Layer: admin

-Layer: -system

+Layer: +kernel

+
+corecmd_bin_alias(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create a aliased type to generic bin files. +

+ +

+Module: +corecommands

+Layer: +kernel

 
 corecmd_bin_domtrans(
@@ -3329,10 +4073,36 @@ in the specified domain.

-Layer: -system

+Layer: +kernel

+
+corecmd_check_exec_shell(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Check if a shell is executable (DAC-wise). +

+ +

+Module: +corecommands

+Layer: +kernel

 
 corecmd_dontaudit_getattr_sbin_file(
@@ -3355,10 +4125,37 @@ Summary is missing!

-Layer: -system

+Layer: +kernel

+
+corecmd_dontaudit_search_sbin(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to search +sbin directories. +

+ +

+Module: +corecommands

+Layer: +kernel

 
 corecmd_exec_bin(
@@ -3381,10 +4178,10 @@ Summary is missing!

-Layer: -system

+Layer: +kernel

 
 corecmd_exec_chroot(
@@ -3407,10 +4204,10 @@ Summary is missing!

-Layer: -system

+Layer: +kernel

 
 corecmd_exec_ls(
@@ -3433,10 +4230,10 @@ Summary is missing!

-Layer: -system

+Layer: +kernel

 
 corecmd_exec_sbin(
@@ -3459,10 +4256,10 @@ Summary is missing!

-Layer: -system

+Layer: +kernel

 
 corecmd_exec_shell(
@@ -3485,10 +4282,10 @@ Summary is missing!

-Layer: -system

+Layer: +kernel

 
 corecmd_getattr_bin_file(
@@ -3511,10 +4308,10 @@ Get the attributes of files in bin directories.

-Layer: -system

+Layer: +kernel

 
 corecmd_getattr_sbin_file(
@@ -3537,10 +4334,10 @@ Summary is missing!

-Layer: -system

+Layer: +kernel

 
 corecmd_list_bin(
@@ -3563,10 +4360,10 @@ Summary is missing!

-Layer: -system

+Layer: +kernel

 
 corecmd_list_sbin(
@@ -3589,10 +4386,10 @@ Summary is missing!

-Layer: -system

+Layer: +kernel

 
 corecmd_read_bin_file(
@@ -3615,10 +4412,10 @@ Read files in bin directories.

-Layer: -system

+Layer: +kernel

 
 corecmd_read_bin_pipe(
@@ -3641,10 +4438,10 @@ Read pipes in bin directories.

-Layer: -system

+Layer: +kernel

 
 corecmd_read_bin_socket(
@@ -3667,10 +4464,10 @@ Read named sockets in bin directories.

-Layer: -system

+Layer: +kernel

 
 corecmd_read_bin_symlink(
@@ -3693,10 +4490,10 @@ Read symbolic links in bin directories.

-Layer: -system

+Layer: +kernel

 
 corecmd_read_sbin_file(
@@ -3719,10 +4516,10 @@ Read files in sbin directories.

-Layer: -system

+Layer: +kernel

 
 corecmd_read_sbin_pipe(
@@ -3745,10 +4542,10 @@ Read named pipes in sbin directories.

-Layer: -system

+Layer: +kernel

 
 corecmd_read_sbin_socket(
@@ -3771,10 +4568,10 @@ Read named sockets in sbin directories.

-Layer: -system

+Layer: +kernel

 
 corecmd_read_sbin_symlink(
@@ -3797,10 +4594,10 @@ Read symbolic links in sbin directories.

-Layer: -system

+Layer: +kernel

 
 corecmd_sbin_domtrans(
@@ -3832,10 +4629,10 @@ in the specified domain.

-Layer: -system

+Layer: +kernel

 
 corecmd_search_bin(
@@ -3858,10 +4655,10 @@ Summary is missing!

-Layer: -system

+Layer: +kernel

 
 corecmd_search_sbin(
@@ -3884,10 +4681,10 @@ Summary is missing!

-Layer: -system

+Layer: +kernel

 
 corecmd_shell_domtrans(
@@ -3918,10 +4715,10 @@ Execute a shell in the specified domain.

-Layer: -system

+Layer: +kernel

 
 corecmd_shell_entry_type(
@@ -3944,10 +4741,10 @@ Make the shell an entrypoint for the specified domain.

-Layer: -system

+Layer: +kernel

 
 corecmd_shell_spec_domtrans(
@@ -4059,6 +4856,60 @@ Do not audit attempts to bind UDP sockets to all reserved ports.

+Module: +corenetwork

+Layer: +kernel

+
+corenet_non_ipsec_sendrecv(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive messages on a +non-encrypted (no IPSEC) network +session. +

+ +

+Module: +corenetwork

+Layer: +kernel

+
+corenet_raw_bind_all_nodes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Bind raw sockets to all nodes. +

+ +

Module: corenetwork

Layer: @@ -5411,6 +6262,32 @@ Bind TCP sockets to node compat_ipv4.

+Layer: +kernel

+
+corenet_tcp_bind_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Bind TCP sockets to the comsat port. +

+ +

Module: corenetwork

Layer: @@ -5567,6 +6444,32 @@ Bind TCP sockets to the dict port.

+Layer: +kernel

+
+corenet_tcp_bind_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Bind TCP sockets to the distccd port. +

+ +

Module: corenetwork

Layer: @@ -5671,6 +6574,32 @@ Bind TCP sockets to the ftp port.

+Layer: +kernel

+
+corenet_tcp_bind_gatekeeper_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Bind TCP sockets to the gatekeeper port. +

+ +

Module: corenetwork

Layer: @@ -5879,6 +6808,32 @@ Bind TCP sockets to the http port.

Layer: @@ -6893,6 +7848,32 @@ Bind TCP sockets to generic reserved ports.

+Layer: +kernel

+
+corenet_tcp_bind_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Bind TCP sockets to the i18n_input port. +

+ +

Module: corenetwork

Layer: @@ -7803,6 +8784,32 @@ Make a TCP connection to the clockspeed port.

+Layer: +kernel

+
+corenet_tcp_bind_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Bind TCP sockets to the rlogind port. +

+ +

Module: corenetwork

+Layer: +kernel

+
+corenet_tcp_connect_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Make a TCP connection to the comsat port. +

+ +

Module: corenetwork

Layer: @@ -7959,6 +8966,32 @@ Make a TCP connection to the dict port.

+Layer: +kernel

+
+corenet_tcp_connect_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Make a TCP connection to the distccd port. +

+ +

Module: corenetwork

Layer: @@ -8063,6 +9096,32 @@ Make a TCP connection to the ftp port.

+Layer: +kernel

+
+corenet_tcp_connect_gatekeeper_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Make a TCP connection to the gatekeeper port. +

+ +

Module: corenetwork

Layer: @@ -8245,6 +9304,32 @@ Make a TCP connection to the http port.

Layer: @@ -9129,6 +10214,32 @@ Connect TCP sockets to generic reserved ports.

+Layer: +kernel

+
+corenet_tcp_connect_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Make a TCP connection to the i18n_input port. +

+ +

Module: corenetwork

Layer: @@ -10065,6 +11176,32 @@ Send and receive TCP traffic on the compat_ipv4 node.

+Layer: +kernel

+
+corenet_tcp_connect_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Make a TCP connection to the rlogind port. +

+ +

Module: corenetwork

Layer: @@ -10221,6 +11358,32 @@ Send and receive TCP traffic on the dict port.

+Layer: +kernel

+
+corenet_tcp_sendrecv_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive TCP traffic on the comsat port. +

+ +

Module: corenetwork

Layer: @@ -10325,6 +11488,32 @@ Send and receive TCP traffic on the ftp port.

+Layer: +kernel

+
+corenet_tcp_sendrecv_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive TCP traffic on the distccd port. +

+ +

Module: corenetwork

Layer: @@ -10559,6 +11748,32 @@ Send and receive TCP traffic on the http port.

+Layer: +kernel

+
+corenet_tcp_sendrecv_gatekeeper_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive TCP traffic on the gatekeeper port. +

+ +

Module: corenetwork

Layer: @@ -11573,6 +12788,32 @@ Send and receive TCP network traffic on generic reserved ports.

+Layer: +kernel

+
+corenet_tcp_sendrecv_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive TCP traffic on the i18n_input port. +

+ +

Module: corenetwork

Layer: @@ -12535,6 +13776,32 @@ Bind UDP sockets to the compat_ipv4 node.

+Layer: +kernel

+
+corenet_tcp_sendrecv_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive TCP traffic on the rlogind port. +

+ +

Module: corenetwork

+Layer: +kernel

+
+corenet_udp_bind_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Bind UDP sockets to the comsat port. +

+ +

Module: corenetwork

Layer: @@ -12691,6 +13958,32 @@ Bind UDP sockets to the dict port.

+Layer: +kernel

+
+corenet_udp_bind_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Bind UDP sockets to the distccd port. +

+ +

Module: corenetwork

Layer: @@ -12795,6 +14088,32 @@ Bind UDP sockets to the ftp port.

+Layer: +kernel

+
+corenet_udp_bind_gatekeeper_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Bind UDP sockets to the gatekeeper port. +

+ +

Module: corenetwork

Layer: @@ -13003,6 +14322,32 @@ Bind UDP sockets to the http port.

Layer: @@ -14017,6 +15362,32 @@ Bind UDP sockets to generic reserved ports.

+Layer: +kernel

+
+corenet_udp_bind_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Bind UDP sockets to the i18n_input port. +

+ +

Module: corenetwork

Layer: @@ -15005,6 +16376,32 @@ Receive UDP traffic on the compat_ipv4 node.

+Layer: +kernel

+
+corenet_udp_bind_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Bind UDP sockets to the rlogind port. +

+ +

Module: corenetwork

+Layer: +kernel

+
+corenet_udp_receive_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Receive UDP traffic on the comsat port. +

+ +

Module: corenetwork

Layer: @@ -15161,6 +16558,32 @@ Receive UDP traffic on the dict port.

+Layer: +kernel

+
+corenet_udp_receive_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Receive UDP traffic on the distccd port. +

+ +

Module: corenetwork

Layer: @@ -15265,6 +16688,32 @@ Receive UDP traffic on the ftp port.

+Layer: +kernel

+
+corenet_udp_receive_gatekeeper_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Receive UDP traffic on the gatekeeper port. +

+ +

Module: corenetwork

Layer: @@ -15499,6 +16948,32 @@ Receive UDP traffic on the http port.

Layer: @@ -16513,6 +17988,32 @@ Receive UDP network traffic on generic reserved ports.

+Layer: +kernel

+
+corenet_udp_receive_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Receive UDP traffic on the i18n_input port. +

+ +

Module: corenetwork

Layer: @@ -17501,6 +19002,32 @@ Send UDP traffic on the compat_ipv4 node.

+Layer: +kernel

+
+corenet_udp_receive_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Receive UDP traffic on the rlogind port. +

+ +

Module: corenetwork

+Layer: +kernel

+
+corenet_udp_send_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send UDP traffic on the comsat port. +

+ +

Module: corenetwork

Layer: @@ -17657,6 +19184,32 @@ Send UDP traffic on the dict port.

+Layer: +kernel

+
+corenet_udp_send_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send UDP traffic on the distccd port. +

+ +

Module: corenetwork

Layer: @@ -17761,6 +19314,32 @@ Send UDP traffic on the ftp port.

+Layer: +kernel

+
+corenet_udp_send_gatekeeper_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send UDP traffic on the gatekeeper port. +

+ +

Module: corenetwork

Layer: @@ -17995,6 +19574,32 @@ Send UDP traffic on the http port.

Layer: @@ -19009,6 +20614,32 @@ Send UDP network traffic on generic reserved ports.

+Layer: +kernel

+
+corenet_udp_send_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send UDP traffic on the i18n_input port. +

+ +

Module: corenetwork

Layer: @@ -19997,6 +21628,32 @@ Send and receive UDP traffic on the compat_ipv4 node.

+Layer: +kernel

+
+corenet_udp_send_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send UDP traffic on the rlogind port. +

+ +

Module: corenetwork

Layer: @@ -20153,6 +21810,32 @@ Send and receive UDP traffic on the dict port.

+Layer: +kernel

+
+corenet_udp_sendrecv_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive UDP traffic on the comsat port. +

+ +

Module: corenetwork

Layer: @@ -20257,6 +21940,32 @@ Send and receive UDP traffic on the ftp port.

+Layer: +kernel

+
+corenet_udp_sendrecv_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive UDP traffic on the distccd port. +

+ +

Module: corenetwork

Layer: @@ -20491,6 +22200,32 @@ Send and receive UDP traffic on the http port.

+Layer: +kernel

+
+corenet_udp_sendrecv_gatekeeper_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive UDP traffic on the gatekeeper port. +

+ +

Module: corenetwork

Layer: @@ -21505,6 +23240,32 @@ Send and receive UDP network traffic on generic reserved ports.

+Layer: +kernel

+
+corenet_udp_sendrecv_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive UDP traffic on the i18n_input port. +

+ +

Module: corenetwork

Layer: @@ -22159,6 +23920,85 @@ CPUcontrol stub interface. No access allowed.

+Layer: +kernel

+
+corenet_udp_sendrecv_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive UDP traffic on the rlogind port. +

+ +

Module: corenetwork

+Module: +cron

+Layer: +services

+
+cron_crw_tcp_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, and write a cron daemon TCP socket. +

+ +

+Module: +cron

+Layer: +services

+
+cron_domtrans_anacron_system_job(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute APM in the apm domain. +

+ +

+Module: +cron

+Layer: +services

+
+cron_dontaudit_append_system_job_tmp_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to append temporary +files from the system cron jobs. +

+ +

Module: cron

Layer: @@ -22237,6 +24077,32 @@ Read and write a cron daemon unnamed pipe.

+Module: +cron

+Layer: +services

+
+cron_rw_system_job_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write a system cron job unnamed pipe. +

+ +

Module: cron

Layer: @@ -22397,7 +24263,218 @@ services

-Wrate a system cron job unnamed pipe. +Write a system cron job unnamed pipe. +

+ +

+Module: +cups

+Layer: +services

+
+cups_dbus_chat(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive messages from +cups over dbus. +

+ +

+Module: +cups

+Layer: +services

+
+cups_dbus_chat_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive messages from +cupsd_config over dbus. +

+ +

+Module: +cups

+Layer: +services

+
+cups_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute cups in the cups domain. +

+ +

+Module: +cups

+Layer: +services

+
+cups_domtrans_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute cups_config in the cups_config domain. +

+ +

+Module: +cups

+Layer: +services

+
+cups_read_log(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read cups log files. +

+ +

+Module: +cups

+Layer: +services

+
+cups_read_rw_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read cups-writable configuration files. +

+ +

+Module: +cups

+Layer: +services

+
+cups_signal_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send generic signals to the cups +configuration daemon. +

+ +

+Module: +cups

+Layer: +services

+
+cups_stream_connect_ptal(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Connect to ptal over an unix domain stream socket.

@@ -22430,6 +24507,33 @@ Read the CVS data and metadata.

+Module: +cyrus

+Layer: +services

+
+cyrus_manage_data(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow caller to create, read, write, +and delete cyrus data files. +

+ +

Module: dbus

Layer: @@ -22483,6 +24587,36 @@ Send a message on the system DBUS.

+Module: +dbus

+Layer: +services

+
+dbus_stub(
+	
+		
+		
+		
+			[
+		
+		domain
+		
+			]
+		
+	
+	)

+

+ +

+DBUS stub interface. No access allowed. +

+ +

Module: dbus

Layer: @@ -22509,6 +24643,86 @@ Allow unconfined access to the system DBUS.

+Module: +devices

+Layer: +kernel

+
+dev_append_printer(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Append the printer device. +

+ +

+Module: +devices

+Layer: +kernel

+
+dev_associate_usbfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount a usbfs filesystem. +

+ +

+Module: +devices

+Layer: +kernel

+
+dev_create_cardmgr(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete +the PCMCIA card manager device +with the correct type. +

+ +

Module: devices

Layer: @@ -22893,6 +25107,33 @@ the scanner device.

+Module: +devices

+Layer: +kernel

+
+dev_dontaudit_getattr_usbfs_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to get the attributes +of a directory in the usb filesystem. +

+ +

Module: devices

Layer: @@ -23604,6 +25845,32 @@ Get the attributes of the mouse devices.

+Module: +devices

+Layer: +kernel

+
+dev_getattr_mtrr(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of the mtrr device. +

+ +

Module: devices

Layer: @@ -23916,13 +26183,13 @@ Read, write, create, and delete all character device files.

-Module: +Module: devices

Layer: kernel

-dev_manage_dev_nodes( +dev_manage_cardmgr( @@ -23935,20 +26202,21 @@ kernel

-Create, delete, read, and write device nodes in device directories. +Create, read, write, and delete +the PCMCIA card manager device.

-Module: +Module: devices

Layer: kernel

-dev_manage_generic_blk_file( +dev_manage_dev_nodes( @@ -23961,8 +26229,7 @@ kernel

-Allow read, write, create, and delete for generic -block files. +Create, delete, read, and write device nodes in device directories.

@@ -24621,6 +26888,32 @@ Read and write the apm bios.

+Module: +devices

+Layer: +kernel

+
+dev_rw_cardmgr(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write the PCMCIA card manager device. +

+ +

Module: devices

Layer: @@ -25892,10 +28185,10 @@ allow the specified role the dmidecode domain.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_base_type(
@@ -25918,10 +28211,10 @@ Make the specified type usable as a basic domain.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_cron_exemption_source(
@@ -25947,10 +28240,10 @@ constraints.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_cron_exemption_target(
@@ -25976,10 +28269,63 @@ constraints.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

+
+domain_dontaudit_getattr_all_dgram_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to get the attributes +of all domains unix datagram sockets. +

+ +

+Module: +domain

+Layer: +kernel

+
+domain_dontaudit_getattr_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of all domains of all domains. +

+ +

+Module: +domain

+Layer: +kernel

 
 domain_dontaudit_getattr_all_key_sockets(
@@ -26003,13 +28349,13 @@ all domains IPSEC key management sockets.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

-domain_dontaudit_getattr_all_sockets( +domain_dontaudit_getattr_all_packet_sockets( @@ -26022,21 +28368,21 @@ system

-Do not audit attempts to get the attributes -of all domains sockets, for all socket types. +Do not audit attempts to get attribues of +all domains packet sockets.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

-domain_dontaudit_getattr_all_tcp_sockets( +domain_dontaudit_getattr_all_pipes( @@ -26050,20 +28396,47 @@ system

Do not audit attempts to get the attributes -of all domains TCP sockets. +of all domains unnamed pipes.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
-domain_dontaudit_getattr_all_udp_sockets(
+domain_dontaudit_getattr_all_raw_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to get attribues of +all domains raw sockets. +

+ +

+Module: +domain

+Layer: +kernel

+ +domain_dontaudit_getattr_all_sockets( @@ -26077,20 +28450,20 @@ system

Do not audit attempts to get the attributes -of all domains UDP sockets. +of all domains sockets, for all socket types.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
-domain_dontaudit_getattr_all_unix_dgram_sockets(
+domain_dontaudit_getattr_all_stream_sockets(
 	
@@ -26111,13 +28484,13 @@ of all domains unix datagram sockets.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

-domain_dontaudit_getattr_all_unnamed_pipes( +domain_dontaudit_getattr_all_tcp_sockets( @@ -26131,17 +28504,44 @@ system

Do not audit attempts to get the attributes -of all domains unnamed pipes. +of all domains TCP sockets.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

+
+domain_dontaudit_getattr_all_udp_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to get the attributes +of all domains UDP sockets. +

+ +

+Module: +domain

+Layer: +kernel

 
 domain_dontaudit_getsession_all_domains(
@@ -26165,10 +28565,10 @@ session ID of all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_dontaudit_list_all_domains_proc(
@@ -26192,10 +28592,10 @@ directories of all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_dontaudit_ptrace_all_domains(
@@ -26218,10 +28618,10 @@ Do not audit attempts to ptrace all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_dontaudit_ptrace_confined_domains(
@@ -26244,10 +28644,10 @@ Do not audit attempts to ptrace confined domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_dontaudit_read_all_domains_state(
@@ -26271,10 +28671,10 @@ state (/proc/pid) of all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_dontaudit_rw_all_key_sockets(
@@ -26298,10 +28698,10 @@ all domains key sockets.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_dontaudit_rw_all_udp_sockets(
@@ -26325,10 +28725,37 @@ all domains UDP sockets.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

+
+domain_dontaudit_search_all_domains_state(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to search the process +state directory (/proc/pid) of all domains. +

+ +

+Module: +domain

+Layer: +kernel

 
 domain_dontaudit_use_wide_inherit_fd(
@@ -26351,10 +28778,10 @@ Summary is missing!

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_dyntrans_type(
@@ -26377,10 +28804,10 @@ Summary is missing!

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_entry_file(
@@ -26412,10 +28839,10 @@ an entry point for the domain.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_exec_all_entry_files(
@@ -26438,10 +28865,10 @@ Summary is missing!

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_getattr_all_domains(
@@ -26464,10 +28891,10 @@ Get the attributes of all domains of all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_getattr_all_entry_files(
@@ -26491,10 +28918,10 @@ files for all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_getattr_all_sockets(
@@ -26518,10 +28945,10 @@ sockets, for all socket types.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_getattr_confined_domains(
@@ -26544,10 +28971,10 @@ Get the attributes of all confined domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_getsession_all_domains(
@@ -26570,10 +28997,10 @@ Get the session ID of all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_kill_all_domains(
@@ -26596,10 +29023,10 @@ Send a kill signal to all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_obj_id_change_exempt(
@@ -26623,10 +29050,10 @@ changing the user identity in object contexts.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_ptrace_all_domains(
@@ -26649,10 +29076,10 @@ Ptrace all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_read_all_domains_state(
@@ -26675,10 +29102,10 @@ Read the process state (/proc/pid) of all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_read_all_entry_files(
@@ -26701,10 +29128,10 @@ Summary is missing!

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_read_confined_domains_state(
@@ -26727,10 +29154,10 @@ Read the process state (/proc/pid) of all confined domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_role_change_exempt(
@@ -26754,10 +29181,10 @@ changing of role.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_search_all_domains_state(
@@ -26780,10 +29207,10 @@ Search the process state directory (/proc/pid) of all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_setpriority_all_domains(
@@ -26806,10 +29233,10 @@ Summary is missing!

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_sigchld_all_domains(
@@ -26832,10 +29259,10 @@ Send a child terminated signal to all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_sigchld_wide_inherit_fd(
@@ -26859,10 +29286,10 @@ discriptors are widely inheritable.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_signal_all_domains(
@@ -26885,10 +29312,10 @@ Send general signals to all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_signull_all_domains(
@@ -26911,10 +29338,10 @@ Send a null signal to all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_sigstop_all_domains(
@@ -26937,10 +29364,10 @@ Send a stop signal to all domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_subj_id_change_exempt(
@@ -26964,10 +29391,10 @@ changing of user identity.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_system_change_exempt(
@@ -26992,10 +29419,10 @@ identity and system role.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_type(
@@ -27018,10 +29445,10 @@ Make the specified type usable as a domain.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_unconfined(
@@ -27044,10 +29471,10 @@ Unconfined access to domains.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_use_wide_inherit_fd(
@@ -27070,10 +29497,10 @@ Summary is missing!

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_user_exemption_target(
@@ -27099,10 +29526,10 @@ constraints.

-Module: +Module: domain

-Layer: -system

+Layer: +kernel

 
 domain_wide_inherit_fd(
@@ -27125,10 +29552,36 @@ Summary is missing!

-Module: +Module: +dovecot

+Layer: +services

+
+dovecot_manage_spool(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete the dovecot spool files. +

+ +

+Module: files

-Layer: -system

+Layer: +kernel

 
 files_associate_tmp(
@@ -27153,10 +29606,37 @@ temporary directory (/tmp).

-Module: +Module: files

-Layer: -system

+Layer: +kernel

+
+files_config_file(
+	
+		
+		
+		
+		file_type
+		
+	
+	)

+

+ +

+Make the specified type a +configuration file. +

+ +

+Module: +files

+Layer: +kernel

 
 files_create_boot_flag(
@@ -27179,10 +29659,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_create_etc_config(
@@ -27205,10 +29685,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_create_home_dirs(
@@ -27239,10 +29719,10 @@ Create home directories

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_create_lock(
@@ -27265,10 +29745,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_create_pid(
@@ -27291,10 +29771,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_create_root(
@@ -27343,10 +29823,10 @@ default is file.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_create_tmp_files(
@@ -27369,10 +29849,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_create_usr(
@@ -27415,10 +29895,10 @@ Create objects in the /usr directory

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_create_var(
@@ -27461,10 +29941,10 @@ Create objects in the /var directory

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_create_var_lib(
@@ -27507,10 +29987,10 @@ Create objects in the /var/lib directory

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_delete_all_locks(
@@ -27533,10 +30013,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_delete_all_pid_dirs(
@@ -27559,10 +30039,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_delete_all_pids(
@@ -27585,10 +30065,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_delete_etc_files(
@@ -27611,10 +30091,10 @@ Delete system configuration files in /etc.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_delete_root_dir_entry(
@@ -27637,10 +30117,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_all_dirs(
@@ -27664,10 +30144,10 @@ of all directories.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_all_files(
@@ -27691,10 +30171,10 @@ of all files.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_all_pipes(
@@ -27718,10 +30198,10 @@ of all named pipes.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_all_sockets(
@@ -27745,10 +30225,10 @@ of all named sockets.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_all_symlinks(
@@ -27772,10 +30252,10 @@ of all symbolic links.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_default_dir(
@@ -27799,10 +30279,10 @@ directories with the default file type.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_default_files(
@@ -27826,10 +30306,10 @@ files with the default file type.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_home_dir(
@@ -27854,10 +30334,10 @@ attributes of the home directories root

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_non_security_blk_dev(
@@ -27881,10 +30361,10 @@ of non security block devices.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_non_security_chr_dev(
@@ -27908,10 +30388,10 @@ of non security character devices.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_non_security_files(
@@ -27935,10 +30415,10 @@ of non security files.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_non_security_pipes(
@@ -27962,10 +30442,10 @@ of non security named pipes.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_non_security_sockets(
@@ -27989,10 +30469,10 @@ of non security named sockets.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_non_security_symlinks(
@@ -28016,10 +30496,10 @@ of non security symbolic links.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_pid_dir(
@@ -28043,10 +30523,10 @@ of the /var/run directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_getattr_tmp_dir(
@@ -28070,10 +30550,10 @@ attributes of the tmp directory (/tmp).

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_ioctl_all_pids(
@@ -28096,10 +30576,10 @@ Do not audit attempts to ioctl daemon runtime data files.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_list_default(
@@ -28123,10 +30603,10 @@ directories with the default file type.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_list_non_security(
@@ -28150,10 +30630,10 @@ non security directories.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_read_default_files(
@@ -28177,10 +30657,10 @@ with the default file type.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_read_etc_runtime_files(
@@ -28205,10 +30685,10 @@ created on boot, such as mtab.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_read_root_file(
@@ -28231,10 +30711,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_rw_root_chr_dev(
@@ -28257,10 +30737,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_rw_root_file(
@@ -28283,10 +30763,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_search_all_dirs(
@@ -28309,10 +30789,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_search_home(
@@ -28336,10 +30816,10 @@ home directories root (/home).

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_search_isid_type_dir(
@@ -28363,10 +30843,10 @@ that have not yet been labeled.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_search_locks(
@@ -28390,10 +30870,10 @@ locks directory (/var/lock).

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_search_pids(
@@ -28417,10 +30897,10 @@ the /var/run directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_search_src(
@@ -28443,10 +30923,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_search_var(
@@ -28470,10 +30950,10 @@ the contents of /var.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_dontaudit_write_all_pids(
@@ -28496,10 +30976,10 @@ Do not audit attempts to write to daemon runtime data files.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_exec_etc_files(
@@ -28522,10 +31002,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_exec_usr_files(
@@ -28548,10 +31028,10 @@ Execute generic programs in /usr in the caller domain.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_exec_usr_src_files(
@@ -28574,10 +31054,10 @@ Execute programs in /usr/src in the caller domain.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_getattr_all_dirs(
@@ -28600,10 +31080,37 @@ Get the attributes of all directories.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

+
+files_getattr_all_file_type_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of all sockets +with the type of a file. +

+ +

+Module: +files

+Layer: +kernel

 
 files_getattr_all_files(
@@ -28626,10 +31133,10 @@ Get the attributes of all files.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_getattr_all_pipes(
@@ -28652,10 +31159,10 @@ Get the attributes of all named pipes.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_getattr_all_sockets(
@@ -28678,10 +31185,10 @@ Get the attributes of all named sockets.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_getattr_all_symlinks(
@@ -28704,10 +31211,10 @@ Get the attributes of all symbolic links.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_getattr_generic_locks(
@@ -28730,10 +31237,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_getattr_home_dir(
@@ -28757,10 +31264,36 @@ Get the attributes of the home directories root

-Module: +Module: files

-Layer: -system

+Layer: +kernel

+
+files_getattr_tmp_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of the tmp directory (/tmp). +

+ +

+Module: +files

+Layer: +kernel

 
 files_getattr_usr_files(
@@ -28783,10 +31316,10 @@ Get the attributes of files in /usr.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_getattr_var_lib_dir(
@@ -28809,13 +31342,13 @@ Get the attributes of the /var/lib directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
-files_list_all_dirs(
+files_list_all(
 	
@@ -28835,10 +31368,10 @@ List the contents of all directories.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_list_all_dirs(
@@ -28861,10 +31394,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_list_default(
@@ -28887,10 +31420,10 @@ List contents of directories with the default file type.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_list_etc(
@@ -28913,10 +31446,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_list_home(
@@ -28939,10 +31472,10 @@ Get listing of home directories.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_list_isid_type_dir(
@@ -28966,10 +31499,10 @@ that have not yet been labeled.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_list_mnt(
@@ -28992,10 +31525,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_list_pids(
@@ -29018,10 +31551,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_list_root(
@@ -29044,10 +31577,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_list_spool(
@@ -29070,10 +31603,36 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

+
+files_list_tmp(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read the tmp directory (/tmp). +

+ +

+Module: +files

+Layer: +kernel

 
 files_list_usr(
@@ -29097,10 +31656,10 @@ directories in /usr.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_list_var(
@@ -29123,10 +31682,10 @@ List the contents of /var.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_list_var_lib(
@@ -29149,10 +31708,10 @@ List the contents of the /var/lib directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_list_world_readable(
@@ -29175,10 +31734,10 @@ List world-readable directories.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_lock_file(
@@ -29201,10 +31760,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_all_files(
@@ -29240,10 +31799,10 @@ the listed exceptions.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_etc_files(
@@ -29266,10 +31825,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_etc_runtime_files(
@@ -29294,10 +31853,10 @@ such as mtab.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_generic_locks(
@@ -29320,10 +31879,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_generic_spool_dirs(
@@ -29346,10 +31905,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_generic_spools(
@@ -29372,10 +31931,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_isid_type_blk_node(
@@ -29399,10 +31958,10 @@ on new filesystems that have not yet been labeled.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_isid_type_chr_node(
@@ -29426,10 +31985,10 @@ on new filesystems that have not yet been labeled.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_isid_type_dir(
@@ -29453,10 +32012,10 @@ on new filesystems that have not yet been labeled.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_isid_type_file(
@@ -29480,10 +32039,10 @@ on new filesystems that have not yet been labeled.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_isid_type_symlink(
@@ -29507,10 +32066,10 @@ on new filesystems that have not yet been labeled.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_lost_found(
@@ -29534,10 +32093,10 @@ lost+found directories.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_mnt_dirs(
@@ -29560,10 +32119,10 @@ Create, read, write, and delete directories in /mnt.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_mnt_files(
@@ -29586,10 +32145,10 @@ Create, read, write, and delete files in /mnt.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_mnt_symlinks(
@@ -29612,10 +32171,37 @@ Create, read, write, and delete symbolic links in /mnt.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

+
+files_manage_mounttab(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow domain to manage mount tables +necessary for rpcd, nfsd, etc. +

+ +

+Module: +files

+Layer: +kernel

 
 files_manage_urandom_seed(
@@ -29638,10 +32224,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_var_dirs(
@@ -29665,10 +32251,10 @@ in the /var directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_var_files(
@@ -29691,10 +32277,10 @@ Create, read, write, and delete files in the /var directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_manage_var_symlinks(
@@ -29718,10 +32304,10 @@ links in the /var directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_mount_all_file_type_fs(
@@ -29744,10 +32330,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_mounton_all_mountpoints(
@@ -29770,10 +32356,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_mounton_default(
@@ -29796,10 +32382,10 @@ Mount a filesystem on a directory with the default file type.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_mounton_isid_type_dir(
@@ -29823,10 +32409,10 @@ that has not yet been labeled.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_mounton_mnt(
@@ -29849,10 +32435,10 @@ Mount a filesystem on /mnt.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_mountpoint(
@@ -29875,10 +32461,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_pid_file(
@@ -29901,10 +32487,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_poly(
@@ -29928,10 +32514,10 @@ polyinstantiated directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_poly_member(
@@ -29955,10 +32541,10 @@ polyinstantiation member directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_poly_member_tmp(
@@ -29990,10 +32576,10 @@ type of polyinstantiated directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_poly_parent(
@@ -30017,10 +32603,10 @@ of a polyinstantiated directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_purge_tmp(
@@ -30043,10 +32629,101 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

+
+files_read_all_blk_nodes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read all block nodes with file types. +

+ +

+Module: +files

+Layer: +kernel

+
+files_read_all_chr_nodes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read all character nodes with file types. +

+ +

+Module: +files

+Layer: +kernel

+
+files_read_all_dirs_except(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		exception_types
+		
+			]
+		
+	
+	)

+

+ +

+Read all directories on the filesystem, except +the listed exceptions. +

+ +

+Module: +files

+Layer: +kernel

 
 files_read_all_files(
@@ -30069,10 +32746,49 @@ Read all files.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

+
+files_read_all_files_except(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		exception_types
+		
+			]
+		
+	
+	)

+

+ +

+Read all files on the filesystem, except +the listed exceptions. +

+ +

+Module: +files

+Layer: +kernel

 
 files_read_all_pids(
@@ -30095,10 +32811,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_all_symlinks(
@@ -30121,10 +32837,49 @@ Read all symbolic links.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

+
+files_read_all_symlinks_except(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		exception_types
+		
+			]
+		
+	
+	)

+

+ +

+Read all symbloic links on the filesystem, except +the listed exceptions. +

+ +

+Module: +files

+Layer: +kernel

 
 files_read_default_files(
@@ -30147,10 +32902,10 @@ Read files with the default file type.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_default_pipes(
@@ -30173,10 +32928,10 @@ Read named pipes with the default file type.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_default_sockets(
@@ -30199,10 +32954,10 @@ Read sockets with the default file type.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_default_symlinks(
@@ -30225,10 +32980,10 @@ Read symbolic links with the default file type.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_etc_files(
@@ -30251,10 +33006,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_etc_runtime_files(
@@ -30278,10 +33033,10 @@ created on boot, such as mtab.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_generic_spools(
@@ -30304,10 +33059,62 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

+
+files_read_generic_tmp_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read files in the tmp directory (/tmp). +

+ +

+Module: +files

+Layer: +kernel

+
+files_read_generic_tmp_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read symbolic links in the tmp directory (/tmp). +

+ +

+Module: +files

+Layer: +kernel

 
 files_read_isid_type_file(
@@ -30331,10 +33138,10 @@ that have not yet been labeled.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_usr_files(
@@ -30357,10 +33164,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_usr_src_files(
@@ -30383,10 +33190,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_usr_symlinks(
@@ -30409,10 +33216,10 @@ Read symbolic links in /usr.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_var_files(
@@ -30435,10 +33242,10 @@ Read files in the /var directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_var_lib_files(
@@ -30461,10 +33268,10 @@ Read generic files in /var/lib.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_var_lib_symlinks(
@@ -30487,10 +33294,10 @@ Read generic symbolic links in /var/lib

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_var_symlink(
@@ -30513,10 +33320,10 @@ Read symbolic links in the /var directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_world_readable_files(
@@ -30539,10 +33346,10 @@ Read world-readable files.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_world_readable_pipes(
@@ -30565,10 +33372,10 @@ Read world-readable named pipes.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_world_readable_sockets(
@@ -30591,10 +33398,10 @@ Read world-readable sockets.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_read_world_readable_symlinks(
@@ -30617,10 +33424,10 @@ Read world-readable symbolic links.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_relabel_all_files(
@@ -30656,10 +33463,36 @@ the listed exceptions.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

+
+files_relabel_etc_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Relabel from and to generic files in /etc. +

+ +

+Module: +files

+Layer: +kernel

 
 files_relabelto_all_file_type_fs(
@@ -30682,10 +33515,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_relabelto_usr_files(
@@ -30708,10 +33541,10 @@ Relabel a file to the type used in /usr.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_rw_etc_files(
@@ -30734,10 +33567,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_rw_etc_runtime_files(
@@ -30761,10 +33594,10 @@ created on boot, such as mtab.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_rw_generic_pids(
@@ -30787,10 +33620,36 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

+
+files_rw_generic_tmp_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write generic named sockets in the tmp directory (/tmp). +

+ +

+Module: +files

+Layer: +kernel

 
 files_rw_isid_type_blk_node(
@@ -30814,10 +33673,10 @@ that have not yet been labeled.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_rw_isid_type_dir(
@@ -30841,10 +33700,10 @@ that have not yet been labeled.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_rw_locks_dir(
@@ -30868,10 +33727,10 @@ directories.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_all(
@@ -30894,10 +33753,10 @@ Search all directories.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_all_dirs(
@@ -30920,10 +33779,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_default(
@@ -30946,10 +33805,10 @@ Search the contents of directories with the default file type.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_etc(
@@ -30972,10 +33831,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_home(
@@ -30998,10 +33857,10 @@ Search home directories root (/home).

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_locks(
@@ -31024,10 +33883,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_mnt(
@@ -31050,10 +33909,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_pids(
@@ -31076,10 +33935,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_spool(
@@ -31102,10 +33961,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_tmp(
@@ -31128,10 +33987,10 @@ Search the tmp directory (/tmp).

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_usr(
@@ -31154,10 +34013,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_var(
@@ -31180,10 +34039,10 @@ Search the contents of /var.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_search_var_lib(
@@ -31206,10 +34065,36 @@ Search the /var/lib directory.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

+
+files_search_var_lib_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search directories in /var/lib. +

+ +

+Module: +files

+Layer: +kernel

 
 files_security_file(
@@ -31234,10 +34119,10 @@ browsing from user domains.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_setattr_all_tmp_dirs(
@@ -31260,10 +34145,10 @@ Set the attributes of all tmp directories.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_setattr_etc_dir(
@@ -31286,10 +34171,10 @@ Set the attributes of the /etc directories.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_tmp_file(
@@ -31313,10 +34198,10 @@ used for temporary files.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_tmpfs_file(
@@ -31340,10 +34225,10 @@ virtual memory filesystem (tmpfs).

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_type(
@@ -31367,10 +34252,10 @@ in a filesystem.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_unconfined(
@@ -31393,10 +34278,10 @@ Unconfined access to files.

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_unmount_all_file_type_fs(
@@ -31419,10 +34304,10 @@ Summary is missing!

-Module: +Module: files

-Layer: -system

+Layer: +kernel

 
 files_unmount_rootfs(
@@ -32418,6 +35303,33 @@ attributes, such as ext3, JFS, or XFS.

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_all_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of all directories +with a filesystem type. +

+ +

Module: filesystem

Layer: @@ -32767,6 +35679,32 @@ filesystem.

+Layer: +kernel

+
+fs_getattr_rpc_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read directories of RPC file system pipes. +

+ +

Module: filesystem

Layer: @@ -32928,6 +35866,32 @@ CIFS or SMB filesystem.

Layer: @@ -33791,13 +36755,13 @@ Read files on a CIFS or SMB filesystem.

+Layer: +kernel

+
+fs_list_noxattr_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read all noxattrfs directories. +

+ +

Module: filesystem

-Module: +Module: filesystem

Layer: kernel

-fs_read_cifs_files( +fs_read_cifs_symlinks( @@ -33810,21 +36774,20 @@ kernel

-Do not audit attempts to read or -write files on a CIFS or SMB filesystems. +Read symbolic links on a CIFS or SMB filesystem.

-Module: +Module: filesystem

Layer: kernel

-fs_read_cifs_symlinks( +fs_read_nfs_files( @@ -33837,20 +36800,20 @@ kernel

-Read symbolic links on a CIFS or SMB filesystem. +Read files on a NFS filesystem.

-Module: +Module: filesystem

Layer: kernel

-fs_read_nfs_files( +fs_read_nfs_symlinks( @@ -33863,20 +36826,20 @@ kernel

-Read files on a NFS filesystem. +Read symbolic links on a NFS filesystem.

-Module: +Module: filesystem

Layer: kernel

-fs_read_nfs_symlinks( +fs_read_noxattr_fs_files( @@ -33889,7 +36852,137 @@ kernel

-Read symbolic links on a NFS filesystem. +Read all noxattrfs files. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_read_noxattr_fs_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read all noxattrfs symbolic links. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_read_rpc_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read directories of RPC file system pipes. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_read_rpc_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read files of RPC file system pipes. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_read_rpc_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read sockets of RPC file system pipes. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_read_rpc_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read symbolic links of RPC file system pipes.

@@ -34388,6 +37481,84 @@ some mount options to be changed.

+Module: +filesystem

+Layer: +kernel

+
+fs_rw_nfsd_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write NFS server files. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_rw_ramfs_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write a named pipe on a ramfs filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_rw_tmpfs_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write generic tmpfs files. +

+ +

Module: filesystem

Layer: @@ -34493,6 +37664,32 @@ Search directories on a NFS filesystem.

Layer: @@ -35044,6 +38241,58 @@ Read and write character nodes on tmpfs filesystems.

+Layer: +kernel

+
+fs_search_nfsd_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search NFS server directories. +

+ +

Module: filesystem

Layer: @@ -35872,6 +39306,32 @@ Run inetd child process in the inet child domain

+Layer: +kernel

+
+fs_write_nfs_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read files on a NFS filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_write_ramfs_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Write to named pipe on a ramfs filesystem. +

+ +

Module: filesystem

Layer: @@ -35509,6 +38758,139 @@ control channel named socket.

+Module: +hal

+Layer: +services

+
+hal_dbus_chat(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive messages from +hal over dbus. +

+ +

+Module: +hal

+Layer: +services

+
+hal_dbus_send(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send a dbus message to hal. +

+ +

+Module: +hal

+Layer: +services

+
+hal_dgram_sendto(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send to hal over a unix domain +datagram socket. +

+ +

+Module: +hal

+Layer: +services

+
+hal_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute hal in the hal domain. +

+ +

+Module: +hal

+Layer: +services

+
+hal_stream_connect(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send to hal over a unix domain +stream socket. +

+ +

Module: hostname

Layer: @@ -35812,6 +39194,58 @@ Summary is missing!

+Module: +howl

+Layer: +services

+
+howl_signal(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send generic signals to howl. +

+ +

+Module: +i18n_input

+Layer: +services

+
+i18n_use(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Use i18n_input over a TCP connection. +

+ +

Module: inetd

+Module: +inetd

+Layer: +services

+
+inetd_rw_tcp_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write inetd TCP sockets. +

+ +

Module: inetd

Layer: @@ -36052,6 +39512,53 @@ Inherit and use file descriptors from inetd.

+Module: +init

+Layer: +system

+
+init_create_script_tmp(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		file_type
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		object_class
+		
+			]
+		
+	
+	)

+

+ +

+Create files in a init script +temporary data directory. +

+ +

Module: init

Layer: @@ -36087,6 +39594,33 @@ Create a domain for long running processes

+Module: +init

+Layer: +system

+
+init_dbus_chat_script(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive messages from +init scripts over dbus. +

+ +

Module: init

Layer: @@ -36341,7 +39875,7 @@ system

- ? + domain )
@@ -36349,7 +39883,8 @@ system

-Summary is missing! +Do not audit attempts to read and +write the init script pty.

@@ -36512,6 +40047,58 @@ Summary is missing!

+Module: +init

+Layer: +system

+
+init_getattr_script_entry_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attribute of init script entrypoint files. +

+ +

+Module: +init

+Layer: +system

+
+init_getattr_script_pids(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of init script process id files. +

+ +

Module: init

Layer: @@ -36789,13 +40376,13 @@ Send init a SIGCHLD signal.

-Module: +Module: init

Layer: system

-init_signull( +init_sigchld_script( @@ -36808,20 +40395,20 @@ system

-Send init a null signal. +Send SIGCHLD signals to init scripts.

-Module: +Module: init

Layer: system

-init_system_domain( +init_signal_script( @@ -36829,12 +40416,56 @@ system

domain + )
+

+ +

+Send generic signals to init scripts. +

+ +

+Module: +init

+Layer: +system

+
+init_signull(
+	
 		
-			,
 		
 		
+		domain
 		
-		entry_point
+	
+	)

+

+ +

+Send init a null signal. +

+ +

+Module: +init

+Layer: +system

+ +init_signull_script( + + + + + domain )
@@ -36842,21 +40473,20 @@ system

-Create a domain for short running processes -which can be started by init scripts. +Send null signals to init scripts.

-Module: +Module: init

Layer: system

-init_udp_sendto( +init_system_domain( @@ -36864,25 +40494,34 @@ system

domain + + , + + + + entry_point + + )

-Send UDP network traffic to init. +Create a domain for short running processes +which can be started by init scripts.

-Module: +Module: init

Layer: system

-init_udp_sendto_script( +init_udp_sendto( @@ -36895,20 +40534,20 @@ system

-Send UDP network traffic to init scripts. +Send UDP network traffic to init.

-Module: +Module: init

Layer: system

-init_unix_connect_script( +init_udp_sendto_script( @@ -36921,8 +40560,7 @@ system

-Allow the specified domain to connect to -init scripts with a unix domain stream socket. +Send UDP network traffic to init scripts.

@@ -37086,6 +40724,32 @@ Summary is missing!

+Module: +init

+Layer: +system

+
+init_write_script_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Write an init script unnamed pipe. +

+ +

Module: inn

Layer: @@ -37811,6 +41475,221 @@ unlabeled block devices.

Layer: @@ -37864,6 +41743,33 @@ read system state information in proc.

+Layer: +kernel

+
+kernel_dontaudit_getattr_unlabeled_chr_dev(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts by caller to get attributes for +unlabeled character devices. +

+ +

+Module: +kernel

+Layer: +kernel

+
+kernel_dontaudit_getattr_unlabeled_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts by caller to get the +attributes of an unlabeled file. +

+ +

+Module: +kernel

+Layer: +kernel

+
+kernel_dontaudit_getattr_unlabeled_pipes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts by caller to get the +attributes of unlabeled named pipes. +

+ +

+Module: +kernel

+Layer: +kernel

+
+kernel_dontaudit_getattr_unlabeled_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts by caller to get the +attributes of unlabeled named sockets. +

+ +

+Module: +kernel

+Layer: +kernel

+
+kernel_dontaudit_getattr_unlabeled_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts by caller to get the +attributes of unlabeled symbolic links. +

+ +

+Module: +kernel

+Layer: +kernel

+
+kernel_dontaudit_list_proc(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to list the +contents of directories in /proc. +

+ +

+Module: +kernel

+Layer: +kernel

+
+kernel_dontaudit_list_unlabeled(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to list unlabeled directories. +

+ +

+Module: +kernel

+Layer: +kernel

+
+kernel_dontaudit_read_proc_symlink(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts by caller to +read system state information in proc. +

+ +

Module: kernel

Layer: @@ -38154,6 +42060,32 @@ Get the attributes of the proc filesystem.

+Layer: +kernel

+
+kernel_dontaudit_read_unlabeled_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts by caller to +read an unlabeled file. +

+ +

Module: kernel

Layer: @@ -38625,6 +42557,32 @@ Allow caller to read the network state information.

+Layer: +kernel

+
+kernel_getattr_proc_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of files in /proc. +

+ +

Module: kernel

Layer: @@ -38729,6 +42687,32 @@ Allow caller to read the state information for software raid.

+Layer: +kernel

+
+kernel_read_network_state_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow caller to read the network state symbolic links. +

+ +

Module: kernel

+Layer: +kernel

+
+kernel_read_sysctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow access to read sysctl directories. +

+ +

Module: kernel

Layer: @@ -39331,18 +43315,18 @@ specified directory.

-Module: +Module: kernel

Layer: kernel

-kernel_search_from( +kernel_search_network_state( - dir_type + domain )
@@ -39350,8 +43334,7 @@ kernel

-Allow the kernel to search the -specified directory. +Allow searching of network state directory.

@@ -39410,6 +43393,32 @@ Search directories in /proc.

+Module: +kernel

+Layer: +kernel

+
+kernel_search_vm_sysctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow caller to search virtual memory sysctls. +

+ +

Module: kernel

Layer: @@ -39447,6 +43456,33 @@ socket.

Layer: @@ -41358,6 +45447,153 @@ Inherit and use logrotate file descriptors.

+Layer: +kernel

+
+kernel_sendrecv_unlabeled_association(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive messages from an +unlabeled IPSEC association. +

+ +

Module: kernel

Layer: @@ -40515,6 +44551,33 @@ of shared libraries.

+Module: +libraries

+Layer: +system

+
+libs_use_lib(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Load and execute functions from generic +lib files as shared libraries. +

+ +

Module: libraries

Layer: @@ -40791,6 +44854,32 @@ Summary is missing!

+Module: +logging

+Layer: +system

+
+logging_domtrans_auditctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute auditctl in the auditctl domain. +

+ +

Module: logging

+Module: +lpd

+Layer: +services

+
+lpd_domtrans_checkpc(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute lpd in the lpd domain. +

+ +

+Module: +lpd

+Layer: +services

+
+lpd_list_spool(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+List the contents of the printer spool directories. +

+ +

+Module: +lpd

+Layer: +services

+
+lpd_manage_spool(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete printer spool files. +

+ +

+Module: +lpd

+Layer: +services

+
+lpd_read_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+List the contents of the printer spool directories. +

+ +

+Module: +lpd

+Layer: +services

+
+lpd_run_checkpc(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		role
+		
+	
+		
+			,
+		
+		
+		
+		terminal
+		
+	
+	)

+

+ +

+Execute amrecover in the lpd domain, and +allow the specified role the lpd domain. +

+ +

Module: lvm

Layer: @@ -41714,6 +45950,32 @@ Delete man pages

+Module: +miscfiles

+Layer: +system

+
+miscfiles_dontaudit_search_man_pages(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to search man pages. +

+ +

Module: miscfiles

Layer: @@ -41766,6 +46028,32 @@ Allow process to read legacy time localization info

+Module: +miscfiles

+Layer: +system

+
+miscfiles_manage_fonts(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete fonts. +

+ +

Module: miscfiles

Layer: @@ -42326,6 +46614,32 @@ Execute insmod in the insmod domain.

+Module: +modutils

+Layer: +system

+
+modutils_domtrans_insmod_uncond(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unconditionally execute insmod in the insmod domain. +

+ +

Module: modutils

Layer: @@ -42788,6 +47102,32 @@ Create, read, and write the mail spool.

+Layer: +services

+
+mta_delete_spool(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Delete from the mail spool. +

+ +

Module: mta

Layer: @@ -42842,6 +47182,33 @@ sockets of mail delivery domains.

+Layer: +services

+
+mta_dontaudit_rw_queue(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to read and +write the mail queue. +

+ +

Module: mta

Layer: @@ -43080,6 +47447,58 @@ Read mail address aliases.

+Layer: +services

+
+mta_read_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read mail server configuration. +

+ +

+Module: +mta

+Layer: +services

+
+mta_read_sendmail_bin(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read sendmail binary. +

+ +

Module: mta

Layer: @@ -43132,6 +47551,33 @@ Summary is missing!

Layer: @@ -45010,6 +50240,268 @@ Execute rlogind in the rlogin domain.

+Layer: +services

+
+mta_rw_user_mail_stream_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write unix domain stream sockets +of user mail domains. +

+ +

Module: mta

Layer: @@ -43822,47 +48268,807 @@ admin

-Conditionally execute traceroute in the traceroute domain, and -allow the specified role the traceroute domain. +Conditionally execute traceroute in the traceroute domain, and +allow the specified role the traceroute domain. +

+ +

+Module: +networkmanager

+Layer: +services

+
+networkmanager_dbus_chat(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive messages from +NetworkManager over dbus. +

+ +

+Module: +networkmanager

+Layer: +services

+
+networkmanager_rw_packet_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write NetworkManager packet sockets. +

+ +

+Module: +networkmanager

+Layer: +services

+
+networkmanager_rw_routing_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write NetworkManager netlink +routing sockets. +

+ +

+Module: +networkmanager

+Layer: +services

+
+networkmanager_rw_udp_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write NetworkManager UDP sockets. +

+ +

+Module: +nis

+Layer: +services

+
+nis_delete_ypbind_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Delete ypbind pid files. +

+ +

+Module: +nis

+Layer: +services

+
+nis_domtrans_ypbind(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute ypbind in the ypbind domain. +

+ +

+Module: +nis

+Layer: +services

+
+nis_list_var_yp(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+List the contents of the NIS data directory. +

+ +

+Module: +nis

+Layer: +services

+
+nis_read_ypbind_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read ypbind pid files. +

+ +

+Module: +nis

+Layer: +services

+
+nis_read_ypserv_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read ypserv configuration files. +

+ +

+Module: +nis

+Layer: +services

+
+nis_signal_ypbind(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send generic signals to ypbind. +

+ +

+Module: +nis

+Layer: +services

+
+nis_tcp_connect_ypbind(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Connect to ypbind over TCP. +

+ +

+Module: +nis

+Layer: +services

+
+nis_udp_sendto_ypbind(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send UDP network traffic to NIS clients. +

+ +

+Module: +nis

+Layer: +services

+
+nis_use_ypbind(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Use the ypbind service to access NIS services. +

+ +

+Module: +nis

+Layer: +services

+
+nis_use_ypbind_uncond(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Use the ypbind service to access NIS services +unconditionally. +

+ +

+Module: +nscd

+Layer: +services

+
+nscd_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute NSCD in the nscd domain. +

+ +

+Module: +nscd

+Layer: +services

+
+nscd_read_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read NSCD pid file. +

+ +

+Module: +nscd

+Layer: +services

+
+nscd_unconfined(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unconfined access to NSCD services. +

+ +

+Module: +nscd

+Layer: +services

+
+nscd_use_shared_mem(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Use NSCD services by mapping the database from +an inherited NSCD file descriptor. +

+ +

+Module: +nscd

+Layer: +services

+
+nscd_use_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Use NSCD services by connecting using +a unix stream socket. +

+ +

+Module: +ntp

+Layer: +services

+
+ntp_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute ntp server in the ntpd domain. +

+ +

+Module: +ntp

+Layer: +services

+
+ntp_domtrans_ntpdate(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute ntp server in the ntpd domain. +

+ +

+Module: +ntp

+Layer: +services

+
+ntp_stub(
+	
+		
+		
+		
+			[
+		
+		domain
+		
+			]
+		
+	
+	)

+

+ +

+NTP stub interface. No access allowed. +

+ +

+Module: +pcmcia

+Layer: +system

+
+pcmcia_domtrans_cardctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute cardctl in the cardmgr domain. +

+ +

+Module: +pcmcia

+Layer: +system

+
+pcmcia_domtrans_cardmgr(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute cardmgr in the cardmgr domain. +

+ +

+Module: +pcmcia

+Layer: +system

+
+pcmcia_manage_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete +cardmgr pid files. +

+ +

+Module: +pcmcia

+Layer: +system

+
+pcmcia_manage_runtime_chr(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete +cardmgr runtime character nodes. +

+ +

+Module: +pcmcia

+Layer: +system

+
+pcmcia_read_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read cardmgr pid files. +

+ +

+Module: +pcmcia

+Layer: +system

+
+pcmcia_run_cardctl(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		role
+		
+	
+		
+			,
+		
+		
+		
+		terminal
+		
+	
+	)

+

+ +

+Execute cardmgr in the cardctl domain, and +allow the specified role the cardmgr domain.

-Module: -nis

-Layer: -services

+Module: +pcmcia

+Layer: +system

 
-nis_list_var_yp(
+pcmcia_stub(
 	
+			[
+		
 		domain
 		
+			]
+		
 	
 	)

-Send UDP network traffic to NIS clients. +PCMCIA stub interface. No access allowed.

-Module: -nis

-Layer: -services

+Module: +pcmcia

+Layer: +system

-nis_signal_ypbind( +pcmcia_use_cardmgr_fd( @@ -43875,20 +49081,20 @@ services

-Send generic signals to ypbind. +Inherit and use file descriptors from cardmgr.

-Module: -nis

+Module: +portmap

Layer: services

-nis_udp_sendto_ypbind( +portmap_domtrans_helper( @@ -43901,20 +49107,20 @@ services

-Send UDP network traffic to NIS clients. +Execute portmap_helper in the helper domain.

-Module: -nis

+Module: +portmap

Layer: services

-nis_use_ypbind( +portmap_run_helper( @@ -43922,30 +49128,20 @@ services

domain - )
-

- -

-Use the ypbind service to access NIS services. -

- -

-Module: -nis

-Layer: -services

- -nis_use_ypbind_uncond( + + , + + + + role + + , - domain + + terminal )
@@ -43953,21 +49149,22 @@ services

-Use the ypbind service to access NIS services -unconditionally. +Execute portmap helper in the helper domain, and +allow the specified role the helper domain. +Communicate with portmap.

-Module: -nscd

+Module: +portmap

Layer: services

-nscd_domtrans( +portmap_tcp_connect( @@ -43980,20 +49177,20 @@ services

-Execute NSCD in the nscd domain. +Connect to portmap over a TCP socket

-Module: -nscd

+Module: +portmap

Layer: services

-nscd_read_pid( +portmap_udp_sendrecv( @@ -44006,20 +49203,20 @@ services

-Read NSCD pid file. +Send and receive UDP network traffic from portmap.

-Module: -nscd

+Module: +portmap

Layer: services

-nscd_unconfined( +portmap_udp_sendto( @@ -44032,20 +49229,20 @@ services

-Unconfined access to NSCD services. +Send UDP network traffic to portmap.

-Module: -nscd

+Module: +postfix

Layer: services

-nscd_use_shared_mem( +postfix_create_config( @@ -44053,31 +49250,24 @@ services

domain - )
-

- -

-Use NSCD services by mapping the database from -an inherited NSCD file descriptor. -

- -

-Module: -nscd

-Layer: -services

- -nscd_use_socket( + + , + + + + private type + + , + - domain + [ + + object + + ] )
@@ -44085,21 +49275,21 @@ services

-Use NSCD services by connecting using -a unix stream socket. +Create files with the specified type in +the postfix configuration directories.

-Module: -ntp

+Module: +postfix

Layer: services

-ntp_domtrans( +postfix_domtrans_map( @@ -44112,20 +49302,20 @@ services

-Execute ntp server in the ntpd domain. +Execute postfix_map in the postfix_map domain.

-Module: -ntp

+Module: +postfix

Layer: services

-ntp_domtrans_ntpdate( +postfix_domtrans_master( @@ -44138,50 +49328,48 @@ services

-Execute ntp server in the ntpd domain. +Execute the master postfix program in the +postfix_master domain.

-Module: -ntp

+Module: +postfix

Layer: services

 
-ntp_stub(
+postfix_domtrans_user_mail_handler(
 	
-			[
-		
 		domain
 		
-			]
-		
 	
 	)

-NTP stub interface. No access allowed. +Execute postfix user mail programs +in their respective domains.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_domtrans_cardctl( +postfix_dontaudit_rw_local_tcp_socket( @@ -44194,20 +49382,22 @@ system

-Execute cardctl in the cardmgr domain. +Do not audit attempts to read and +write postfix local delivery +TCP sockets.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_domtrans_cardmgr( +postfix_dontaudit_use_fd( @@ -44220,20 +49410,22 @@ system

-Execute cardmgr in the cardmgr domain. +Do not audit attempts to use +postfix master process file +file descriptors.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_manage_pid( +postfix_exec_master( @@ -44246,21 +49438,21 @@ system

-Create, read, write, and delete -cardmgr pid files. +Execute the master postfix program in the +caller domain.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_manage_runtime_chr( +postfix_list_spool( @@ -44273,21 +49465,20 @@ system

-Create, read, write, and delete -cardmgr runtime character nodes. +List postfix mail spool directories.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_read_pid( +postfix_read_config( @@ -44300,20 +49491,20 @@ system

-Read cardmgr pid files. +Read postfix configuration files.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_run_cardctl( +postfix_run_map( @@ -44342,21 +49533,21 @@ system

-Execute cardmgr in the cardctl domain, and -allow the specified role the cardmgr domain. +Execute postfix_map in the postfix_map domain, and +allow the specified role the postfix_map domain.

-Module: -pcmcia

-Layer: -system

+Module: +postfix

+Layer: +services

-pcmcia_use_cardmgr_fd( +postfix_search_spool( @@ -44369,46 +49560,50 @@ system

-Inherit and use file descriptors from cardmgr. +Search postfix mail spool directories.

-Module: -portmap

+Module: +postfix

Layer: services

 
-portmap_domtrans_helper(
+postfix_stub(
 	
+			[
+		
 		domain
 		
+			]
+		
 	
 	)

-Execute portmap_helper in the helper domain. +Postfix stub interface. No access allowed.

-Module: -portmap

+Module: +postgresql

Layer: services

-portmap_run_helper( +postgresql_domtrans( @@ -44416,20 +49611,30 @@ services

domain - - , - - - - role - + )
+

+ +

+Execute postgresql in the postgresql domain. +

+ +

+Module: +postgresql

+Layer: +services

+ +postgresql_manage_db( - , - - terminal + domain )
@@ -44437,22 +49642,20 @@ services

-Execute portmap helper in the helper domain, and -allow the specified role the helper domain. -Communicate with portmap. +Allow the specified domain to manage postgresql's database.

-Module: -portmap

+Module: +postgresql

Layer: services

-portmap_udp_sendto( +postgresql_read_config( @@ -44465,20 +49668,20 @@ services

-Send UDP network traffic to portmap. +Allow the specified domain to read postgresql's etc.

-Module: +Module: postgresql

Layer: services

-postgresql_domtrans( +postgresql_search_db_dir( @@ -44491,20 +49694,20 @@ services

-Execute postgresql in the postgresql domain. +Allow the specified domain to search postgresql's database directory.

-Module: +Module: postgresql

Layer: services

-postgresql_manage_db( +postgresql_tcp_connect( @@ -44517,20 +49720,20 @@ services

-Allow the specified domain to manage postgresql's database. +Allow the specified domain to connect to postgresql with a tcp socket.

-Module: +Module: postgresql

Layer: services

-postgresql_read_config( +postgresql_unix_connect( @@ -44543,20 +49746,20 @@ services

-Allow the specified domain to read postgresql's etc. +Allow the specified domain to connect to postgresql with a unix socket.

-Module: -postgresql

+Module: +ppp

Layer: services

-postgresql_search_db_dir( +ppp_domtrans( @@ -44569,20 +49772,20 @@ services

-Allow the specified domain to search postgresql's database directory. +Execute domain in the ppp domain.

-Module: -postgresql

+Module: +ppp

Layer: services

-postgresql_tcp_connect( +ppp_dontaudit_use_fd( @@ -44595,20 +49798,21 @@ services

-Allow the specified domain to connect to postgresql with a tcp socket. +Do not audit attempts to inherit +and use PPP file discriptors.

-Module: -postgresql

+Module: +ppp

Layer: services

-postgresql_unix_connect( +ppp_run( @@ -44621,20 +49825,20 @@ services

-Allow the specified domain to connect to postgresql with a unix socket. +Unconditionally execute ppp daemon on behalf of a user or staff type.

-Module: +Module: ppp

Layer: services

-ppp_domtrans( +ppp_run_cond( @@ -44647,20 +49851,20 @@ services

-Execute domain in the ppp domain. +Conditionally execute ppp daemon on behalf of a user or staff type.

-Module: +Module: ppp

Layer: services

-ppp_run( +ppp_sigchld( @@ -44673,20 +49877,20 @@ services

-Unconditionally execute ppp daemon on behalf of a user or staff type. +Send a SIGCHLD signal to PPP.

-Module: +Module: ppp

Layer: services

-ppp_run_cond( +ppp_signal( @@ -44699,20 +49903,20 @@ services

-Conditionally execute ppp daemon on behalf of a user or staff type. +Send a generic signal to PPP.

-Module: +Module: ppp

Layer: services

-ppp_sigchld( +ppp_use_fd( @@ -44725,20 +49929,20 @@ services

-Allow domain to send sigchld to parent of PPP domain type. +Use PPP file discriptors.

-Module: -ppp

+Module: +procmail

Layer: services

-ppp_signal( +procmail_domtrans( @@ -44751,20 +49955,20 @@ services

-Allow domain to send a signal to PPP domain type. +Execute procmail with a domain transition.

-Module: -ppp

+Module: +procmail

Layer: services

-ppp_use_fd( +procmail_exec( @@ -44777,7 +49981,7 @@ services

-Use PPP file discriptors. +Execute procmail in the caller domain.

@@ -44906,6 +50110,32 @@ allow the specified role the quota domain.

+Module: +radius

+Layer: +services

+
+radius_use(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Use radius over a UDP connection. +

+ +

Module: raid

+Module: +rpc

+Layer: +services

+
+rpc_domtrans_nfsd(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute domain in nfsd domain. +

+ +

+Module: +rpc

+Layer: +services

+
+rpc_dontaudit_getattr_exports(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to get the attributes +of the NFS export file. +

+ +

+Module: +rpc

+Layer: +services

+
+rpc_manage_nfs_ro_content(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow domain to create read and write NFS directories. +

+ +

+Module: +rpc

+Layer: +services

+
+rpc_manage_nfs_rw_content(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow domain to create read and write NFS directories. +

+ +

+Module: +rpc

+Layer: +services

+
+rpc_read_exports(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow read access to exports. +

+ +

+Module: +rpc

+Layer: +services

+
+rpc_search_nfs_state_data(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search NFS state data in /var/lib/nfs. +

+ +

+Module: +rpc

+Layer: +services

+
+rpc_udp_rw_nfs_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow domain to read and write to an NFS UDP socket. +

+ +

+Module: +rpc

+Layer: +services

+
+rpc_udp_sendto(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send UDP network traffic to rpc and recieve UDP traffic from rpc. +

+ +

+Module: +rpc

+Layer: +services

+
+rpc_udp_sendto_nfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow NFS to send UDP network traffic +the specified domain and recieve from it. +

+ +

+Module: +rpc

+Layer: +services

+
+rpc_write_exports(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow write access to exports. +

+ +

Module: rpm

Layer: @@ -45036,6 +50528,33 @@ Execute rpm programs in the rpm domain.

+Module: +rpm

+Layer: +admin

+
+rpm_dontaudit_manage_db(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to create, read, +write, and delete the RPM package database. +

+ +

Module: rpm

Layer: @@ -45286,13 +50805,13 @@ Domain transition to rshd.

-Module: +Module: samba

Layer: services

-samba_domtrans_net( +samba_connect_winbind( @@ -45305,20 +50824,20 @@ services

-Execute samba net in the samba_net domain. +Connect to winbind.

-Module: +Module: samba

Layer: services

-samba_domtrans_smbmount( +samba_domtrans_net( @@ -45331,20 +50850,20 @@ services

-Execute smbmount in the smbmount domain. +Execute samba net in the samba_net domain.

-Module: +Module: samba

Layer: services

-samba_domtrans_winbind_helper( +samba_domtrans_smbmount( @@ -45357,20 +50876,20 @@ services

-Execute winbind_helper in the winbind_helper domain. +Execute smbmount in the smbmount domain.

-Module: +Module: samba

Layer: services

-samba_exec_log( +samba_domtrans_winbind_helper( @@ -45383,20 +50902,20 @@ services

-Execute samba log in the caller domain. +Execute winbind_helper in the winbind_helper domain.

-Module: +Module: samba

Layer: services

-samba_read_config( +samba_exec_log( @@ -45409,21 +50928,20 @@ services

-Allow the specified domain to read -samba configuration files. +Execute samba log in the caller domain.

-Module: +Module: samba

Layer: services

-samba_read_log( +samba_read_config( @@ -45436,20 +50954,21 @@ services

-Allow the specified domain to read samba's log files. +Allow the specified domain to read +samba configuration files.

-Module: +Module: samba

Layer: services

-samba_read_secrets( +samba_read_log( @@ -45462,20 +50981,20 @@ services

-Allow the specified domain to read samba's secrets. +Allow the specified domain to read samba's log files.

-Module: +Module: samba

Layer: services

-samba_read_winbind_pid( +samba_read_secrets( @@ -45488,7 +51007,7 @@ services

-Allow the specified domain to read the winbind pid files. +Allow the specified domain to read samba's secrets.

@@ -45660,6 +51179,60 @@ Allow the specified domain to read and write to smbmount tcp sockets.

+Module: +samba

+Layer: +services

+
+samba_rw_var_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow the specified domain to +read and write samba /var files. +

+ +

+Module: +samba

+Layer: +services

+
+samba_search_var(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow the specified domain to search +samba /var directories. +

+ +

Module: samba

Layer: @@ -45686,6 +51259,32 @@ Allow the specified domain to write to smbmount tcp sockets.

+Module: +sasl

+Layer: +services

+
+sasl_connect(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Connect to SASL. +

+ +

Module: selinux

Layer: @@ -45844,6 +51443,33 @@ attributes of the selinuxfs directory.

+Module: +selinux

+Layer: +kernel

+
+selinux_dontaudit_read_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to read +generic selinuxfs entries +

+ +

Module: selinux

Layer: @@ -45989,18 +51615,6 @@ kernel

domain - - , - - - - [ - - booltype - - ] - - )

@@ -46119,6 +51733,32 @@ Allows caller to validate security contexts.

+Module: +sendmail

+Layer: +services

+
+sendmail_create_log(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create sendmail logs with the correct type. +

+ +

Module: sendmail

Layer: @@ -46145,6 +51785,58 @@ Domain transition to sendmail.

+Module: +sendmail

+Layer: +services

+
+sendmail_manage_log(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete sendmail logs. +

+ +

+Module: +sendmail

+Layer: +services

+
+sendmail_rw_tcp_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write sendmail TCP sockets. +

+ +

Module: sendmail

Layer: @@ -47171,6 +52863,112 @@ Summary is missing!

+Module: +snmp

+Layer: +services

+
+snmp_use(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Use snmp over a TCP connection. +

+ +

+Module: +spamassassin

+Layer: +services

+
+spamassassin_exec(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute the standalone spamassassin +program in the caller directory. +

+ +

+Module: +spamassassin

+Layer: +services

+
+spamassassin_exec_client(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute the spamassassin client +program in the caller directory. +

+ +

+Module: +squid

+Layer: +services

+
+squid_append_log(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Append squid logs. +

+ +

Module: squid

Layer: @@ -47250,6 +53048,32 @@ Read squid configuration file.

+Module: +squid

+Layer: +services

+
+squid_read_log(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Append squid logs. +

+ +

Module: squid

Layer: @@ -47595,33 +53419,6 @@ the generic SCSI interface device nodes.

-Module: -storage

-Layer: -kernel

-
-storage_getattr_scsi_generic(
-	
-		
-		
-		
-		domain
-		
-	
-	)

-

- -

-Get attributes of the device nodes -for the SCSI generic inerface. -

- -

Module: storage

Layer: @@ -48277,6 +54074,33 @@ Create DHCP state data.

+Module: +sysnetwork

+Layer: +system

+
+sysnet_dbus_chat_dhcpc(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send and receive messages from +dhcpc over dbus. +

+ +

Module: sysnetwork

Layer: @@ -48381,6 +54205,32 @@ Execute ifconfig in the ifconfig domain.

+Module: +sysnetwork

+Layer: +system

+
+sysnet_dontaudit_read_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to read network config files. +

+ +

Module: sysnetwork

Layer: @@ -50158,6 +56008,32 @@ udev file descriptor.

+Module: +udev

+Layer: +system

+
+udev_helper_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute a udev helper in the udev domain. +

+ +

Module: udev

Layer: @@ -50236,6 +56112,58 @@ Allow process to modify list of devices.

+Module: +unconfined

+Layer: +system

+
+unconfined_alias_domain(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Add an alias type to the unconfined domain. +

+ +

+Module: +unconfined

+Layer: +system

+
+unconfined_dbus_send(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send messages to the unconfined domain over dbus. +

+ +

Module: unconfined

Layer: @@ -50262,6 +56190,32 @@ Transition to the unconfined domain.

+Module: +unconfined

+Layer: +system

+
+unconfined_dontaudit_read_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to read unconfined domain unnamed pipes. +

+ +

Module: unconfined

Layer: @@ -50289,13 +56243,13 @@ unconfined domain tcp sockets.

-Module: +Module: unconfined

Layer: system

-unconfined_role( +unconfined_read_pipe( @@ -50308,7 +56262,7 @@ system

-Add the unconfined domain to the specified role. +Read unconfined domain unnamed pipes.

@@ -50435,6 +56389,32 @@ Send a SIGCHLD signal to the unconfined domain.

+Module: +unconfined

+Layer: +system

+
+unconfined_signal(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send generic signals to the unconfined domain. +

+ +

Module: unconfined

Layer: @@ -50487,13 +56467,13 @@ Execute updfstab in the updfstab domain.

-Module: +Module: userdomain

Layer: system

 
-userdom_create_user_home(
+userdom_create_generic_user_home(
 	
@@ -50526,13 +56506,13 @@ with automatic file type transition.

-Module: +Module: userdomain

Layer: system

 
-userdom_create_user_home_dir(
+userdom_create_generic_user_home_dir(
 	
@@ -50553,6 +56533,126 @@ with automatic file type transition.

+Module: +userdomain

+Layer: +system

+
+userdom_create_sysadm_home(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		object_class
+		
+			]
+		
+	
+	)

+

+ +

+Create objects in sysadm home directories +with automatic file type transition. +

+ +

+Module: +userdomain

+Layer: +system

+
+userdom_dbus_send_all_users(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Send a dbus message to all user domains. +

+ +

+Module: +userdomain

+Layer: +system

+
+userdom_dontaudit_getattr_sysadm_home_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to get the +attributes of the sysadm users +home directory. +

+ +

+Module: +userdomain

+Layer: +system

+
+userdom_dontaudit_getattr_sysadm_tty(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attepts to get the attributes +of sysadm ttys. +

+ +

Module: userdomain

Layer: @@ -50818,6 +56918,33 @@ file descriptors from all user domains.

+Layer: +system

+
+userdom_dontaudit_use_unpriv_user_pty(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to use unprivileged +user ptys. +

+ +

Module: userdomain

Layer: @@ -50845,6 +56972,32 @@ user ttys.

+Layer: +system

+
+userdom_getattr_all_userdomains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of all user domains. +

+ +

Module: userdomain

Layer: @@ -50872,6 +57025,58 @@ home directory.

-Module: +Module: userdomain

+Layer: +system

+
+userdom_list_sysadm_home_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+List the sysadm users home directory. +

+ +

+Module: +userdomain

+Layer: +system

+
+userdom_list_unpriv_user_tmp(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read all unprivileged users temporary directories. +

+ +

Module: userdomain

Layer: @@ -50953,13 +57158,13 @@ in all users home directories.

Layer: system

 
-userdom_manage_user_home_dir(
+userdom_manage_generic_user_home_dir(
 	
@@ -50980,13 +57185,13 @@ generic user home directories.

-Module: +Module: userdomain

Layer: system

 
-userdom_manage_user_home_dirs(
+userdom_manage_generic_user_home_dirs(
 	
@@ -51008,13 +57213,13 @@ home directories.

-Module: +Module: userdomain

Layer: system

 
-userdom_manage_user_home_files(
+userdom_manage_generic_user_home_files(
 	
@@ -51035,13 +57240,13 @@ in generic user home directories.

-Module: +Module: userdomain

Layer: system

 
-userdom_manage_user_home_pipes(
+userdom_manage_generic_user_home_pipes(
 	
@@ -51062,13 +57267,13 @@ pipes in generic user home directories.

-Module: +Module: userdomain

Layer: system

 
-userdom_manage_user_home_sockets(
+userdom_manage_generic_user_home_sockets(
 	
@@ -51089,13 +57294,13 @@ sockets in generic user home directories.

-Module: +Module: userdomain

Layer: system

 
-userdom_manage_user_home_symlinks(
+userdom_manage_generic_user_home_symlinks(
 	
@@ -51116,6 +57321,33 @@ links in generic user home directories.

+Module: +userdomain

+Layer: +system

+
+userdom_priveleged_home_dir_manager(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Make the specified domain a privileged +home directory manager. +

+ +

Module: userdomain

Layer: @@ -51142,6 +57374,32 @@ Read all files in all users home directories.

+Layer: +system

+
+userdom_read_all_userdomains_state(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read the process state of all user domains. +

+ +

Module: userdomain

Layer: @@ -51221,6 +57479,58 @@ files.

+Layer: +system

+
+userdom_read_unpriv_user_tmp_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read all unprivileged users temporary files. +

+ +

+Module: +userdomain

+Layer: +system

+
+userdom_read_unpriv_user_tmp_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read all unprivileged users temporary symbolic links. +

+ +

Module: userdomain

Layer: @@ -51273,6 +57583,32 @@ Search all users home directories.

Layer: @@ -51325,6 +57661,32 @@ Search the sysadm users home directory.

+Layer: +system

+
+userdom_search_generic_user_home_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search generic user home directories. +

+ +

Module: userdomain

Layer: @@ -51351,6 +57713,32 @@ Search all unprivileged users home directories.

+Layer: +system

+
+userdom_search_sysadm_home_subdirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search the sysadm users home sub directories. +

+ +

Module: userdomain

Layer: @@ -51377,13 +57765,13 @@ Execute a shell in the sysadm domain.

+Layer: +system

+
+userdom_setattr_unpriv_user_pty(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Set the attributes of user ptys. +

+ +

Module: userdomain

-Module: +Module: userdomain

Layer: system

-userdom_sigchld_sysadm( +userdom_sigchld_all_users( @@ -51396,20 +57784,20 @@ system

-Send a SIGCHLD signal to sysadm users. +Send a SIGCHLD signal to all user domains.

-Module: +Module: userdomain

Layer: system

-userdom_sigcld_all_users( +userdom_sigchld_sysadm( @@ -51422,7 +57810,7 @@ system

-Send a SIGCHLD signal to all user domains. +Send a SIGCHLD signal to sysadm users.

@@ -51693,6 +58081,32 @@ Read and write sysadm ttys.

+Module: +userdomain

+Layer: +system

+
+userdom_use_unpriv_user_pty(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write unprivileged user ptys. +

+ +

Module: userdomain

Layer: @@ -51902,6 +58316,50 @@ Read the crack database.

+Module: +usermanage

+Layer: +admin

+
+usermanage_run_admin_passwd(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		role
+		
+	
+		
+			,
+		
+		
+		
+		terminal
+		
+	
+	)

+

+ +

+Execute passwd admin functions in the admin +passwd domain, and allow the specified role +the admin passwd domain. +

+ +

Module: usermanage

Layer: @@ -52212,6 +58670,32 @@ allow the specified role the webalizer domain.

+Module: +xfs

+Layer: +services

+
+xfs_read_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read a X font server named socket. +

+ +

Module: zebra

Layer: diff --git a/www/api-docs/kernel.html b/www/api-docs/kernel.html index 05604c7..5667144 100644 --- a/www/api-docs/kernel.html +++ b/www/api-docs/kernel.html @@ -28,12 +28,21 @@    - bootloader
+    - + corecommands
+    - corenetwork
   - devices
+    - + domain
+ +    - + files
+    - filesystem
@@ -103,6 +112,14 @@ Policy for kernel threads, proc filesystem,and unlabeled processes and objects.

Policy for the kernel modules, kernel image, and bootloader.

+ + corecommands +

+Core policy for shells, and generic programs +in /bin, /sbin, /usr/bin, and /usr/sbin. +

+ + corenetwork

Policy controlling access to network objects

@@ -115,6 +132,18 @@ Device nodes and interfaces for many basic system devices.

+ + domain +

Core policy for domains.

+ + + + files +

+Basic filesystem types and interfaces. +

+ + filesystem

Policy for filesystems.

diff --git a/www/api-docs/kernel_bootloader.html b/www/api-docs/kernel_bootloader.html index 34cd583..5ec0660 100644 --- a/www/api-docs/kernel_bootloader.html +++ b/www/api-docs/kernel_bootloader.html @@ -28,12 +28,21 @@    - bootloader
+    - + corecommands
+    - corenetwork
   - devices
+    - + domain
+ +    - + files
+    - filesystem
diff --git a/www/api-docs/kernel_corecommands.html b/www/api-docs/kernel_corecommands.html new file mode 100644 index 0000000..9068d76 --- /dev/null +++ b/www/api-docs/kernel_corecommands.html @@ -0,0 +1,1448 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +    - + bootloader
+ +    - + corecommands
+ +    - + corenetwork
+ +    - + devices
+ +    - + domain
+ +    - + files
+ +    - + filesystem
+ +    - + kernel
+ +    - + mls
+ +    - + selinux
+ +    - + storage
+ +    - + terminal
+ +

+ + + + services
+

+ +

+ + + + system
+

+ +

+ +

Layer: kernel

Module: corecommands

+ +

Description:

+ +

+Core policy for shells, and generic programs +in /bin, /sbin, /usr/bin, and /usr/sbin. +

+ + +

This module is required to be included in all policies.

+ + + +

Interfaces:

+ + +

+
+corecmd_bin_alias(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create a aliased type to generic bin files. +

+ + +

Description

+Create a aliased type to generic bin files. +

+This is added to support targeted policy. Its +use should be limited. It has no effect +on the strict policy. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Alias type for bin_t. + +	+No +

+ + +

+
+corecmd_bin_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		target_domain
+		
+	
+	)

+

+ +

Summary

+Execute a file in a bin directory +in the specified domain. +

+ + +

Description

+Execute a file in a bin directory +in the specified domain. This allows +the specified domain to execute any file +on these filesystems in the specified +domain. This is not suggested. +

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+This interface was added to handle +the ssh-agent policy. +

+ +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +
+target_domain +	+ +The type of the new process. + +	+No +

+ + +

+
+corecmd_check_exec_shell(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Check if a shell is executable (DAC-wise). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+corecmd_dontaudit_getattr_sbin_file(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+corecmd_dontaudit_search_sbin(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to search +sbin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+corecmd_exec_bin(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+corecmd_exec_chroot(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+corecmd_exec_ls(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+corecmd_exec_sbin(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+corecmd_exec_shell(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+corecmd_getattr_bin_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of files in bin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+corecmd_getattr_sbin_file(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+corecmd_list_bin(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+corecmd_list_sbin(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+corecmd_read_bin_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read files in bin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+corecmd_read_bin_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read pipes in bin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+corecmd_read_bin_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read named sockets in bin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+corecmd_read_bin_symlink(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read symbolic links in bin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+corecmd_read_sbin_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read files in sbin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+corecmd_read_sbin_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read named pipes in sbin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+corecmd_read_sbin_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read named sockets in sbin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+corecmd_read_sbin_symlink(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read symbolic links in sbin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+corecmd_sbin_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		target_domain
+		
+	
+	)

+

+ +

Summary

+Execute a file in a sbin directory +in the specified domain. +

+ + +

Description

+Execute a file in a sbin directory +in the specified domain. This allows +the specified domain to execute any file +on these filesystems in the specified +domain. This is not suggested. +

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+This interface was added to handle +the ssh-agent policy. +

+ +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +
+target_domain +	+ +The type of the new process. + +	+No +

+ + +

+
+corecmd_search_bin(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+corecmd_search_sbin(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+corecmd_shell_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		target_domain
+		
+	
+	)

+

+ +

Summary

+Execute a shell in the specified domain. +

+ + +

Description

+Execute a shell in the specified domain. +

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+ +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +
+target_domain +	+ +The type of the shell process. + +	+No +

+ + +

+
+corecmd_shell_entry_type(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Make the shell an entrypoint for the specified domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The domain for which the shell is an entrypoint. + +	+No +

+ + +

+
+corecmd_shell_spec_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		target_domain
+		
+	
+	)

+

+ +

Summary

+Execute a shell in the target domain. This +is an explicit transition, requiring the +caller to use setexeccon(). +

+ + +

Description

+Execute a shell in the target domain. This +is an explicit transition, requiring the +caller to use setexeccon(). +

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+ +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +
+target_domain +	+ +The type of the shell process. + +	+No +

+ + +Return + + + + +

+ + diff --git a/www/api-docs/kernel_corenetwork.html b/www/api-docs/kernel_corenetwork.html index b535756..11e61b8 100644 --- a/www/api-docs/kernel_corenetwork.html +++ b/www/api-docs/kernel_corenetwork.html @@ -28,12 +28,21 @@    - bootloader
+    - + corecommands
+    - corenetwork
   - devices
+    - + domain
+ +    - + files
+    - filesystem
@@ -221,6 +230,92 @@ No

+ +

+ + +

+
+corenet_non_ipsec_sendrecv(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive messages on a +non-encrypted (no IPSEC) network +session. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+corenet_raw_bind_all_nodes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Bind raw sockets to all nodes. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -2405,6 +2500,48 @@ No

+ +

+ + +

+
+corenet_tcp_bind_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Bind TCP sockets to the comsat port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -2657,6 +2794,48 @@ No

+ +

+ + +

+
+corenet_tcp_bind_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Bind TCP sockets to the distccd port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -2825,6 +3004,48 @@ No

+ +

+ + +

+
+corenet_tcp_bind_gatekeeper_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Bind TCP sockets to the gatekeeper port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -3161,6 +3382,48 @@ No

+ +

+ + +

+
+corenet_tcp_bind_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Bind TCP sockets to the i18n_input port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -4799,13 +5062,13 @@ No

- +

-corenet_tcp_bind_rndc_port( +corenet_tcp_bind_rlogind_port( @@ -4819,7 +5082,7 @@ No

Summary

-Bind TCP sockets to the rndc port. +Bind TCP sockets to the rlogind port.

@@ -4841,13 +5104,13 @@ No

- +

-corenet_tcp_bind_rsh_port( +corenet_tcp_bind_rndc_port( @@ -4861,7 +5124,7 @@ No

Summary

-Bind TCP sockets to the rsh port. +Bind TCP sockets to the rndc port.

@@ -4883,13 +5146,13 @@ No

- +

-corenet_tcp_bind_rsync_port( +corenet_tcp_bind_rsh_port( @@ -4903,7 +5166,7 @@ No

Summary

-Bind TCP sockets to the rsync port. +Bind TCP sockets to the rsh port.

@@ -4925,13 +5188,13 @@ No

- +

-corenet_tcp_bind_site_local_node( +corenet_tcp_bind_rsync_port( @@ -4945,7 +5208,49 @@ No

Summary

-Bind TCP sockets to node site_local. +Bind TCP sockets to the rsync port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+corenet_tcp_bind_site_local_node(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Bind TCP sockets to node site_local.

@@ -6269,6 +6574,48 @@ No

+ +

+ + +

+
+corenet_tcp_connect_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Make a TCP connection to the comsat port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -6521,6 +6868,48 @@ No

+ +

+ + +

+
+corenet_tcp_connect_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Make a TCP connection to the distccd port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -6689,6 +7078,48 @@ No

+ +

+ + +

+
+corenet_tcp_connect_gatekeeper_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Make a TCP connection to the gatekeeper port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -6983,6 +7414,48 @@ No

+ +

+ + +

+
+corenet_tcp_connect_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Make a TCP connection to the i18n_input port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -8411,6 +8884,48 @@ No

+ +

+ + +

+
+corenet_tcp_connect_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Make a TCP connection to the rlogind port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -9923,13 +10438,13 @@ No

- +

-corenet_tcp_sendrecv_cvs_port( +corenet_tcp_sendrecv_comsat_port( @@ -9943,7 +10458,7 @@ No

Summary

-Send and receive TCP traffic on the cvs port. +Send and receive TCP traffic on the comsat port.

@@ -9965,13 +10480,13 @@ No

- +

-corenet_tcp_sendrecv_dbskkd_port( +corenet_tcp_sendrecv_cvs_port( @@ -9985,7 +10500,7 @@ No

Summary

-Send and receive TCP traffic on the dbskkd port. +Send and receive TCP traffic on the cvs port.

@@ -10007,13 +10522,13 @@ No

- +

-corenet_tcp_sendrecv_dcc_port( +corenet_tcp_sendrecv_dbskkd_port( @@ -10027,7 +10542,7 @@ No

Summary

-Send and receive TCP traffic on the dcc port. +Send and receive TCP traffic on the dbskkd port.

@@ -10049,13 +10564,55 @@ No

- +

 
-corenet_tcp_sendrecv_dhcpc_port(
+corenet_tcp_sendrecv_dcc_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive TCP traffic on the dcc port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+corenet_tcp_sendrecv_dhcpc_port(
 	
@@ -10175,6 +10732,48 @@ No

+ +

+ + +

+
+corenet_tcp_sendrecv_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive TCP traffic on the distccd port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -10343,6 +10942,48 @@ No

+ +

+ + +

+
+corenet_tcp_sendrecv_gatekeeper_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive TCP traffic on the gatekeeper port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -10721,6 +11362,48 @@ No

+ +

+ + +

+
+corenet_tcp_sendrecv_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive TCP traffic on the i18n_input port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -12359,6 +13042,48 @@ No

+ +

+ + +

+
+corenet_tcp_sendrecv_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive TCP traffic on the rlogind port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -13877,7 +14602,133 @@ No

 
-corenet_udp_bind_compat_ipv4_node(
+corenet_udp_bind_compat_ipv4_node(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Bind UDP sockets to the compat_ipv4 node. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+corenet_udp_bind_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Bind UDP sockets to the comsat port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+corenet_udp_bind_cvs_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Bind UDP sockets to the cvs port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

- +

-corenet_udp_bind_ftp_port( +corenet_udp_bind_gatekeeper_port( @@ -14311,7 +15162,7 @@ No

Summary

-Bind UDP sockets to the ftp port. +Bind UDP sockets to the gatekeeper port.

@@ -14669,6 +15520,48 @@ No

+ +

+ + +

+
+corenet_udp_bind_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Bind UDP sockets to the i18n_input port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -16307,6 +17200,48 @@ No

+ +

+ + +

+
+corenet_udp_bind_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Bind UDP sockets to the rlogind port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -17903,6 +18838,48 @@ No

+ +

+ + +

+
+corenet_udp_receive_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Receive UDP traffic on the comsat port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -18155,13 +19132,97 @@ No

+ +

+ + +

+
+corenet_udp_receive_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Receive UDP traffic on the distccd port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

 
-corenet_udp_receive_dns_port(
+corenet_udp_receive_dns_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

-Receive UDP traffic on the ftp port. +Receive UDP traffic on the gatekeeper port.

@@ -18701,6 +19762,48 @@ No

+ +

+ + +

+
+corenet_udp_receive_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Receive UDP traffic on the i18n_input port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -20339,6 +21442,48 @@ No

+ +

+ + +

+
+corenet_udp_receive_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Receive UDP traffic on the rlogind port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -21935,6 +23080,48 @@ No

+ +

+ + +

+
+corenet_udp_send_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send UDP traffic on the comsat port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -22187,6 +23374,48 @@ No

+ +

+ + +

+
+corenet_udp_send_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send UDP traffic on the distccd port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -22355,6 +23584,48 @@ No

+ +

+ + +

+
+corenet_udp_send_gatekeeper_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send UDP traffic on the gatekeeper port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -22565,13 +23836,55 @@ No

- + +

+ + +

+
+corenet_udp_send_howl_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

-Send UDP traffic on the http port. +Send UDP traffic on the i18n_input port.

@@ -24371,6 +25684,48 @@ No

+ +

+ + +

+
+corenet_udp_send_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send UDP traffic on the rlogind port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -25967,6 +27322,48 @@ No

+ +

+ + +

+
+corenet_udp_sendrecv_comsat_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive UDP traffic on the comsat port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -26219,6 +27616,48 @@ No

+ +

+ + +

+
+corenet_udp_sendrecv_distccd_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive UDP traffic on the distccd port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -26387,6 +27826,48 @@ No

+ +

+ + +

+
+corenet_udp_sendrecv_gatekeeper_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive UDP traffic on the gatekeeper port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -26765,6 +28246,48 @@ No

+ +

+ + +

+
+corenet_udp_sendrecv_i18n_input_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive UDP traffic on the i18n_input port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -28403,6 +29926,48 @@ No

+ +

+ + +

+
+corenet_udp_sendrecv_rlogind_port(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive UDP traffic on the rlogind port. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

diff --git a/www/api-docs/kernel_devices.html b/www/api-docs/kernel_devices.html index 1e7104f..02f9001 100644 --- a/www/api-docs/kernel_devices.html +++ b/www/api-docs/kernel_devices.html @@ -28,12 +28,21 @@    - bootloader
+    - + corecommands
+    - corenetwork
   - devices
+    - + domain
+ +    - + files
+    - filesystem
@@ -115,6 +124,134 @@ this module.

Interfaces:

+ +

+ + +

+
+dev_append_printer(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Append the printer device. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+dev_associate_usbfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Mount a usbfs filesystem. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+dev_create_cardmgr(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete +the PCMCIA card manager device +with the correct type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -744,6 +881,49 @@ No

+ +

+ + +

+
+dev_dontaudit_getattr_usbfs_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of a directory in the usb filesystem. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

@@ -1887,6 +2067,48 @@ No

+ +

+ + +

+
+dev_getattr_mtrr(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of the mtrr device. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -2391,13 +2613,13 @@ No

- +

-dev_manage_dev_nodes( +dev_manage_cardmgr( @@ -2411,7 +2633,8 @@ No

Summary

-Create, delete, read, and write device nodes in device directories. +Create, read, write, and delete +the PCMCIA card manager device.

@@ -2433,13 +2656,13 @@ No

- +

-dev_manage_generic_blk_file( +dev_manage_dev_nodes( @@ -2453,8 +2676,7 @@ No

Summary

-Allow read, write, create, and delete for generic -block files. +Create, delete, read, and write device nodes in device directories.

@@ -3528,6 +3750,48 @@ No

+ +

+ + +

+
+dev_rw_cardmgr(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write the PCMCIA card manager device. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

diff --git a/www/api-docs/kernel_domain.html b/www/api-docs/kernel_domain.html new file mode 100644 index 0000000..c72992b --- /dev/null +++ b/www/api-docs/kernel_domain.html @@ -0,0 +1,2509 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ + + + services
+

+ +

+ + + + system
+

+ +

+ +

Layer: kernel

Module: domain

+ +Interfaces +Templates + +

Description:

+ +

Core policy for domains.

+ + +

This module is required to be included in all policies.

+ + + +

Interfaces:

+ + +

+
+domain_base_type(
+	
+		
+		
+		
+		type
+		
+	
+	)

+

+ +

Summary

+Make the specified type usable as a basic domain. +

+ + +

Description

+Make the specified type usable as a basic domain. +

+This is primarily used for kernel threads; +generally the domain_type() interface is +more appropriate for userland processes. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+type +	+ +Type to be used as a basic domain type. + +	+No +

+ + +

+
+domain_cron_exemption_source(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Make the specified domain the source of +the cron domain exception of the +SELinux role and identity change +constraints. +

+ + +

Description

+Make the specified domain the source of +the cron domain exception of the +SELinux role and identity change +constraints. +

+This interface is needed to decouple +the cron domains from the base module. +It should not be used other than on +cron domains. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain target for user exemption. + +	+No +

+ + +

+
+domain_cron_exemption_target(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Make the specified domain the target of +the cron domain exception of the +SELinux role and identity change +constraints. +

+ + +

Description

+Make the specified domain the target of +the cron domain exception of the +SELinux role and identity change +constraints. +

+This interface is needed to decouple +the cron domains from the base module. +It should not be used other than on +user cron jobs. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain target for user exemption. + +	+No +

+ + +

+
+domain_dontaudit_getattr_all_dgram_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of all domains unix datagram sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_getattr_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all domains of all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_dontaudit_getattr_all_key_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get attribues of +all domains IPSEC key management sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_getattr_all_packet_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get attribues of +all domains packet sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_getattr_all_pipes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of all domains unnamed pipes. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_getattr_all_raw_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get attribues of +all domains raw sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_getattr_all_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of all domains sockets, for all socket types. +

+ + +

Description

+Do not audit attempts to get the attributes +of all domains sockets, for all socket types. +

+This interface was added for PCMCIA cardmgr +and is probably excessive. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+domain_dontaudit_getattr_all_stream_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of all domains unix datagram sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_getattr_all_tcp_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of all domains TCP sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_getattr_all_udp_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of all domains UDP sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_getsession_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the +session ID of all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_list_all_domains_proc(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read the process state +directories of all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_ptrace_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to ptrace all domains. +

+ + +

Description

+Do not audit attempts to ptrace all domains. +

+Generally this needs to be suppressed because procps tries to access +/proc/pid/environ and this now triggers a ptrace check in recent kernels +(2.4 and 2.6). +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_dontaudit_ptrace_confined_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to ptrace confined domains. +

+ + +

Description

+Do not audit attempts to ptrace confined domains. +

+Generally this needs to be suppressed because procps tries to access +/proc/pid/environ and this now triggers a ptrace check in recent kernels +(2.4 and 2.6). +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_dontaudit_read_all_domains_state(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read the process +state (/proc/pid) of all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_rw_all_key_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read or write +all domains key sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_rw_all_udp_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read or write +all domains UDP sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_search_all_domains_state(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to search the process +state directory (/proc/pid) of all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+domain_dontaudit_use_wide_inherit_fd(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+domain_dyntrans_type(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+domain_entry_file(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		type
+		
+	
+	)

+

+ +

Summary

+Make the specified type usable as +an entry point for the domain. +

+ + +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to be entered. + +	+No +
+type +	+ +Type of program used for entering +the domain. + +	+No +

+ + +

+
+domain_exec_all_entry_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+domain_getattr_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all domains of all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_getattr_all_entry_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of entry point +files for all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_getattr_all_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all domains +sockets, for all socket types. +

+ + +

Description

+Get the attributes of all domains +sockets, for all socket types. +

+This is commonly used for domains +that can use lsof on all domains. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_getattr_confined_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all confined domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_getsession_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the session ID of all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_kill_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send a kill signal to all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_obj_id_change_exempt(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Makes caller an exception to the constraint preventing +changing the user identity in object contexts. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The process type to make an exception to the constraint. + +	+No +

+ + +

+
+domain_ptrace_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Ptrace all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_read_all_domains_state(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read the process state (/proc/pid) of all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_read_all_entry_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+domain_read_confined_domains_state(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read the process state (/proc/pid) of all confined domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_role_change_exempt(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Makes caller an exception to the constraint preventing +changing of role. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The process type to make an exception to the constraint. + +	+No +

+ + +

+
+domain_search_all_domains_state(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search the process state directory (/proc/pid) of all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_setpriority_all_domains(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+domain_sigchld_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send a child terminated signal to all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_sigchld_wide_inherit_fd(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send a SIGCHLD signal to domains whose file +discriptors are widely inheritable. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_signal_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send general signals to all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_signull_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send a null signal to all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_sigstop_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send a stop signal to all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_subj_id_change_exempt(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Makes caller an exception to the constraint preventing +changing of user identity. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The process type to make an exception to the constraint. + +	+No +

+ + +

+
+domain_system_change_exempt(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Makes caller and execption to the constraint +preventing changing to the system user +identity and system role. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_type(
+	
+		
+		
+		
+		type
+		
+	
+	)

+

+ +

Summary

+Make the specified type usable as a domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+type +	+ +Type to be used as a domain type. + +	+No +

+ + +

+
+domain_unconfined(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Unconfined access to domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_use_wide_inherit_fd(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+domain_user_exemption_target(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Make the specified domain the target of +the user domain exception of the +SELinux role and identity change +constraints. +

+ + +

Description

+Make the specified domain the target of +the user domain exception of the +SELinux role and identity change +constraints. +

+This interface is needed to decouple +the user domains from the base module. +It should not be used other than on +user domains. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain target for user exemption. + +	+No +

+ + +

+
+domain_wide_inherit_fd(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +Return + + + +

Templates:

+ + +

+
+domain_auto_trans(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+domain_trans(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +Return + + + +

+ + diff --git a/www/api-docs/kernel_files.html b/www/api-docs/kernel_files.html new file mode 100644 index 0000000..4db3242 --- /dev/null +++ b/www/api-docs/kernel_files.html @@ -0,0 +1,7827 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ + + + services
+

+ +

+ + + + system
+

+ +

+ +

Layer: kernel

Module: files

+ +

Description:

+ +

+This module contains basic filesystem types and interfaces. This +includes: +

The concept of different file types including basic +files, mount points, tmp files, etc.

Access to groups of files and all files.

Types and interfaces for the basic filesystem layout +(/, /etc, /tmp, /usr, etc.).

+ + +

This module is required to be included in all policies.

+ + + +

Interfaces:

+ + +

+
+files_associate_tmp(
+	
+		
+		
+		
+		file_type
+		
+	
+	)

+

+ +

Summary

+Allow the specified type to associate +to a filesystem with the type of the +temporary directory (/tmp). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+file_type +	+ +Type of the file to associate. + +	+No +

+ + +

+
+files_config_file(
+	
+		
+		
+		
+		file_type
+		
+	
+	)

+

+ +

Summary

+Make the specified type a +configuration file. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+file_type +	+ +Type to be used as a configuration file. + +	+No +

+ + +

+
+files_create_boot_flag(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_create_etc_config(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_create_home_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		home_type
+		
+	
+	)

+

+ +

Summary

+Create home directories +

+ + +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +
+home_type +	+ +The type of the home directory + +	+No +

+ + +

+
+files_create_lock(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_create_pid(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_create_root(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		private type
+		
+			]
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		object
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Create an object in the root directory, with a private +type. If no object class is specified, the +default is file. +

+ + +

Parameters

+ + + + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +
+private type +	+ +The type of the object to be created. If no type +is specified, the type of the root directory will +be used. + +	+yes +
+object +	+ +The object class of the object being created. If +no class is specified, file will be used. + +	+yes +

+ + +

+
+files_create_tmp_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_create_usr(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		file_type
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		object_class
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Create objects in the /usr directory +

+ + +

Parameters

+ + + + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +
+file_type +	+ +The type of the object to be created + +	+No +
+object_class +	+ +The object class. If not specified, file is used. + +	+yes +

+ + +

+
+files_create_var(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		file_type
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		object_class
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Create objects in the /var directory +

+ + +

Parameters

+ + + + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +
+file_type +	+ +The type of the object to be created + +	+No +
+object_class +	+ +The object class. If not specified, file is used. + +	+yes +

+ + +

+
+files_create_var_lib(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		file_type
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		object_class
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Create objects in the /var/lib directory +

+ + +

Parameters

+ + + + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +
+file_type +	+ +The type of the object to be created + +	+No +
+object_class +	+ +The object class. If not specified, file is used. + +	+yes +

+ + +

+
+files_delete_all_locks(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_delete_all_pid_dirs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_delete_all_pids(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_delete_etc_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Delete system configuration files in /etc. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_delete_root_dir_entry(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_dontaudit_getattr_all_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of all directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_all_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of all files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_all_pipes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of all named pipes. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_all_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of all named sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_all_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of all symbolic links. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_default_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes of +directories with the default file type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_default_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes of +files with the default file type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_home_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the +attributes of the home directories root +(/home). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_non_security_blk_dev(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of non security block devices. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_non_security_chr_dev(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of non security character devices. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_non_security_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of non security files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_non_security_pipes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of non security named pipes. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_non_security_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of non security named sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_non_security_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of non security symbolic links. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_pid_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of the /var/run directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_getattr_tmp_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the +attributes of the tmp directory (/tmp). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_dontaudit_ioctl_all_pids(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to ioctl daemon runtime data files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_dontaudit_list_default(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to list contents of +directories with the default file type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_list_non_security(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to list all +non security directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_read_default_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read files +with the default file type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_read_etc_runtime_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read files +in /etc that are dynamically +created on boot, such as mtab. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_read_root_file(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_dontaudit_rw_root_chr_dev(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_dontaudit_rw_root_file(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_dontaudit_search_all_dirs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_dontaudit_search_home(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to search +home directories root (/home). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_search_isid_type_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to search directories on new filesystems +that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_dontaudit_search_locks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to search the +locks directory (/var/lock). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_search_pids(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to search +the /var/run directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_search_src(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_dontaudit_search_var(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to search +the contents of /var. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+files_dontaudit_write_all_pids(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to write to daemon runtime data files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_exec_etc_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_exec_usr_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute generic programs in /usr in the caller domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_exec_usr_src_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute programs in /usr/src in the caller domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_getattr_all_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_getattr_all_file_type_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all sockets +with the type of a file. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_getattr_all_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_getattr_all_pipes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all named pipes. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_getattr_all_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all named sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_getattr_all_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all symbolic links. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_getattr_generic_locks(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_getattr_home_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of the home directories root +(/home). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_getattr_tmp_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of the tmp directory (/tmp). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_getattr_usr_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of files in /usr. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_getattr_var_lib_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of the /var/lib directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_list_all(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List the contents of all directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_list_all_dirs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_list_default(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List contents of directories with the default file type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_list_etc(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_list_home(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get listing of home directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_list_isid_type_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List the contents of directories on new filesystems +that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_list_mnt(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_list_pids(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_list_root(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_list_spool(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_list_tmp(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read the tmp directory (/tmp). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_list_usr(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List the contents of generic +directories in /usr. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_list_var(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List the contents of /var. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_list_var_lib(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List the contents of the /var/lib directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_list_world_readable(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List world-readable directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_lock_file(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_manage_all_files(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		exception_types
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Manage all files on the filesystem, except +the listed exceptions. +

+ + +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain perfoming this action. + +	+No +
+exception_types +	+ +The types to be excluded. Each type or attribute +must be negated by the caller. + +	+yes +

+ + +

+
+files_manage_etc_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_manage_etc_runtime_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete files in +/etc that are dynamically created on boot, +such as mtab. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_manage_generic_locks(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_manage_generic_spool_dirs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_manage_generic_spools(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_manage_isid_type_blk_node(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete block device nodes +on new filesystems that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_manage_isid_type_chr_node(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete character device nodes +on new filesystems that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_manage_isid_type_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete directories +on new filesystems that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_manage_isid_type_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete files +on new filesystems that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_manage_isid_type_symlink(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete symbolic links +on new filesystems that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_manage_lost_found(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete objects in +lost+found directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_manage_mnt_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete directories in /mnt. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_manage_mnt_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete files in /mnt. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_manage_mnt_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete symbolic links in /mnt. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_manage_mounttab(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow domain to manage mount tables +necessary for rpcd, nfsd, etc. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_manage_urandom_seed(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_manage_var_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete directories +in the /var directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_manage_var_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete files in the /var directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_manage_var_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete symbolic +links in the /var directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_mount_all_file_type_fs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_mounton_all_mountpoints(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_mounton_default(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Mount a filesystem on a directory with the default file type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_mounton_isid_type_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Mount a filesystem on a directory on new filesystems +that has not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_mounton_mnt(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Mount a filesystem on /mnt. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_mountpoint(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_pid_file(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_poly(
+	
+		
+		
+		
+		file_type
+		
+	
+	)

+

+ +

Summary

+Make the specified type a +polyinstantiated directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+file_type +	+ +Type of the file to be used as a +polyinstantiated directory. + +	+No +

+ + +

+
+files_poly_member(
+	
+		
+		
+		
+		file_type
+		
+	
+	)

+

+ +

Summary

+Make the specified type a +polyinstantiation member directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+file_type +	+ +Type of the file to be used as a +member directory. + +	+No +

+ + +

+
+files_poly_member_tmp(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		file_type
+		
+	
+	)

+

+ +

Summary

+Make the domain use the specified +type of polyinstantiated directory. +

+ + +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain using the polyinstantiated +directory. + +	+No +
+file_type +	+ +Type of the file to be used as a +member directory. + +	+No +

+ + +

+
+files_poly_parent(
+	
+		
+		
+		
+		file_type
+		
+	
+	)

+

+ +

Summary

+Make the specified type a parent +of a polyinstantiated directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+file_type +	+ +Type of the file to be used as a +parent directory. + +	+No +

+ + +

+
+files_purge_tmp(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_read_all_blk_nodes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read all block nodes with file types. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_all_chr_nodes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read all character nodes with file types. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_all_dirs_except(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		exception_types
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Read all directories on the filesystem, except +the listed exceptions. +

+ + +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain perfoming this action. + +	+No +
+exception_types +	+ +The types to be excluded. Each type or attribute +must be negated by the caller. + +	+yes +

+ + +

+
+files_read_all_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read all files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_all_files_except(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		exception_types
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Read all files on the filesystem, except +the listed exceptions. +

+ + +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain perfoming this action. + +	+No +
+exception_types +	+ +The types to be excluded. Each type or attribute +must be negated by the caller. + +	+yes +

+ + +

+
+files_read_all_pids(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_read_all_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read all symbolic links. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_all_symlinks_except(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		exception_types
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Read all symbloic links on the filesystem, except +the listed exceptions. +

+ + +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain perfoming this action. + +	+No +
+exception_types +	+ +The types to be excluded. Each type or attribute +must be negated by the caller. + +	+yes +

+ + +

+
+files_read_default_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read files with the default file type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_default_pipes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read named pipes with the default file type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_default_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read sockets with the default file type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_default_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read symbolic links with the default file type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_etc_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_read_etc_runtime_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read files in /etc that are dynamically +created on boot, such as mtab. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_generic_spools(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_read_generic_tmp_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read files in the tmp directory (/tmp). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_read_generic_tmp_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read symbolic links in the tmp directory (/tmp). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_read_isid_type_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read files on new filesystems +that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_read_usr_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_read_usr_src_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_read_usr_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read symbolic links in /usr. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_var_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read files in the /var directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_read_var_lib_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read generic files in /var/lib. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_var_lib_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read generic symbolic links in /var/lib +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_var_symlink(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read symbolic links in the /var directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_world_readable_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read world-readable files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_world_readable_pipes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read world-readable named pipes. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_world_readable_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read world-readable sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_read_world_readable_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read world-readable symbolic links. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_relabel_all_files(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		exception_types
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Relabel all files on the filesystem, except +the listed exceptions. +

+ + +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain perfoming this action. + +	+No +
+exception_types +	+ +The types to be excluded. Each type or attribute +must be negated by the caller. + +	+yes +

+ + +

+
+files_relabel_etc_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Relabel from and to generic files in /etc. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_relabelto_all_file_type_fs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_relabelto_usr_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Relabel a file to the type used in /usr. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_rw_etc_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_rw_etc_runtime_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write files in /etc that are dynamically +created on boot, such as mtab. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_rw_generic_pids(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_rw_generic_tmp_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write generic named sockets in the tmp directory (/tmp). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_rw_isid_type_blk_node(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write block device nodes on new filesystems +that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_rw_isid_type_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write directories on new filesystems +that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_rw_locks_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Add and remove entries in the /var/lock +directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_search_all(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search all directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_search_all_dirs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_search_default(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search the contents of directories with the default file type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_search_etc(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_search_home(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search home directories root (/home). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_search_locks(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_search_mnt(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_search_pids(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_search_spool(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_search_tmp(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search the tmp directory (/tmp). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_search_usr(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_search_var(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search the contents of /var. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_search_var_lib(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search the /var/lib directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_search_var_lib_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search directories in /var/lib. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_security_file(
+	
+		
+		
+		
+		file_type
+		
+	
+	)

+

+ +

Summary

+Make the specified type a file that +should not be dontaudited from +browsing from user domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+file_type +	+ +Type of the file to be used as a +member directory. + +	+No +

+ + +

+
+files_setattr_all_tmp_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Set the attributes of all tmp directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_setattr_etc_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Set the attributes of the /etc directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_tmp_file(
+	
+		
+		
+		
+		file_type
+		
+	
+	)

+

+ +

Summary

+Make the specified type a file +used for temporary files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+file_type +	+ +Type of the file to be used as a +temporary file. + +	+No +

+ + +

+
+files_tmpfs_file(
+	
+		
+		
+		
+		type
+		
+	
+	)

+

+ +

Summary

+Transform the type into a file, for use on a +virtual memory filesystem (tmpfs). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+type +	+ +The type to be transformed. + +	+No +

+ + +

+
+files_type(
+	
+		
+		
+		
+		type
+		
+	
+	)

+

+ +

Summary

+Make the specified type usable for files +in a filesystem. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+type +	+ +Type to be used for files. + +	+No +

+ + +

+
+files_unconfined(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Unconfined access to files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_unmount_all_file_type_fs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_unmount_rootfs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +Return + + + + +

+ + diff --git a/www/api-docs/kernel_filesystem.html b/www/api-docs/kernel_filesystem.html index 05db9d7..081f402 100644 --- a/www/api-docs/kernel_filesystem.html +++ b/www/api-docs/kernel_filesystem.html @@ -28,12 +28,21 @@    - bootloader
+    - + corecommands
+    - corenetwork
   - devices
+    - + domain
+ +    - + files
+    - filesystem
@@ -1346,6 +1355,49 @@ No

+ +

+ + +

+
+fs_getattr_all_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all directories +with a filesystem type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -1912,6 +1964,48 @@ No

+ +

+ + +

+
+fs_getattr_rpc_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read directories of RPC file system pipes. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain reading the symbolic links. + +	+No +

@@ -2162,7 +2256,49 @@ CIFS or SMB filesystem. domain -The type of the domain reading the files. +Domain allowed access. + + +No + + + +

+ + +

+
+fs_list_noxattr_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read all noxattrfs directories. +

+ + +

Parameters

+ + + + + +

Parameter:

Description:

Optional:

+domain +

-Remount a DOS filesystem, such as -FAT32 or NTFS. This allows -some mount options to be changed. +Allow changing of the label of a +DOS filesystem using the context= mount option.

@@ -4173,7 +4301,7 @@ some mount options to be changed. domain

-The type of the domain remounting the filesystem. +The type of the domain mounting the filesystem.

No @@ -4183,13 +4311,13 @@ No - +

-fs_remount_iso9660_fs( +fs_relabelfrom_xattr_fs( @@ -4203,9 +4331,9 @@ No

Summary

-Remount an iso9660 filesystem, which -is usually used on CDs. This allows -some mount options to be changed. +Allow changing of the label of a +filesystem with extended attributes +using the context= mount option.

@@ -4217,7 +4345,7 @@ some mount options to be changed. domain

-The type of the domain remounting the filesystem. +The type of the domain mounting the filesystem.

No @@ -4227,13 +4355,230 @@ No - +

 
-fs_remount_nfs(
+fs_remount_all_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Remount all filesystems. This +allows some mount options to be changed. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain mounting the filesystem. + +	+No +

+ + +

+
+fs_remount_autofs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Remount an automount pseudo filesystem +This allows some mount options to be changed. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain remounting the filesystem. + +	+No +

+ + +

+
+fs_remount_cifs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Remount a CIFS or SMB network filesystem. +This allows some mount options to be changed. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain mounting the filesystem. + +	+No +

+ + +

+
+fs_remount_dos_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Remount a DOS filesystem, such as +FAT32 or NTFS. This allows +some mount options to be changed. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain remounting the filesystem. + +	+No +

+ + +

+
+fs_remount_iso9660_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Remount an iso9660 filesystem, which +is usually used on CDs. This allows +some mount options to be changed. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain remounting the filesystem. + +	+No +

+ + +

+
+fs_remount_nfs(
 	
@@ -4529,6 +4874,133 @@ No

+ +

+ + +

+
+fs_rw_nfsd_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write NFS server files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain doing the +read or write on nfsd files. + +	+No +

+ + +

+
+fs_rw_ramfs_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write a named pipe on a ramfs filesystem. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+fs_rw_tmpfs_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write generic tmpfs files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

@@ -4646,7 +5118,7 @@ Search directories on a CIFS or SMB filesystem. domain

-The type of the domain reading the files. +Domain allowed access.

No @@ -4688,7 +5160,50 @@ Search directories on a NFS filesystem. domain

-The type of the domain reading the files. +Domain allowed access. + +

+No +

+ + +

+
+fs_search_nfsd_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search NFS server directories. +

+ + +

Parameters

+ + + + - -

Parameter:

Description:

Optional:

+domain +

+ +The type of the domain doing the +search on nfsd directories.

No @@ -5585,6 +6100,90 @@ No + +

+ + +

+
+fs_write_nfs_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read files on a NFS filesystem. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+fs_write_ramfs_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Write to named pipe on a ramfs filesystem. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

diff --git a/www/api-docs/kernel_kernel.html b/www/api-docs/kernel_kernel.html index 333c284..f1ab180 100644 --- a/www/api-docs/kernel_kernel.html +++ b/www/api-docs/kernel_kernel.html @@ -28,12 +28,21 @@    - bootloader
+    - + corecommands
+    - corenetwork
   - devices
+    - + domain
+ +    - + files
+    - filesystem
@@ -128,7 +137,7 @@ Change the level of kernel messages logged to the console. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -266,13 +275,399 @@ No - + +

+ + +

+
+kernel_dontaudit_getattr_unlabeled_blk_dev(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts by caller to get attributes for +unlabeled block devices. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The process type not to audit. + +	+No +

+ + +

+
+kernel_dontaudit_getattr_unlabeled_chr_dev(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts by caller to get attributes for +unlabeled character devices. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The process type not to audit. + +	+No +

+ + +

+
+kernel_dontaudit_getattr_unlabeled_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts by caller to get the +attributes of an unlabeled file. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The process type not to audit. + +	+No +

+ + +

+
+kernel_dontaudit_getattr_unlabeled_pipes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts by caller to get the +attributes of unlabeled named pipes. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The process type not to audit. + +	+No +

+ + +

+
+kernel_dontaudit_getattr_unlabeled_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts by caller to get the +attributes of unlabeled named sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The process type not to audit. + +	+No +

+ + +

+
+kernel_dontaudit_getattr_unlabeled_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts by caller to get the +attributes of unlabeled symbolic links. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The process type not to audit. + +	+No +

+ + +

+
+kernel_dontaudit_list_proc(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to list the +contents of directories in /proc. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+kernel_dontaudit_list_unlabeled(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to list unlabeled directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+kernel_dontaudit_read_proc_symlink(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts by caller to +read system state information in proc. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The process type not to audit. + +	+No +

+ +

-kernel_dontaudit_getattr_unlabeled_blk_dev( +kernel_dontaudit_read_ring_buffer( @@ -286,8 +681,7 @@ No

Summary

-Do not audit attempts by caller to get attributes for -unlabeled block devices. +Do not audit attempts to read the ring buffer.

@@ -299,7 +693,7 @@ unlabeled block devices. domain

-The process type not to audit. +The domain to not audit.

No @@ -309,13 +703,13 @@ No - +

-kernel_dontaudit_read_ring_buffer( +kernel_dontaudit_read_system_state( @@ -329,7 +723,8 @@ No

Summary

-Do not audit attempts to read the ring buffer. +Do not audit attempts by caller to +read system state information in proc.

@@ -341,7 +736,7 @@ Do not audit attempts to read the ring buffer. domain

-The domain to not audit. +The process type not to audit.

No @@ -351,13 +746,13 @@ No - +

-kernel_dontaudit_read_system_state( +kernel_dontaudit_read_unlabeled_file( @@ -372,7 +767,7 @@ No

Summary

Do not audit attempts by caller to -read system state information in proc. +read an unlabeled file.

@@ -384,7 +779,7 @@ read system state information in proc. domain

-The process type not to audit. +Domain to not audit.

No @@ -860,6 +1255,48 @@ No + +

+ + +

+
+kernel_getattr_proc_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of files in /proc. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -892,7 +1329,7 @@ Send a kill signal to unlabeled processes. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -1145,7 +1582,7 @@ Allow caller to read all sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -1314,7 +1751,7 @@ Read filesystem sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -1356,7 +1793,7 @@ Read the hotplug sysctl. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -1398,7 +1835,7 @@ Read IRQ sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -1440,7 +1877,7 @@ Read generic kernel sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -1525,7 +1962,7 @@ Read the modprobe sysctl. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -1567,7 +2004,7 @@ Allow caller to read network sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -1619,6 +2056,48 @@ No + +

+ + +

+
+kernel_read_network_state_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow caller to read the network state symbolic links. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The process type reading the state. + +	+No +

@@ -1787,6 +2266,48 @@ No

+ +

+ + +

+
+kernel_read_sysctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow access to read sysctl directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The process type to allow to read sysctl directories. + +	+No +

@@ -1862,7 +2383,7 @@ socket sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -1904,7 +2425,7 @@ Allow caller to read virtual memory sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2073,7 +2594,7 @@ Read and write all sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2115,7 +2636,7 @@ Read and write device sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2157,7 +2678,7 @@ Read and write fileystem sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2199,7 +2720,7 @@ Read and write the hotplug sysctl. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2241,7 +2762,7 @@ Read and write IRQ sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2283,7 +2804,7 @@ Read and write generic kernel sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2325,7 +2846,7 @@ Read and write the modprobe sysctl. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2367,7 +2888,7 @@ Allow caller to modiry contents of sysctl network files. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2578,7 +3099,7 @@ socket sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2662,7 +3183,7 @@ Read and write virtual memory sysctls. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2757,18 +3278,18 @@ No - +

-kernel_search_from( +kernel_search_network_state( - dir_type + domain )
@@ -2777,8 +3298,7 @@ No

Summary

-Allow the kernel to search the -specified directory. +Allow searching of network state directory.

@@ -2787,10 +3307,10 @@ specified directory.

Parameter:

Description:

Optional:

-dir_type +domain

-Directory type to search. +The process type reading the state.

No @@ -2884,6 +3404,48 @@ No + +

+ + +

+
+kernel_search_vm_sysctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow caller to search virtual memory sysctls. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -2947,6 +3509,65 @@ No

+ +

+ + +

+
+kernel_sendrecv_unlabeled_association(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive messages from an +unlabeled IPSEC association. +

+ + +

Description

+Send and receive messages from an +unlabeled IPSEC association. Network +connections that are not protected +by IPSEC have use an unlabeled +assocation. +

+The corenetwork interface +corenet_sendrecv_no_ipsec() should +be used instead of this one. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -3234,7 +3855,7 @@ Send a child terminated signal to unlabeled processes. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -3318,7 +3939,7 @@ Send general signals to unlabeled processes. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -3360,7 +3981,7 @@ Send a null signal to unlabeled processes. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -3402,7 +4023,7 @@ Send a stop signal to unlabeled processes. domain

-The type of the process performing this action. +Domain allowed access.

No diff --git a/www/api-docs/kernel_mls.html b/www/api-docs/kernel_mls.html index efc603d..c8c820b 100644 --- a/www/api-docs/kernel_mls.html +++ b/www/api-docs/kernel_mls.html @@ -28,12 +28,21 @@    - bootloader
+    - + corecommands
+    - corenetwork
   - devices
+    - + domain
+ +    - + files
+    - filesystem
diff --git a/www/api-docs/kernel_selinux.html b/www/api-docs/kernel_selinux.html index bfaec7c..de51cbf 100644 --- a/www/api-docs/kernel_selinux.html +++ b/www/api-docs/kernel_selinux.html @@ -28,12 +28,21 @@    - bootloader
+    - + corecommands
+    - corenetwork
   - devices
+    - + domain
+ +    - + files
+    - filesystem
@@ -361,6 +370,49 @@ No + +

+ + +

+
+selinux_dontaudit_read_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read +generic selinuxfs entries +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

@@ -586,18 +638,6 @@ No domain - - , - - - - [ - - booltype - - ] - - )

@@ -635,16 +675,6 @@ The process type allowed to set the Boolean. No

-booltype -

- -The type of Booleans the caller is allowed to set. - -

-yes -

diff --git a/www/api-docs/kernel_storage.html b/www/api-docs/kernel_storage.html index 06855d5..0996017 100644 --- a/www/api-docs/kernel_storage.html +++ b/www/api-docs/kernel_storage.html @@ -28,12 +28,21 @@    - bootloader
+    - + corecommands
+    - corenetwork
   - devices
+    - + domain
+ +    - + files
+    - filesystem
@@ -563,49 +572,6 @@ No

- -

- - -

-
-storage_getattr_scsi_generic(
-	
-		
-		
-		
-		domain
-		
-	
-	)

-

- -

Summary

-Get attributes of the device nodes -for the SCSI generic inerface. -

- - -

Parameters

- - - - - -

Parameter:	Description:	Optional:
-domain -	- -The type of the process performing this action. - -	-No -

diff --git a/www/api-docs/kernel_terminal.html b/www/api-docs/kernel_terminal.html index 8cdb17d..eb5f4fc 100644 --- a/www/api-docs/kernel_terminal.html +++ b/www/api-docs/kernel_terminal.html @@ -28,12 +28,21 @@    - bootloader
+    - + corecommands
+    - corenetwork
   - devices
+    - + domain
+ +    - + files
+    - filesystem
@@ -188,7 +197,7 @@ device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -232,7 +241,7 @@ device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -318,7 +327,7 @@ of all unallocated tty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -490,7 +499,7 @@ any user ttys. domain -The type of the process performing this action. +Domain allowed access. No @@ -533,7 +542,7 @@ or write to the console. domain -The type of the process performing this action. +Domain allowed access. No @@ -706,7 +715,7 @@ pty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -749,7 +758,7 @@ device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -792,7 +801,7 @@ tty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -834,7 +843,7 @@ ioctl of generic pty types. domain -The type of the process performing this action. +Domain allowed access. No @@ -877,7 +886,7 @@ list all ptys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1005,7 +1014,7 @@ user pty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -1048,7 +1057,7 @@ user tty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -1091,7 +1100,7 @@ tty type. domain -The type of the process performing this action. +Domain allowed access. No @@ -1133,7 +1142,7 @@ Relabel to all user ptys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1176,7 +1185,7 @@ the unallocated tty type. domain -The type of the process performing this action. +Domain allowed access. No @@ -1218,7 +1227,7 @@ Search the contents of the /dev/pts directory. domain -The type of the process performing this action. +Domain allowed access. No @@ -1261,7 +1270,7 @@ pty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -1304,7 +1313,7 @@ device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -1347,7 +1356,7 @@ device node. domain -The type of the process performing this action. +Domain allowed access. No @@ -1390,7 +1399,7 @@ tty device nodes. domain -The type of the process performing this action. +Domain allowed access. No @@ -1475,7 +1484,7 @@ ttys and all ptys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1517,7 +1526,7 @@ Read and write all user ptys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1559,7 +1568,7 @@ Read and write all user to all user ttys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1601,7 +1610,7 @@ Read from and write to the console. domain -The type of the process performing this action. +Domain allowed access. No @@ -1644,7 +1653,7 @@ terminal (/dev/tty). domain -The type of the process performing this action. +Domain allowed access. No @@ -1688,7 +1697,7 @@ the targeted policy. domain -The type of the process performing this action. +Domain allowed access. No @@ -1772,7 +1781,7 @@ Read and write unallocated ttys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1877,7 +1886,7 @@ Write to all user ttys. domain -The type of the process performing this action. +Domain allowed access. No @@ -1919,7 +1928,7 @@ Write to the console. domain -The type of the process performing this action. +Domain allowed access. No @@ -1961,7 +1970,7 @@ Write to unallocated ttys. domain -The type of the process performing this action. +Domain allowed access. No diff --git a/www/api-docs/services.html b/www/api-docs/services.html index dc4fdea..f034e1a 100644 --- a/www/api-docs/services.html +++ b/www/api-docs/services.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -237,6 +300,11 @@

Ethernet activity monitor.

+ + avahi +

mDNS/DNS-SD daemon implementing Apple ZeroConf architecture

+ + bind

Berkeley internet name domain DNS server.

@@ -247,6 +315,11 @@

Bluetooth tools and system services.

+ + canna +

Canna - kana-kanji conversion server

+ + comsat

Comsat, a biff server.

@@ -262,11 +335,26 @@

Periodic execution of scheduled commands.

+ + cups +

Common UNIX printing system

+ + cvs

Concurrent versions system

+ + cyrus +

Cyrus is an IMAP service intended to be run on sealed servers

+ + + + dbskk +

Dictionary server for the SKK Japanese input method system.

+ + dbus

Desktop messaging bus

@@ -282,6 +370,16 @@

Dictionary daemon

+ + distcc +

Distributed compiler daemon

+ + + + dovecot +

Dovecot POP and IMAP mail server

+ + finger

Finger user information service.

@@ -307,6 +405,11 @@

Port of Apple Rendezvous multicast DNS

+ + i18n_input +

IIIMF htt server

+ + inetd

Internet services daemon.

@@ -317,6 +420,11 @@

Internet News NNTP server

+ + irqbalance +

IRQ balancing daemon

+ + kerberos

MIT Kerberos admin and KDC

@@ -332,6 +440,11 @@

OpenLDAP directory server

+ + lpd +

Line printer daemon

+ + mailman

Mailman is for managing electronic mail discussion and e-newsletter lists

@@ -347,6 +460,11 @@

Policy for MySQL

+ + networkmanager +

Manager for dynamically switching between networks.

+ + nis

Policy for NIS (YP) servers and clients

@@ -362,11 +480,21 @@

Network time protocol daemon

+ + pegasus +

The Open Group Pegasus CIM/WBEM Server.

+ + portmap

RPC port mapping service.

+ + postfix +

Postfix email server

+ + postgresql

PostgreSQL relational database

@@ -382,11 +510,26 @@

Privacy enhancing web proxy.

+ + procmail +

Procmail mail delivery agent

+ + + + radius +

RADIUS authentication and accounting server.

+ + radvd

IPv6 router advertisement daemon

+ + rdisc +

Network router discovery daemon

+ + remotelogin

Policy for rshd, rlogind, and telnetd.

@@ -397,6 +540,11 @@

Remote login daemon

+ + rpc +

Remote Procedure Call Daemon for managment of network based process communication

+ + rshd

Remote shell service.

@@ -431,6 +579,11 @@ from Windows NT servers.

Simple network management protocol services

+ + spamassassin +

Filter used for removing unsolicited email.

+ + squid

Squid caching http proxy server

@@ -461,11 +614,26 @@ from Windows NT servers.

Trivial file transfer protocol daemon

+ + timidity +

MIDI to WAV converter and player configured as a service

+ + uucp

Unix to Unix Copy

+ + xdm +

X windows login display manager

+ + + + xfs +

X Windows Font Server

+ + zebra

Zebra border gateway protocol network routing service

diff --git a/www/api-docs/services_apache.html b/www/api-docs/services_apache.html index 5e06d09..fbc55f3 100644 --- a/www/api-docs/services_apache.html +++ b/www/api-docs/services_apache.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -601,6 +664,49 @@ No

+ +

+ + +

+
+apache_dontaudit_search_modules(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to search Apache +module directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

@@ -959,6 +1065,48 @@ No

+ +

+ + +

+
+apache_search_sys_script_state(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search system script state directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

diff --git a/www/api-docs/services_apm.html b/www/api-docs/services_apm.html index 2bd681f..77943dd 100644 --- a/www/api-docs/services_apm.html +++ b/www/api-docs/services_apm.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -338,6 +401,48 @@ No

+ +

+ + +

+
+apm_stream_connect(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Connect to apmd over an unix stream socket. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

diff --git a/www/api-docs/services_arpwatch.html b/www/api-docs/services_arpwatch.html index 6958f7c..383ae0c 100644 --- a/www/api-docs/services_arpwatch.html +++ b/www/api-docs/services_arpwatch.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -297,6 +360,48 @@ No

+ +

+ + +

+
+arpwatch_manage_tmp_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write arpwatch temporary files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

diff --git a/www/api-docs/services_avahi.html b/www/api-docs/services_avahi.html new file mode 100644 index 0000000..beb9fbf --- /dev/null +++ b/www/api-docs/services_avahi.html @@ -0,0 +1,329 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ +    - + apache
+ +    - + apm
+ +    - + arpwatch
+ +    - + avahi
+ +    - + bind
+ +    - + bluetooth
+ +    - + canna
+ +    - + comsat
+ +    - + cpucontrol
+ +    - + cron
+ +    - + cups
+ +    - + cvs
+ +    - + cyrus
+ +    - + dbskk
+ +    - + dbus
+ +    - + dhcp
+ +    - + dictd
+ +    - + distcc
+ +    - + dovecot
+ +    - + finger
+ +    - + ftp
+ +    - + gpm
+ +    - + hal
+ +    - + howl
+ +    - + i18n_input
+ +    - + inetd
+ +    - + inn
+ +    - + irqbalance
+ +    - + kerberos
+ +    - + ktalk
+ +    - + ldap
+ +    - + lpd
+ +    - + mailman
+ +    - + mta
+ +    - + mysql
+ +    - + networkmanager
+ +    - + nis
+ +    - + nscd
+ +    - + ntp
+ +    - + pegasus
+ +    - + portmap
+ +    - + postfix
+ +    - + postgresql
+ +    - + ppp
+ +    - + privoxy
+ +    - + procmail
+ +    - + radius
+ +    - + radvd
+ +    - + rdisc
+ +    - + remotelogin
+ +    - + rlogin
+ +    - + rpc
+ +    - + rshd
+ +    - + rsync
+ +    - + samba
+ +    - + sasl
+ +    - + sendmail
+ +    - + snmp
+ +    - + spamassassin
+ +    - + squid
+ +    - + ssh
+ +    - + stunnel
+ +    - + tcpd
+ +    - + telnet
+ +    - + tftp
+ +    - + timidity
+ +    - + uucp
+ +    - + xdm
+ +    - + xfs
+ +    - + zebra
+ +

+ + + + system
+

+ +

+ +

Layer: services

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return + + + + +

+ + diff --git a/www/api-docs/services_bind.html b/www/api-docs/services_bind.html index 1459d3c..7e4e3dc 100644 --- a/www/api-docs/services_bind.html +++ b/www/api-docs/services_bind.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -296,6 +359,49 @@ No

+ +

+ + +

+
+bind_manage_cache(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete +BIND cache files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -545,6 +651,48 @@ No

+ +

+ + +

+
+bind_signal(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send generic signals to BIND. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

diff --git a/www/api-docs/services_bluetooth.html b/www/api-docs/services_bluetooth.html index 6b003f0..68cb976 100644 --- a/www/api-docs/services_bluetooth.html +++ b/www/api-docs/services_bluetooth.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -209,9 +272,219 @@ + +

Interfaces:

+ + +

+
+bluetooth_dbus_chat(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive messages from +bluetooth over dbus. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+bluetooth_domtrans_helper(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute bluetooth_helper in the bluetooth_helper domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+bluetooth_dontaudit_read_helper_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read bluetooth helper files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+bluetooth_run_helper(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		role
+		
+	
+		
+			,
+		
+		
+		
+		terminal
+		
+	
+	)

+

+ +

Summary

+Execute bluetooth_helper in the bluetooth_helper domain, and +allow the specified role the bluetooth_helper domain. +

+ + +

Parameters

+ + + + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +
+role +	+ +The role to be allowed the bluetooth_helper domain. + +	+No +
+terminal +	+ +The type of the terminal allow the bluetooth_helper domain to use. + +	+No +

+ + +Return -

No interfaces or templates.

diff --git a/www/api-docs/services_canna.html b/www/api-docs/services_canna.html new file mode 100644 index 0000000..265c4af --- /dev/null +++ b/www/api-docs/services_canna.html @@ -0,0 +1,328 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return + + + + +

+ + diff --git a/www/api-docs/services_comsat.html b/www/api-docs/services_comsat.html index 40c2848..67bb85a 100644 --- a/www/api-docs/services_comsat.html +++ b/www/api-docs/services_comsat.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_cpucontrol.html b/www/api-docs/services_cpucontrol.html index 7dbd1ab..4efe63b 100644 --- a/www/api-docs/services_cpucontrol.html +++ b/www/api-docs/services_cpucontrol.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_cron.html b/www/api-docs/services_cron.html index a8447e4..2c5558d 100644 --- a/www/api-docs/services_cron.html +++ b/www/api-docs/services_cron.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -215,6 +278,133 @@

Interfaces:

+ +

+ + +

+
+cron_crw_tcp_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, and write a cron daemon TCP socket. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+cron_domtrans_anacron_system_job(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute APM in the apm domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+cron_dontaudit_append_system_job_tmp_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to append temporary +files from the system cron jobs. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

@@ -341,6 +531,48 @@ No

+ +

+ + +

+
+cron_rw_system_job_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write a system cron job unnamed pipe. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -592,7 +824,7 @@ No

Summary

-Wrate a system cron job unnamed pipe. +Write a system cron job unnamed pipe.

diff --git a/www/api-docs/services_cups.html b/www/api-docs/services_cups.html new file mode 100644 index 0000000..a05da6c --- /dev/null +++ b/www/api-docs/services_cups.html @@ -0,0 +1,625 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+cups_dbus_chat_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive messages from +cupsd_config over dbus. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+cups_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute cups in the cups domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+cups_domtrans_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute cups_config in the cups_config domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+cups_read_log(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read cups log files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+cups_read_rw_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read cups-writable configuration files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+cups_signal_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send generic signals to the cups +configuration daemon. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+cups_stream_connect_ptal(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Connect to ptal over an unix domain stream socket. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return + + + + +

+ + diff --git a/www/api-docs/services_cvs.html b/www/api-docs/services_cvs.html index a5a28d9..fced0b6 100644 --- a/www/api-docs/services_cvs.html +++ b/www/api-docs/services_cvs.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_cyrus.html b/www/api-docs/services_cyrus.html new file mode 100644 index 0000000..92eeb12 --- /dev/null +++ b/www/api-docs/services_cyrus.html @@ -0,0 +1,329 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return + + + + +

+ + diff --git a/www/api-docs/services_dbskk.html b/www/api-docs/services_dbskk.html new file mode 100644 index 0000000..3a0af0f --- /dev/null +++ b/www/api-docs/services_dbskk.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

Module: dbskk

+ +

Description:

+ +

Dictionary server for the SKK Japanese input method system.

+ + + + + +

No interfaces or templates.

+ + +

+ + diff --git a/www/api-docs/services_dbus.html b/www/api-docs/services_dbus.html index 55874d9..fc7d228 100644 --- a/www/api-docs/services_dbus.html +++ b/www/api-docs/services_dbus.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -300,6 +363,52 @@ No

+ +

+ + +

+
+dbus_stub(
+	
+		
+		
+		
+			[
+		
+		domain
+		
+			]
+		
+	
+	)

+

+ +

Summary

+DBUS stub interface. No access allowed. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +N/A + +	+yes +

diff --git a/www/api-docs/services_dhcp.html b/www/api-docs/services_dhcp.html index 2f9a4fc..9779a73 100644 --- a/www/api-docs/services_dhcp.html +++ b/www/api-docs/services_dhcp.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_dictd.html b/www/api-docs/services_dictd.html index 1ca1e06..037b857 100644 --- a/www/api-docs/services_dictd.html +++ b/www/api-docs/services_dictd.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_distcc.html b/www/api-docs/services_distcc.html new file mode 100644 index 0000000..2bd0e00 --- /dev/null +++ b/www/api-docs/services_distcc.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

Module: distcc

+ +

Description:

+ +

Distributed compiler daemon

+ + + + + +

No interfaces or templates.

+ + +

+ + diff --git a/www/api-docs/services_dovecot.html b/www/api-docs/services_dovecot.html new file mode 100644 index 0000000..de3dd85 --- /dev/null +++ b/www/api-docs/services_dovecot.html @@ -0,0 +1,328 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return + + + + +

+ + diff --git a/www/api-docs/services_finger.html b/www/api-docs/services_finger.html index 2fbae3d..cc8a528 100644 --- a/www/api-docs/services_finger.html +++ b/www/api-docs/services_finger.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_ftp.html b/www/api-docs/services_ftp.html index d6f8396..a468326 100644 --- a/www/api-docs/services_ftp.html +++ b/www/api-docs/services_ftp.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -203,6 +266,9 @@

Layer: services

Module: ftp

+Interfaces +Templates +

Description:

File transfer protocol service

@@ -384,6 +450,69 @@ No Return + +

Templates:

+ + +

+
+ftp_per_userdomain_template(
+	
+		
+		
+		
+		userdomain_prefix
+		
+	
+	)

+

+ +

Summary

+The per user domain template for the ftp module. +

+ + +

Description

+This template allows ftpd to manage files in +a user home directory, creating files with the +correct type. +

+This template is invoked automatically for each user, and +generally does not need to be invoked directly +by policy writers. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+userdomain_prefix +	+ +The prefix of the user domain (e.g., user +is the prefix for user_t). + +	+No +

+ + +Return +

diff --git a/www/api-docs/services_gpm.html b/www/api-docs/services_gpm.html index 31570fb..d858df8 100644 --- a/www/api-docs/services_gpm.html +++ b/www/api-docs/services_gpm.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_hal.html b/www/api-docs/services_hal.html index 06979a0..29df8e3 100644 --- a/www/api-docs/services_hal.html +++ b/www/api-docs/services_hal.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -209,9 +272,226 @@ + +

Interfaces:

+ + +

+
+hal_dbus_chat(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive messages from +hal over dbus. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+hal_dbus_send(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send a dbus message to hal. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+hal_dgram_sendto(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send to hal over a unix domain +datagram socket. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+hal_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute hal in the hal domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+hal_stream_connect(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send to hal over a unix domain +stream socket. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return -

No interfaces or templates.

diff --git a/www/api-docs/services_howl.html b/www/api-docs/services_howl.html index 9e679ab..c190610 100644 --- a/www/api-docs/services_howl.html +++ b/www/api-docs/services_howl.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -209,9 +272,55 @@ + +

Interfaces:

+ + +

+
+howl_signal(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send generic signals to howl. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return -

No interfaces or templates.

diff --git a/www/api-docs/services_i18n_input.html b/www/api-docs/services_i18n_input.html new file mode 100644 index 0000000..f5e836d --- /dev/null +++ b/www/api-docs/services_i18n_input.html @@ -0,0 +1,328 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return + + + + +

+ + diff --git a/www/api-docs/services_inetd.html b/www/api-docs/services_inetd.html index a0392db..66dee8c 100644 --- a/www/api-docs/services_inetd.html +++ b/www/api-docs/services_inetd.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -323,6 +386,48 @@ No

+ +

+ + +

+
+inetd_rw_tcp_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write inetd TCP sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

diff --git a/www/api-docs/services_inn.html b/www/api-docs/services_inn.html index acfa596..d38ac30 100644 --- a/www/api-docs/services_inn.html +++ b/www/api-docs/services_inn.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_irqbalance.html b/www/api-docs/services_irqbalance.html new file mode 100644 index 0000000..ca2a6ff --- /dev/null +++ b/www/api-docs/services_irqbalance.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

Module: irqbalance

+ +

Description:

+ +

IRQ balancing daemon

+ + + + + +

No interfaces or templates.

+ + +

+ + diff --git a/www/api-docs/services_kerberos.html b/www/api-docs/services_kerberos.html index bf1a47b..e0fac65 100644 --- a/www/api-docs/services_kerberos.html +++ b/www/api-docs/services_kerberos.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_ktalk.html b/www/api-docs/services_ktalk.html index f88e605..c7a8ce2 100644 --- a/www/api-docs/services_ktalk.html +++ b/www/api-docs/services_ktalk.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_ldap.html b/www/api-docs/services_ldap.html index 3209036..220f195 100644 --- a/www/api-docs/services_ldap.html +++ b/www/api-docs/services_ldap.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_lpd.html b/www/api-docs/services_lpd.html new file mode 100644 index 0000000..46f63e4 --- /dev/null +++ b/www/api-docs/services_lpd.html @@ -0,0 +1,533 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+lpd_list_spool(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List the contents of the printer spool directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+lpd_manage_spool(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete printer spool files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+lpd_read_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List the contents of the printer spool directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+lpd_run_checkpc(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		role
+		
+	
+		
+			,
+		
+		
+		
+		terminal
+		
+	
+	)

+

+ +

Summary

+Execute amrecover in the lpd domain, and +allow the specified role the lpd domain. +

+ + +

Parameters

+ + + + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +
+role +	+ +The role to be allowed the lpd domain. + +	+No +
+terminal +	+ +The type of the terminal allow the lpd domain to use. + +	+No +

+ + +Return + + + + +

+ + diff --git a/www/api-docs/services_mailman.html b/www/api-docs/services_mailman.html index f9b6256..67db042 100644 --- a/www/api-docs/services_mailman.html +++ b/www/api-docs/services_mailman.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_mta.html b/www/api-docs/services_mta.html index 3417eef..76b2468 100644 --- a/www/api-docs/services_mta.html +++ b/www/api-docs/services_mta.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -257,6 +320,48 @@ No

+ +

+ + +

+
+mta_delete_spool(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Delete from the mail spool. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -343,6 +448,49 @@ No

+ +

+ + +

+
+mta_dontaudit_rw_queue(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read and +write the mail queue. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

@@ -725,6 +873,90 @@ No

+ +

+ + +

+
+mta_read_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read mail server configuration. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+mta_read_sendmail_bin(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read sendmail binary. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -809,6 +1041,49 @@ No

+ +

+ + +

+
+mta_rw_user_mail_stream_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write unix domain stream sockets +of user mail domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -1023,6 +1298,124 @@ No

Templates:

+ +

+ + +

+
+mta_admin_template(
+	
+		
+		
+		
+		userdomain_prefix
+		
+	
+		
+			,
+		
+		
+		
+		user_domain
+		
+	
+	)

+

+ +

Summary

+Provide extra permissions for admin users +mail domain. +

+ + +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+userdomain_prefix +	+ +The prefix of the user domain (e.g., user +is the prefix for user_t). + +	+No +
+user_domain +	+ +The type of the user domain. + +	+No +

+ + +

+
+mta_base_mail_template(
+	
+		
+		
+		
+		domain_prefix
+		
+	
+	)

+

+ +

Summary

+Basic mail transfer agent domain template. +

+ + +

Description

+This template creates a derived domain which is +a email transfer agent, which sends mail on +behalf of the user. +

+This is the basic types and rules, common +to the system agent and user agents. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain_prefix +	+ +The prefix of the domain (e.g., user +is the prefix for user_t). + +	+No +

diff --git a/www/api-docs/services_mysql.html b/www/api-docs/services_mysql.html index bb9f9f9..be814d6 100644 --- a/www/api-docs/services_mysql.html +++ b/www/api-docs/services_mysql.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_networkmanager.html b/www/api-docs/services_networkmanager.html new file mode 100644 index 0000000..cf5fac4 --- /dev/null +++ b/www/api-docs/services_networkmanager.html @@ -0,0 +1,456 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+networkmanager_rw_packet_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write NetworkManager packet sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+networkmanager_rw_routing_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write NetworkManager netlink +routing sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+networkmanager_rw_udp_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write NetworkManager UDP sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return + + + + +

+ + diff --git a/www/api-docs/services_nis.html b/www/api-docs/services_nis.html index cf599a4..8d9cacc 100644 --- a/www/api-docs/services_nis.html +++ b/www/api-docs/services_nis.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -212,6 +275,90 @@

Interfaces:

+ +

+ + +

+
+nis_delete_ypbind_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Delete ypbind pid files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+nis_domtrans_ypbind(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute ypbind in the ypbind domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -232,7 +379,7 @@

Summary

-Send UDP network traffic to NIS clients. +List the contents of the NIS data directory.

@@ -254,6 +401,90 @@ No

+ +

+ + +

+
+nis_read_ypbind_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read ypbind pid files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+nis_read_ypserv_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read ypserv configuration files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -296,6 +527,48 @@ No

+ +

+ + +

+
+nis_tcp_connect_ypbind(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Connect to ypbind over TCP. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

diff --git a/www/api-docs/services_nscd.html b/www/api-docs/services_nscd.html index be6ae3f..871381a 100644 --- a/www/api-docs/services_nscd.html +++ b/www/api-docs/services_nscd.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_ntp.html b/www/api-docs/services_ntp.html index e335128..71a41ce 100644 --- a/www/api-docs/services_ntp.html +++ b/www/api-docs/services_ntp.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_pegasus.html b/www/api-docs/services_pegasus.html new file mode 100644 index 0000000..b316f92 --- /dev/null +++ b/www/api-docs/services_pegasus.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

Module: pegasus

+ +

Description:

+ +

The Open Group Pegasus CIM/WBEM Server.

+ + + + + +

No interfaces or templates.

+ + +

+ + diff --git a/www/api-docs/services_portmap.html b/www/api-docs/services_portmap.html index 545536c..8101355 100644 --- a/www/api-docs/services_portmap.html +++ b/www/api-docs/services_portmap.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -334,6 +397,90 @@ No

+ +

+ + +

+
+portmap_tcp_connect(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Connect to portmap over a TCP socket +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+portmap_udp_sendrecv(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send and receive UDP network traffic from portmap. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

diff --git a/www/api-docs/services_postfix.html b/www/api-docs/services_postfix.html new file mode 100644 index 0000000..8e67eed --- /dev/null +++ b/www/api-docs/services_postfix.html @@ -0,0 +1,1099 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

Module: postfix

+ +Interfaces +Templates + +

Description:

+ +

Postfix email server

+ + + + +

Interfaces:

+ + +

+
+postfix_create_config(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		private type
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		object
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Create files with the specified type in +the postfix configuration directories. +

+ + +

Parameters

+ + + + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +
+private type +	+ +The type of the object to be created. + +	+No +
+object +	+ +The object class of the object being created. If +no class is specified, file will be used. + +	+yes +

+ + +

+
+postfix_domtrans_map(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute postfix_map in the postfix_map domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+postfix_domtrans_master(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute the master postfix program in the +postfix_master domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+postfix_domtrans_user_mail_handler(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute postfix user mail programs +in their respective domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+postfix_dontaudit_rw_local_tcp_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read and +write postfix local delivery +TCP sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+postfix_dontaudit_use_fd(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to use +postfix master process file +file descriptors. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+postfix_exec_master(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute the master postfix program in the +caller domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+postfix_list_spool(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List postfix mail spool directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+postfix_read_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read postfix configuration files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+postfix_run_map(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		role
+		
+	
+		
+			,
+		
+		
+		
+		terminal
+		
+	
+	)

+

+ +

Summary

+Execute postfix_map in the postfix_map domain, and +allow the specified role the postfix_map domain. +

+ + +

Parameters

+ + + + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +
+role +	+ +The role to be allowed the postfix_map domain. + +	+No +
+terminal +	+ +The type of the terminal allow the postfix_map domain to use. + +	+No +

+ + +

+
+postfix_search_spool(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search postfix mail spool directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+postfix_stub(
+	
+		
+		
+		
+			[
+		
+		domain
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Postfix stub interface. No access allowed. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +N/A + +	+yes +

+ + +Return + + + +

Templates:

+ + +

+
+postfix_domain_template(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+postfix_per_userdomain_template(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+postfix_public_domain_template(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+postfix_server_domain_template(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+postfix_user_domain_template(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +Return + + + +

+ + diff --git a/www/api-docs/services_postgresql.html b/www/api-docs/services_postgresql.html index adfeb36..0ffd0a9 100644 --- a/www/api-docs/services_postgresql.html +++ b/www/api-docs/services_postgresql.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_ppp.html b/www/api-docs/services_ppp.html index 0ff8334..876852e 100644 --- a/www/api-docs/services_ppp.html +++ b/www/api-docs/services_ppp.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -254,6 +317,49 @@ No

+ +

+ + +

+
+ppp_dontaudit_use_fd(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to inherit +and use PPP file discriptors. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

@@ -358,7 +464,7 @@ No

Summary

-Allow domain to send sigchld to parent of PPP domain type. +Send a SIGCHLD signal to PPP.

@@ -400,7 +506,7 @@ No

Summary

-Allow domain to send a signal to PPP domain type. +Send a generic signal to PPP.

diff --git a/www/api-docs/services_privoxy.html b/www/api-docs/services_privoxy.html index 39d6e34..a0bc64d 100644 --- a/www/api-docs/services_privoxy.html +++ b/www/api-docs/services_privoxy.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_procmail.html b/www/api-docs/services_procmail.html new file mode 100644 index 0000000..25e4ada --- /dev/null +++ b/www/api-docs/services_procmail.html @@ -0,0 +1,370 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+procmail_exec(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute procmail in the caller domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return + + + + +

+ + diff --git a/www/api-docs/services_radius.html b/www/api-docs/services_radius.html new file mode 100644 index 0000000..e3c2d6b --- /dev/null +++ b/www/api-docs/services_radius.html @@ -0,0 +1,328 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return + + + + +

+ + diff --git a/www/api-docs/services_radvd.html b/www/api-docs/services_radvd.html index ccdb103..41b66e6 100644 --- a/www/api-docs/services_radvd.html +++ b/www/api-docs/services_radvd.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_rdisc.html b/www/api-docs/services_rdisc.html new file mode 100644 index 0000000..362bf2e --- /dev/null +++ b/www/api-docs/services_rdisc.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

Module: rdisc

+ +

Description:

+ +

Network router discovery daemon

+ + + + + +

No interfaces or templates.

+ + +

+ + diff --git a/www/api-docs/services_remotelogin.html b/www/api-docs/services_remotelogin.html index 6281f28..760c912 100644 --- a/www/api-docs/services_remotelogin.html +++ b/www/api-docs/services_remotelogin.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_rlogin.html b/www/api-docs/services_rlogin.html index c65af2d..292758b 100644 --- a/www/api-docs/services_rlogin.html +++ b/www/api-docs/services_rlogin.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_rpc.html b/www/api-docs/services_rpc.html new file mode 100644 index 0000000..f455008 --- /dev/null +++ b/www/api-docs/services_rpc.html @@ -0,0 +1,767 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

Module: rpc

+ +Interfaces +Templates + +

Description:

+ +

Remote Procedure Call Daemon for managment of network based process communication

+ + + + +

Interfaces:

+ + +

+
+rpc_domtrans_nfsd(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute domain in nfsd domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+rpc_dontaudit_getattr_exports(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the attributes +of the NFS export file. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+rpc_manage_nfs_ro_content(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow domain to create read and write NFS directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+rpc_manage_nfs_rw_content(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow domain to create read and write NFS directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+rpc_read_exports(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow read access to exports. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+rpc_search_nfs_state_data(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search NFS state data in /var/lib/nfs. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+rpc_udp_rw_nfs_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow domain to read and write to an NFS UDP socket. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+rpc_udp_sendto(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Send UDP network traffic to rpc and recieve UDP traffic from rpc. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+rpc_udp_sendto_nfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow NFS to send UDP network traffic +the specified domain and recieve from it. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the receiving domain. + +	+No +

+ + +

+
+rpc_write_exports(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow write access to exports. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +Return + + + +

Templates:

+ + +

+
+rpc_domain_template(
+	
+		
+		
+		
+		userdomain_prefix
+		
+	
+	)

+

+ +

Summary

+The template to define a rpc domain. +

+ + +

Description

+This template creates a domain to be used for +a new rpc daemon. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+userdomain_prefix +	+ +The type of daemon to be used. + +	+No +

+ + +Return + + + +

-Allow the specified domain to read the winbind pid files. +Allow the specified domain to read samba's secrets.

@@ -841,6 +904,92 @@ No

+ +

+ + +

+
+samba_rw_var_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow the specified domain to +read and write samba /var files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+samba_search_var(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow the specified domain to search +samba /var directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

diff --git a/www/api-docs/services_sasl.html b/www/api-docs/services_sasl.html index 9e7df34..83a2abc 100644 --- a/www/api-docs/services_sasl.html +++ b/www/api-docs/services_sasl.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -209,9 +272,55 @@ + +

Interfaces:

+ + +

+
+sasl_connect(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Connect to SASL. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+
+sendmail_rw_tcp_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write sendmail TCP sockets. +

+ + +

Parameters

+ + + + - - - - - - - - - diff --git a/www/api-docs/system_authlogin.html b/www/api-docs/system_authlogin.html index 5f55eaa..8353f14 100644 --- a/www/api-docs/system_authlogin.html +++ b/www/api-docs/system_authlogin.html @@ -43,15 +43,6 @@    - clock
-    - - corecommands
- -    - - domain
- -    - - files
-    - fstools
@@ -669,6 +660,48 @@ No + +

+ + +

+
+auth_dontaudit_read_pam_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attemps to read PAM pid files. +

+ + +

Parameters

Parameter:

Description:

Optional:

+domain +

+ +Domain allowed access.

No diff --git a/www/api-docs/services_snmp.html b/www/api-docs/services_snmp.html index 025ce65..22cd908 100644 --- a/www/api-docs/services_snmp.html +++ b/www/api-docs/services_snmp.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -209,9 +272,55 @@ + +

Interfaces:

+ + +

+
+snmp_use(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Use snmp over a TCP connection. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return -

No interfaces or templates.

diff --git a/www/api-docs/services_spamassassin.html b/www/api-docs/services_spamassassin.html new file mode 100644 index 0000000..e5ccfe8 --- /dev/null +++ b/www/api-docs/services_spamassassin.html @@ -0,0 +1,472 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

Module: spamassassin

+ +Interfaces +Templates + +

Description:

+ +

Filter used for removing unsolicited email.

+ + + + +

Interfaces:

+ + +

+
+spamassassin_exec(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute the standalone spamassassin +program in the caller directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+spamassassin_exec_client(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute the spamassassin client +program in the caller directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return + + + +

Templates:

+ + +

+
+spamassassin_per_userdomain_template(
+	
+		
+		
+		
+		userdomain_prefix
+		
+	
+		
+			,
+		
+		
+		
+		user_domain
+		
+	
+		
+			,
+		
+		
+		
+		user_role
+		
+	
+	)

+

+ +

Summary

+The per user domain template for the spamassassin module. +

+ + +

Description

+The per user domain template for the spamassassin module. +

+This template is invoked automatically for each user, and +generally does not need to be invoked directly +by policy writers. +

+ +

Parameters

+ + + + + + + + + +

Parameter:	Description:	Optional:
+userdomain_prefix +	+ +The prefix of the user domain (e.g., user +is the prefix for user_t). + +	+No +
+user_domain +	+ +The type of the user domain. + +	+No +
+user_role +	+ +The role associated with the user domain. + +	+No +

+ + +Return + + + +

+ + diff --git a/www/api-docs/services_squid.html b/www/api-docs/services_squid.html index 1d48ff7..574ea67 100644 --- a/www/api-docs/services_squid.html +++ b/www/api-docs/services_squid.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
@@ -212,6 +275,48 @@

Interfaces:

+ +

+ + +

+
+squid_append_log(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Append squid logs. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

@@ -339,6 +444,48 @@ No

+ +

+ + +

+
+squid_read_log(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Append squid logs. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

diff --git a/www/api-docs/services_ssh.html b/www/api-docs/services_ssh.html index d665fc0..788c409 100644 --- a/www/api-docs/services_ssh.html +++ b/www/api-docs/services_ssh.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_stunnel.html b/www/api-docs/services_stunnel.html index 10e796c..57b27b4 100644 --- a/www/api-docs/services_stunnel.html +++ b/www/api-docs/services_stunnel.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_tcpd.html b/www/api-docs/services_tcpd.html index f3b1852..ccb75f1 100644 --- a/www/api-docs/services_tcpd.html +++ b/www/api-docs/services_tcpd.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_telnet.html b/www/api-docs/services_telnet.html index 060ba45..51bdaba 100644 --- a/www/api-docs/services_telnet.html +++ b/www/api-docs/services_telnet.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_tftp.html b/www/api-docs/services_tftp.html index 3afbbca..af6d73a 100644 --- a/www/api-docs/services_tftp.html +++ b/www/api-docs/services_tftp.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_timidity.html b/www/api-docs/services_timidity.html new file mode 100644 index 0000000..1fb3ea6 --- /dev/null +++ b/www/api-docs/services_timidity.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

Module: timidity

+ +

Description:

+ +

MIDI to WAV converter and player configured as a service

+ + + + + +

No interfaces or templates.

+ + +

+ + diff --git a/www/api-docs/services_uucp.html b/www/api-docs/services_uucp.html index cde0bf4..0a5a55c 100644 --- a/www/api-docs/services_uucp.html +++ b/www/api-docs/services_uucp.html @@ -40,12 +40,18 @@    - arpwatch
+    - + avahi
+    - bind
   - bluetooth
+    - + canna
+    - comsat
@@ -55,9 +61,18 @@    - cron
+    - + cups
+    - cvs
+    - + cyrus
+ +    - + dbskk
+    - dbus
@@ -67,6 +82,12 @@    - dictd
+    - + distcc
+ +    - + dovecot
+    - finger
@@ -82,12 +103,18 @@    - howl
+    - + i18n_input
+    - inetd
   - inn
+    - + irqbalance
+    - kerberos
@@ -97,6 +124,9 @@    - ldap
+    - + lpd
+    - mailman
@@ -106,6 +136,9 @@    - mysql
+    - + networkmanager
+    - nis
@@ -115,9 +148,15 @@    - ntp
+    - + pegasus
+    - portmap
+    - + postfix
+    - postgresql
@@ -127,15 +166,27 @@    - privoxy
+    - + procmail
+ +    - + radius
+    - radvd
+    - + rdisc
+    - remotelogin
   - rlogin
+    - + rpc
+    - rshd
@@ -154,6 +205,9 @@    - snmp
+    - + spamassassin
+    - squid
@@ -172,9 +226,18 @@    - tftp
+    - + timidity
+    - uucp
+    - + xdm
+ +    - + xfs
+    - zebra
diff --git a/www/api-docs/services_xdm.html b/www/api-docs/services_xdm.html new file mode 100644 index 0000000..669cdac --- /dev/null +++ b/www/api-docs/services_xdm.html @@ -0,0 +1,282 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +

+ +

Layer: services

Module: xdm

+ +

Description:

+ +

X windows login display manager

+ + + + + +

No interfaces or templates.

+ + +

+ + diff --git a/www/api-docs/services_xfs.html b/www/api-docs/services_xfs.html new file mode 100644 index 0000000..eaf906a --- /dev/null +++ b/www/api-docs/services_xfs.html @@ -0,0 +1,328 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ + + + system
+

+ +