_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read all non-security files.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_write_non_security_dir(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Allow attempts to modify any directory
+
+
+
+
+
+
-Module:
+Module:
filesystem
Layer:
kernel
- fs_create_tmpfs_data(
+ fs_donaudit_read_removable_files(
- ?
+ domain
)
@@ -34669,7 +36131,7 @@ kernel
-Summary is missing!
+Do not audit attempts to read removable storage files.
@@ -34840,6 +36302,33 @@ attributes, such as ext3, JFS, or XFS.
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_dontaudit_list_auto_mountpoints(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to list directories of automatically
+mounted filesystems.
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_dontaudit_list_removable_dirs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to list removable storage directories.
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_dontaudit_rw_tmpfs_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to read or write
+generic tmpfs files.
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_dontaudit_use_tmpfs_chr_dev(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+dontaudit Read and write character nodes on tmpfs filesystems.
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_filetrans_tmpfs(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+
+Summary is missing!
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_list_auto_mountpoints(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read directories of automatically
+mounted filesystems.
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_list_nfs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+List NFS filesystem.
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_manage_auto_mountpoints(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete
+auto moutpoints.
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_read_eventpollfs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read eventpollfs files
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_read_removable_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read removable storage files.
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_read_removable_symlinks(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read removable storage symbolic links.
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_search_removable_dirs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Search removable storage directories.
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_search_rpc_dirs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Search directories of RPC file system pipes.
+
+
+
+
+
+
-Module:
-init
-Layer:
-system
-
-
-init_create_script_tmp(
-
-
-
-
- domain
-
-
-
- ,
-
-
-
- file_type
-
-
-
- ,
-
-
-
- [
-
- object_class
-
- ]
-
-
- )
-
-
-
-
-Create files in a init script
-temporary data directory.
-
-
-
-
-
-
+Module:
+init
+Layer:
+system
+
+
+init_dontaudit_lock_pid(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to lock
+init script pid files.
+
+
+
+
+
+
+Module:
+init
+Layer:
+system
+
+
+init_filetrans_script_tmp(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ [
+
+ object_class
+
+ ]
+
+
+ )
+
+
+
+
+Create files in a init script
+temporary data directory.
+
+
+
+
+
+
Module:
init
Layer:
@@ -43870,7 +45701,7 @@ kernel
-Unconfined access to the kernel.
+Unconfined access to kernel module resources.
@@ -44122,6 +45953,32 @@ Execute kudzu in the kudzu domain.
+Module:
+kudzu
+Layer:
+admin
+
+
+kudzu_getattr_exec_file(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Get attributes of kudzu executable.
+
+
+
+
+
+
+Module:
+libraries
+Layer:
+system
+
+
+libs_manage_ld_so(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete the
+dynamic link/loader.
+
+
+
+
+
+
+Module:
+libraries
+Layer:
+system
+
+
+libs_manage_lib_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete generic
+files in library directories.
+
+
+
+
+
+
+Module:
+libraries
+Layer:
+system
+
+
+libs_manage_shared_libs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete shared libraries.
+
+
+
+
+
+
+Module:
+libraries
+Layer:
+system
+
+
+libs_relabel_ld_so(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Relabel to and from the type used for
+the dynamic link/loader.
+
+
+
+
+
+
+Module:
+libraries
+Layer:
+system
+
+
+libs_relabel_lib_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Relabel to and from the type used
+for generic lib files.
+
+
+
+
+
+
+Module:
+libraries
+Layer:
+system
+
+
+libs_relabel_shared_libs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Relabel to and from the type used for
+shared libraries.
+
+
+
+
+
+
-Module:
+Module:
logging
Layer:
system
- logging_create_log(
+ logging_domtrans_auditctl(
- ?
+ domain
)
@@ -44847,20 +46865,20 @@ system
-Summary is missing!
+Execute auditctl in the auditctl domain.
-Module:
+Module:
logging
Layer:
system
- logging_domtrans_auditctl(
+ logging_domtrans_syslog(
@@ -44873,25 +46891,25 @@ system
-Execute auditctl in the auditctl domain.
+Execute syslogd in the syslog domain.
-Module:
+Module:
logging
Layer:
system
- logging_domtrans_syslog(
+ logging_dontaudit_getattr_all_logs(
- domain
+ ?
)
@@ -44899,25 +46917,25 @@ system
-Execute syslogd in the syslog domain.
+Summary is missing!
-Module:
+Module:
logging
Layer:
system
- logging_dontaudit_getattr_all_logs(
+ logging_exec_all_logs(
- ?
+ domain
)
@@ -44925,25 +46943,25 @@ system
-Summary is missing!
+Execute all log files in the caller domain.
-Module:
+Module:
logging
Layer:
system
- logging_exec_all_logs(
+ logging_filetrans_log(
- domain
+ ?
)
@@ -44951,7 +46969,7 @@ system
-Execute all log files in the caller domain.
+Summary is missing!
@@ -45090,6 +47108,32 @@ Summary is missing!
+Module:
+logging
+Layer:
+system
+
+
+logging_read_audit_log(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read the audit log.
+
+
+
+
+
+
+Module:
+logwatch
+Layer:
+admin
+
+
+logwatch_read_tmp_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read logwatch temporary files.
+
+
+
+
+
+
+Module:
+mount
+Layer:
+system
+
+
+mount_exec(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Execute mount in the caller domain.
+
+
+
+
+
+
+Module:
+mta
+Layer:
+services
+
+
+mta_filetrans_etc_aliases(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Type transition files created in /etc
+to the mail address aliases type.
+
+
+
+
+
+
+Module:
+mta
+Layer:
+services
+
+
+mta_filetrans_spool(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ private type
+
+
+
+ ,
+
+
+
+ [
+
+ object
+
+ ]
+
+
+ )
+
+
+
+
+Create private objects in the
+mail spool directory.
+
+
+
+
+
+
-Module:
-postfix
-Layer:
-services
-
-
-postfix_create_config(
-
-
-
-
- domain
-
-
-
- ,
-
-
-
- private type
-
-
-
- ,
-
-
-
- [
-
- object
-
- ]
-
-
- )
-
-
-
-
-Create files with the specified type in
-the postfix configuration directories.
-
-
-
-
-
-
+Module:
+postfix
+Layer:
+services
+
+
+postfix_filetrans_config(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ private type
+
+
+
+ ,
+
+
+
+ [
+
+ object
+
+ ]
+
+
+ )
+
+
+
+
+Create files with the specified type in
+the postfix configuration directories.
+
+
+
+
+
+
+Module:
+prelink
+Layer:
+admin
+
+
+prelink_delete_cache(
+
+
+
+
+ file_type
+
+
+ )
+
+
+
+
+Delete the prelink cache.
+
+
+
+
+
+
+Module:
+prelink
+Layer:
+admin
+
+
+prelink_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Execute the prelink program in the prelink domain.
+
+
+
+
+
+
+Module:
+prelink
+Layer:
+admin
+
+
+prelink_manage_log(
+
+
+
+
+ file_type
+
+
+ )
+
+
+
+
+Create, read, write, and delete
+prelink log files.
+
+
+
+
+
+
+Module:
+prelink
+Layer:
+admin
+
+
+prelink_object_file(
+
+
+
+
+ file_type
+
+
+ )
+
+
+
+
+Make the specified file type prelinkable.
+
+
+
+
+
+
+Module:
+prelink
+Layer:
+admin
+
+
+prelink_read_cache(
+
+
+
+
+ file_type
+
+
+ )
+
+
+
+
+Read the prelink cache.
+
+
+
+
+
+
+Module:
+rpm
+Layer:
+admin
+
+
+rpm_script_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Execute rpm_script programs in the rpm_script domain.
+
+
+
+
+
+
Module:
rpm
Layer:
@@ -52662,8 +54989,52 @@ system
-Execute restorecon in the restorecon domain, and
-allow the specified role the restorecon domain,
+Execute restorecon in the restorecon domain, and
+allow the specified role the restorecon domain,
+and use the caller's terminal.
+
+
+
+
+
+
+Module:
+selinuxutil
+Layer:
+system
+
+
+seutil_run_runinit(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ role
+
+
+
+ ,
+
+
+
+ terminal
+
+
+ )
+
+
+
+
+Execute run_init in the run_init domain, and
+allow the specified role the run_init domain,
and use the caller's terminal.
@@ -52671,13 +55042,13 @@ and use the caller's terminal.
-Module:
+Module:
selinuxutil
Layer:
system
- seutil_run_runinit(
+ seutil_run_setfiles(
@@ -52706,8 +55077,8 @@ system
-Execute run_init in the run_init domain, and
-allow the specified role the run_init domain,
+Execute setfiles in the setfiles domain, and
+allow the specified role the setfiles domain,
and use the caller's terminal.
@@ -52715,13 +55086,13 @@ and use the caller's terminal.
-Module:
+Module:
selinuxutil
Layer:
system
- seutil_run_setfiles(
+ seutil_search_default_contexts(
@@ -52729,20 +55100,30 @@ system
domain
-
- ,
-
-
-
- role
-
+ )
+
+
+
+
+Search the policy directory with default_context files.
+
+
+
+
+
+
+Module:
+selinuxutil
+Layer:
+system
+
+
+ seutil_sigchld_newrole(
- ,
-
- terminal
+ ?
)
@@ -52750,27 +55131,25 @@ system
-Execute setfiles in the setfiles domain, and
-allow the specified role the setfiles domain,
-and use the caller's terminal.
+Summary is missing!
-Module:
+Module:
selinuxutil
Layer:
system
- seutil_search_default_contexts(
+ seutil_use_newrole_fd(
- domain
+ ?
)
@@ -52778,20 +55157,20 @@ system
-Search the policy directory with default_context files.
+Summary is missing!
-Module:
+Module:
selinuxutil
Layer:
system
-seutil_sigchld_newrole(
+seutil_use_runinit_fd(
@@ -52811,18 +55190,18 @@ Summary is missing!
-Module:
-selinuxutil
-Layer:
-system
+Module:
+slocate
+Layer:
+apps
- seutil_use_newrole_fd(
+ slocate_create_append_log(
- ?
+ domain
)
@@ -52830,25 +55209,25 @@ system
-Summary is missing!
+Create the locate log with append mode.
-Module:
-selinuxutil
-Layer:
-system
+Module:
+slrnpull
+Layer:
+services
- seutil_use_runinit_fd(
+ slrnpull_manage_spool(
- ?
+ pty_type
)
@@ -52856,7 +55235,60 @@ system
-Summary is missing!
+Allow the domain to create, read,
+write, and delete slrnpull spools.
+
+
+
+
+
+
+Module:
+slrnpull
+Layer:
+services
+
+
+slrnpull_search_spool(
+
+
+
+
+ pty_type
+
+
+ )
+
+
+
+
+Allow the domain to search slrnpull spools.
+
+
+
+
+
+
+Module:
+smartmon
+Layer:
+services
+
+
+smartmon_read_tmp(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Allow caller to read smartmon temporary files.
@@ -54001,13 +56433,13 @@ Execute su in the caller domain.
-Module:
+Module:
sysnetwork
Layer:
system
- sysnet_create_config(
+ sysnet_dbus_chat_dhcpc(
@@ -54020,21 +56452,21 @@ system
-Create files in /etc with the type used for
-the network config files.
+Send and receive messages from
+dhcpc over dbus.
-Module:
+Module:
sysnetwork
Layer:
system
- sysnet_create_dhcp_state(
+ sysnet_delete_dhcpc_pid(
@@ -54042,45 +56474,25 @@ system
domain
-
- ,
-
-
-
- file_type
-
-
-
- ,
-
-
-
- [
-
- object_class
-
- ]
-
-
)
-Create DHCP state data.
+Delete the dhcp client pid file.
-Module:
+Module:
sysnetwork
Layer:
system
- sysnet_dbus_chat_dhcpc(
+ sysnet_dns_name_resolve(
@@ -54093,21 +56505,20 @@ system
-Send and receive messages from
-dhcpc over dbus.
+Perform a DNS name resolution.
-Module:
+Module:
sysnetwork
Layer:
system
- sysnet_delete_dhcpc_pid(
+ sysnet_domtrans_dhcpc(
@@ -54120,20 +56531,20 @@ system
-Delete the dhcp client pid file.
+Execute dhcp client in dhcpc domain.
-Module:
+Module:
sysnetwork
Layer:
system
- sysnet_dns_name_resolve(
+ sysnet_domtrans_ifconfig(
@@ -54146,20 +56557,20 @@ system
-Perform a DNS name resolution.
+Execute ifconfig in the ifconfig domain.
-Module:
+Module:
sysnetwork
Layer:
system
- sysnet_domtrans_dhcpc(
+ sysnet_dontaudit_read_config(
@@ -54172,20 +56583,20 @@ system
-Execute dhcp client in dhcpc domain.
+Do not audit attempts to read network config files.
-Module:
+Module:
sysnetwork
Layer:
system
- sysnet_domtrans_ifconfig(
+ sysnet_exec_ifconfig(
@@ -54198,20 +56609,20 @@ system
-Execute ifconfig in the ifconfig domain.
+Execute ifconfig in the caller domain.
-Module:
+Module:
sysnetwork
Layer:
system
- sysnet_dontaudit_read_config(
+ sysnet_filetrans_config(
@@ -54224,20 +56635,21 @@ system
-Do not audit attempts to read network config files.
+Create files in /etc with the type used for
+the network config files.
-Module:
+Module:
sysnetwork
Layer:
system
- sysnet_exec_ifconfig(
+ sysnet_filetrans_dhcp_state(
@@ -54245,12 +56657,32 @@ system
domain
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ [
+
+ object_class
+
+ ]
+
+
)
-Execute ifconfig in the caller domain.
+Create DHCP state data.
@@ -54708,6 +57140,32 @@ Connect and use remote port mappers.
+Module:
+sysstat
+Layer:
+services
+
+
+sysstat_manage_log(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Manage sysstat logs.
+
+
+
+
+
+
+Module:
+terminal
+Layer:
+kernel
+
+
+term_dontaudit_ioctl_unallocated_ttys(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to ioctl
+unallocated tty device nodes.
+
+
+
+
+
+
+Module:
+terminal
+Layer:
+kernel
+
+
+term_dontaudit_search_ptys(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to search the
+contents of the /dev/pts directory.
+
+
+
+
+
+
+Module:
+terminal
+Layer:
+kernel
+
+
+term_read_console(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read from the console.
+
+
+
+
+
+
+Module:
+ucspitcp
+Layer:
+services
+
+
+ucspitcp_service_domain(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ entrypoint
+
+
+ )
+
+
+
+
+Define a specified domain as a ucspitcp service.
+
+
+
+
+
+
-Module:
-userdomain
-Layer:
-system
+Module:
+usbmodules
+Layer:
+admin
- userdom_create_generic_user_home(
+ usbmodules_domtrans(
@@ -56481,38 +59053,25 @@ system
domain
-
- ,
-
-
-
- [
-
- object_class
-
- ]
-
-
)
-Create objects in generic user home directories
-with automatic file type transition.
+Execute usbmodules in the usbmodules domain.
-Module:
-userdomain
-Layer:
-system
+Module:
+usbmodules
+Layer:
+admin
- userdom_create_generic_user_home_dir(
+ usbmodules_run(
@@ -56520,13 +59079,30 @@ system
domain
+
+ ,
+
+
+
+ role
+
+
+
+ ,
+
+
+
+ terminal
+
+
)
-Create generic user home directories
-with automatic file type transition.
+Execute usbmodules in the usbmodules domain, and
+allow the specified role the usbmodules domain,
+and use the caller's terminal.
@@ -56972,6 +59548,72 @@ user ttys.
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_filetrans_generic_user_home(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ [
+
+ object_class
+
+ ]
+
+
+ )
+
+
+
+
+Create objects in generic user home directories
+with automatic file type transition.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_filetrans_generic_user_home_dir(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create generic user home directories
+with automatic file type transition.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_manage_unpriv_user_semaphores(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Manage unpriviledged user SysV sempaphores.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_manage_unpriv_user_shared_mem(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Manage unpriviledged user SysV shared
+memory segments.
+
+
+
+
+
+
+Module:
+vbetool
+Layer:
+admin
+
+
+vbetool_domtrans(
+
+
+
+
+ [
+
+ domain
+
+ ]
+
+
+ )
+
+
+
+
+Execute vbetool application in the vbetool domain.
+
+
+
+
+
+
+Module:
+vpn
+Layer:
+admin
+
+
+vpn_signal(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Send generic signals to VPN clients.
+
+
+
+
+
+
Module:
webalizer
Layer:
diff --git a/www/api-docs/kernel.html b/www/api-docs/kernel.html
index 5667144..ac3a835 100644
--- a/www/api-docs/kernel.html
+++ b/www/api-docs/kernel.html
@@ -92,7 +92,8 @@
Layer: kernel
-Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
+Policy for kernel threads, proc filesystem,
+and unlabeled processes and objects.
@@ -152,7 +153,8 @@ Basic filesystem types and interfaces.
kernel
-Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
+Policy for kernel threads, proc filesystem,
+and unlabeled processes and objects.
|
diff --git a/www/api-docs/kernel_bootloader.html b/www/api-docs/kernel_bootloader.html
index 5ec0660..a5dd10e 100644
--- a/www/api-docs/kernel_bootloader.html
+++ b/www/api-docs/kernel_bootloader.html
@@ -101,13 +101,13 @@
Interfaces:
-
+
-bootloader_create_kernel(
+bootloader_create_kernel_img(
@@ -185,18 +185,18 @@ No
-
+
- bootloader_create_modules(
+ bootloader_create_runtime_file(
- ?
+ domain
)
@@ -205,7 +205,8 @@ No
Summary
-Summary is missing!
+Read and write the bootloader
+temporary data in /tmp.
@@ -214,10 +215,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+The type of the process performing this action.
|
No
@@ -227,13 +228,13 @@ No
-
+
- bootloader_create_runtime_file(
+ bootloader_delete_kernel(
@@ -247,8 +248,7 @@ No
Summary
-Read and write the bootloader
-temporary data in /tmp.
+Delete a kernel from /boot.
@@ -270,13 +270,13 @@ No
-
+
- bootloader_delete_kernel(
+ bootloader_delete_kernel_symbol_table(
@@ -290,7 +290,7 @@ No
Summary
-Delete a kernel from /boot.
+Delete a system.map in the /boot directory.
@@ -312,13 +312,13 @@ No
-
+
- bootloader_delete_kernel_symbol_table(
+ bootloader_domtrans(
@@ -332,7 +332,7 @@ No
Summary
-Delete a system.map in the /boot directory.
+Execute bootloader in the bootloader domain.
@@ -354,13 +354,13 @@ No
-
+
- bootloader_domtrans(
+ bootloader_dontaudit_getattr_boot_dir(
@@ -374,7 +374,8 @@ No
Summary
-Execute bootloader in the bootloader domain.
+Do not audit attempts to get attributes
+of the /boot directory.
@@ -386,7 +387,7 @@ Execute bootloader in the bootloader domain.
domain
|
-The type of the process performing this action.
+Domain to not audit.
|
No
@@ -396,13 +397,13 @@ No
-
+
- bootloader_dontaudit_getattr_boot_dir(
+ bootloader_dontaudit_search_boot(
@@ -416,8 +417,7 @@ No
Summary
-Do not audit attempts to get attributes
-of the /boot directory.
+Do not audit attempts to search the /boot directory.
@@ -429,7 +429,7 @@ of the /boot directory.
domain
|
-Domain to not audit.
+The type of the process performing this action.
|
No
@@ -439,13 +439,55 @@ No
-
+
-bootloader_dontaudit_search_boot(
+bootloader_filetrans_modules(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+ Summary
+
+Summary is missing!
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+?
+ |
+
+Parameter descriptions are missing!
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+ bootloader_getattr_boot_dir(
@@ -459,7 +501,7 @@ No
Summary
-Do not audit attempts to search the /boot directory.
+Get attributes of the /boot directory.
@@ -471,7 +513,7 @@ Do not audit attempts to search the /boot directory.
domain
|
-The type of the process performing this action.
+Domain to not audit.
|
No
diff --git a/www/api-docs/kernel_corecommands.html b/www/api-docs/kernel_corecommands.html
index 9068d76..c44acb3 100644
--- a/www/api-docs/kernel_corecommands.html
+++ b/www/api-docs/kernel_corecommands.html
@@ -746,6 +746,174 @@ No
+
+
+
+
+
+
+corecmd_manage_bin_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete bin files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+corecmd_manage_sbin_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete sbin files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+corecmd_mmap_bin_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Mmap a bin file as executable.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+corecmd_mmap_sbin_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Mmap a sbin file as executable.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -1082,6 +1250,90 @@ No
+
+
+
+
+
+
+corecmd_relabel_bin_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Relabel to and from the bin type.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+corecmd_relabel_sbin_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Relabel to and from the sbin type.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/kernel_corenetwork.html b/www/api-docs/kernel_corenetwork.html
index 11e61b8..6697c54 100644
--- a/www/api-docs/kernel_corenetwork.html
+++ b/www/api-docs/kernel_corenetwork.html
@@ -610,6 +610,48 @@ No
+
+
+
+
+
+
+corenet_raw_receive_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Receive raw IP packets on the lo interface.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
@@ -1114,6 +1156,48 @@ No
+
+
+
+
+
+
+corenet_raw_send_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Send raw IP packets on the lo interface.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
@@ -1618,6 +1702,48 @@ No
+
+
+
+
+
+
+corenet_raw_sendrecv_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Send and receive raw IP packets on the lo interface.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
@@ -12034,6 +12160,48 @@ No
+
+
+
+
+
+
+corenet_tcp_sendrecv_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Send and receive TCP network traffic on the lo interface.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
@@ -20434,6 +20602,48 @@ No
+
+
+
+
+
+
+corenet_udp_receive_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Receive UDP network traffic on the lo interface.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
@@ -24676,6 +24886,48 @@ No
+
+
+
+
+
+
+corenet_udp_send_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Send UDP network traffic on the lo interface.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
@@ -28918,6 +29170,48 @@ No
+
+
+
+
+
+
+corenet_udp_sendrecv_lo_if(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Send and receive UDP network traffic on the lo interface.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/kernel_devices.html b/www/api-docs/kernel_devices.html
index 02f9001..28977b7 100644
--- a/www/api-docs/kernel_devices.html
+++ b/www/api-docs/kernel_devices.html
@@ -252,86 +252,6 @@ No
-
-
-
-
-
-
-dev_create_dev_node(
-
-
-
-
- domain
-
-
-
- ,
-
-
-
- file
-
-
-
- ,
-
-
-
- objectclass(es)
-
-
- )
-
-
-
- Summary
-
-Create, read, and write device nodes. The node
-will be transitioned to the type provided.
-
-
-
- Parameters
-
-| Parameter: | Description: | Optional: |
|---|
-
-|
-domain
- |
-
-Domain allowed access.
-
- |
-No
- |
-
-|
-file
- |
-
-Type to which the created node will be transitioned.
-
- |
-No
- |
-
-|
-objectclass(es)
- |
-
-Object class(es) (single or set including {}) for which this
-the transition will occur.
-
- |
-No
- |
-
-
-
-
@@ -795,6 +715,48 @@ No
+
+
+
+
+
+
+dev_dontaudit_getattr_memory_dev(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+dontaudit getattr raw memory devices (e.g. /dev/mem).
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -1646,6 +1608,86 @@ No
+
+
+
+
+
+
+dev_filetrans_dev_node(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ file
+
+
+
+ ,
+
+
+
+ objectclass(es)
+
+
+ )
+
+
+
+ Summary
+
+Create, read, and write device nodes. The node
+will be transitioned to the type provided.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+|
+file
+ |
+
+Type to which the created node will be transitioned.
+
+ |
+No
+ |
+
+|
+objectclass(es)
+ |
+
+Object class(es) (single or set including {}) for which this
+the transition will occur.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/kernel_domain.html b/www/api-docs/kernel_domain.html
index c72992b..81fe238 100644
--- a/www/api-docs/kernel_domain.html
+++ b/www/api-docs/kernel_domain.html
@@ -1543,6 +1543,91 @@ No
+
+
+
+
+
+
+domain_manage_all_entry_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete all
+entrypoint files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+domain_mmap_all_entry_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Mmap all entry point files as executable.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -1754,6 +1839,49 @@ No
+
+
+
+
+
+
+domain_relabel_all_entry_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Relabel to and from all entry point
+file types.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/kernel_files.html b/www/api-docs/kernel_files.html
index 4db3242..b7ed449 100644
--- a/www/api-docs/kernel_files.html
+++ b/www/api-docs/kernel_files.html
@@ -244,13 +244,13 @@ No
-
+
-files_create_etc_config(
+files_delete_all_locks(
@@ -286,26 +286,18 @@ No
-
+
- files_create_home_dirs(
-
-
-
-
- domain
-
+ files_delete_all_pid_dirs(
- ,
-
- home_type
+ ?
)
@@ -314,7 +306,7 @@ No
Summary
-Create home directories
+Summary is missing!
@@ -323,20 +315,52 @@ Create home directories
| Parameter: | Description: | Optional: |
|---|
|
-domain
+?
|
-The type of the process performing this action.
+Parameter descriptions are missing!
|
No
|
+
+
+
+
+
+
+
+
+
+
+files_delete_all_pids(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+ Summary
+
+Summary is missing!
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
|
-home_type
+?
|
-The type of the home directory
+Parameter descriptions are missing!
|
No
@@ -346,18 +370,18 @@ No
-
+
- files_create_lock(
+ files_delete_etc_files(
- ?
+ domain
)
@@ -366,7 +390,7 @@ No
Summary
-Summary is missing!
+Delete system configuration files in /etc.
@@ -375,10 +399,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+The type of the process performing this action.
|
No
@@ -388,13 +412,13 @@ No
-
+
-files_create_pid(
+files_delete_root_dir_entry(
@@ -430,13 +454,13 @@ No
-
+
-files_create_root(
+files_dontaudit_getattr_all_dirs(
@@ -444,39 +468,14 @@ No
domain
-
- ,
-
-
-
- [
-
- private type
-
- ]
-
-
-
- ,
-
-
-
- [
-
- object
-
- ]
-
-
)
Summary
-Create an object in the root directory, with a private
-type. If no object class is specified, the
-default is file.
+Do not audit attempts to get the attributes
+of all directories.
@@ -488,51 +487,71 @@ default is file.
domain
|
-The type of the process performing this action.
+Domain to not audit.
|
No
|
- |
-private type
- |
+ | |
+
+
- |
-yes
- |
+
+
+
+files_dontaudit_getattr_all_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Do not audit attempts to get the attributes
+of all files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
|
-object
+domain
|
-The object class of the object being created. If
-no class is specified, file will be used.
+Domain to not audit.
|
-yes
+No
|
-
+
- files_create_tmp_files(
+ files_dontaudit_getattr_all_pipes(
- ?
+ domain
)
@@ -541,7 +560,8 @@ yes
Summary
-Summary is missing!
+Do not audit attempts to get the attributes
+of all named pipes.
@@ -550,10 +570,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+Domain to not audit.
|
No
@@ -563,13 +583,13 @@ No
-
+
-files_create_usr(
+files_dontaudit_getattr_all_sockets(
@@ -577,33 +597,14 @@ No
domain
-
- ,
-
-
-
- file_type
-
-
-
- ,
-
-
-
- [
-
- object_class
-
- ]
-
-
)
Summary
-Create objects in the /usr directory
+Do not audit attempts to get the attributes
+of all named sockets.
@@ -615,43 +616,66 @@ Create objects in the /usr directory
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
|
- |
-file_type
- |
+
+
+
-The type of the object to be created
+
+
- |
-No
- |
+
+
+
+files_dontaudit_getattr_all_symlinks(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Do not audit attempts to get the attributes
+of all symbolic links.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
|
-object_class
+domain
|
-The object class. If not specified, file is used.
+Domain to not audit.
|
-yes
+No
|
-
+
-files_create_var(
+files_dontaudit_getattr_default_dir(
@@ -659,33 +683,14 @@ yes
domain
-
- ,
-
-
-
- file_type
-
-
-
- ,
-
-
-
- [
-
- object_class
-
- ]
-
-
)
Summary
-Create objects in the /var directory
+Do not audit attempts to get the attributes of
+directories with the default file type.
@@ -697,43 +702,66 @@ Create objects in the /var directory
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
|
- |
-file_type
- |
+
+
+
-The type of the object to be created
+
+
- |
-No
- |
+
+
+
+files_dontaudit_getattr_default_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Do not audit attempts to get the attributes of
+files with the default file type.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
|
-object_class
+domain
|
-The object class. If not specified, file is used.
+Domain to not audit.
|
-yes
+No
|
-
+
-files_create_var_lib(
+files_dontaudit_getattr_home_dir(
@@ -741,33 +769,15 @@ yes
domain
-
- ,
-
-
-
- file_type
-
-
-
- ,
-
-
-
- [
-
- object_class
-
- ]
-
-
)
Summary
-Create objects in the /var/lib directory
+Do not audit attempts to get the
+attributes of the home directories root
+(/home).
@@ -779,48 +789,71 @@ Create objects in the /var/lib directory
domain
-Domain allowed access.
+Domain to not audit.
|
No
|
- |
-file_type
- |
+
+
+
-The type of the object to be created
+
+
- |
-No
- |
+
+
+
+files_dontaudit_getattr_non_security_blk_dev(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Do not audit attempts to get the attributes
+of non security block devices.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
|
-object_class
+domain
|
-The object class. If not specified, file is used.
+Domain to not audit.
|
-yes
+No
|
-
+
- files_delete_all_locks(
+ files_dontaudit_getattr_non_security_chr_dev(
- ?
+ domain
)
@@ -829,7 +862,8 @@ yes
Summary
-Summary is missing!
+Do not audit attempts to get the attributes
+of non security character devices.
@@ -838,10 +872,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+Domain to not audit.
|
No
@@ -851,18 +885,18 @@ No
-
+
- files_delete_all_pid_dirs(
+ files_dontaudit_getattr_non_security_files(
- ?
+ domain
)
@@ -871,7 +905,8 @@ No
Summary
-Summary is missing!
+Do not audit attempts to get the attributes
+of non security files.
@@ -880,10 +915,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+Domain to not audit.
|
No
@@ -893,18 +928,18 @@ No
-
+
- files_delete_all_pids(
+ files_dontaudit_getattr_non_security_pipes(
- ?
+ domain
)
@@ -913,7 +948,8 @@ No
Summary
-Summary is missing!
+Do not audit attempts to get the attributes
+of non security named pipes.
@@ -922,10 +958,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+Domain to not audit.
|
No
@@ -935,13 +971,13 @@ No
-
+
- files_delete_etc_files(
+ files_dontaudit_getattr_non_security_sockets(
@@ -955,7 +991,8 @@ No
Summary
-Delete system configuration files in /etc.
+Do not audit attempts to get the attributes
+of non security named sockets.
@@ -967,7 +1004,7 @@ Delete system configuration files in /etc.
domain
|
-The type of the process performing this action.
+Domain to not audit.
|
No
@@ -977,18 +1014,18 @@ No
-
+
- files_delete_root_dir_entry(
+ files_dontaudit_getattr_non_security_symlinks(
- ?
+ domain
)
@@ -997,7 +1034,8 @@ No
Summary
-Summary is missing!
+Do not audit attempts to get the attributes
+of non security symbolic links.
@@ -1006,10 +1044,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+Domain to not audit.
|
No
@@ -1019,13 +1057,13 @@ No
-
+
- files_dontaudit_getattr_all_dirs(
+ files_dontaudit_getattr_pid_dir(
@@ -1040,7 +1078,7 @@ No
Summary
Do not audit attempts to get the attributes
-of all directories.
+of the /var/run directory.
@@ -1062,13 +1100,13 @@ No
-
+
- files_dontaudit_getattr_all_files(
+ files_dontaudit_getattr_tmp_dir(
@@ -1082,8 +1120,8 @@ No
Summary
-Do not audit attempts to get the attributes
-of all files.
+Do not audit attempts to get the
+attributes of the tmp directory (/tmp).
@@ -1095,7 +1133,7 @@ of all files.
domain
|
-Domain to not audit.
+The type of the process performing this action.
|
No
@@ -1105,13 +1143,13 @@ No
-
+
- files_dontaudit_getattr_all_pipes(
+ files_dontaudit_ioctl_all_pids(
@@ -1125,8 +1163,7 @@ No
Summary
-Do not audit attempts to get the attributes
-of all named pipes.
+Do not audit attempts to ioctl daemon runtime data files.
@@ -1138,7 +1175,7 @@ of all named pipes.
domain
|
-Domain to not audit.
+The type of the process performing this action.
|
No
@@ -1148,13 +1185,13 @@ No
-
+
- files_dontaudit_getattr_all_sockets(
+ files_dontaudit_list_default(
@@ -1168,8 +1205,8 @@ No
Summary
-Do not audit attempts to get the attributes
-of all named sockets.
+Do not audit attempts to list contents of
+directories with the default file type.
@@ -1191,13 +1228,13 @@ No
-
+
- files_dontaudit_getattr_all_symlinks(
+ files_dontaudit_list_home(
@@ -1211,8 +1248,8 @@ No
Summary
-Do not audit attempts to get the attributes
-of all symbolic links.
+Do not audit attempts to list
+home directories root (/home).
@@ -1234,13 +1271,13 @@ No
-
+
- files_dontaudit_getattr_default_dir(
+ files_dontaudit_list_non_security(
@@ -1254,8 +1291,8 @@ No
Summary
-Do not audit attempts to get the attributes of
-directories with the default file type.
+Do not audit attempts to list all
+non-security directories.
@@ -1277,13 +1314,13 @@ No
-
+
- files_dontaudit_getattr_default_files(
+ files_dontaudit_list_tmp(
@@ -1297,8 +1334,7 @@ No
Summary
-Do not audit attempts to get the attributes of
-files with the default file type.
+Do not audit listing of the tmp directory (/tmp).
@@ -1310,7 +1346,7 @@ files with the default file type.
domain
|
-Domain to not audit.
+Domain not to audit.
|
No
@@ -1320,13 +1356,13 @@ No
-
+
- files_dontaudit_getattr_home_dir(
+ files_dontaudit_read_default_files(
@@ -1340,9 +1376,8 @@ No
Summary
-Do not audit attempts to get the
-attributes of the home directories root
-(/home).
+Do not audit attempts to read files
+with the default file type.
@@ -1364,13 +1399,13 @@ No
-
+
- files_dontaudit_getattr_non_security_blk_dev(
+ files_dontaudit_read_etc_runtime_files(
@@ -1384,8 +1419,9 @@ No
Summary
-Do not audit attempts to get the attributes
-of non security block devices.
+Do not audit attempts to read files
+in /etc that are dynamically
+created on boot, such as mtab.
@@ -1407,18 +1443,18 @@ No
-
+
- files_dontaudit_getattr_non_security_chr_dev(
+ files_dontaudit_read_root_file(
- domain
+ ?
)
@@ -1427,8 +1463,7 @@ No
Summary
-Do not audit attempts to get the attributes
-of non security character devices.
+Summary is missing!
@@ -1437,10 +1472,10 @@ of non security character devices.
| Parameter: | Description: | Optional: |
|---|
|
-domain
+?
|
-Domain to not audit.
+Parameter descriptions are missing!
|
No
@@ -1450,18 +1485,18 @@ No
-
+
- files_dontaudit_getattr_non_security_files(
+ files_dontaudit_rw_root_chr_dev(
- domain
+ ?
)
@@ -1470,8 +1505,7 @@ No
Summary
-Do not audit attempts to get the attributes
-of non security files.
+Summary is missing!
@@ -1480,10 +1514,10 @@ of non security files.
| Parameter: | Description: | Optional: |
|---|
|
-domain
+?
|
-Domain to not audit.
+Parameter descriptions are missing!
|
No
@@ -1493,18 +1527,18 @@ No
-
+
- files_dontaudit_getattr_non_security_pipes(
+ files_dontaudit_rw_root_file(
- domain
+ ?
)
@@ -1513,8 +1547,7 @@ No
Summary
-Do not audit attempts to get the attributes
-of non security named pipes.
+Summary is missing!
@@ -1523,10 +1556,10 @@ of non security named pipes.
| Parameter: | Description: | Optional: |
|---|
|
-domain
+?
|
-Domain to not audit.
+Parameter descriptions are missing!
|
No
@@ -1536,18 +1569,18 @@ No
-
+
- files_dontaudit_getattr_non_security_sockets(
+ files_dontaudit_search_all_dirs(
- domain
+ ?
)
@@ -1556,8 +1589,7 @@ No
Summary
-Do not audit attempts to get the attributes
-of non security named sockets.
+Summary is missing!
@@ -1566,10 +1598,10 @@ of non security named sockets.
| Parameter: | Description: | Optional: |
|---|
|
-domain
+?
|
-Domain to not audit.
+Parameter descriptions are missing!
|
No
@@ -1579,13 +1611,13 @@ No
-
+
- files_dontaudit_getattr_non_security_symlinks(
+ files_dontaudit_search_home(
@@ -1599,8 +1631,8 @@ No
Summary
-Do not audit attempts to get the attributes
-of non security symbolic links.
+Do not audit attempts to search
+home directories root (/home).
@@ -1622,13 +1654,13 @@ No
-
+
- files_dontaudit_getattr_pid_dir(
+ files_dontaudit_search_isid_type_dir(
@@ -1642,8 +1674,8 @@ No
Summary
-Do not audit attempts to get the attributes
-of the /var/run directory.
+Do not audit attempts to search directories on new filesystems
+that have not yet been labeled.
@@ -1655,7 +1687,7 @@ of the /var/run directory.
domain
|
-Domain to not audit.
+The type of the process performing this action.
|
No
@@ -1665,13 +1697,13 @@ No
-
+
- files_dontaudit_getattr_tmp_dir(
+ files_dontaudit_search_locks(
@@ -1685,8 +1717,8 @@ No
Summary
-Do not audit attempts to get the
-attributes of the tmp directory (/tmp).
+Do not audit attempts to search the
+locks directory (/var/lock).
@@ -1698,7 +1730,7 @@ attributes of the tmp directory (/tmp).
domain
|
-The type of the process performing this action.
+Domain to not audit.
|
No
@@ -1708,13 +1740,13 @@ No
-
+
- files_dontaudit_ioctl_all_pids(
+ files_dontaudit_search_pids(
@@ -1728,7 +1760,8 @@ No
Summary
-Do not audit attempts to ioctl daemon runtime data files.
+Do not audit attempts to search
+the /var/run directory.
@@ -1740,7 +1773,7 @@ Do not audit attempts to ioctl daemon runtime data files.
domain
|
-The type of the process performing this action.
+Domain to not audit.
|
No
@@ -1750,18 +1783,18 @@ No
-
+
- files_dontaudit_list_default(
+ files_dontaudit_search_src(
- domain
+ ?
)
@@ -1770,8 +1803,7 @@ No
Summary
-Do not audit attempts to list contents of
-directories with the default file type.
+Summary is missing!
@@ -1780,10 +1812,10 @@ directories with the default file type.
| Parameter: | Description: | Optional: |
|---|
|
-domain
+?
|
-Domain to not audit.
+Parameter descriptions are missing!
|
No
@@ -1793,13 +1825,13 @@ No
-
+
- files_dontaudit_list_non_security(
+ files_dontaudit_search_var(
@@ -1813,8 +1845,8 @@ No
Summary
-Do not audit attempts to list all
-non security directories.
+Do not audit attempts to search
+the contents of /var.
@@ -1836,13 +1868,13 @@ No
-
+
- files_dontaudit_read_default_files(
+ files_dontaudit_write_all_pids(
@@ -1856,8 +1888,7 @@ No
Summary
-Do not audit attempts to read files
-with the default file type.
+Do not audit attempts to write to daemon runtime data files.
@@ -1869,7 +1900,7 @@ with the default file type.
domain
|
-Domain to not audit.
+The type of the process performing this action.
|
No
@@ -1879,13 +1910,13 @@ No
-
+
- files_dontaudit_read_etc_runtime_files(
+ files_dontaudit_write_var(
@@ -1899,9 +1930,7 @@ No
Summary
-Do not audit attempts to read files
-in /etc that are dynamically
-created on boot, such as mtab.
+Do not audit attempts to write to /var.
@@ -1923,13 +1952,13 @@ No
-
+
-files_dontaudit_read_root_file(
+files_exec_etc_files(
@@ -1965,18 +1994,18 @@ No
-
+
- files_dontaudit_rw_root_chr_dev(
+ files_exec_usr_files(
- ?
+ domain
)
@@ -1985,7 +2014,7 @@ No
Summary
-Summary is missing!
+Execute generic programs in /usr in the caller domain.
@@ -1994,10 +2023,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+The type of the process performing this action.
|
No
@@ -2007,18 +2036,18 @@ No
-
+
- files_dontaudit_rw_root_file(
+ files_exec_usr_src_files(
- ?
+ domain
)
@@ -2027,7 +2056,7 @@ No
Summary
-Summary is missing!
+Execute programs in /usr/src in the caller domain.
@@ -2036,10 +2065,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+The type of the process performing this action.
|
No
@@ -2049,13 +2078,13 @@ No
-
+
-files_dontaudit_search_all_dirs(
+files_filetrans_etc(
@@ -2091,13 +2120,13 @@ No
-
+
-files_dontaudit_search_home(
+files_filetrans_home(
@@ -2105,14 +2134,33 @@ No
domain
+
+ ,
+
+
+
+ home_type
+
+
+
+ ,
+
+
+
+ [
+
+ object
+
+ ]
+
+
)
Summary
-Do not audit attempts to search
-home directories root (/home).
+Create objects in /home.
@@ -2124,28 +2172,49 @@ home directories root (/home).
domain
|
-Domain to not audit.
+The type of the process performing this action.
+
+ |
+No
+ |
+
+ |
+home_type
+ |
+
+The private type.
|
No
|
+ |
+object
+ |
+
+The object class of the object being created. If
+no class is specified, dir will be used.
+
+ |
+yes
+ |
+
-
+
- files_dontaudit_search_isid_type_dir(
+ files_filetrans_lock(
- domain
+ ?
)
@@ -2154,8 +2223,7 @@ No
Summary
-Do not audit attempts to search directories on new filesystems
-that have not yet been labeled.
+Summary is missing!
@@ -2164,10 +2232,10 @@ that have not yet been labeled.
| Parameter: | Description: | Optional: |
|---|
|
-domain
+?
|
-The type of the process performing this action.
+Parameter descriptions are missing!
|
No
@@ -2177,18 +2245,18 @@ No
-
+
- files_dontaudit_search_locks(
+ files_filetrans_pid(
- domain
+ ?
)
@@ -2197,8 +2265,7 @@ No
Summary
-Do not audit attempts to search the
-locks directory (/var/lock).
+Summary is missing!
@@ -2207,10 +2274,10 @@ locks directory (/var/lock).
| Parameter: | Description: | Optional: |
|---|
|
-domain
+?
|
-Domain to not audit.
+Parameter descriptions are missing!
|
No
@@ -2220,13 +2287,13 @@ No
-
+
-files_dontaudit_search_pids(
+files_filetrans_root(
@@ -2234,14 +2301,34 @@ No
domain
+
+ ,
+
+
+
+ private type
+
+
+
+ ,
+
+
+
+ [
+
+ object
+
+ ]
+
+
)
Summary
-Do not audit attempts to search
-the /var/run directory.
+Create an object in the root directory, with a private
+type.
@@ -2253,23 +2340,44 @@ the /var/run directory.
domain
|
-Domain to not audit.
+The type of the process performing this action.
+
+ |
+No
+ |
+
+ |
+private type
+ |
+
+The type of the object to be created.
|
No
|
+ |
+object
+ |
+
+The object class of the object being created. If
+no class is specified, file will be used.
+
+ |
+yes
+ |
+
-
+
-files_dontaudit_search_src(
+files_filetrans_tmp(
@@ -2305,13 +2413,13 @@ No
-
+
-files_dontaudit_search_var(
+files_filetrans_usr(
@@ -2319,14 +2427,33 @@ No
domain
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ [
+
+ object_class
+
+ ]
+
+
)
Summary
-Do not audit attempts to search
-the contents of /var.
+Create objects in the /usr directory
@@ -2338,23 +2465,43 @@ the contents of /var.
domain
|
-Domain to not audit.
+Domain allowed access.
+
+ |
+No
+ |
+
+ |
+file_type
+ |
+
+The type of the object to be created
|
No
|
+ |
+object_class
+ |
+
+The object class. If not specified, file is used.
+
+ |
+yes
+ |
+
-
+
-files_dontaudit_write_all_pids(
+files_filetrans_var(
@@ -2362,13 +2509,33 @@ No
domain
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ [
+
+ object_class
+
+ ]
+
+
)
Summary
-Do not audit attempts to write to daemon runtime data files.
+Create objects in the /var directory
@@ -2380,28 +2547,68 @@ Do not audit attempts to write to daemon runtime data files.
domain
|
-The type of the process performing this action.
+Domain allowed access.
+
+ |
+No
+ |
+
+ |
+file_type
+ |
+
+The type of the object to be created
|
No
|
+ |
+object_class
+ |
+
+The object class. If not specified, file is used.
+
+ |
+yes
+ |
+
-
+
- files_exec_etc_files(
+ files_filetrans_var_lib(
- ?
+ domain
+
+
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ [
+
+ object_class
+
+ ]
)
@@ -2410,7 +2617,7 @@ No
Summary
-Summary is missing!
+Create objects in the /var/lib directory
@@ -2419,26 +2626,46 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+Domain allowed access.
+
+ |
+No
+ |
+
+ |
+file_type
+ |
+
+The type of the object to be created
|
No
|
+ |
+object_class
+ |
+
+The object class. If not specified, file is used.
+
+ |
+yes
+ |
+
-
+
- files_exec_usr_files(
+ files_getattr_all_dirs(
@@ -2452,7 +2679,7 @@ No
Summary
-Execute generic programs in /usr in the caller domain.
+Get the attributes of all directories.
@@ -2464,7 +2691,7 @@ Execute generic programs in /usr in the caller domain.
domain
|
-The type of the process performing this action.
+Domain allowed access.
|
No
@@ -2474,13 +2701,13 @@ No
-
+
- files_exec_usr_src_files(
+ files_getattr_all_file_type_sockets(
@@ -2494,7 +2721,8 @@ No
Summary
-Execute programs in /usr/src in the caller domain.
+Get the attributes of all sockets
+with the type of a file.
@@ -2506,7 +2734,7 @@ Execute programs in /usr/src in the caller domain.
domain
|
-The type of the process performing this action.
+Domain allowed access.
|
No
@@ -2516,13 +2744,13 @@ No
-
+
- files_getattr_all_dirs(
+ files_getattr_all_files(
@@ -2536,7 +2764,7 @@ No
Summary
-Get the attributes of all directories.
+Get the attributes of all files.
@@ -2558,13 +2786,13 @@ No
-
+
- files_getattr_all_file_type_sockets(
+ files_getattr_all_pipes(
@@ -2578,8 +2806,7 @@ No
Summary
-Get the attributes of all sockets
-with the type of a file.
+Get the attributes of all named pipes.
@@ -2601,13 +2828,13 @@ No
-
+
- files_getattr_all_files(
+ files_getattr_all_sockets(
@@ -2621,7 +2848,7 @@ No
Summary
-Get the attributes of all files.
+Get the attributes of all named sockets.
@@ -2643,13 +2870,13 @@ No
-
+
- files_getattr_all_pipes(
+ files_getattr_all_symlinks(
@@ -2663,7 +2890,7 @@ No
Summary
-Get the attributes of all named pipes.
+Get the attributes of all symbolic links.
@@ -2685,13 +2912,13 @@ No
-
+
- files_getattr_all_sockets(
+ files_getattr_default_dir(
@@ -2705,7 +2932,7 @@ No
Summary
-Get the attributes of all named sockets.
+Getattr of directories with the default file type.
@@ -2727,18 +2954,18 @@ No
-
+
- files_getattr_all_symlinks(
+ files_getattr_generic_locks(
- domain
+ ?
)
@@ -2747,7 +2974,7 @@ No
Summary
-Get the attributes of all symbolic links.
+Summary is missing!
@@ -2756,10 +2983,10 @@ Get the attributes of all symbolic links.
| Parameter: | Description: | Optional: |
|---|
|
-domain
+?
|
-Domain allowed access.
+Parameter descriptions are missing!
|
No
@@ -2769,18 +2996,18 @@ No
-
+
- files_getattr_generic_locks(
+ files_getattr_home_dir(
- ?
+ domain
)
@@ -2789,7 +3016,8 @@ No
Summary
-Summary is missing!
+Get the attributes of the home directories root
+(/home).
@@ -2798,10 +3026,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+The type of the process performing this action.
|
No
@@ -2811,13 +3039,13 @@ No
-
+
- files_getattr_home_dir(
+ files_getattr_isid_type_dir(
@@ -2831,8 +3059,8 @@ No
Summary
-Get the attributes of the home directories root
-(/home).
+Getattr of directories on new filesystems
+that have not yet been labeled.
@@ -3275,6 +3503,48 @@ No
+
+
+
+
+
+
+files_list_non_security(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+List all non-security directories.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -4613,6 +4883,49 @@ No
+
+
+
+
+
+
+files_mounton_all_poly_members(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Mount filesystems on all polyinstantiation
+member directories.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -5019,6 +5332,49 @@ No
+
+
+
+
+
+
+files_polyinstantiate_all(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Allow access to manage all polyinstantiated
+directories on the system.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -5319,6 +5675,48 @@ yes
+
+
+
+
+
+
+files_read_all_locks(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read all lock files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -5435,7 +5833,7 @@ No
Summary
-Read all symbloic links on the filesystem, except
+Read all symbolic links on the filesystem, except
the listed exceptions.
@@ -5891,6 +6289,48 @@ No
+
+
+
+
+files_read_non_security_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read all non-security files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -7816,6 +8256,48 @@ No
+
+
+
+
+
+
+files_write_non_security_dir(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Allow attempts to modify any directory
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain to allow
+
+ |
+No
+ |
+
+
+
+
- fs_create_tmpfs_data(
+ fs_donaudit_read_removable_files(
- ?
+ domain
)
@@ -338,7 +338,7 @@ No
Summary
-Summary is missing!
+Do not audit attempts to read removable storage files.
@@ -347,10 +347,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+Domain not to audit.
|
No
@@ -620,6 +620,49 @@ No
+
+
+
+
+
+
+fs_dontaudit_list_auto_mountpoints(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Do not audit attempts to list directories of automatically
+mounted filesystems.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the domain performing this action.
+
+ |
+No
+ |
+
+
+
+
@@ -706,6 +749,48 @@ No
+
+
+
+
+
+
+fs_dontaudit_list_removable_dirs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Do not audit attempts to list removable storage directories.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain not to audit.
+
+ |
+No
+ |
+
+
+
+
@@ -1097,6 +1182,91 @@ No
+
+
+
+
+
+
+fs_dontaudit_rw_tmpfs_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Do not audit attempts to read or write
+generic tmpfs files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain to not audit.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+fs_dontaudit_use_tmpfs_chr_dev(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+dontaudit Read and write character nodes on tmpfs filesystems.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
@@ -1226,6 +1396,48 @@ No
+
+
+
+
+
+
+fs_filetrans_tmpfs(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+ Summary
+
+Summary is missing!
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+?
+ |
+
+Parameter descriptions are missing!
+
+ |
+No
+ |
+
+
+
+
@@ -2056,7 +2268,138 @@ No
-fs_getattr_tmpfs(
+fs_getattr_tmpfs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Get the attributes of a tmpfs
+filesystem.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the domain doing the
+getattr on the filesystem.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+fs_getattr_tmpfs_dir(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Get the attributes of tmpfs directories.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+fs_getattr_xattr_fs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Get the attributes of a persistent
+filesystem which has extended
+attributes, such as ext3, JFS, or XFS.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the domain doing the
+getattr on the filesystem.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+ fs_list_all(
@@ -2070,8 +2413,7 @@ No
Summary
-Get the attributes of a tmpfs
-filesystem.
+List all directories with a filesystem type.
@@ -2083,8 +2425,7 @@ filesystem.
domain
|
-The type of the domain doing the
-getattr on the filesystem.
+Domain allowed access.
|
No
@@ -2094,13 +2435,13 @@ No
-
+
- fs_getattr_tmpfs_dir(
+ fs_list_auto_mountpoints(
@@ -2114,7 +2455,8 @@ No
Summary
-Get the attributes of tmpfs directories.
+Read directories of automatically
+mounted filesystems.
@@ -2126,7 +2468,7 @@ Get the attributes of tmpfs directories.
domain
|
-Domain allowed access.
+The type of the domain performing this action.
|
No
@@ -2136,13 +2478,13 @@ No
-
+
- fs_getattr_xattr_fs(
+ fs_list_cifs(
@@ -2156,9 +2498,8 @@ No
Summary
-Get the attributes of a persistent
-filesystem which has extended
-attributes, such as ext3, JFS, or XFS.
+List the contents of directories on a
+CIFS or SMB filesystem.
@@ -2170,8 +2511,7 @@ attributes, such as ext3, JFS, or XFS.
domain
|
-The type of the domain doing the
-getattr on the filesystem.
+Domain allowed access.
|
No
@@ -2181,13 +2521,13 @@ No
-
+
- fs_list_all(
+ fs_list_nfs(
@@ -2201,7 +2541,7 @@ No
Summary
-List all directories with a filesystem type.
+List NFS filesystem.
@@ -2223,13 +2563,13 @@ No
-
+
- fs_list_cifs(
+ fs_list_noxattr_fs(
@@ -2243,8 +2583,7 @@ No
Summary
-List the contents of directories on a
-CIFS or SMB filesystem.
+Read all noxattrfs directories.
@@ -2266,13 +2605,13 @@ No
-
+
- fs_list_noxattr_fs(
+ fs_list_tmpfs(
@@ -2286,7 +2625,7 @@ No
Summary
-Read all noxattrfs directories.
+List the contents of generic tmpfs directories.
@@ -2308,13 +2647,13 @@ No
-
+
- fs_list_tmpfs(
+ fs_make_noxattr_fs(
@@ -2328,7 +2667,9 @@ No
Summary
-List the contents of generic tmpfs directories.
+Transform specified type into a filesystem
+type which does not have extended attribute
+support.
@@ -2340,7 +2681,7 @@ List the contents of generic tmpfs directories.
domain
|
-Domain allowed access.
+The type of the process performing this action.
|
No
@@ -2350,13 +2691,13 @@ No
-
+
- fs_make_noxattr_fs(
+ fs_manage_auto_mountpoints(
@@ -2370,9 +2711,8 @@ No
Summary
-Transform specified type into a filesystem
-type which does not have extended attribute
-support.
+Create, read, write, and delete
+auto moutpoints.
@@ -2384,7 +2724,7 @@ support.
domain
|
-The type of the process performing this action.
+Domain allowed access.
|
No
@@ -3756,6 +4096,48 @@ No
+
+
+
+
+
+
+fs_read_eventpollfs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read eventpollfs files
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -3924,6 +4306,90 @@ No
+
+
+
+
+
+
+fs_read_removable_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read removable storage files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+fs_read_removable_symlinks(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read removable storage symbolic links.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -5255,6 +5721,90 @@ No
+
+
+
+
+
+
+fs_search_removable_dirs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Search removable storage directories.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+fs_search_rpc_dirs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Search directories of RPC file system pipes.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the domain reading the symbolic links.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/kernel_kernel.html b/www/api-docs/kernel_kernel.html
index f1ab180..28965cd 100644
--- a/www/api-docs/kernel_kernel.html
+++ b/www/api-docs/kernel_kernel.html
@@ -95,7 +95,8 @@
Description:
-Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
+Policy for kernel threads, proc filesystem,
+and unlabeled processes and objects.
@@ -3545,7 +3546,7 @@ assocation.
The corenetwork interface
-corenet_sendrecv_no_ipsec() should
+corenet_non_ipsec_sendrecv() should
be used instead of this one.
@@ -4180,7 +4181,7 @@ No
Summary
-Unconfined access to the kernel.
+Unconfined access to kernel module resources.
diff --git a/www/api-docs/kernel_terminal.html b/www/api-docs/kernel_terminal.html
index eb5f4fc..5915faa 100644
--- a/www/api-docs/kernel_terminal.html
+++ b/www/api-docs/kernel_terminal.html
@@ -337,6 +337,49 @@ No
+
+
+
+
+term_dontaudit_ioctl_unallocated_ttys(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Do not audit attempts to ioctl
+unallocated tty device nodes.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -423,6 +466,49 @@ No
+
+
+
+
+
+
+term_dontaudit_search_ptys(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Do not audit attempts to search the
+contents of the /dev/pts directory.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -981,6 +1067,48 @@ No
+
+
+
+
+
+
+term_read_console(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read from the console.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/services.html b/www/api-docs/services.html
index f034e1a..cd38764 100644
--- a/www/api-docs/services.html
+++ b/www/api-docs/services.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
@@ -300,6 +330,11 @@
Ethernet activity monitor. |
|
+
+ automount |
+ Filesystem automounter service. |
+
+ |
avahi |
mDNS/DNS-SD daemon implementing Apple ZeroConf architecture |
@@ -375,11 +410,21 @@
Distributed compiler daemon |
|
+
+ djbdns |
+ small and secure DNS daemon |
+
+ |
dovecot |
Dovecot POP and IMAP mail server |
|
+
+ fetchmail |
+ Remote-mail retrieval and forwarding utility |
+
+ |
finger |
Finger user information service. |
@@ -480,6 +525,11 @@
Network time protocol daemon |
|
+
+ openct |
+ Service for handling smart card readers. |
+
+ |
pegasus |
The Open Group Pegasus CIM/WBEM Server. |
@@ -515,6 +565,11 @@
Procmail mail delivery agent |
|
+
+ publicfile |
+ publicfile supplies files to the public through HTTP and FTP |
+
+ |
radius |
RADIUS authentication and accounting server. |
@@ -540,6 +595,11 @@
Remote login daemon |
|
+
+ roundup |
+ Roundup Issue Tracking System policy |
+
+ |
rpc |
Remote Procedure Call Daemon for managment of network based process communication |
@@ -574,6 +634,16 @@ from Windows NT servers.
Policy for sendmail. |
|
+
+ slrnpull |
+ Service for downloading news feeds the slrn newsreader. |
+
+ |
+
+ smartmon |
+ Smart disk monitoring daemon policy |
+
+ |
snmp |
Simple network management protocol services |
@@ -599,6 +669,11 @@ from Windows NT servers.
SSL Tunneling Proxy |
|
+
+ sysstat |
+ Policy for sysstat. Reports on various system states |
+
+ |
tcpd |
Policy for TCP daemon. |
@@ -619,6 +694,11 @@ from Windows NT servers.
MIDI to WAV converter and player configured as a service |
|
+
+ ucspitcp |
+ ucspitcp policy |
+
+ |
uucp |
Unix to Unix Copy |
diff --git a/www/api-docs/services_apache.html b/www/api-docs/services_apache.html
index fbc55f3..2b2fcc1 100644
--- a/www/api-docs/services_apache.html
+++ b/www/api-docs/services_apache.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_apm.html b/www/api-docs/services_apm.html
index 77943dd..d169cd5 100644
--- a/www/api-docs/services_apm.html
+++ b/www/api-docs/services_apm.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_arpwatch.html b/www/api-docs/services_arpwatch.html
index 383ae0c..48266bf 100644
--- a/www/api-docs/services_arpwatch.html
+++ b/www/api-docs/services_arpwatch.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_automount.html b/www/api-docs/services_automount.html
new file mode 100644
index 0000000..8b57fd2
--- /dev/null
+++ b/www/api-docs/services_automount.html
@@ -0,0 +1,400 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: services
+ Module: automount
+
+ Description:
+
+ Filesystem automounter service.
+
+
+
+
+ Interfaces:
+
+
+
+
+
+
+
+automount_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Execute automount in the automount domain.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+automount_exec_config(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Execute automount in the caller domain.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_bind.html b/www/api-docs/services_bind.html
index 7e4e3dc..ce9952e 100644
--- a/www/api-docs/services_bind.html
+++ b/www/api-docs/services_bind.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
@@ -529,6 +559,48 @@ No
+
+
+
+
+
+
+bind_read_zone(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read BIND zone files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -608,6 +680,48 @@ No
+
+
+
+
+
+
+bind_search_cache(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Search the BIND cache directory.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/services_bluetooth.html b/www/api-docs/services_bluetooth.html
index 68cb976..7d047a7 100644
--- a/www/api-docs/services_bluetooth.html
+++ b/www/api-docs/services_bluetooth.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
@@ -402,6 +432,48 @@ No
+
+
+
+
+bluetooth_read_config(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read bluetooth daemon configuration.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/services_canna.html b/www/api-docs/services_canna.html
index 265c4af..65f9814 100644
--- a/www/api-docs/services_canna.html
+++ b/www/api-docs/services_canna.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_comsat.html b/www/api-docs/services_comsat.html
index 67bb85a..94ba93d 100644
--- a/www/api-docs/services_comsat.html
+++ b/www/api-docs/services_comsat.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_cpucontrol.html b/www/api-docs/services_cpucontrol.html
index 4efe63b..1862b08 100644
--- a/www/api-docs/services_cpucontrol.html
+++ b/www/api-docs/services_cpucontrol.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_cron.html b/www/api-docs/services_cron.html
index 2c5558d..edff2da 100644
--- a/www/api-docs/services_cron.html
+++ b/www/api-docs/services_cron.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
@@ -405,6 +435,48 @@ No
+
+
+
+
+cron_dontaudit_write_pipe(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Do not audit attempts to write cron daemon unnamed pipes.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/services_cups.html b/www/api-docs/services_cups.html
index a05da6c..388b501 100644
--- a/www/api-docs/services_cups.html
+++ b/www/api-docs/services_cups.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_cvs.html b/www/api-docs/services_cvs.html
index fced0b6..fa3eb7c 100644
--- a/www/api-docs/services_cvs.html
+++ b/www/api-docs/services_cvs.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_cyrus.html b/www/api-docs/services_cyrus.html
index 92eeb12..5d91df8 100644
--- a/www/api-docs/services_cyrus.html
+++ b/www/api-docs/services_cyrus.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_dbskk.html b/www/api-docs/services_dbskk.html
index 3a0af0f..8eeb9dd 100644
--- a/www/api-docs/services_dbskk.html
+++ b/www/api-docs/services_dbskk.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_dbus.html b/www/api-docs/services_dbus.html
index fc7d228..87739f1 100644
--- a/www/api-docs/services_dbus.html
+++ b/www/api-docs/services_dbus.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
@@ -321,6 +351,48 @@ No
+
+
+
+
+dbus_read_config(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read dbus configuration.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/services_dhcp.html b/www/api-docs/services_dhcp.html
index 9779a73..0974ce8 100644
--- a/www/api-docs/services_dhcp.html
+++ b/www/api-docs/services_dhcp.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_dictd.html b/www/api-docs/services_dictd.html
index 037b857..b8e2fd6 100644
--- a/www/api-docs/services_dictd.html
+++ b/www/api-docs/services_dictd.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_distcc.html b/www/api-docs/services_distcc.html
index 2bd0e00..e774d37 100644
--- a/www/api-docs/services_distcc.html
+++ b/www/api-docs/services_distcc.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_djbdns.html b/www/api-docs/services_djbdns.html
new file mode 100644
index 0000000..d38b50c
--- /dev/null
+++ b/www/api-docs/services_djbdns.html
@@ -0,0 +1,359 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: services
+ Module: djbdns
+
+ Description:
+
+ small and secure DNS daemon
+
+
+
+
+
+ Templates:
+
+
+
+
+
+
+
+djbdns_daemontools_domain_template(
+
+
+
+
+ prefix
+
+
+ )
+
+
+
+ Summary
+
+Create a set of derived types for djbdns
+components that are directly supervised by daemontools.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+prefix
+ |
+
+The prefix to be used for deriving type names.
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+
+
diff --git a/www/api-docs/services_dovecot.html b/www/api-docs/services_dovecot.html
index de3dd85..234d06e 100644
--- a/www/api-docs/services_dovecot.html
+++ b/www/api-docs/services_dovecot.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_fetchmail.html b/www/api-docs/services_fetchmail.html
new file mode 100644
index 0000000..2115aad
--- /dev/null
+++ b/www/api-docs/services_fetchmail.html
@@ -0,0 +1,312 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: services
+ Module: fetchmail
+
+ Description:
+
+ Remote-mail retrieval and forwarding utility
+
+
+
+
+
+ No interfaces or templates.
+
+
+
+
+
diff --git a/www/api-docs/services_finger.html b/www/api-docs/services_finger.html
index cc8a528..7367b29 100644
--- a/www/api-docs/services_finger.html
+++ b/www/api-docs/services_finger.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_ftp.html b/www/api-docs/services_ftp.html
index a468326..34147ad 100644
--- a/www/api-docs/services_ftp.html
+++ b/www/api-docs/services_ftp.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_gpm.html b/www/api-docs/services_gpm.html
index d858df8..1e59ca4 100644
--- a/www/api-docs/services_gpm.html
+++ b/www/api-docs/services_gpm.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_hal.html b/www/api-docs/services_hal.html
index 29df8e3..0454f4c 100644
--- a/www/api-docs/services_hal.html
+++ b/www/api-docs/services_hal.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_howl.html b/www/api-docs/services_howl.html
index c190610..f1b1ad7 100644
--- a/www/api-docs/services_howl.html
+++ b/www/api-docs/services_howl.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_i18n_input.html b/www/api-docs/services_i18n_input.html
index f5e836d..1f190c7 100644
--- a/www/api-docs/services_i18n_input.html
+++ b/www/api-docs/services_i18n_input.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_inetd.html b/www/api-docs/services_inetd.html
index 66dee8c..a110089 100644
--- a/www/api-docs/services_inetd.html
+++ b/www/api-docs/services_inetd.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_inn.html b/www/api-docs/services_inn.html
index d38ac30..411f719 100644
--- a/www/api-docs/services_inn.html
+++ b/www/api-docs/services_inn.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_irqbalance.html b/www/api-docs/services_irqbalance.html
index ca2a6ff..97ee46b 100644
--- a/www/api-docs/services_irqbalance.html
+++ b/www/api-docs/services_irqbalance.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_kerberos.html b/www/api-docs/services_kerberos.html
index e0fac65..68ea859 100644
--- a/www/api-docs/services_kerberos.html
+++ b/www/api-docs/services_kerberos.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_ktalk.html b/www/api-docs/services_ktalk.html
index c7a8ce2..8a66795 100644
--- a/www/api-docs/services_ktalk.html
+++ b/www/api-docs/services_ktalk.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_ldap.html b/www/api-docs/services_ldap.html
index 220f195..4b9ace7 100644
--- a/www/api-docs/services_ldap.html
+++ b/www/api-docs/services_ldap.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_lpd.html b/www/api-docs/services_lpd.html
index 46f63e4..dafce81 100644
--- a/www/api-docs/services_lpd.html
+++ b/www/api-docs/services_lpd.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_mailman.html b/www/api-docs/services_mailman.html
index 67db042..133746d 100644
--- a/www/api-docs/services_mailman.html
+++ b/www/api-docs/services_mailman.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_mta.html b/www/api-docs/services_mta.html
index 76b2468..05afb9d 100644
--- a/www/api-docs/services_mta.html
+++ b/www/api-docs/services_mta.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
@@ -533,6 +563,133 @@ No
+
+
+
+
+mta_filetrans_etc_aliases(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Type transition files created in /etc
+to the mail address aliases type.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+mta_filetrans_spool(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ private type
+
+
+
+ ,
+
+
+
+ [
+
+ object
+
+ ]
+
+
+ )
+
+
+
+ Summary
+
+Create private objects in the
+mail spool directory.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+|
+private type
+ |
+
+The type of the object to be created.
+
+ |
+No
+ |
+
+|
+object
+ |
+
+The object class of the object being created. If
+no class is specified, file will be used.
+
+ |
+yes
+ |
+
+
+
+
@@ -863,7 +1020,7 @@ Read mail address aliases.
domain
-The type of the process performing this action.
+Domain allowed access.
|
No
@@ -905,7 +1062,7 @@ Read mail server configuration.
domain
|
-The type of the process performing this action.
+Domain allowed access.
|
No
diff --git a/www/api-docs/services_mysql.html b/www/api-docs/services_mysql.html
index be814d6..5bcafc7 100644
--- a/www/api-docs/services_mysql.html
+++ b/www/api-docs/services_mysql.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_networkmanager.html b/www/api-docs/services_networkmanager.html
index cf5fac4..4feec98 100644
--- a/www/api-docs/services_networkmanager.html
+++ b/www/api-docs/services_networkmanager.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_nis.html b/www/api-docs/services_nis.html
index 8d9cacc..22560d6 100644
--- a/www/api-docs/services_nis.html
+++ b/www/api-docs/services_nis.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_nscd.html b/www/api-docs/services_nscd.html
index 871381a..c846b3b 100644
--- a/www/api-docs/services_nscd.html
+++ b/www/api-docs/services_nscd.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_ntp.html b/www/api-docs/services_ntp.html
index 71a41ce..3e47897 100644
--- a/www/api-docs/services_ntp.html
+++ b/www/api-docs/services_ntp.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_openct.html b/www/api-docs/services_openct.html
new file mode 100644
index 0000000..69539aa
--- /dev/null
+++ b/www/api-docs/services_openct.html
@@ -0,0 +1,312 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: services
+ Module: openct
+
+ Description:
+
+ Service for handling smart card readers.
+
+
+
+
+
+ No interfaces or templates.
+
+
+
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_portmap.html b/www/api-docs/services_portmap.html
index 8101355..ecd695a 100644
--- a/www/api-docs/services_portmap.html
+++ b/www/api-docs/services_portmap.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_postfix.html b/www/api-docs/services_postfix.html
index 8e67eed..d6bf20c 100644
--- a/www/api-docs/services_postfix.html
+++ b/www/api-docs/services_postfix.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
@@ -278,13 +308,13 @@
Interfaces:
-
+
-postfix_create_config(
+postfix_domtrans_map(
@@ -292,34 +322,13 @@
domain
-
- ,
-
-
-
- private type
-
-
-
- ,
-
-
-
- [
-
- object
-
- ]
-
-
)
Summary
-Create files with the specified type in
-the postfix configuration directories.
+Execute postfix_map in the postfix_map domain.
@@ -337,38 +346,17 @@ Domain allowed access.
No
|
- |
-private type
- |
-
-The type of the object to be created.
-
- |
-No
- |
-
- |
-object
- |
-
-The object class of the object being created. If
-no class is specified, file will be used.
-
- |
-yes
- |
-
- postfix_domtrans_map(
+ postfix_domtrans_master(
@@ -382,7 +370,8 @@ yes
Summary
-Execute postfix_map in the postfix_map domain.
+Execute the master postfix program in the
+postfix_master domain.
@@ -404,13 +393,13 @@ No
-
+
- postfix_domtrans_master(
+ postfix_domtrans_user_mail_handler(
@@ -424,8 +413,8 @@ No
Summary
-Execute the master postfix program in the
-postfix_master domain.
+Execute postfix user mail programs
+in their respective domains.
@@ -447,13 +436,13 @@ No
-
+
- postfix_domtrans_user_mail_handler(
+ postfix_dontaudit_rw_local_tcp_socket(
@@ -467,8 +456,9 @@ No
Summary
-Execute postfix user mail programs
-in their respective domains.
+Do not audit attempts to read and
+write postfix local delivery
+TCP sockets.
@@ -480,7 +470,7 @@ in their respective domains.
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
@@ -490,13 +480,13 @@ No
-
+
- postfix_dontaudit_rw_local_tcp_socket(
+ postfix_dontaudit_use_fd(
@@ -510,9 +500,9 @@ No
Summary
-Do not audit attempts to read and
-write postfix local delivery
-TCP sockets.
+Do not audit attempts to use
+postfix master process file
+file descriptors.
@@ -534,13 +524,13 @@ No
-
+
- postfix_dontaudit_use_fd(
+ postfix_exec_master(
@@ -554,9 +544,8 @@ No
Summary
-Do not audit attempts to use
-postfix master process file
-file descriptors.
+Execute the master postfix program in the
+caller domain.
@@ -568,7 +557,7 @@ file descriptors.
domain
|
-Domain to not audit.
+Domain allowed access.
|
No
@@ -578,13 +567,13 @@ No
-
+
-postfix_exec_master(
+postfix_filetrans_config(
@@ -592,14 +581,34 @@ No
domain
+
+ ,
+
+
+
+ private type
+
+
+
+ ,
+
+
+
+ [
+
+ object
+
+ ]
+
+
)
Summary
-Execute the master postfix program in the
-caller domain.
+Create files with the specified type in
+the postfix configuration directories.
@@ -617,6 +626,27 @@ Domain allowed access.
No
|
+ |
+private type
+ |
+
+The type of the object to be created.
+
+ |
+No
+ |
+
+ |
+object
+ |
+
+The object class of the object being created. If
+no class is specified, file will be used.
+
+ |
+yes
+ |
+
diff --git a/www/api-docs/services_postgresql.html b/www/api-docs/services_postgresql.html
index 0ffd0a9..8cb81b1 100644
--- a/www/api-docs/services_postgresql.html
+++ b/www/api-docs/services_postgresql.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_ppp.html b/www/api-docs/services_ppp.html
index 876852e..a63f79c 100644
--- a/www/api-docs/services_ppp.html
+++ b/www/api-docs/services_ppp.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_privoxy.html b/www/api-docs/services_privoxy.html
index a0bc64d..fa64e0e 100644
--- a/www/api-docs/services_privoxy.html
+++ b/www/api-docs/services_privoxy.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_procmail.html b/www/api-docs/services_procmail.html
index 25e4ada..e9a5869 100644
--- a/www/api-docs/services_procmail.html
+++ b/www/api-docs/services_procmail.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_publicfile.html b/www/api-docs/services_publicfile.html
new file mode 100644
index 0000000..4cead32
--- /dev/null
+++ b/www/api-docs/services_publicfile.html
@@ -0,0 +1,312 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: services
+ Module: publicfile
+
+ Description:
+
+ publicfile supplies files to the public through HTTP and FTP
+
+
+
+
+
+ No interfaces or templates.
+
+
+
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_radvd.html b/www/api-docs/services_radvd.html
index 41b66e6..7a346fa 100644
--- a/www/api-docs/services_radvd.html
+++ b/www/api-docs/services_radvd.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_rdisc.html b/www/api-docs/services_rdisc.html
index 362bf2e..3083c2f 100644
--- a/www/api-docs/services_rdisc.html
+++ b/www/api-docs/services_rdisc.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_remotelogin.html b/www/api-docs/services_remotelogin.html
index 760c912..2c57654 100644
--- a/www/api-docs/services_remotelogin.html
+++ b/www/api-docs/services_remotelogin.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_rlogin.html b/www/api-docs/services_rlogin.html
index 292758b..a62d51f 100644
--- a/www/api-docs/services_rlogin.html
+++ b/www/api-docs/services_rlogin.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_roundup.html b/www/api-docs/services_roundup.html
new file mode 100644
index 0000000..6c3088a
--- /dev/null
+++ b/www/api-docs/services_roundup.html
@@ -0,0 +1,312 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: services
+ Module: roundup
+
+ Description:
+
+ Roundup Issue Tracking System policy
+
+
+
+
+
+ No interfaces or templates.
+
+
+
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_rshd.html b/www/api-docs/services_rshd.html
index 949f13c..add52d9 100644
--- a/www/api-docs/services_rshd.html
+++ b/www/api-docs/services_rshd.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_rsync.html b/www/api-docs/services_rsync.html
index ca7a406..3c06a63 100644
--- a/www/api-docs/services_rsync.html
+++ b/www/api-docs/services_rsync.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_samba.html b/www/api-docs/services_samba.html
index 62b0a11..bf7c0da 100644
--- a/www/api-docs/services_samba.html
+++ b/www/api-docs/services_samba.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_sasl.html b/www/api-docs/services_sasl.html
index 83a2abc..ea35ce2 100644
--- a/www/api-docs/services_sasl.html
+++ b/www/api-docs/services_sasl.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_sendmail.html b/www/api-docs/services_sendmail.html
index ad39a7b..e545f23 100644
--- a/www/api-docs/services_sendmail.html
+++ b/www/api-docs/services_sendmail.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_slrnpull.html b/www/api-docs/services_slrnpull.html
new file mode 100644
index 0000000..830422d
--- /dev/null
+++ b/www/api-docs/services_slrnpull.html
@@ -0,0 +1,401 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: services
+ Module: slrnpull
+
+ Description:
+
+ Service for downloading news feeds the slrn newsreader.
+
+
+
+
+ Interfaces:
+
+
+
+
+
+
+
+slrnpull_manage_spool(
+
+
+
+
+ pty_type
+
+
+ )
+
+
+
+ Summary
+
+Allow the domain to create, read,
+write, and delete slrnpull spools.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+pty_type
+ |
+
+domain allowed access
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+slrnpull_search_spool(
+
+
+
+
+ pty_type
+
+
+ )
+
+
+
+ Summary
+
+Allow the domain to search slrnpull spools.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+pty_type
+ |
+
+domain allowed access
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+
+
+ Layer: services
+ Module: smartmon
+
+ Description:
+
+ Smart disk monitoring daemon policy
+
+
+
+
+ Interfaces:
+
+
+
+
+
+
+
+smartmon_read_tmp(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Allow caller to read smartmon temporary files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The process type reading the temporary files.
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_spamassassin.html b/www/api-docs/services_spamassassin.html
index e5ccfe8..ba8cf6d 100644
--- a/www/api-docs/services_spamassassin.html
+++ b/www/api-docs/services_spamassassin.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_squid.html b/www/api-docs/services_squid.html
index 574ea67..7019ea1 100644
--- a/www/api-docs/services_squid.html
+++ b/www/api-docs/services_squid.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_ssh.html b/www/api-docs/services_ssh.html
index 788c409..437a9af 100644
--- a/www/api-docs/services_ssh.html
+++ b/www/api-docs/services_ssh.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_stunnel.html b/www/api-docs/services_stunnel.html
index 57b27b4..a17c45b 100644
--- a/www/api-docs/services_stunnel.html
+++ b/www/api-docs/services_stunnel.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_sysstat.html b/www/api-docs/services_sysstat.html
new file mode 100644
index 0000000..4d7c576
--- /dev/null
+++ b/www/api-docs/services_sysstat.html
@@ -0,0 +1,358 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: services
+ Module: sysstat
+
+ Description:
+
+ Policy for sysstat. Reports on various system states
+
+
+
+
+ Interfaces:
+
+
+
+
+
+
+
+sysstat_manage_log(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Manage sysstat logs.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_telnet.html b/www/api-docs/services_telnet.html
index 51bdaba..8a7ff0b 100644
--- a/www/api-docs/services_telnet.html
+++ b/www/api-docs/services_telnet.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_tftp.html b/www/api-docs/services_tftp.html
index af6d73a..8b0d554 100644
--- a/www/api-docs/services_tftp.html
+++ b/www/api-docs/services_tftp.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_timidity.html b/www/api-docs/services_timidity.html
index 1fb3ea6..be9e71a 100644
--- a/www/api-docs/services_timidity.html
+++ b/www/api-docs/services_timidity.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_ucspitcp.html b/www/api-docs/services_ucspitcp.html
new file mode 100644
index 0000000..c04cf98
--- /dev/null
+++ b/www/api-docs/services_ucspitcp.html
@@ -0,0 +1,380 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: services
+ Module: ucspitcp
+
+ Description:
+
+
+
+Policy for DJB's ucspi-tcpd
+
+
+
+
+
+
+ Interfaces:
+
+
+
+
+
+
+
+ucspitcp_service_domain(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ entrypoint
+
+
+ )
+
+
+
+ Summary
+
+Define a specified domain as a ucspitcp service.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+|
+entrypoint
+ |
+
+The type associated with the process program.
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_xdm.html b/www/api-docs/services_xdm.html
index 669cdac..01e0011 100644
--- a/www/api-docs/services_xdm.html
+++ b/www/api-docs/services_xdm.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_xfs.html b/www/api-docs/services_xfs.html
index eaf906a..506bb31 100644
--- a/www/api-docs/services_xfs.html
+++ b/www/api-docs/services_xfs.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/services_zebra.html b/www/api-docs/services_zebra.html
index 93f3d18..ecc6a8a 100644
--- a/www/api-docs/services_zebra.html
+++ b/www/api-docs/services_zebra.html
@@ -40,6 +40,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -85,9 +88,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -148,6 +157,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -169,6 +181,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -184,6 +199,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -202,6 +220,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -217,6 +241,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -229,6 +256,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
diff --git a/www/api-docs/system.html b/www/api-docs/system.html
index e55ad68..360a79c 100644
--- a/www/api-docs/system.html
+++ b/www/api-docs/system.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
@@ -156,6 +159,11 @@
| Policy for reading and setting the hardware clock. |
|
+
+ daemontools |
+ Collection of tools for managing UNIX services |
+
+ |
fstools |
Tools for filesystem management, such as mkfs and fsck. |
diff --git a/www/api-docs/system_authlogin.html b/www/api-docs/system_authlogin.html
index 8353f14..dec0da3 100644
--- a/www/api-docs/system_authlogin.html
+++ b/www/api-docs/system_authlogin.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
@@ -263,13 +266,13 @@ No
-
+
-auth_create_login_records(
+auth_can_read_shadow_passwords(
@@ -617,6 +620,48 @@ No
+
+
+
+
+
+
+auth_dontaudit_exec_utempter(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Do not audit attemps to execute utempter executable.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain to not audit.
+
+ |
+No
+ |
+
+
+
+
@@ -829,6 +874,48 @@ No
+
+
+
+
+
+
+auth_filetrans_login_records(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+ Summary
+
+Summary is missing!
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+?
+ |
+
+Parameter descriptions are missing!
+
+ |
+No
+ |
+
+
+
+
@@ -2074,6 +2161,90 @@ No
+
+
+
+
+
+
+auth_setattr_login_records(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+ Summary
+
+Summary is missing!
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+?
+ |
+
+Parameter descriptions are missing!
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+auth_tunable_read_shadow(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+ Summary
+
+Summary is missing!
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+?
+ |
+
+Parameter descriptions are missing!
+
+ |
+No
+ |
+
+
+
+
@@ -2293,6 +2464,57 @@ No
+
+
+
+
+
+
+authlogin_common_auth_domain_template(
+
+
+
+
+ userdomain_prefix
+
+
+ )
+
+
+
+ Summary
+
+Common template to create a domain for authentication.
+
+
+
+ Description
+
+
+This template creates a derived domain which is allowed
+to authenticate users by using PAM unix_chkpwd support.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/system_clock.html b/www/api-docs/system_clock.html
index f43a44b..a33a0f3 100644
--- a/www/api-docs/system_clock.html
+++ b/www/api-docs/system_clock.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_daemontools.html b/www/api-docs/system_daemontools.html
new file mode 100644
index 0000000..ea91cb2
--- /dev/null
+++ b/www/api-docs/system_daemontools.html
@@ -0,0 +1,464 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+ Layer: system
+ Module: daemontools
+
+ Description:
+
+
+
+Policy for DJB's daemontools
+
+
+
+
+
+
+ Interfaces:
+
+
+
+
+
+
+
+daemontools_domtrans_multilog(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Execute in the svc_multilog_t domain.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+daemontools_domtrans_run(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Execute in the svc_run_t domain.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+daemontools_domtrans_start(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Execute in the svc_start_t domain.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+daemontools_ipc_domain(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+An ipc channel between the supervised domain and svc_start_t
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access to svc_start_t.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+daemontools_manage_svc(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Allow a domain to create svc_svc_t files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+daemontools_read_svc(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Allow a domain to read svc_svc_t files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+daemontools_service_domain(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ entrypoint
+
+
+ )
+
+
+
+ Summary
+
+Define a specified domain as a supervised service.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+|
+entrypoint
+ |
+
+The type associated with the process program.
+
+ |
+No
+ |
+
+
+
+
+
+
+ Return
+
+
+
+
+
+
+
diff --git a/www/api-docs/system_fstools.html b/www/api-docs/system_fstools.html
index fcf6588..984d2d2 100644
--- a/www/api-docs/system_fstools.html
+++ b/www/api-docs/system_fstools.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_getty.html b/www/api-docs/system_getty.html
index 3db5f53..d1fa34f 100644
--- a/www/api-docs/system_getty.html
+++ b/www/api-docs/system_getty.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_hostname.html b/www/api-docs/system_hostname.html
index 986c052..71fa6cc 100644
--- a/www/api-docs/system_hostname.html
+++ b/www/api-docs/system_hostname.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_hotplug.html b/www/api-docs/system_hotplug.html
index b07fb79..6f78a6c 100644
--- a/www/api-docs/system_hotplug.html
+++ b/www/api-docs/system_hotplug.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_init.html b/www/api-docs/system_init.html
index 28bd1f5..63e0941 100644
--- a/www/api-docs/system_init.html
+++ b/www/api-docs/system_init.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
@@ -134,89 +137,6 @@
Interfaces:
-
-
-
-
-
-
-init_create_script_tmp(
-
-
-
-
- domain
-
-
-
- ,
-
-
-
- file_type
-
-
-
- ,
-
-
-
- [
-
- object_class
-
- ]
-
-
- )
-
-
-
- Summary
-
-Create files in a init script
-temporary data directory.
-
-
-
- Parameters
-
-| Parameter: | Description: | Optional: |
|---|
-
-|
-domain
- |
-
-Domain allowed access.
-
- |
-No
- |
-
-|
-file_type
- |
-
-The type of the object to be created
-
- |
-No
- |
-
-|
-object_class
- |
-
-The object class. If not specified, file is used.
-
- |
-yes
- |
-
-
-
-
-
@@ -507,6 +427,49 @@ No
+
+
+
+
+init_dontaudit_lock_pid(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Do not audit attempts to lock
+init script pid files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -887,6 +850,89 @@ No
+
+
+
+
+
+
+init_filetrans_script_tmp(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ [
+
+ object_class
+
+ ]
+
+
+ )
+
+
+
+ Summary
+
+Create files in a init script
+temporary data directory.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+|
+file_type
+ |
+
+The type of the object to be created
+
+ |
+No
+ |
+
+|
+object_class
+ |
+
+The object class. If not specified, file is used.
+
+ |
+yes
+ |
+
+
+
+
diff --git a/www/api-docs/system_ipsec.html b/www/api-docs/system_ipsec.html
index 2b72ca4..e26d0a2 100644
--- a/www/api-docs/system_ipsec.html
+++ b/www/api-docs/system_ipsec.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_iptables.html b/www/api-docs/system_iptables.html
index c06158e..02b8701 100644
--- a/www/api-docs/system_iptables.html
+++ b/www/api-docs/system_iptables.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_libraries.html b/www/api-docs/system_libraries.html
index 4240751..c50a752 100644
--- a/www/api-docs/system_libraries.html
+++ b/www/api-docs/system_libraries.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
@@ -346,6 +349,134 @@ No
+
+
+
+
+libs_manage_ld_so(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete the
+dynamic link/loader.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+libs_manage_lib_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete generic
+files in library directories.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+libs_manage_shared_libs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete shared libraries.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -389,6 +520,135 @@ No
+
+
+
+
+
+
+libs_relabel_ld_so(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Relabel to and from the type used for
+the dynamic link/loader.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+libs_relabel_lib_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Relabel to and from the type used
+for generic lib files.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+libs_relabel_shared_libs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Relabel to and from the type used for
+shared libraries.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/system_locallogin.html b/www/api-docs/system_locallogin.html
index 36811c3..1bac391 100644
--- a/www/api-docs/system_locallogin.html
+++ b/www/api-docs/system_locallogin.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_logging.html b/www/api-docs/system_logging.html
index fb90882..a3ed069 100644
--- a/www/api-docs/system_logging.html
+++ b/www/api-docs/system_logging.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
@@ -176,18 +179,18 @@ No
- logging_create_log(
+ logging_domtrans_auditctl(
- ?
+ domain
)
@@ -196,7 +199,7 @@ No
Summary
-Summary is missing!
+Execute auditctl in the auditctl domain.
@@ -205,10 +208,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+Domain allowed access.
|
No
@@ -218,13 +221,13 @@ No
-
+
- logging_domtrans_auditctl(
+ logging_domtrans_syslog(
@@ -238,7 +241,7 @@ No
Summary
-Execute auditctl in the auditctl domain.
+Execute syslogd in the syslog domain.
@@ -250,7 +253,7 @@ Execute auditctl in the auditctl domain.
domain
|
-Domain allowed access.
+The type of the process performing this action.
|
No
@@ -260,18 +263,18 @@ No
-
+
- logging_domtrans_syslog(
+ logging_dontaudit_getattr_all_logs(
- domain
+ ?
)
@@ -280,7 +283,7 @@ No
Summary
-Execute syslogd in the syslog domain.
+Summary is missing!
@@ -289,10 +292,10 @@ Execute syslogd in the syslog domain.
| Parameter: | Description: | Optional: |
|---|
|
-domain
+?
|
-The type of the process performing this action.
+Parameter descriptions are missing!
|
No
@@ -302,18 +305,18 @@ No
-
+
- logging_dontaudit_getattr_all_logs(
+ logging_exec_all_logs(
- ?
+ domain
)
@@ -322,7 +325,7 @@ No
Summary
-Summary is missing!
+Execute all log files in the caller domain.
@@ -331,10 +334,10 @@ Summary is missing!
| Parameter: | Description: | Optional: |
|---|
|
-?
+domain
|
-Parameter descriptions are missing!
+The type of the process performing this action.
|
No
@@ -344,18 +347,18 @@ No
-
+
- logging_exec_all_logs(
+ logging_filetrans_log(
- domain
+ ?
)
@@ -364,7 +367,7 @@ No
Summary
-Execute all log files in the caller domain.
+Summary is missing!
@@ -373,10 +376,10 @@ Execute all log files in the caller domain.
| Parameter: | Description: | Optional: |
|---|
|
-domain
+?
|
-The type of the process performing this action.
+Parameter descriptions are missing!
|
No
@@ -598,6 +601,48 @@ No
+
+
+
+
+
+
+logging_read_audit_log(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read the audit log.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/system_lvm.html b/www/api-docs/system_lvm.html
index 305a7db..25e356d 100644
--- a/www/api-docs/system_lvm.html
+++ b/www/api-docs/system_lvm.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_miscfiles.html b/www/api-docs/system_miscfiles.html
index 7606e11..6d68d01 100644
--- a/www/api-docs/system_miscfiles.html
+++ b/www/api-docs/system_miscfiles.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_modutils.html b/www/api-docs/system_modutils.html
index 1311505..71e40c4 100644
--- a/www/api-docs/system_modutils.html
+++ b/www/api-docs/system_modutils.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_mount.html b/www/api-docs/system_mount.html
index 8e81b44..cff208a 100644
--- a/www/api-docs/system_mount.html
+++ b/www/api-docs/system_mount.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
@@ -176,6 +179,48 @@ No
+
+
+
+
+mount_exec(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Execute mount in the caller domain.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
diff --git a/www/api-docs/system_pcmcia.html b/www/api-docs/system_pcmcia.html
index 84ae1f4..4b15f40 100644
--- a/www/api-docs/system_pcmcia.html
+++ b/www/api-docs/system_pcmcia.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_raid.html b/www/api-docs/system_raid.html
index fd92e07..368bb1b 100644
--- a/www/api-docs/system_raid.html
+++ b/www/api-docs/system_raid.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_selinuxutil.html b/www/api-docs/system_selinuxutil.html
index 40781ae..e05bfad 100644
--- a/www/api-docs/system_selinuxutil.html
+++ b/www/api-docs/system_selinuxutil.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_sysnetwork.html b/www/api-docs/system_sysnetwork.html
index a3379d9..47a4655 100644
--- a/www/api-docs/system_sysnetwork.html
+++ b/www/api-docs/system_sysnetwork.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
@@ -134,13 +137,13 @@
Interfaces:
-
+
- sysnet_create_config(
+ sysnet_dbus_chat_dhcpc(
@@ -154,8 +157,8 @@
Summary
-Create files in /etc with the type used for
-the network config files.
+Send and receive messages from
+dhcpc over dbus.
@@ -167,7 +170,7 @@ the network config files.
domain
|
-The type of the process performing this action.
+Domain allowed access.
|
No
@@ -177,13 +180,13 @@ No
-
+
-sysnet_create_dhcp_state(
+sysnet_delete_dhcpc_pid(
@@ -191,48 +194,16 @@ No
domain
-
- ,
-
-
-
- file_type
-
-
-
- ,
-
-
-
- [
-
- object_class
-
- ]
-
-
)
Summary
-Create DHCP state data.
+Delete the dhcp client pid file.
- Description
-
-
-Create DHCP state data.
-
-
-This is added for DHCP server, as
-the server and client put their state
-files in the same directory.
-
-
-
Parameters
| Parameter: | Description: | Optional: |
|---|
@@ -241,43 +212,23 @@ files in the same directory.
domain
-Domain allowed access.
-
- |
-No
- |
-
-|
-file_type
- |
-
-The type of the object to be created
+The type of the process performing this action.
|
No
|
-|
-object_class
- |
-
-The object class. If not specified, file is used.
-
- |
-yes
- |
-
-
+
- sysnet_dbus_chat_dhcpc(
+ sysnet_dns_name_resolve(
@@ -291,8 +242,7 @@ yes
Summary
-Send and receive messages from
-dhcpc over dbus.
+Perform a DNS name resolution.
@@ -314,13 +264,13 @@ No
-
+
- sysnet_delete_dhcpc_pid(
+ sysnet_domtrans_dhcpc(
@@ -334,7 +284,7 @@ No
Summary
-Delete the dhcp client pid file.
+Execute dhcp client in dhcpc domain.
@@ -356,13 +306,13 @@ No
-
+
- sysnet_dns_name_resolve(
+ sysnet_domtrans_ifconfig(
@@ -376,7 +326,7 @@ No
Summary
-Perform a DNS name resolution.
+Execute ifconfig in the ifconfig domain.
@@ -388,7 +338,7 @@ Perform a DNS name resolution.
domain
|
-Domain allowed access.
+The type of the process performing this action.
|
No
@@ -398,13 +348,13 @@ No
-
+
- sysnet_domtrans_dhcpc(
+ sysnet_dontaudit_read_config(
@@ -418,7 +368,7 @@ No
Summary
-Execute dhcp client in dhcpc domain.
+Do not audit attempts to read network config files.
@@ -430,7 +380,7 @@ Execute dhcp client in dhcpc domain.
domain
|
-The type of the process performing this action.
+Domain to not audit.
|
No
@@ -440,13 +390,13 @@ No
-
+
- sysnet_domtrans_ifconfig(
+ sysnet_exec_ifconfig(
@@ -460,7 +410,7 @@ No
Summary
-Execute ifconfig in the ifconfig domain.
+Execute ifconfig in the caller domain.
@@ -472,7 +422,7 @@ Execute ifconfig in the ifconfig domain.
domain
|
-The type of the process performing this action.
+Domain allowed access.
|
No
@@ -482,13 +432,13 @@ No
-
+
- sysnet_dontaudit_read_config(
+ sysnet_filetrans_config(
@@ -502,7 +452,8 @@ No
Summary
-Do not audit attempts to read network config files.
+Create files in /etc with the type used for
+the network config files.
@@ -514,7 +465,7 @@ Do not audit attempts to read network config files.
domain
|
-Domain to not audit.
+The type of the process performing this action.
|
No
@@ -524,13 +475,13 @@ No
-
+
-sysnet_exec_ifconfig(
+sysnet_filetrans_dhcp_state(
@@ -538,16 +489,48 @@ No
domain
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ [
+
+ object_class
+
+ ]
+
+
)
Summary
-Execute ifconfig in the caller domain.
+Create DHCP state data.
+ Description
+
+
+Create DHCP state data.
+
+
+This is added for DHCP server, as
+the server and client put their state
+files in the same directory.
+
+
+
Parameters
| Parameter: | Description: | Optional: |
|---|
@@ -562,6 +545,26 @@ Domain allowed access.
No
+|
+file_type
+ |
+
+The type of the object to be created
+
+ |
+No
+ |
+
+|
+object_class
+ |
+
+The object class. If not specified, file is used.
+
+ |
+yes
+ |
+
diff --git a/www/api-docs/system_udev.html b/www/api-docs/system_udev.html
index cc9f68a..e87ec3d 100644
--- a/www/api-docs/system_udev.html
+++ b/www/api-docs/system_udev.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_unconfined.html b/www/api-docs/system_unconfined.html
index 15013f1..c800bef 100644
--- a/www/api-docs/system_unconfined.html
+++ b/www/api-docs/system_unconfined.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
diff --git a/www/api-docs/system_userdomain.html b/www/api-docs/system_userdomain.html
index 7b07959..d20b699 100644
--- a/www/api-docs/system_userdomain.html
+++ b/www/api-docs/system_userdomain.html
@@ -43,6 +43,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
@@ -137,13 +140,13 @@
Interfaces:
-
+
- userdom_create_generic_user_home(
+ userdom_create_sysadm_home(
@@ -169,7 +172,7 @@
Summary
-Create objects in generic user home directories
+Create objects in sysadm home directories
with automatic file type transition.
@@ -203,13 +206,13 @@ yes
-
+
- userdom_create_generic_user_home_dir(
+ userdom_dbus_send_all_users(
@@ -223,8 +226,7 @@ yes
Summary
-Create generic user home directories
-with automatic file type transition.
+Send a dbus message to all user domains.
@@ -246,13 +248,13 @@ No
-
+
-userdom_create_sysadm_home(
+userdom_dontaudit_getattr_sysadm_home_dir(
@@ -260,26 +262,15 @@ No
domain
-
- ,
-
-
-
- [
-
- object_class
-
- ]
-
-
)
Summary
-Create objects in sysadm home directories
-with automatic file type transition.
+Do not audit attempts to get the
+attributes of the sysadm users
+home directory.
@@ -291,34 +282,23 @@ with automatic file type transition.
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
|
- |
-object_class
- |
-
-The class of the object to be created.
-If not specified, file is used.
-
- |
-yes
- |
-
-
+
- userdom_dbus_send_all_users(
+ userdom_dontaudit_getattr_sysadm_tty(
@@ -332,7 +312,8 @@ yes
Summary
-Send a dbus message to all user domains.
+Do not audit attepts to get the attributes
+of sysadm ttys.
@@ -354,13 +335,13 @@ No
-
+
- userdom_dontaudit_getattr_sysadm_home_dir(
+ userdom_dontaudit_list_sysadm_home_dir(
@@ -374,9 +355,8 @@ No
Summary
-Do not audit attempts to get the
-attributes of the sysadm users
-home directory.
+Do not audit attempts to list the sysadm
+users home directory.
@@ -398,13 +378,13 @@ No
-
+
- userdom_dontaudit_getattr_sysadm_tty(
+ userdom_dontaudit_search_all_users_home(
@@ -418,8 +398,7 @@ No
Summary
-Do not audit attepts to get the attributes
-of sysadm ttys.
+Do not audit attempts to search all users home directories.
@@ -431,7 +410,7 @@ of sysadm ttys.
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
@@ -441,13 +420,13 @@ No
-
+
- userdom_dontaudit_list_sysadm_home_dir(
+ userdom_dontaudit_search_staff_home_dir(
@@ -461,7 +440,7 @@ No
Summary
-Do not audit attempts to list the sysadm
+Do not audit attempts to search the staff
users home directory.
@@ -484,13 +463,13 @@ No
-
+
- userdom_dontaudit_search_all_users_home(
+ userdom_dontaudit_search_sysadm_home_dir(
@@ -504,7 +483,8 @@ No
Summary
-Do not audit attempts to search all users home directories.
+Do not audit attempts to search the sysadm
+users home directory.
@@ -526,13 +506,13 @@ No
-
+
- userdom_dontaudit_search_staff_home_dir(
+ userdom_dontaudit_search_user_home_dirs(
@@ -546,8 +526,7 @@ No
Summary
-Do not audit attempts to search the staff
-users home directory.
+Don't audit search on the user home subdirectory.
@@ -559,7 +538,7 @@ users home directory.
domain
|
-Domain to not audit.
+Domain allowed access.
|
No
@@ -569,13 +548,13 @@ No
-
+
- userdom_dontaudit_search_sysadm_home_dir(
+ userdom_dontaudit_use_all_user_fd(
@@ -589,8 +568,8 @@ No
Summary
-Do not audit attempts to search the sysadm
-users home directory.
+Do not audit attempts to inherit the file
+descriptors from any user domains.
@@ -612,13 +591,13 @@ No
-
+
- userdom_dontaudit_search_user_home_dirs(
+ userdom_dontaudit_use_sysadm_pty(
@@ -632,7 +611,7 @@ No
Summary
-Don't audit search on the user home subdirectory.
+Dont audit attempts to read and write sysadm ptys.
@@ -644,7 +623,7 @@ Don't audit search on the user home subdirectory.
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
@@ -654,13 +633,13 @@ No
-
+
- userdom_dontaudit_use_all_user_fd(
+ userdom_dontaudit_use_sysadm_terms(
@@ -674,8 +653,7 @@ No
Summary
-Do not audit attempts to inherit the file
-descriptors from any user domains.
+Do not audit attempts to use sysadm ttys and ptys.
@@ -697,13 +675,13 @@ No
-
+
- userdom_dontaudit_use_sysadm_pty(
+ userdom_dontaudit_use_sysadm_tty(
@@ -717,7 +695,7 @@ No
Summary
-Dont audit attempts to read and write sysadm ptys.
+Do not audit attempts to use sysadm ttys.
@@ -739,13 +717,13 @@ No
-
+
- userdom_dontaudit_use_sysadm_terms(
+ userdom_dontaudit_use_unpriv_user_fd(
@@ -759,7 +737,8 @@ No
Summary
-Do not audit attempts to use sysadm ttys and ptys.
+Do not audit attempts to inherit the
+file descriptors from all user domains.
@@ -771,7 +750,7 @@ Do not audit attempts to use sysadm ttys and ptys.
domain
|
-Domain to not audit.
+Domain allowed access.
|
No
@@ -781,13 +760,13 @@ No
-
+
- userdom_dontaudit_use_sysadm_tty(
+ userdom_dontaudit_use_unpriv_user_pty(
@@ -801,7 +780,8 @@ No
Summary
-Do not audit attempts to use sysadm ttys.
+Do not audit attempts to use unprivileged
+user ptys.
@@ -823,13 +803,13 @@ No
-
+
- userdom_dontaudit_use_unpriv_user_fd(
+ userdom_dontaudit_use_unpriv_user_tty(
@@ -843,8 +823,8 @@ No
Summary
-Do not audit attempts to inherit the
-file descriptors from all user domains.
+Do not audit attempts to use unprivileged
+user ttys.
@@ -866,13 +846,13 @@ No
-
+
-userdom_dontaudit_use_unpriv_user_pty(
+userdom_filetrans_generic_user_home(
@@ -880,14 +860,26 @@ No
domain
+
+ ,
+
+
+
+ [
+
+ object_class
+
+ ]
+
+
)
Summary
-Do not audit attempts to use unprivileged
-user ptys.
+Create objects in generic user home directories
+with automatic file type transition.
@@ -899,23 +891,34 @@ user ptys.
domain
|
-Domain to not audit.
+Domain allowed access.
|
No
|
+ |
+object_class
+ |
+
+The class of the object to be created.
+If not specified, file is used.
+
+ |
+yes
+ |
+
-
+
- userdom_dontaudit_use_unpriv_user_tty(
+ userdom_filetrans_generic_user_home_dir(
@@ -929,8 +932,8 @@ No
Summary
-Do not audit attempts to use unprivileged
-user ttys.
+Create generic user home directories
+with automatic file type transition.
@@ -1509,13 +1512,13 @@ No
-
+
- userdom_priveleged_home_dir_manager(
+ userdom_manage_unpriv_user_semaphores(
@@ -1529,22 +1532,10 @@ No
Summary
-Make the specified domain a privileged
-home directory manager.
+Manage unpriviledged user SysV sempaphores.
- Description
-
-
-Make the specified domain a privileged
-home directory manager. This domain will be
-able to manage the contents of all users
-general home directory content, and create
-files with the correct context.
-
-
-
Parameters
| Parameter: | Description: | Optional: |
|---|
@@ -1563,13 +1554,13 @@ No
-
+
- userdom_read_all_user_files(
+ userdom_manage_unpriv_user_shared_mem(
@@ -1583,7 +1574,8 @@ No
Summary
-Read all files in all users home directories.
+Manage unpriviledged user SysV shared
+memory segments.
@@ -1605,13 +1597,13 @@ No
-
+
- userdom_read_all_userdomains_state(
+ userdom_priveleged_home_dir_manager(
@@ -1625,10 +1617,22 @@ No
Summary
-Read the process state of all user domains.
+Make the specified domain a privileged
+home directory manager.
+ Description
+
+
+Make the specified domain a privileged
+home directory manager. This domain will be
+able to manage the contents of all users
+general home directory content, and create
+files with the correct context.
+
+
+
Parameters
| Parameter: | Description: | Optional: |
|---|
@@ -1647,13 +1651,13 @@ No
-
+
- userdom_read_staff_home_files(
+ userdom_read_all_user_files(
@@ -1667,7 +1671,7 @@ No
Summary
-Read files in the staff users home directory.
+Read all files in all users home directories.
@@ -1689,13 +1693,13 @@ No
-
+
- userdom_read_sysadm_home_files(
+ userdom_read_all_userdomains_state(
@@ -1709,7 +1713,7 @@ No
Summary
-Read files in the sysadm users home directory.
+Read the process state of all user domains.
@@ -1731,13 +1735,13 @@ No
-
+
- userdom_read_unpriv_user_home_files(
+ userdom_read_staff_home_files(
@@ -1751,8 +1755,7 @@ No
Summary
-Read all unprivileged users home directory
-files.
+Read files in the staff users home directory.
@@ -1774,13 +1777,13 @@ No
-
+
- userdom_read_unpriv_user_tmp_files(
+ userdom_read_sysadm_home_files(
@@ -1794,7 +1797,7 @@ No
Summary
-Read all unprivileged users temporary files.
+Read files in the sysadm users home directory.
@@ -1816,13 +1819,13 @@ No
-
+
- userdom_read_unpriv_user_tmp_symlinks(
+ userdom_read_unpriv_user_home_files(
@@ -1836,7 +1839,8 @@ No
Summary
-Read all unprivileged users temporary symbolic links.
+Read all unprivileged users home directory
+files.
@@ -1858,13 +1862,13 @@ No
-
+
- userdom_rw_sysadm_pipe(
+ userdom_read_unpriv_user_tmp_files(
@@ -1878,7 +1882,7 @@ No
Summary
-Read and write sysadm user unnamed pipes.
+Read all unprivileged users temporary files.
@@ -1900,7 +1904,91 @@ No
-
+
+
+
+
+
+
+userdom_read_unpriv_user_tmp_symlinks(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read all unprivileged users temporary symbolic links.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_rw_sysadm_pipe(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read and write sysadm user unnamed pipes.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
@@ -2016,7 +2104,7 @@ Search the staff users home directory.
domain
-Domain to not audit.
+Domain allowed access.
|
No
@@ -3173,13 +3261,13 @@ yes
-
+
- userdom_exec_user_home_files(
+ userdom_create_user_pty(
@@ -3201,14 +3289,14 @@ yes
Summary
-Execute user home files.
+Create a user pty.
Description
-Execute user home files.
+Create a user pty.
This is a templated interface, and should only
@@ -3245,13 +3333,13 @@ No
-
+
- userdom_home_file(
+ userdom_dontaudit_exec_user_home_files(
@@ -3264,7 +3352,7 @@ No
- type
+ domain
)
@@ -3273,16 +3361,14 @@ No
Summary
-Make the specified type usable in a
-user home directory.
+Do not audit attempts to execute user home files.
Description
-Make the specified type usable in a
-user home directory.
+Do not audit attempts to execute user home files.
This is a templated interface, and should only
@@ -3306,11 +3392,10 @@ No
|
|
-type
+domain
|
-Type to be used as a file in the
-user home directory.
+Domain allowed access.
|
No
@@ -3320,13 +3405,13 @@ No
-
+
- userdom_manage_user_home_subdir_files(
+ userdom_dontaudit_list_user_home_dir(
@@ -3348,16 +3433,14 @@ No
Summary
-Create, read, write, and delete files
-in a user home subdirectory.
+Do not audit attempts to list user home subdirectories.
Description
-Create, read, write, and delete files
-in a user home subdirectory.
+Do not audit attempts to list user home subdirectories.
This is a templated interface, and should only
@@ -3384,7 +3467,7 @@ No
domain
|
-Domain allowed access.
+Domain to not audit
|
No
@@ -3394,13 +3477,13 @@ No
-
+
- userdom_manage_user_home_subdir_pipes(
+ userdom_dontaudit_list_user_tmp(
@@ -3422,16 +3505,16 @@ No
Summary
-Create, read, write, and delete named pipes
-in a user home subdirectory.
+Do not audit attempts to list user
+temporary directories.
Description
-Create, read, write, and delete named pipes
-in a user home subdirectory.
+Do not audit attempts to list user
+temporary directories.
This is a templated interface, and should only
@@ -3458,7 +3541,7 @@ No
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
@@ -3468,13 +3551,13 @@ No
-
+
- userdom_manage_user_home_subdir_sockets(
+ userdom_dontaudit_list_user_tmp_untrusted_content(
@@ -3496,16 +3579,16 @@ No
Summary
-Create, read, write, and delete named sockets
-in a user home subdirectory.
+Do not audit attempts to list user
+temporary untrusted directories.
Description
-Create, read, write, and delete named sockets
-in a user home subdirectory.
+Do not audit attempts to list user
+temporary directories.
This is a templated interface, and should only
@@ -3532,7 +3615,7 @@ No
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
@@ -3542,13 +3625,13 @@ No
-
+
- userdom_manage_user_home_subdir_symlinks(
+ userdom_dontaudit_list_user_untrusted_content(
@@ -3570,16 +3653,16 @@ No
Summary
-Create, read, write, and delete symbolic links
-in a user home subdirectory.
+Do not audit attempts to list user
+untrusted directories.
Description
-Create, read, write, and delete symbolic links
-in a user home subdirectory.
+Do not audit attempts to read user
+untrusted directories.
This is a templated interface, and should only
@@ -3606,7 +3689,7 @@ No
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
@@ -3616,13 +3699,13 @@ No
-
+
- userdom_manage_user_home_subdirs(
+ userdom_dontaudit_read_user_home_files(
@@ -3644,16 +3727,14 @@ No
Summary
-Create, read, write, and delete symbolic links
-in a user home subdirectory.
+Do not audit attempts to read user home files.
Description
-Create, read, write, and delete symbolic links
-in a user home subdirectory.
+Do not audit attempts to read user home files.
This is a templated interface, and should only
@@ -3680,7 +3761,7 @@ No
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
@@ -3690,13 +3771,13 @@ No
-
+
- userdom_manage_user_tmp_dirs(
+ userdom_dontaudit_read_user_tmp_files(
@@ -3718,16 +3799,16 @@ No
Summary
-Create, read, write, and delete user
-temporary directories.
+Do not audit attempts to read users
+temporary files.
Description
-Create, read, write, and delete user
-temporary directories.
+Do not audit attempts to read users
+temporary files.
This is a templated interface, and should only
@@ -3754,7 +3835,7 @@ No
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
@@ -3764,13 +3845,13 @@ No
-
+
- userdom_manage_user_tmp_files(
+ userdom_dontaudit_read_user_tmp_untrusted_content_files(
@@ -3792,16 +3873,16 @@ No
Summary
-Create, read, write, and delete user
-temporary files.
+Do not audit attempts to read users
+temporary untrusted files.
Description
-Create, read, write, and delete user
-temporary files.
+Do not audit attempts to read users
+temporary untrusted files.
This is a templated interface, and should only
@@ -3828,7 +3909,7 @@ No
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
@@ -3838,13 +3919,13 @@ No
-
+
- userdom_manage_user_tmp_pipes(
+ userdom_dontaudit_read_user_untrusted_content_files(
@@ -3866,16 +3947,16 @@ No
Summary
-Create, read, write, and delete user
-temporary named pipes.
+Do not audit attempts to read users
+untrusted files.
Description
-Create, read, write, and delete user
-temporary named pipes.
+Do not audit attempts to read users
+untrusted files.
This is a templated interface, and should only
@@ -3902,7 +3983,7 @@ No
domain
|
-Domain allowed access.
+Domain to not audit.
|
No
@@ -3912,13 +3993,13 @@ No
-
+
- userdom_manage_user_tmp_sockets(
+ userdom_dontaudit_setattr_user_home_files(
@@ -3940,16 +4021,16 @@ No
Summary
-Create, read, write, and delete user
-temporary named sockets.
+Do not audit attempts to set the
+attributes of user home files.
Description
-Create, read, write, and delete user
-temporary named sockets.
+Do not audit attempts to set the
+attributes of user home files.
This is a templated interface, and should only
@@ -3986,13 +4067,13 @@ No
-
+
- userdom_manage_user_tmp_symlinks(
+ userdom_dontaudit_use_user_terminals(
@@ -4014,16 +4095,16 @@ No
Summary
-Create, read, write, and delete user
-temporary symbolic links.
+Do not audit attempts to read and write
+a user domain tty and pty.
Description
-Create, read, write, and delete user
-temporary symbolic links.
+Do not audit attempts to read and write
+a user domain tty and pty.
This is a templated interface, and should only
@@ -4060,13 +4141,13 @@ No
-
+
- userdom_read_user_home_files(
+ userdom_exec_user_home_files(
@@ -4088,14 +4169,14 @@ No
Summary
-Read user home files.
+Execute user home files.
Description
-Read user home files.
+Execute user home files.
This is a templated interface, and should only
@@ -4132,13 +4213,13 @@ No
-
+
- userdom_search_user_home(
+ userdom_home_file(
@@ -4151,7 +4232,7 @@ No
- domain
+ type
)
@@ -4160,14 +4241,16 @@ No
Summary
-Search user home directories.
+Make the specified type usable in a
+user home directory.
Description
-Search user home directories.
+Make the specified type usable in a
+user home directory.
This is a templated interface, and should only
@@ -4191,10 +4274,11 @@ No
|
|
-domain
+type
|
-Domain allowed access.
+Type to be used as a file in the
+user home directory.
|
No
@@ -4204,13 +4288,13 @@ No
-
+
- userdom_use_user_terminals(
+ userdom_list_user_tmp(
@@ -4232,14 +4316,1863 @@ No
Summary
-Read and write a user domain tty and pty.
+List user temporary directories.
Description
-Read and write a user domain tty and pty.
+List user temporary directories.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+userdom_list_user_tmp_untrusted_content(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+List users temporary untrusted directories.
+
+
+
+ Description
+
+
+List users temporary untrusted directories.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_list_user_untrusted_content(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+List users untrusted directories.
+
+
+
+ Description
+
+
+List users untrusted directories.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_manage_user_home_subdir_files(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete files
+in a user home subdirectory.
+
+
+
+ Description
+
+
+Create, read, write, and delete files
+in a user home subdirectory.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_manage_user_home_subdir_pipes(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete named pipes
+in a user home subdirectory.
+
+
+
+ Description
+
+
+Create, read, write, and delete named pipes
+in a user home subdirectory.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_manage_user_home_subdir_sockets(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete named sockets
+in a user home subdirectory.
+
+
+
+ Description
+
+
+Create, read, write, and delete named sockets
+in a user home subdirectory.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_manage_user_home_subdir_symlinks(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete symbolic links
+in a user home subdirectory.
+
+
+
+ Description
+
+
+Create, read, write, and delete symbolic links
+in a user home subdirectory.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_manage_user_home_subdirs(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete directories
+in a user home subdirectory.
+
+
+
+ Description
+
+
+Create, read, write, and delete directories
+in a user home subdirectory.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_manage_user_tmp_dirs(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete user
+temporary directories.
+
+
+
+ Description
+
+
+Create, read, write, and delete user
+temporary directories.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_manage_user_tmp_files(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete user
+temporary files.
+
+
+
+ Description
+
+
+Create, read, write, and delete user
+temporary files.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_manage_user_tmp_pipes(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete user
+temporary named pipes.
+
+
+
+ Description
+
+
+Create, read, write, and delete user
+temporary named pipes.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_manage_user_tmp_sockets(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete user
+temporary named sockets.
+
+
+
+ Description
+
+
+Create, read, write, and delete user
+temporary named sockets.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_manage_user_tmp_symlinks(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Create, read, write, and delete user
+temporary symbolic links.
+
+
+
+ Description
+
+
+Create, read, write, and delete user
+temporary symbolic links.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_read_user_home_files(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read user home files.
+
+
+
+ Description
+
+
+Read user home files.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_read_user_home_symlinks(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read user home subdirectory symbolic links.
+
+
+
+ Description
+
+
+Read user home subdirectory symbolic links.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_read_user_tmp_files(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read user temporary files.
+
+
+
+ Description
+
+
+Read user temporary files.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_read_user_tmp_symlinks(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read user
+temporary symbolic links.
+
+
+
+ Description
+
+
+Read user
+temporary symbolic links.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_read_user_tmp_untrusted_content_files(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read user temporary untrusted files.
+
+
+
+ Description
+
+
+Read user temporary untrusted files.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_read_user_tmp_untrusted_content_symlinks(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read user temporary untrusted symbolic links.
+
+
+
+ Description
+
+
+Read user temporary untrusted symbolic links.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_read_user_untrusted_content_files(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read user untrusted files.
+
+
+
+ Description
+
+
+Read user untrusted files.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_read_user_untrusted_content_symlinks(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read user untrusted symbolic links.
+
+
+
+ Description
+
+
+Read user untrusted symbolic links.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_search_user_home(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Search user home directories.
+
+
+
+ Description
+
+
+Search user home directories.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_setattr_user_pty(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Set the attributes of a user pty.
+
+
+
+ Description
+
+
+Set the attributes of a user pty.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_use_user_terminals(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Read and write a user domain tty and pty.
+
+
+
+ Description
+
+
+Read and write a user domain tty and pty.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_user_home_domtrans(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ source_domain
+
+
+
+ ,
+
+
+
+ target_domain
+
+
+ )
+
+
+
+ Summary
+
+Do a domain transition to the specified
+domain when executing a program in the
+user home directory.
+
+
+
+ Description
+
+
+Do a domain transition to the specified
+domain when executing a program in the
+user home directory.
+
+
+No interprocess communication (signals, pipes,
+etc.) is provided by this interface since
+the domains are not owned by this module.
+
+
+This is a templated interface, and should only
+be called from a per-userdomain template.
+
+
+
+ Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+source_domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+|
+target_domain
+ |
+
+Domain to transition to.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+userdom_write_user_tmp_sockets(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+ Summary
+
+Write to user temporary named sockets.
+
+
+
+ Description
+
+
+Write to user temporary named sockets.
This is a templated interface, and should only
diff --git a/www/api-docs/templates.html b/www/api-docs/templates.html
index 35a8a0f..59bdb3b 100644
--- a/www/api-docs/templates.html
+++ b/www/api-docs/templates.html
@@ -16,6 +16,9 @@
-
acct
+ -
+ alsa
+
-
amanda
@@ -25,6 +28,9 @@
-
consoletype
+ -
+ ddcprobe
+
-
dmesg
@@ -40,12 +46,21 @@
-
logrotate
+ -
+ logwatch
+
-
netutils
+ -
+ prelink
+
-
quota
+ -
+ readahead
+
-
rpm
@@ -61,9 +76,15 @@
-
updfstab
+ -
+ usbmodules
+
-
usermanage
+ -
+ vbetool
+
-
vpn
@@ -73,12 +94,30 @@
apps
+ -
+ cdrecord
+
-
gpg
+ -
+ irc
+
+ -
+ java
+
-
loadkeys
+ -
+ lockdev
+
+ -
+ screen
+
+ -
+ slocate
+
-
webalizer
@@ -139,6 +178,9 @@
-
arpwatch
+ -
+ automount
+
-
avahi
@@ -184,9 +226,15 @@
-
distcc
+ -
+ djbdns
+
-
dovecot
+ -
+ fetchmail
+
-
finger
@@ -247,6 +295,9 @@
-
ntp
+ -
+ openct
+
-
pegasus
@@ -268,6 +319,9 @@
-
procmail
+ -
+ publicfile
+
-
radius
@@ -283,6 +337,9 @@
-
rlogin
+ -
+ roundup
+
-
rpc
@@ -301,6 +358,12 @@
-
sendmail
+ -
+ slrnpull
+
+ -
+ smartmon
+
-
snmp
@@ -316,6 +379,9 @@
-
stunnel
+ -
+ sysstat
+
-
tcpd
@@ -328,6 +394,9 @@
-
timidity
+ -
+ ucspitcp
+
-
uucp
@@ -352,6 +421,9 @@
-
clock
+ -
+ daemontools
+
-
fstools
@@ -564,6 +636,32 @@ for a user domain.
+Module:
+authlogin
+Layer:
+system
+
+
+authlogin_common_auth_domain_template(
+
+
+
+
+ userdomain_prefix
+
+
+ )
+
+
+
+
+Common template to create a domain for authentication.
+
+
+
+
+
+
+Module:
+cdrecord
+Layer:
+apps
+
+
+cdrecord_per_userdomain_template(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ user_domain
+
+
+
+ ,
+
+
+
+ user_role
+
+
+ )
+
+
+
+
+The per user domain template for the cdrecord module.
+
+
+
+
+
+
+Module:
+djbdns
+Layer:
+services
+
+
+djbdns_daemontools_domain_template(
+
+
+
+
+ prefix
+
+
+ )
+
+
+
+
+Create a set of derived types for djbdns
+components that are directly supervised by daemontools.
+
+
+
+
+
+
+Module:
+irc
+Layer:
+apps
+
+
+irc_per_userdomain_template(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ user_domain
+
+
+
+ ,
+
+
+
+ user_role
+
+
+ )
+
+
+
+
+The per user domain template for the irc module.
+
+
+
+
+
+
+Module:
+java
+Layer:
+apps
+
+
+java_per_userdomain_template(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ user_domain
+
+
+
+ ,
+
+
+
+ user_role
+
+
+ )
+
+
+
+
+The per user domain template for the java module.
+
+
+
+
+
+
+Module:
+lockdev
+Layer:
+apps
+
+
+lockdev_per_userdomain_template(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ user_domain
+
+
+
+ ,
+
+
+
+ user_role
+
+
+ )
+
+
+
+
+The per user domain template for the lockdev module.
+
+
+
+
+
+
-Module:
-spamassassin
-Layer:
-services
+Module:
+screen
+Layer:
+apps
- spamassassin_per_userdomain_template(
+ screen_per_userdomain_template(
@@ -1244,20 +1537,20 @@ services
-The per user domain template for the spamassassin module.
+The per user domain template for the screen module.
-Module:
-ssh
+Module:
+spamassassin
Layer:
services
- ssh_per_userdomain_template(
+ spamassassin_per_userdomain_template(
@@ -1286,20 +1579,20 @@ services
-The per user domain template for the ssh module.
+The per user domain template for the spamassassin module.
-Module:
+Module:
ssh
Layer:
services
- ssh_server_template(
+ ssh_per_userdomain_template(
@@ -1307,21 +1600,63 @@ services
userdomain_prefix
- )
-
-
-
-
-The template to define a ssh server.
-
-
-
-
-
-
+
+
+
+The per user domain template for the ssh module.
+
+
+
+
+
+
+Module:
+ssh
+Layer:
+services
+
+
+ssh_server_template(
+
+
+
+
+ userdomain_prefix
+
+
+ )
+
+
+
+
+The template to define a ssh server.
+
+
+
+
+
+
+Module:
+su
+Layer:
admin
@@ -1539,13 +1874,13 @@ system
-Module:
+Module:
userdomain
Layer:
system
- userdom_exec_user_home_files(
+ userdom_create_user_pty(
@@ -1566,20 +1901,20 @@ system
-Execute user home files.
+Create a user pty.
-Module:
+Module:
userdomain
Layer:
system
- userdom_home_file(
+ userdom_dontaudit_exec_user_home_files(
@@ -1592,7 +1927,7 @@ system
- type
+ domain
)
@@ -1600,21 +1935,20 @@ system
-Make the specified type usable in a
-user home directory.
+Do not audit attempts to execute user home files.
-Module:
+Module:
userdomain
Layer:
system
- userdom_manage_user_home_subdir_files(
+ userdom_dontaudit_list_user_home_dir(
@@ -1635,21 +1969,20 @@ system
-Create, read, write, and delete files
-in a user home subdirectory.
+Do not audit attempts to list user home subdirectories.
-Module:
+Module:
userdomain
Layer:
system
- userdom_manage_user_home_subdir_pipes(
+ userdom_dontaudit_list_user_tmp(
@@ -1670,21 +2003,21 @@ system
-Create, read, write, and delete named pipes
-in a user home subdirectory.
+Do not audit attempts to list user
+temporary directories.
-Module:
+Module:
userdomain
Layer:
system
- userdom_manage_user_home_subdir_sockets(
+ userdom_dontaudit_list_user_tmp_untrusted_content(
@@ -1705,21 +2038,21 @@ system
-Create, read, write, and delete named sockets
-in a user home subdirectory.
+Do not audit attempts to list user
+temporary untrusted directories.
-Module:
+Module:
userdomain
Layer:
system
- userdom_manage_user_home_subdir_symlinks(
+ userdom_dontaudit_list_user_untrusted_content(
@@ -1740,21 +2073,21 @@ system
-Create, read, write, and delete symbolic links
-in a user home subdirectory.
+Do not audit attempts to list user
+untrusted directories.
-Module:
+Module:
userdomain
Layer:
system
- userdom_manage_user_home_subdirs(
+ userdom_dontaudit_read_user_home_files(
@@ -1775,21 +2108,20 @@ system
-Create, read, write, and delete symbolic links
-in a user home subdirectory.
+Do not audit attempts to read user home files.
-Module:
+Module:
userdomain
Layer:
system
- userdom_manage_user_tmp_dirs(
+ userdom_dontaudit_read_user_tmp_files(
@@ -1810,21 +2142,21 @@ system
-Create, read, write, and delete user
-temporary directories.
+Do not audit attempts to read users
+temporary files.
-Module:
+Module:
userdomain
Layer:
system
- userdom_manage_user_tmp_files(
+ userdom_dontaudit_read_user_tmp_untrusted_content_files(
@@ -1845,21 +2177,21 @@ system
-Create, read, write, and delete user
-temporary files.
+Do not audit attempts to read users
+temporary untrusted files.
-Module:
+Module:
userdomain
Layer:
system
- userdom_manage_user_tmp_pipes(
+ userdom_dontaudit_read_user_untrusted_content_files(
@@ -1880,21 +2212,21 @@ system
-Create, read, write, and delete user
-temporary named pipes.
+Do not audit attempts to read users
+untrusted files.
-Module:
+Module:
userdomain
Layer:
system
- userdom_manage_user_tmp_sockets(
+ userdom_dontaudit_setattr_user_home_files(
@@ -1915,21 +2247,21 @@ system
-Create, read, write, and delete user
-temporary named sockets.
+Do not audit attempts to set the
+attributes of user home files.
-Module:
+Module:
userdomain
Layer:
system
- userdom_manage_user_tmp_symlinks(
+ userdom_dontaudit_use_user_terminals(
@@ -1950,21 +2282,21 @@ system
-Create, read, write, and delete user
-temporary symbolic links.
+Do not audit attempts to read and write
+a user domain tty and pty.
-Module:
+Module:
userdomain
Layer:
system
- userdom_read_user_home_files(
+ userdom_exec_user_home_files(
@@ -1985,20 +2317,55 @@ system
-Read user home files.
+Execute user home files.
-Module:
+Module:
userdomain
Layer:
system
-userdom_search_user_home(
+userdom_home_file(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ type
+
+
+ )
+
+
+
+
+Make the specified type usable in a
+user home directory.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+ userdom_list_user_tmp(
@@ -2019,20 +2386,20 @@ system
-Search user home directories.
+List user temporary directories.
-Module:
+Module:
userdomain
Layer:
system
- userdom_use_user_terminals(
+ userdom_list_user_tmp_untrusted_content(
@@ -2053,7 +2420,844 @@ system
-Read and write a user domain tty and pty.
+List users temporary untrusted directories.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_list_user_untrusted_content(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+List users untrusted directories.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_manage_user_home_subdir_files(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete files
+in a user home subdirectory.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_manage_user_home_subdir_pipes(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete named pipes
+in a user home subdirectory.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_manage_user_home_subdir_sockets(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete named sockets
+in a user home subdirectory.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_manage_user_home_subdir_symlinks(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete symbolic links
+in a user home subdirectory.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_manage_user_home_subdirs(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete directories
+in a user home subdirectory.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_manage_user_tmp_dirs(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete user
+temporary directories.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_manage_user_tmp_files(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete user
+temporary files.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_manage_user_tmp_pipes(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete user
+temporary named pipes.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_manage_user_tmp_sockets(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete user
+temporary named sockets.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_manage_user_tmp_symlinks(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, read, write, and delete user
+temporary symbolic links.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_read_user_home_files(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read user home files.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_read_user_home_symlinks(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read user home subdirectory symbolic links.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_read_user_tmp_files(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read user temporary files.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_read_user_tmp_symlinks(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read user
+temporary symbolic links.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_read_user_tmp_untrusted_content_files(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read user temporary untrusted files.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_read_user_tmp_untrusted_content_symlinks(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read user temporary untrusted symbolic links.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_read_user_untrusted_content_files(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read user untrusted files.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_read_user_untrusted_content_symlinks(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read user untrusted symbolic links.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_search_user_home(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Search user home directories.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_setattr_user_pty(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Set the attributes of a user pty.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_use_user_terminals(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read and write a user domain tty and pty.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_user_home_domtrans(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ source_domain
+
+
+
+ ,
+
+
+
+ target_domain
+
+
+ )
+
+
+
+
+Do a domain transition to the specified
+domain when executing a program in the
+user home directory.
+
+
+
+
+
+
+Module:
+userdomain
+Layer:
+system
+
+
+userdom_write_user_tmp_sockets(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Write to user temporary named sockets.
diff --git a/www/html/Changelog.txt b/www/html/Changelog.txt
index 20895fb..db66471 100644
--- a/www/html/Changelog.txt
+++ b/www/html/Changelog.txt
@@ -1,6 +1,50 @@
+* Tue Jan 17 2006 Chris PeBenito - 20060117
+- Adds support for generating corenetwork interfaces based on attributes
+ in addition to types.
+- Permits the listing of multiple nodes in a network_node() that will be
+ given the same type.
+- Add two new permission sets for stream sockets.
+- Rename file type transition interfaces verb from create to
+ filetrans to differentiate it from create interfaces without
+ type transitions.
+- Fix expansion of interfaces from disabled modules.
+- Rsync can be long running from init,
+ added rules to allow this.
+- Add polyinstantiation build option.
+- Add setcontext to the association object class.
+- Add apache relay and db connect tunables.
+- Rename texrel_shlib_t to textrel_shlib_t.
+- Add swat to samba module.
+- Numerous miscellaneous fixes from Dan Walsh.
+- Added modules:
+ alsa
+ automount
+ cdrecord
+ daemontools (Petre Rodan)
+ ddcprobe
+ djbdns (Petre Rodan)
+ fetchmail
+ irc
+ java
+ lockdev
+ logwatch (Dan Walsh)
+ openct
+ prelink (Dan Walsh)
+ publicfile (Petre Rodan)
+ readahead
+ roundup
+ screen
+ slocate (Dan Walsh)
+ slrnpull
+ smartmon
+ sysstat
+ ucspitcp (Petre Rodan)
+ usbmodules
+ vbetool (Dan Walsh)
+
* Wed Dec 07 2005 Chris PeBenito - 20051207
-- Add unlabeled IPSEC association to domains with
- networking permsiisions.
+- Add unlabeled IPSEC association rule to domains with
+ networking permissions.
- Merge systemuser back in to users, as these files
do not need to be split.
- Add check for duplicate interface/template definitions.
diff --git a/www/html/status.html b/www/html/status.html
index 9842931..2ed9bf1 100644
--- a/www/html/status.html
+++ b/www/html/status.html
@@ -1,13 +1,12 @@
Status
-Current Version: 20051207
+Current Version: 20060117
See download for download
information. Details of this release are part of the changelog.
This release focused on preparating the policy for use as the Fedora
- Core targeted policy. Currently both strict and targeted policies can
- be built. MLS policies can be built, but the policy has not been tested
- on running systems. MCS support has also been added, and is being tested
- with the targeted policy in the Fedora development repositories (Rawhide).
+ Core MLS policy. Currently both strict and targeted policies can
+ be built. MLS policies can be built, but the policy is still undergoing
+ testing on running systems.
Status and Tasks
@@ -253,11 +252,6 @@ converted:
|
|
- | daemontools |
- daemontools.te daemontools.fc daemontools_macros.te |
- Petre Rodan |
-
-
| dante |
dante.te dante.fc |
|
@@ -273,11 +267,6 @@ converted:
|
- | djbdns |
- djbdns.te djbdns.fc |
- Petre Rodan |
-
-
| dnsmasq |
dnsmasq.te dnsmasq.fc |
|
@@ -348,11 +337,6 @@ converted:
|
- | java + |
- java.te java.fc java_macros.te |
- Tresys |
-
-
| lcd |
lcd.te lcd.fc |
|
@@ -423,11 +407,6 @@ converted:
|
- | publicfile |
- publicfile.te publicfile.fc |
- Petre Rodan |
-
-
| pxe |
pxe.te pxe.fc |
|
@@ -463,19 +442,14 @@ converted:
|
- | slocate + |
- slocate.te slocate.fc slocate_macros.te |
- Tresys |
-
-
| snort |
snort.te snort.fc |
|
- | sound + |
- alsa.te alsa.fc sound.te sound.fc sound-server.te sound-server.fc |
- Tresys |
+ sound-server + |
+ sound-server.te sound-server.fc |
+ |
| speedtouch |
@@ -493,11 +467,6 @@ converted:
|
- | tinydns |
- tinydns.te tinydns.fc |
- |
-
-
| transproxy |
transproxy.te transproxy.fc |
|
@@ -513,11 +482,6 @@ converted:
|
- | ucspi-tcp |
- ucspi-tcp.te ucspi-tcp.fc |
- Petre Rodan |
-
-
| uml + |
uml.te uml.fc uml_macros.te uml_net.te uml_net.fc |
|
| | | | | | | | | | | | |