Layer: apps

Policy modules for applications

+ + diff --git a/www/api-docs/apps_gpg.html b/www/api-docs/apps_gpg.html index 47cd6fc..bd1790a 100644 --- a/www/api-docs/apps_gpg.html +++ b/www/api-docs/apps_gpg.html @@ -43,9 +43,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -63,6 +69,7 @@

Templates:

diff --git a/www/api-docs/global_booleans.html b/www/api-docs/global_booleans.html new file mode 100644 index 0000000..3e94726 --- /dev/null +++ b/www/api-docs/global_booleans.html @@ -0,0 +1,226 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +    - + consoletype
+ +    - + dmesg
+ +    - + logrotate
+ +    - + netutils
+ +    - + rpm
+ +    - + usermanage
+ +

+ + + + apps
+

+ + - + gpg
+ +

+ + + + kernel
+

+ +    - + bootloader
+ +    - + corenetwork
+ +    - + devices
+ +    - + filesystem
+ +    - + kernel
+ +    - + selinux
+ +    - + storage
+ +    - + terminal
+ +

+ + + + services
+

+ +    - + cron
+ +    - + inetd
+ +    - + kerberos
+ +    - + mta
+ +    - + nis
+ +    - + nscd
+ +    - + remotelogin
+ +    - + sendmail
+ +    - + ssh
+ +

+ + + + system
+

+ +    - + authlogin
+ +    - + clock
+ +    - + corecommands
+ +    - + domain
+ +    - + files
+ +    - + fstools
+ +    - + getty
+ +    - + hostname
+ +    - + hotplug
+ +    - + init
+ +    - + ipsec
+ +    - + iptables
+ +    - + libraries
+ +    - + locallogin
+ +    - + logging
+ +    - + lvm
+ +    - + miscfiles
+ +    - + modutils
+ +    - + mount
+ +    - + pcmcia
+ +    - + raid
+ +    - + selinuxutil
+ +    - + sysnetwork
+ +    - + udev
+ +    - + unconfined
+ +    - + userdomain
+ +

+ +

+ * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index +

+ +

Global booleans:

+ + +

secure_mode

Default value

false

+ +

Description

+Enabling secure mode disallows programs, such as +newrole, from transitioning to administrative +user domains. +

+ +

+ + +

+ + diff --git a/www/api-docs/global_tunables.html b/www/api-docs/global_tunables.html new file mode 100644 index 0000000..6767b30 --- /dev/null +++ b/www/api-docs/global_tunables.html @@ -0,0 +1,503 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +    - + consoletype
+ +    - + dmesg
+ +    - + logrotate
+ +    - + netutils
+ +    - + rpm
+ +    - + usermanage
+ +

+ + + + apps
+

+ + - + gpg
+ +

+ + + + kernel
+

+ +    - + bootloader
+ +    - + corenetwork
+ +    - + devices
+ +    - + filesystem
+ +    - + kernel
+ +    - + selinux
+ +    - + storage
+ +    - + terminal
+ +

+ + + + services
+

+ +    - + cron
+ +    - + inetd
+ +    - + kerberos
+ +    - + mta
+ +    - + nis
+ +    - + nscd
+ +    - + remotelogin
+ +    - + sendmail
+ +    - + ssh
+ +

+ + + + system
+

+ +

+ * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index +

+ +

Global tunables:

+ + +

allow_execmem

Default value

false

+ +

Description

+Allow execution of anonymous mappings, e.g. executable stack. +

+ +

allow_execmod

Default value

false

+ +

Description

+Support Share libraries with text relocations +

+ +

allow_gpg_execstack

Default value

false

+ +

Description

+Allow gpg executable stack +

+ +

allow_kerberos

Default value

false

+ +

Description

+Allow system to run with kerberos +

+ +

allow_ypbind

Default value

false

+ +

Description

+Allow system to run with NIS +

+ +

cron_can_relabel

Default value

false

+ +

Description

+Allow system cron jobs to relabel filesystem +for restoring file contexts. +

+ +

fcron_crond

Default value

false

+ +

Description

+Enable extra rules in the cron domain +to support fcron. +

+ +

read_default_t

Default value

false

+ +

Description

+Allow reading of default_t files. +

+ +

run_ssh_inetd

Default value

false

+ +

Description

+Allow ssh to run from inetd instead of as a daemon. +

+ +

ssh_sysadm_login

Default value

false

+ +

Description

+Allow ssh logins as sysadm_r:sysadm_t +

+ +

staff_read_sysadm_file

Default value

false

+ +

Description

+Allow staff_r users to search the sysadm home +dir and read files (such as ~/.bashrc) +

+ +

use_dns

Default value

false

+ +

Description

+Allow the use of DNS for name resolution. +

+ +

use_nfs_home_dirs

Default value

false

+ +

Description

+Support NFS home directories +

+ +

use_samba_home_dirs

Default value

false

+ +

Description

+Support SAMBA home directories +

+ +

user_direct_mouse

Default value

false

+ +

Description

+Allow regular users direct mouse access +

+ +

user_dmesg

Default value

false

+ +

Description

+Allow users to read system messages. +

+ +

user_net_control

Default value

false

+ +

Description

+Allow users to control network interfaces +(also needs USERCTL=true) +

+ +

user_ping

Default value

false

+ +

Description

+Control users use of ping and traceroute +

+ +

user_rw_noexattrfile

Default value

false

+ +

Description

+Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY) +

+ +

user_rw_usb

Default value

false

+ +

Description

+Allow users to rw usb devices +

+ +

user_tcp_server

Default value

false

+ +

Description

+Allow users to run TCP servers (bind to ports and accept connection from +the same domain and outside users) disabling this forces FTP passive mode +and may change other protocols. +

+ +

user_ttyfile_stat

Default value

false

+ +

Description

+Allow w to display everyone +

+ +

+ + +

+ + diff --git a/www/api-docs/index.html b/www/api-docs/index.html index 76f05aa..e4290fe 100644 --- a/www/api-docs/index.html +++ b/www/api-docs/index.html @@ -91,6 +91,9 @@    - nis
+    - + nscd
+    - remotelogin
@@ -136,6 +139,9 @@    - init
+    - + ipsec
+    - iptables
@@ -160,6 +166,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -178,15 +190,26 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

Layer: admin

+ Policy modules for administrative functions, such as package management. +

+ +

Module:

Description:

@@ -242,6 +265,11 @@ Determine of the console connected to the controlling terminal.

Layer: kernel

+Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +

+ +

Module:

Description:

@@ -311,6 +339,9 @@ Policy for kernel security interface, in particular, selinuxfs.

Layer: apps

Policy modules for applications

+ +

Module:

Description:

@@ -339,6 +370,11 @@ Policy for kernel security interface, in particular, selinuxfs.

Layer: system

+ Policy modules for system functions from init to multi-user login. +

+ +

Module:

Description:

@@ -414,6 +450,11 @@ connection and disconnection of devices at runtime. + + + @@ -454,6 +495,16 @@ connection and disconnection of devices at runtime. + + + + + + @@ -485,6 +536,12 @@ connection and disconnection of devices at runtime.

Layer: services

+ Policy modules for system services, like cron, and network services, + like sshd. +

+ +

Module:	Description:
System initialization programs (init and init scripts).
+ + ipsec	TCP/IP encryption
iptables	Policy for iptables.	Policy for mount.
+ + pcmcia	PCMCIA card management services
+ + raid	RAID array management tools
selinuxutil	Policy for SELinux policy and userland applications.

@@ -524,6 +581,11 @@ connection and disconnection of devices at runtime. + + + diff --git a/www/api-docs/interfaces.html b/www/api-docs/interfaces.html index 38cd537..6a44170 100644 --- a/www/api-docs/interfaces.html +++ b/www/api-docs/interfaces.html @@ -91,6 +91,9 @@    - nis
+    - + nscd
+    - remotelogin
@@ -136,6 +139,9 @@    - init
+    - + ipsec
+    - iptables
@@ -160,6 +166,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -178,9 +190,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -188,7 +206,7 @@

-Module: +Module: authlogin

Layer: system

@@ -208,7 +226,7 @@ system

-Module: +Module: authlogin

Layer: system

@@ -228,7 +246,7 @@ system

-Module: +Module: authlogin

Layer: system

@@ -256,7 +274,7 @@ system

-Module: +Module: authlogin

Layer: system

@@ -276,7 +294,7 @@ system

-Module: +Module: authlogin

Layer: system

@@ -302,7 +320,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -322,7 +340,7 @@ system

-Module: +Module: authlogin

Layer: system

@@ -339,10 +357,17 @@ system

)

+Do not audit attempts to get the attributes +of the shadow passwords file. +

-Module: +Module: authlogin

Layer: system

@@ -362,7 +387,7 @@ system

-Module: +Module: authlogin

Layer: system

@@ -388,7 +413,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -408,7 +433,33 @@ system

-Module: +Module: +authlogin

+Layer: +system

+
+auth_getattr_shadow(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of the shadow passwords file. +

+ +

+Module: authlogin

Layer: system

@@ -434,7 +485,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -454,7 +505,7 @@ system

-Module: +Module: authlogin

Layer: system

@@ -486,7 +537,7 @@ system

-Module: +Module: authlogin

Layer: system

@@ -512,7 +563,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -538,7 +589,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -564,7 +615,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -590,7 +641,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -616,7 +667,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -642,7 +693,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -662,7 +713,7 @@ system

-Module: +Module: authlogin

Layer: system

@@ -694,7 +745,7 @@ system

-Module: +Module: authlogin

Layer: system

@@ -720,7 +771,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -756,7 +807,7 @@ system

-Module: +Module: authlogin

Layer: system

@@ -792,7 +843,7 @@ system

-Module: +Module: authlogin

Layer: system

@@ -818,7 +869,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -844,7 +895,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -870,7 +921,7 @@ Summary is missing!

-Module: +Module: authlogin

Layer: system

@@ -890,7 +941,33 @@ system

-Module: +Module: +authlogin

+Layer: +system

+
+auth_unconfined(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unconfined access to the authlogin module. +

+ +

+Module: bootloader

Layer: kernel

@@ -907,10 +984,16 @@ kernel

)

+Install a kernel into the /boot directory. +

-Module: +Module: bootloader

Layer: kernel

@@ -927,10 +1010,16 @@ kernel

)

+Install a system.map into the /boot directory. +

-Module: +Module: bootloader

Layer: kernel

@@ -956,7 +1045,7 @@ Summary is missing!

-Module: +Module: bootloader

Layer: kernel

@@ -973,10 +1062,17 @@ kernel

)

+Read and write the bootloader +temporary data in /tmp. +

-Module: +Module: bootloader

Layer: kernel

@@ -993,10 +1089,16 @@ kernel

)

+Delete a kernel from /boot. +

-Module: +Module: bootloader

Layer: kernel

@@ -1013,10 +1115,16 @@ kernel

)

+Delete a system.map in the /boot directory. +

-Module: +Module: bootloader

Layer: kernel

@@ -1033,10 +1141,16 @@ kernel

)

+Execute bootloader in the bootloader domain. +

-Module: +Module: bootloader

Layer: kernel

@@ -1053,10 +1167,42 @@ kernel

)

+Do not audit attempts to search the /boot directory. +

+ + + +

+Module: +bootloader

+Layer: +kernel

+
+bootloader_getattr_kernel_modules(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of kernel module files. +

-Module: +Module: bootloader

Layer: kernel

@@ -1073,10 +1219,16 @@ kernel

)

+List the contents of the kernel module directories. +

-Module: +Module: bootloader

Layer: kernel

@@ -1093,10 +1245,17 @@ kernel

)

+Create, read, write, and delete +kernel module files. +

-Module: +Module: bootloader

Layer: kernel

@@ -1113,10 +1272,16 @@ kernel

)

+Read the bootloader configuration file. +

-Module: +Module: bootloader

Layer: kernel

@@ -1133,10 +1298,16 @@ kernel

)

+Read kernel module files. +

-Module: +Module: bootloader

Layer: kernel

@@ -1153,10 +1324,16 @@ kernel

)

+Read system.map in the /boot directory. +

-Module: +Module: bootloader

Layer: kernel

@@ -1189,10 +1366,17 @@ kernel

)

+Execute bootloader interactively and do +a domain transition to the bootloader domain. +

-Module: +Module: bootloader

Layer: kernel

@@ -1209,10 +1393,17 @@ kernel

)

+Read and write symbolic links +in the /boot directory. +

-Module: +Module: bootloader

Layer: kernel

@@ -1229,10 +1420,17 @@ kernel

)

+Read and write the bootloader +configuration file. +

-Module: +Module: bootloader

Layer: kernel

@@ -1249,10 +1447,17 @@ kernel

)

+Read and write the bootloader +temporary data in /tmp. +

-Module: +Module: bootloader

Layer: kernel

@@ -1269,10 +1474,16 @@ kernel

)

+Search the /boot directory. +

-Module: +Module: bootloader

Layer: kernel

@@ -1289,10 +1500,16 @@ kernel

)

+Write kernel module files. +

-Module: +Module: clock

Layer: system

@@ -1312,7 +1529,7 @@ system

-Module: +Module: clock

Layer: system

@@ -1332,7 +1549,7 @@ system

-Module: +Module: clock

Layer: system

@@ -1368,7 +1585,7 @@ system

-Module: +Module: clock

Layer: system

@@ -1388,7 +1605,7 @@ system

-Module: +Module: consoletype

Layer: admin

@@ -1408,7 +1625,7 @@ admin

-Module: +Module: consoletype

Layer: admin

@@ -1428,18 +1645,26 @@ admin

-Module: +Module: corecommands

Layer: system

-corecmd_chroot_exec_chroot( +corecmd_bin_domtrans( - ? + domain + + + + , + + + + target_domain )
@@ -1447,48 +1672,47 @@ system

-Summary is missing! +Execute a file in a bin directory +in the specified domain.

-Module: +Module: corecommands

Layer: system

 
-corecmd_domtrans_shell(
-	
-		
-		
-		
-		domain
-		
+corecmd_dontaudit_getattr_sbin_file(
 	
 		
-			,
-		
 		
 		
-		target_domain
+		?
 		
 	
 	)

 

+Summary is missing! +

-Module: +Module: corecommands

Layer: system

 
-corecmd_dontaudit_getattr_sbin_file(
+corecmd_exec_bin(
 	
@@ -1508,13 +1732,13 @@ Summary is missing!

-Module: +Module: corecommands

Layer: system

 
-corecmd_exec_bin(
+corecmd_exec_chroot(
 	
@@ -1534,7 +1758,7 @@ Summary is missing!

-Module: +Module: corecommands

Layer: system

@@ -1560,7 +1784,7 @@ Summary is missing!

-Module: +Module: corecommands

Layer: system

@@ -1586,7 +1810,7 @@ Summary is missing!

-Module: +Module: corecommands

Layer: system

@@ -1612,7 +1836,7 @@ Summary is missing!

-Module: +Module: corecommands

Layer: system

@@ -1638,7 +1862,7 @@ Get the attributes of files in bin directories.

-Module: +Module: corecommands

Layer: system

@@ -1664,7 +1888,7 @@ Summary is missing!

-Module: +Module: corecommands

Layer: system

@@ -1690,7 +1914,7 @@ Summary is missing!

-Module: +Module: corecommands

Layer: system

@@ -1716,13 +1940,13 @@ Summary is missing!

-Module: +Module: corecommands

Layer: system

-corecmd_read_bin_symlink( +corecmd_read_bin_file( @@ -1735,20 +1959,20 @@ system

-Read symbolic links in bin directories. +Read files in bin directories.

-Module: +Module: corecommands

Layer: system

-corecmd_read_sbin_symlink( +corecmd_read_bin_pipe( @@ -1761,25 +1985,25 @@ system

-Read symbolic links in sbin directories. +Read pipes in bin directories.

-Module: +Module: corecommands

Layer: system

-corecmd_search_bin( +corecmd_read_bin_socket( - ? + domain )
@@ -1787,25 +2011,25 @@ system

-Summary is missing! +Read named sockets in bin directories.

-Module: +Module: corecommands

Layer: system

-corecmd_search_sbin( +corecmd_read_bin_symlink( - ? + domain )
@@ -1813,20 +2037,20 @@ system

-Summary is missing! +Read symbolic links in bin directories.

-Module: +Module: corecommands

Layer: system

-corecmd_shell_entry_type( +corecmd_read_sbin_file( @@ -1839,20 +2063,20 @@ system

-Make the shell an entrypoint for the specified domain. +Read files in sbin directories.

-Module: +Module: corecommands

Layer: system

-corecmd_shell_spec_domtrans( +corecmd_read_sbin_pipe( @@ -1860,27 +2084,25 @@ system

domain - - , - - - - target_domain - - )

+Read named pipes in sbin directories. +

-Module: -corenetwork

-Layer: -kernel

+Module: +corecommands

+Layer: +system

-corenet_dontaudit_tcp_bind_all_reserved_ports( +corecmd_read_sbin_socket( @@ -1893,20 +2115,20 @@ kernel

-Do not audit attempts to bind TCP sockets to all reserved ports. +Read named sockets in sbin directories.

-Module: -corenetwork

-Layer: -kernel

+Module: +corecommands

+Layer: +system

-corenet_dontaudit_udp_bind_all_reserved_ports( +corecmd_read_sbin_symlink( @@ -1919,25 +2141,25 @@ kernel

-Do not audit attempts to bind UDP sockets to all reserved ports. +Read symbolic links in sbin directories.

-Module: -corenetwork

-Layer: -kernel

+Module: +corecommands

+Layer: +system

-corenet_raw_receive_all_if( +corecmd_search_bin( - domain + ? )
@@ -1945,25 +2167,25 @@ kernel

-Receive raw IP packets on all interfaces. +Summary is missing!

-Module: -corenetwork

-Layer: -kernel

+Module: +corecommands

+Layer: +system

-corenet_raw_receive_all_nodes( +corecmd_search_sbin( - domain + ? )
@@ -1971,20 +2193,20 @@ kernel

-Receive raw IP packets on all nodes. +Summary is missing!

-Module: -corenetwork

-Layer: -kernel

+Module: +corecommands

+Layer: +system

-corenet_raw_receive_compat_ipv4_node( +corecmd_shell_domtrans( @@ -1992,19 +2214,33 @@ kernel

domain + + , + + + + target_domain + + )

+Execute a shell in the specified domain. +

-Module: -corenetwork

-Layer: -kernel

+Module: +corecommands

+Layer: +system

-corenet_raw_receive_eth0( +corecmd_shell_entry_type( @@ -2015,16 +2251,22 @@ kernel

)

+Make the shell an entrypoint for the specified domain. +

-Module: -corenetwork

-Layer: -kernel

+Module: +corecommands

+Layer: +system

-corenet_raw_receive_eth1( +corecmd_shell_spec_domtrans( @@ -2032,19 +2274,27 @@ kernel

domain + + , + + + + target_domain + + )

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_eth2( +corenet_dontaudit_tcp_bind_all_reserved_ports( @@ -2055,16 +2305,22 @@ kernel

)

+Do not audit attempts to bind TCP sockets to all reserved ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_generic_if( +corenet_dontaudit_udp_bind_all_reserved_ports( @@ -2077,20 +2333,20 @@ kernel

-Receive raw IP packets on generic interfaces. +Do not audit attempts to bind UDP sockets to all reserved ports.

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_generic_node( +corenet_raw_receive_all_if( @@ -2103,20 +2359,20 @@ kernel

-Receive raw IP packets on generic nodes. +Receive raw IP packets on all interfaces.

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_inaddr_any_node( +corenet_raw_receive_all_nodes( @@ -2127,16 +2383,22 @@ kernel

)

+Receive raw IP packets on all nodes. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_ippp0( +corenet_raw_receive_compat_ipv4_node( @@ -2147,16 +2409,22 @@ kernel

)

+Receive raw IP packets on the compat_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_ipsec0( +corenet_raw_receive_eth0( @@ -2167,16 +2435,22 @@ kernel

)

+Receive raw IP packets on the eth0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_ipsec1( +corenet_raw_receive_eth1( @@ -2187,16 +2461,22 @@ kernel

)

+Receive raw IP packets on the eth1 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_ipsec2( +corenet_raw_receive_eth2( @@ -2207,16 +2487,22 @@ kernel

)

+Receive raw IP packets on the eth2 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_link_local_node( +corenet_raw_receive_generic_if( @@ -2227,16 +2513,22 @@ kernel

)

+Receive raw IP packets on generic interfaces. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_lo( +corenet_raw_receive_generic_node( @@ -2247,16 +2539,22 @@ kernel

)

+Receive raw IP packets on generic nodes. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_lo_node( +corenet_raw_receive_inaddr_any_node( @@ -2267,16 +2565,22 @@ kernel

)

+Receive raw IP packets on the inaddr_any node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_mapped_ipv4_node( +corenet_raw_receive_ippp0( @@ -2287,16 +2591,22 @@ kernel

)

+Receive raw IP packets on the ippp0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_multicast_node( +corenet_raw_receive_ipsec0( @@ -2307,16 +2617,22 @@ kernel

)

+Receive raw IP packets on the ipsec0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_site_local_node( +corenet_raw_receive_ipsec1( @@ -2327,16 +2643,22 @@ kernel

)

+Receive raw IP packets on the ipsec1 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_receive_unspec_node( +corenet_raw_receive_ipsec2( @@ -2347,16 +2669,22 @@ kernel

)

+Receive raw IP packets on the ipsec2 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_all_if( +corenet_raw_receive_link_local_node( @@ -2369,20 +2697,20 @@ kernel

-Send raw IP packets on all interfaces. +Receive raw IP packets on the link_local node.

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_all_nodes( +corenet_raw_receive_lo( @@ -2395,20 +2723,20 @@ kernel

-Send raw IP packets on all nodes. +Receive raw IP packets on the lo interface.

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_compat_ipv4_node( +corenet_raw_receive_lo_node( @@ -2419,16 +2747,22 @@ kernel

)

+Receive raw IP packets on the lo node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_eth0( +corenet_raw_receive_mapped_ipv4_node( @@ -2439,16 +2773,22 @@ kernel

)

+Receive raw IP packets on the mapped_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_eth1( +corenet_raw_receive_multicast_node( @@ -2459,16 +2799,22 @@ kernel

)

+Receive raw IP packets on the multicast node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_eth2( +corenet_raw_receive_site_local_node( @@ -2479,16 +2825,22 @@ kernel

)

+Receive raw IP packets on the site_local node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_generic_if( +corenet_raw_receive_unspec_node( @@ -2501,20 +2853,20 @@ kernel

-Send raw IP packets on generic interfaces. +Receive raw IP packets on the unspec node.

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_generic_node( +corenet_raw_send_all_if( @@ -2527,20 +2879,20 @@ kernel

-Send raw IP packets on generic nodes. +Send raw IP packets on all interfaces.

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_inaddr_any_node( +corenet_raw_send_all_nodes( @@ -2551,16 +2903,22 @@ kernel

)

+Send raw IP packets on all nodes. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_ippp0( +corenet_raw_send_compat_ipv4_node( @@ -2571,16 +2929,22 @@ kernel

)

+Send raw IP packets on the compat_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_ipsec0( +corenet_raw_send_eth0( @@ -2591,16 +2955,22 @@ kernel

)

+Send raw IP packets on the eth0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_ipsec1( +corenet_raw_send_eth1( @@ -2611,16 +2981,22 @@ kernel

)

+Send raw IP packets on the eth1 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_ipsec2( +corenet_raw_send_eth2( @@ -2631,16 +3007,22 @@ kernel

)

+Send raw IP packets on the eth2 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_link_local_node( +corenet_raw_send_generic_if( @@ -2651,16 +3033,22 @@ kernel

)

+Send raw IP packets on generic interfaces. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_lo( +corenet_raw_send_generic_node( @@ -2671,16 +3059,22 @@ kernel

)

+Send raw IP packets on generic nodes. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_lo_node( +corenet_raw_send_inaddr_any_node( @@ -2691,16 +3085,22 @@ kernel

)

+Send raw IP packets on the inaddr_any node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_mapped_ipv4_node( +corenet_raw_send_ippp0( @@ -2711,16 +3111,22 @@ kernel

)

+Send raw IP packets on the ippp0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_multicast_node( +corenet_raw_send_ipsec0( @@ -2731,16 +3137,22 @@ kernel

)

+Send raw IP packets on the ipsec0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_site_local_node( +corenet_raw_send_ipsec1( @@ -2751,16 +3163,22 @@ kernel

)

+Send raw IP packets on the ipsec1 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_send_unspec_node( +corenet_raw_send_ipsec2( @@ -2771,16 +3189,22 @@ kernel

)

+Send raw IP packets on the ipsec2 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_all_if( +corenet_raw_send_link_local_node( @@ -2793,20 +3217,20 @@ kernel

-Send and receive raw IP packets on all interfaces. +Send raw IP packets on the link_local node.

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_all_nodes( +corenet_raw_send_lo( @@ -2819,20 +3243,20 @@ kernel

-Send and receive raw IP packets on all nodes. +Send raw IP packets on the lo interface.

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_compat_ipv4_node( +corenet_raw_send_lo_node( @@ -2843,16 +3267,22 @@ kernel

)

+Send raw IP packets on the lo node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_eth0( +corenet_raw_send_mapped_ipv4_node( @@ -2863,16 +3293,22 @@ kernel

)

+Send raw IP packets on the mapped_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_eth1( +corenet_raw_send_multicast_node( @@ -2883,16 +3319,22 @@ kernel

)

+Send raw IP packets on the multicast node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_eth2( +corenet_raw_send_site_local_node( @@ -2903,16 +3345,22 @@ kernel

)

+Send raw IP packets on the site_local node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_generic_if( +corenet_raw_send_unspec_node( @@ -2925,20 +3373,20 @@ kernel

-Send and receive raw IP packets on generic interfaces. +Send raw IP packets on the unspec node.

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_generic_node( +corenet_raw_sendrecv_all_if( @@ -2951,20 +3399,20 @@ kernel

-Send and receive raw IP packets on generic nodes. +Send and receive raw IP packets on all interfaces.

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_inaddr_any_node( +corenet_raw_sendrecv_all_nodes( @@ -2975,16 +3423,22 @@ kernel

)

+Send and receive raw IP packets on all nodes. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_ippp0( +corenet_raw_sendrecv_compat_ipv4_node( @@ -2995,16 +3449,22 @@ kernel

)

+Send and receive raw IP packets on the compat_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_ipsec0( +corenet_raw_sendrecv_eth0( @@ -3015,16 +3475,22 @@ kernel

)

+Send and receive raw IP packets on the eth0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_ipsec1( +corenet_raw_sendrecv_eth1( @@ -3035,16 +3501,22 @@ kernel

)

+Send and receive raw IP packets on the eth1 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_ipsec2( +corenet_raw_sendrecv_eth2( @@ -3055,16 +3527,22 @@ kernel

)

+Send and receive raw IP packets on the eth2 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_link_local_node( +corenet_raw_sendrecv_generic_if( @@ -3075,16 +3553,22 @@ kernel

)

+Send and receive raw IP packets on generic interfaces. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_lo( +corenet_raw_sendrecv_generic_node( @@ -3095,16 +3579,22 @@ kernel

)

+Send and receive raw IP packets on generic nodes. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_lo_node( +corenet_raw_sendrecv_inaddr_any_node( @@ -3115,16 +3605,22 @@ kernel

)

+Send and receive raw IP packets on the inaddr_any node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_mapped_ipv4_node( +corenet_raw_sendrecv_ippp0( @@ -3135,16 +3631,22 @@ kernel

)

+Send and receive raw IP packets on the ippp0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_multicast_node( +corenet_raw_sendrecv_ipsec0( @@ -3155,16 +3657,22 @@ kernel

)

+Send and receive raw IP packets on the ipsec0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_site_local_node( +corenet_raw_sendrecv_ipsec1( @@ -3175,16 +3683,22 @@ kernel

)

+Send and receive raw IP packets on the ipsec1 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_raw_sendrecv_unspec_node( +corenet_raw_sendrecv_ipsec2( @@ -3195,16 +3709,22 @@ kernel

)

+Send and receive raw IP packets on the ipsec2 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_all_nodes( +corenet_raw_sendrecv_link_local_node( @@ -3217,20 +3737,20 @@ kernel

-Bind TCP sockets to all nodes. +Send and receive raw IP packets on the link_local node.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_all_ports( +corenet_raw_sendrecv_lo( @@ -3243,20 +3763,20 @@ kernel

-Bind TCP sockets to all ports. +Send and receive raw IP packets on the lo interface.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_all_reserved_ports( +corenet_raw_sendrecv_lo_node( @@ -3269,20 +3789,20 @@ kernel

-Bind TCP sockets to all reserved ports. +Send and receive raw IP packets on the lo node.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_amanda_port( +corenet_raw_sendrecv_mapped_ipv4_node( @@ -3293,16 +3813,22 @@ kernel

)

+Send and receive raw IP packets on the mapped_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_compat_ipv4_node( +corenet_raw_sendrecv_multicast_node( @@ -3313,16 +3839,22 @@ kernel

)

+Send and receive raw IP packets on the multicast node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_dbskkd_port( +corenet_raw_sendrecv_site_local_node( @@ -3333,16 +3865,22 @@ kernel

)

+Send and receive raw IP packets on the site_local node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_dhcpc_port( +corenet_raw_sendrecv_unspec_node( @@ -3353,16 +3891,22 @@ kernel

)

+Send and receive raw IP packets on the unspec node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_dhcpd_port( +corenet_tcp_bind_all_nodes( @@ -3373,16 +3917,22 @@ kernel

)

+Bind TCP sockets to all nodes. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_dict_port( +corenet_tcp_bind_all_ports( @@ -3393,16 +3943,22 @@ kernel

)

+Bind TCP sockets to all ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_dns_port( +corenet_tcp_bind_all_reserved_ports( @@ -3413,16 +3969,22 @@ kernel

)

+Bind TCP sockets to all reserved ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_fingerd_port( +corenet_tcp_bind_amanda_port( @@ -3433,16 +3995,22 @@ kernel

)

+Bind TCP sockets to the amanda port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_ftp_data_port( +corenet_tcp_bind_compat_ipv4_node( @@ -3453,16 +4021,22 @@ kernel

)

+Bind TCP sockets to node compat_ipv4. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_ftp_port( +corenet_tcp_bind_dbskkd_port( @@ -3473,16 +4047,22 @@ kernel

)

+Bind TCP sockets to the dbskkd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_generic_node( +corenet_tcp_bind_dhcpc_port( @@ -3495,20 +4075,20 @@ kernel

-Bind TCP sockets to generic nodes. +Bind TCP sockets to the dhcpc port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_generic_port( +corenet_tcp_bind_dhcpd_port( @@ -3521,20 +4101,20 @@ kernel

-Bind TCP sockets to generic ports. +Bind TCP sockets to the dhcpd port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_howl_port( +corenet_tcp_bind_dict_port( @@ -3545,16 +4125,22 @@ kernel

)

+Bind TCP sockets to the dict port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_http_cache_port( +corenet_tcp_bind_dns_port( @@ -3565,16 +4151,22 @@ kernel

)

+Bind TCP sockets to the dns port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_http_port( +corenet_tcp_bind_fingerd_port( @@ -3585,16 +4177,22 @@ kernel

)

+Bind TCP sockets to the fingerd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_inaddr_any_node( +corenet_tcp_bind_ftp_data_port( @@ -3605,16 +4203,22 @@ kernel

)

+Bind TCP sockets to the ftp_data port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_inetd_child_port( +corenet_tcp_bind_ftp_port( @@ -3625,16 +4229,22 @@ kernel

)

+Bind TCP sockets to the ftp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_innd_port( +corenet_tcp_bind_generic_node( @@ -3645,16 +4255,22 @@ kernel

)

+Bind TCP sockets to generic nodes. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_ipp_port( +corenet_tcp_bind_generic_port( @@ -3665,16 +4281,22 @@ kernel

)

+Bind TCP sockets to generic ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_kerberos_admin_port( +corenet_tcp_bind_howl_port( @@ -3685,16 +4307,22 @@ kernel

)

+Bind TCP sockets to the howl port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_kerberos_master_port( +corenet_tcp_bind_http_cache_port( @@ -3705,16 +4333,22 @@ kernel

)

+Bind TCP sockets to the http_cache port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_kerberos_port( +corenet_tcp_bind_http_port( @@ -3725,16 +4359,22 @@ kernel

)

+Bind TCP sockets to the http port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_ktalkd_port( +corenet_tcp_bind_inaddr_any_node( @@ -3745,16 +4385,22 @@ kernel

)

+Bind TCP sockets to node inaddr_any. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_ldap_port( +corenet_tcp_bind_inetd_child_port( @@ -3765,16 +4411,22 @@ kernel

)

+Bind TCP sockets to the inetd_child port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_link_local_node( +corenet_tcp_bind_innd_port( @@ -3785,16 +4437,22 @@ kernel

)

+Bind TCP sockets to the innd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_lo_node( +corenet_tcp_bind_ipp_port( @@ -3805,16 +4463,22 @@ kernel

)

+Bind TCP sockets to the ipp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_mail_port( +corenet_tcp_bind_kerberos_admin_port( @@ -3825,16 +4489,22 @@ kernel

)

+Bind TCP sockets to the kerberos_admin port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_mapped_ipv4_node( +corenet_tcp_bind_kerberos_master_port( @@ -3845,16 +4515,22 @@ kernel

)

+Bind TCP sockets to the kerberos_master port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_multicast_node( +corenet_tcp_bind_kerberos_port( @@ -3865,16 +4541,22 @@ kernel

)

+Bind TCP sockets to the kerberos port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_mysqld_port( +corenet_tcp_bind_ktalkd_port( @@ -3885,16 +4567,22 @@ kernel

)

+Bind TCP sockets to the ktalkd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_nmbd_port( +corenet_tcp_bind_ldap_port( @@ -3905,16 +4593,22 @@ kernel

)

+Bind TCP sockets to the ldap port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_pop_port( +corenet_tcp_bind_link_local_node( @@ -3925,16 +4619,22 @@ kernel

)

+Bind TCP sockets to node link_local. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_portmap_port( +corenet_tcp_bind_lo_node( @@ -3945,16 +4645,22 @@ kernel

)

+Bind TCP sockets to node lo. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_postgresql_port( +corenet_tcp_bind_mail_port( @@ -3965,16 +4671,22 @@ kernel

)

+Bind TCP sockets to the mail port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_printer_port( +corenet_tcp_bind_mapped_ipv4_node( @@ -3985,16 +4697,22 @@ kernel

)

+Bind TCP sockets to node mapped_ipv4. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_pxe_port( +corenet_tcp_bind_multicast_node( @@ -4005,16 +4723,22 @@ kernel

)

+Bind TCP sockets to node multicast. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_radacct_port( +corenet_tcp_bind_mysqld_port( @@ -4025,16 +4749,22 @@ kernel

)

+Bind TCP sockets to the mysqld port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_radius_port( +corenet_tcp_bind_nmbd_port( @@ -4045,16 +4775,22 @@ kernel

)

+Bind TCP sockets to the nmbd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_reserved_port( +corenet_tcp_bind_pop_port( @@ -4067,20 +4803,20 @@ kernel

-Bind TCP sockets to generic reserved ports. +Bind TCP sockets to the pop port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_rsh_port( +corenet_tcp_bind_portmap_port( @@ -4091,16 +4827,22 @@ kernel

)

+Bind TCP sockets to the portmap port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_rsync_port( +corenet_tcp_bind_postgresql_port( @@ -4111,16 +4853,22 @@ kernel

)

+Bind TCP sockets to the postgresql port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_site_local_node( +corenet_tcp_bind_printer_port( @@ -4131,16 +4879,22 @@ kernel

)

+Bind TCP sockets to the printer port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_smbd_port( +corenet_tcp_bind_pxe_port( @@ -4151,16 +4905,22 @@ kernel

)

+Bind TCP sockets to the pxe port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_smtp_port( +corenet_tcp_bind_radacct_port( @@ -4171,16 +4931,22 @@ kernel

)

+Bind TCP sockets to the radacct port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_snmp_port( +corenet_tcp_bind_radius_port( @@ -4191,16 +4957,22 @@ kernel

)

+Bind TCP sockets to the radius port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_ssh_port( +corenet_tcp_bind_reserved_port( @@ -4211,16 +4983,22 @@ kernel

)

+Bind TCP sockets to generic reserved ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_swat_port( +corenet_tcp_bind_rsh_port( @@ -4231,16 +5009,22 @@ kernel

)

+Bind TCP sockets to the rsh port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_syslogd_port( +corenet_tcp_bind_rsync_port( @@ -4251,16 +5035,22 @@ kernel

)

+Bind TCP sockets to the rsync port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_telnetd_port( +corenet_tcp_bind_site_local_node( @@ -4271,16 +5061,22 @@ kernel

)

+Bind TCP sockets to node site_local. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_tftp_port( +corenet_tcp_bind_smbd_port( @@ -4291,16 +5087,22 @@ kernel

)

+Bind TCP sockets to the smbd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_unspec_node( +corenet_tcp_bind_smtp_port( @@ -4311,16 +5113,22 @@ kernel

)

+Bind TCP sockets to the smtp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_vnc_port( +corenet_tcp_bind_snmp_port( @@ -4331,16 +5139,22 @@ kernel

)

+Bind TCP sockets to the snmp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_xserver_port( +corenet_tcp_bind_ssh_port( @@ -4351,16 +5165,22 @@ kernel

)

+Bind TCP sockets to the ssh port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_bind_zebra_port( +corenet_tcp_bind_swat_port( @@ -4371,16 +5191,22 @@ kernel

)

+Bind TCP sockets to the swat port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_all_if( +corenet_tcp_bind_syslogd_port( @@ -4393,20 +5219,20 @@ kernel

-Send and receive TCP network traffic on all interfaces. +Bind TCP sockets to the syslogd port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_all_nodes( +corenet_tcp_bind_telnetd_port( @@ -4419,20 +5245,20 @@ kernel

-Send and receive TCP network traffic on all nodes. +Bind TCP sockets to the telnetd port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_all_ports( +corenet_tcp_bind_tftp_port( @@ -4445,20 +5271,20 @@ kernel

-Send and receive TCP network traffic on all ports. +Bind TCP sockets to the tftp port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_all_reserved_ports( +corenet_tcp_bind_unspec_node( @@ -4471,20 +5297,20 @@ kernel

-Send and receive TCP network traffic on all reserved ports. +Bind TCP sockets to node unspec.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_amanda_port( +corenet_tcp_bind_vnc_port( @@ -4495,16 +5321,22 @@ kernel

)

+Bind TCP sockets to the vnc port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_compat_ipv4_node( +corenet_tcp_bind_xserver_port( @@ -4515,16 +5347,22 @@ kernel

)

+Bind TCP sockets to the xserver port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_dbskkd_port( +corenet_tcp_bind_zebra_port( @@ -4535,16 +5373,22 @@ kernel

)

+Bind TCP sockets to the zebra port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_dhcpc_port( +corenet_tcp_connect_amanda_port( @@ -4555,16 +5399,22 @@ kernel

)

+Make a TCP connection to the amanda port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_dhcpd_port( +corenet_tcp_connect_dbskkd_port( @@ -4575,16 +5425,22 @@ kernel

)

+Make a TCP connection to the dbskkd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_dict_port( +corenet_tcp_connect_dhcpc_port( @@ -4595,16 +5451,22 @@ kernel

)

+Make a TCP connection to the dhcpc port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_dns_port( +corenet_tcp_connect_dhcpd_port( @@ -4615,16 +5477,22 @@ kernel

)

+Make a TCP connection to the dhcpd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_eth0( +corenet_tcp_connect_dict_port( @@ -4635,16 +5503,22 @@ kernel

)

+Make a TCP connection to the dict port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_eth1( +corenet_tcp_connect_dns_port( @@ -4655,16 +5529,22 @@ kernel

)

+Make a TCP connection to the dns port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_eth2( +corenet_tcp_connect_fingerd_port( @@ -4675,16 +5555,22 @@ kernel

)

+Make a TCP connection to the fingerd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_fingerd_port( +corenet_tcp_connect_ftp_data_port( @@ -4695,16 +5581,22 @@ kernel

)

+Make a TCP connection to the ftp_data port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_ftp_data_port( +corenet_tcp_connect_ftp_port( @@ -4715,16 +5607,22 @@ kernel

)

+Make a TCP connection to the ftp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_ftp_port( +corenet_tcp_connect_howl_port( @@ -4735,16 +5633,22 @@ kernel

)

+Make a TCP connection to the howl port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_generic_if( +corenet_tcp_connect_http_cache_port( @@ -4757,20 +5661,20 @@ kernel

-Send and receive TCP network traffic on the generic interfaces. +Make a TCP connection to the http_cache port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_generic_node( +corenet_tcp_connect_http_port( @@ -4783,20 +5687,20 @@ kernel

-Send and receive TCP network traffic on generic nodes. +Make a TCP connection to the http port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_generic_port( +corenet_tcp_connect_inetd_child_port( @@ -4809,20 +5713,20 @@ kernel

-Send and receive TCP network traffic on generic ports. +Make a TCP connection to the inetd_child port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_howl_port( +corenet_tcp_connect_innd_port( @@ -4833,16 +5737,22 @@ kernel

)

+Make a TCP connection to the innd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_http_cache_port( +corenet_tcp_connect_ipp_port( @@ -4853,16 +5763,22 @@ kernel

)

+Make a TCP connection to the ipp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_http_port( +corenet_tcp_connect_kerberos_admin_port( @@ -4873,16 +5789,22 @@ kernel

)

+Make a TCP connection to the kerberos_admin port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_inaddr_any_node( +corenet_tcp_connect_kerberos_master_port( @@ -4893,16 +5815,22 @@ kernel

)

+Make a TCP connection to the kerberos_master port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_inetd_child_port( +corenet_tcp_connect_kerberos_port( @@ -4913,16 +5841,22 @@ kernel

)

+Make a TCP connection to the kerberos port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_innd_port( +corenet_tcp_connect_ktalkd_port( @@ -4933,16 +5867,22 @@ kernel

)

+Make a TCP connection to the ktalkd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_ipp_port( +corenet_tcp_connect_ldap_port( @@ -4953,16 +5893,22 @@ kernel

)

+Make a TCP connection to the ldap port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_ippp0( +corenet_tcp_connect_mail_port( @@ -4973,16 +5919,22 @@ kernel

)

+Make a TCP connection to the mail port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_ipsec0( +corenet_tcp_connect_mysqld_port( @@ -4993,16 +5945,22 @@ kernel

)

+Make a TCP connection to the mysqld port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_ipsec1( +corenet_tcp_connect_nmbd_port( @@ -5013,16 +5971,22 @@ kernel

)

+Make a TCP connection to the nmbd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_ipsec2( +corenet_tcp_connect_pop_port( @@ -5033,16 +5997,22 @@ kernel

)

+Make a TCP connection to the pop port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_kerberos_admin_port( +corenet_tcp_connect_portmap_port( @@ -5053,16 +6023,22 @@ kernel

)

+Make a TCP connection to the portmap port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_kerberos_master_port( +corenet_tcp_connect_postgresql_port( @@ -5073,16 +6049,22 @@ kernel

)

+Make a TCP connection to the postgresql port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_kerberos_port( +corenet_tcp_connect_printer_port( @@ -5093,16 +6075,22 @@ kernel

)

+Make a TCP connection to the printer port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_ktalkd_port( +corenet_tcp_connect_pxe_port( @@ -5113,16 +6101,22 @@ kernel

)

+Make a TCP connection to the pxe port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_ldap_port( +corenet_tcp_connect_radacct_port( @@ -5133,16 +6127,22 @@ kernel

)

+Make a TCP connection to the radacct port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_link_local_node( +corenet_tcp_connect_radius_port( @@ -5153,16 +6153,22 @@ kernel

)

+Make a TCP connection to the radius port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_lo( +corenet_tcp_connect_rsh_port( @@ -5173,16 +6179,22 @@ kernel

)

+Make a TCP connection to the rsh port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_lo_node( +corenet_tcp_connect_rsync_port( @@ -5193,16 +6205,22 @@ kernel

)

+Make a TCP connection to the rsync port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_mail_port( +corenet_tcp_connect_smbd_port( @@ -5213,16 +6231,22 @@ kernel

)

- +

+Make a TCP connection to the smbd port. +

+ +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_mapped_ipv4_node( +corenet_tcp_connect_smtp_port( @@ -5233,16 +6257,22 @@ kernel

)

+Make a TCP connection to the smtp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_multicast_node( +corenet_tcp_connect_snmp_port( @@ -5253,16 +6283,22 @@ kernel

)

+Make a TCP connection to the snmp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_mysqld_port( +corenet_tcp_connect_ssh_port( @@ -5273,16 +6309,22 @@ kernel

)

+Make a TCP connection to the ssh port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_nmbd_port( +corenet_tcp_connect_swat_port( @@ -5293,16 +6335,22 @@ kernel

)

+Make a TCP connection to the swat port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_pop_port( +corenet_tcp_connect_syslogd_port( @@ -5313,16 +6361,22 @@ kernel

)

+Make a TCP connection to the syslogd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_portmap_port( +corenet_tcp_connect_telnetd_port( @@ -5333,16 +6387,22 @@ kernel

)

+Make a TCP connection to the telnetd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_postgresql_port( +corenet_tcp_connect_tftp_port( @@ -5353,16 +6413,22 @@ kernel

)

+Make a TCP connection to the tftp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_printer_port( +corenet_tcp_connect_vnc_port( @@ -5373,16 +6439,22 @@ kernel

)

+Make a TCP connection to the vnc port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_pxe_port( +corenet_tcp_connect_xserver_port( @@ -5393,16 +6465,22 @@ kernel

)

+Make a TCP connection to the xserver port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_radacct_port( +corenet_tcp_connect_zebra_port( @@ -5413,16 +6491,22 @@ kernel

)

+Make a TCP connection to the zebra port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_radius_port( +corenet_tcp_sendrecv_all_if( @@ -5433,16 +6517,22 @@ kernel

)

+Send and receive TCP network traffic on all interfaces. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_reserved_port( +corenet_tcp_sendrecv_all_nodes( @@ -5455,20 +6545,20 @@ kernel

-Send and receive TCP network traffic on generic reserved ports. +Send and receive TCP network traffic on all nodes.

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_rsh_port( +corenet_tcp_sendrecv_all_ports( @@ -5479,16 +6569,22 @@ kernel

)

+Send and receive TCP network traffic on all ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_rsync_port( +corenet_tcp_sendrecv_all_reserved_ports( @@ -5499,16 +6595,22 @@ kernel

)

+Send and receive TCP network traffic on all reserved ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_site_local_node( +corenet_tcp_sendrecv_amanda_port( @@ -5519,16 +6621,22 @@ kernel

)

+Send and receive TCP traffic on the amanda port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_smbd_port( +corenet_tcp_sendrecv_compat_ipv4_node( @@ -5539,16 +6647,22 @@ kernel

)

+Send and receive TCP traffic on the compat_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_smtp_port( +corenet_tcp_sendrecv_dbskkd_port( @@ -5559,16 +6673,22 @@ kernel

)

+Send and receive TCP traffic on the dbskkd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_snmp_port( +corenet_tcp_sendrecv_dhcpc_port( @@ -5579,16 +6699,22 @@ kernel

)

+Send and receive TCP traffic on the dhcpc port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_ssh_port( +corenet_tcp_sendrecv_dhcpd_port( @@ -5599,16 +6725,22 @@ kernel

)

+Send and receive TCP traffic on the dhcpd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_swat_port( +corenet_tcp_sendrecv_dict_port( @@ -5619,16 +6751,22 @@ kernel

)

+Send and receive TCP traffic on the dict port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_syslogd_port( +corenet_tcp_sendrecv_dns_port( @@ -5639,16 +6777,22 @@ kernel

)

+Send and receive TCP traffic on the dns port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_telnetd_port( +corenet_tcp_sendrecv_eth0( @@ -5659,16 +6803,22 @@ kernel

)

+Send and receive TCP network traffic on the eth0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_tftp_port( +corenet_tcp_sendrecv_eth1( @@ -5679,16 +6829,22 @@ kernel

)

+Send and receive TCP network traffic on the eth1 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_unspec_node( +corenet_tcp_sendrecv_eth2( @@ -5699,16 +6855,22 @@ kernel

)

+Send and receive TCP network traffic on the eth2 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_vnc_port( +corenet_tcp_sendrecv_fingerd_port( @@ -5719,16 +6881,22 @@ kernel

)

+Send and receive TCP traffic on the fingerd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_xserver_port( +corenet_tcp_sendrecv_ftp_data_port( @@ -5739,16 +6907,22 @@ kernel

)

+Send and receive TCP traffic on the ftp_data port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_tcp_sendrecv_zebra_port( +corenet_tcp_sendrecv_ftp_port( @@ -5759,16 +6933,22 @@ kernel

)

+Send and receive TCP traffic on the ftp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_all_nodes( +corenet_tcp_sendrecv_generic_if( @@ -5781,20 +6961,20 @@ kernel

-Bind UDP sockets to all nodes. +Send and receive TCP network traffic on the generic interfaces.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_all_ports( +corenet_tcp_sendrecv_generic_node( @@ -5807,20 +6987,20 @@ kernel

-Bind UDP sockets to all ports. +Send and receive TCP network traffic on generic nodes.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_all_reserved_ports( +corenet_tcp_sendrecv_generic_port( @@ -5833,20 +7013,20 @@ kernel

-Bind UDP sockets to all reserved ports. +Send and receive TCP network traffic on generic ports.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_amanda_port( +corenet_tcp_sendrecv_howl_port( @@ -5857,16 +7037,22 @@ kernel

)

+Send and receive TCP traffic on the howl port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_compat_ipv4_node( +corenet_tcp_sendrecv_http_cache_port( @@ -5877,16 +7063,22 @@ kernel

)

+Send and receive TCP traffic on the http_cache port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_dbskkd_port( +corenet_tcp_sendrecv_http_port( @@ -5897,16 +7089,22 @@ kernel

)

+Send and receive TCP traffic on the http port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_dhcpc_port( +corenet_tcp_sendrecv_inaddr_any_node( @@ -5917,16 +7115,22 @@ kernel

)

+Send and receive TCP traffic on the inaddr_any node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_dhcpd_port( +corenet_tcp_sendrecv_inetd_child_port( @@ -5937,16 +7141,22 @@ kernel

)

+Send and receive TCP traffic on the inetd_child port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_dict_port( +corenet_tcp_sendrecv_innd_port( @@ -5957,16 +7167,22 @@ kernel

)

+Send and receive TCP traffic on the innd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_dns_port( +corenet_tcp_sendrecv_ipp_port( @@ -5977,16 +7193,22 @@ kernel

)

+Send and receive TCP traffic on the ipp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_fingerd_port( +corenet_tcp_sendrecv_ippp0( @@ -5997,16 +7219,22 @@ kernel

)

+Send and receive TCP network traffic on the ippp0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_ftp_data_port( +corenet_tcp_sendrecv_ipsec0( @@ -6017,16 +7245,22 @@ kernel

)

+Send and receive TCP network traffic on the ipsec0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_ftp_port( +corenet_tcp_sendrecv_ipsec1( @@ -6037,16 +7271,22 @@ kernel

)

+Send and receive TCP network traffic on the ipsec1 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_generic_node( +corenet_tcp_sendrecv_ipsec2( @@ -6059,20 +7299,20 @@ kernel

-Bind UDP sockets to generic nodes. +Send and receive TCP network traffic on the ipsec2 interface.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_generic_port( +corenet_tcp_sendrecv_kerberos_admin_port( @@ -6085,20 +7325,20 @@ kernel

-Bind UDP sockets to generic ports. +Send and receive TCP traffic on the kerberos_admin port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_howl_port( +corenet_tcp_sendrecv_kerberos_master_port( @@ -6109,16 +7349,22 @@ kernel

)

+Send and receive TCP traffic on the kerberos_master port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_http_cache_port( +corenet_tcp_sendrecv_kerberos_port( @@ -6129,16 +7375,22 @@ kernel

)

+Send and receive TCP traffic on the kerberos port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_http_port( +corenet_tcp_sendrecv_ktalkd_port( @@ -6149,16 +7401,22 @@ kernel

)

+Send and receive TCP traffic on the ktalkd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_inaddr_any_node( +corenet_tcp_sendrecv_ldap_port( @@ -6169,16 +7427,22 @@ kernel

)

+Send and receive TCP traffic on the ldap port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_inetd_child_port( +corenet_tcp_sendrecv_link_local_node( @@ -6189,16 +7453,22 @@ kernel

)

+Send and receive TCP traffic on the link_local node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_innd_port( +corenet_tcp_sendrecv_lo( @@ -6209,16 +7479,22 @@ kernel

)

+Send and receive TCP network traffic on the lo interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_ipp_port( +corenet_tcp_sendrecv_lo_node( @@ -6229,16 +7505,22 @@ kernel

)

+Send and receive TCP traffic on the lo node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_kerberos_admin_port( +corenet_tcp_sendrecv_mail_port( @@ -6249,16 +7531,22 @@ kernel

)

+Send and receive TCP traffic on the mail port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_kerberos_master_port( +corenet_tcp_sendrecv_mapped_ipv4_node( @@ -6269,16 +7557,22 @@ kernel

)

+Send and receive TCP traffic on the mapped_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_kerberos_port( +corenet_tcp_sendrecv_multicast_node( @@ -6289,16 +7583,22 @@ kernel

)

+Send and receive TCP traffic on the multicast node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_ktalkd_port( +corenet_tcp_sendrecv_mysqld_port( @@ -6309,16 +7609,22 @@ kernel

)

+Send and receive TCP traffic on the mysqld port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_ldap_port( +corenet_tcp_sendrecv_nmbd_port( @@ -6329,16 +7635,22 @@ kernel

)

+Send and receive TCP traffic on the nmbd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_link_local_node( +corenet_tcp_sendrecv_pop_port( @@ -6349,16 +7661,22 @@ kernel

)

+Send and receive TCP traffic on the pop port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_lo_node( +corenet_tcp_sendrecv_portmap_port( @@ -6369,16 +7687,22 @@ kernel

)

+Send and receive TCP traffic on the portmap port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_mail_port( +corenet_tcp_sendrecv_postgresql_port( @@ -6389,16 +7713,22 @@ kernel

)

+Send and receive TCP traffic on the postgresql port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_mapped_ipv4_node( +corenet_tcp_sendrecv_printer_port( @@ -6409,16 +7739,22 @@ kernel

)

+Send and receive TCP traffic on the printer port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_multicast_node( +corenet_tcp_sendrecv_pxe_port( @@ -6429,16 +7765,22 @@ kernel

)

+Send and receive TCP traffic on the pxe port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_mysqld_port( +corenet_tcp_sendrecv_radacct_port( @@ -6449,16 +7791,22 @@ kernel

)

+Send and receive TCP traffic on the radacct port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_nmbd_port( +corenet_tcp_sendrecv_radius_port( @@ -6469,16 +7817,22 @@ kernel

)

+Send and receive TCP traffic on the radius port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_pop_port( +corenet_tcp_sendrecv_reserved_port( @@ -6489,16 +7843,22 @@ kernel

)

+Send and receive TCP network traffic on generic reserved ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_portmap_port( +corenet_tcp_sendrecv_rsh_port( @@ -6509,16 +7869,22 @@ kernel

)

+Send and receive TCP traffic on the rsh port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_postgresql_port( +corenet_tcp_sendrecv_rsync_port( @@ -6529,16 +7895,22 @@ kernel

)

+Send and receive TCP traffic on the rsync port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_printer_port( +corenet_tcp_sendrecv_site_local_node( @@ -6549,16 +7921,22 @@ kernel

)

+Send and receive TCP traffic on the site_local node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_pxe_port( +corenet_tcp_sendrecv_smbd_port( @@ -6569,16 +7947,22 @@ kernel

)

+Send and receive TCP traffic on the smbd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_radacct_port( +corenet_tcp_sendrecv_smtp_port( @@ -6589,16 +7973,22 @@ kernel

)

+Send and receive TCP traffic on the smtp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_radius_port( +corenet_tcp_sendrecv_snmp_port( @@ -6609,16 +7999,22 @@ kernel

)

+Send and receive TCP traffic on the snmp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_reserved_port( +corenet_tcp_sendrecv_ssh_port( @@ -6631,20 +8027,20 @@ kernel

-Bind UDP sockets to generic reserved ports. +Send and receive TCP traffic on the ssh port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_rsh_port( +corenet_tcp_sendrecv_swat_port( @@ -6655,16 +8051,22 @@ kernel

)

+Send and receive TCP traffic on the swat port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_rsync_port( +corenet_tcp_sendrecv_syslogd_port( @@ -6675,16 +8077,22 @@ kernel

)

+Send and receive TCP traffic on the syslogd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_site_local_node( +corenet_tcp_sendrecv_telnetd_port( @@ -6695,16 +8103,22 @@ kernel

)

+Send and receive TCP traffic on the telnetd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_smbd_port( +corenet_tcp_sendrecv_tftp_port( @@ -6715,16 +8129,22 @@ kernel

)

+Send and receive TCP traffic on the tftp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_smtp_port( +corenet_tcp_sendrecv_unspec_node( @@ -6735,16 +8155,22 @@ kernel

)

+Send and receive TCP traffic on the unspec node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_snmp_port( +corenet_tcp_sendrecv_vnc_port( @@ -6755,16 +8181,22 @@ kernel

)

+Send and receive TCP traffic on the vnc port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_ssh_port( +corenet_tcp_sendrecv_xserver_port( @@ -6775,16 +8207,22 @@ kernel

)

+Send and receive TCP traffic on the xserver port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_swat_port( +corenet_tcp_sendrecv_zebra_port( @@ -6795,16 +8233,22 @@ kernel

)

+Send and receive TCP traffic on the zebra port. +

+ +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_syslogd_port( +corenet_udp_bind_all_nodes( @@ -6815,16 +8259,22 @@ kernel

)

+Bind UDP sockets to all nodes. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_telnetd_port( +corenet_udp_bind_all_ports( @@ -6835,16 +8285,22 @@ kernel

)

+Bind UDP sockets to all ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_tftp_port( +corenet_udp_bind_all_reserved_ports( @@ -6855,16 +8311,22 @@ kernel

)

+Bind UDP sockets to all reserved ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_unspec_node( +corenet_udp_bind_amanda_port( @@ -6875,16 +8337,22 @@ kernel

)

+Bind UDP sockets to the amanda port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_vnc_port( +corenet_udp_bind_compat_ipv4_node( @@ -6895,16 +8363,22 @@ kernel

)

+Bind UDP sockets to the compat_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_xserver_port( +corenet_udp_bind_dbskkd_port( @@ -6915,16 +8389,22 @@ kernel

)

+Bind UDP sockets to the dbskkd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_bind_zebra_port( +corenet_udp_bind_dhcpc_port( @@ -6935,16 +8415,22 @@ kernel

)

+Bind UDP sockets to the dhcpc port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_all_if( +corenet_udp_bind_dhcpd_port( @@ -6957,20 +8443,20 @@ kernel

-Receive UDP network traffic on all interfaces. +Bind UDP sockets to the dhcpd port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_all_nodes( +corenet_udp_bind_dict_port( @@ -6983,20 +8469,20 @@ kernel

-Receive UDP network traffic on all nodes. +Bind UDP sockets to the dict port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_all_ports( +corenet_udp_bind_dns_port( @@ -7009,20 +8495,20 @@ kernel

-Receive UDP network traffic on all ports. +Bind UDP sockets to the dns port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_all_reserved_ports( +corenet_udp_bind_fingerd_port( @@ -7035,20 +8521,20 @@ kernel

-Receive UDP network traffic on all reserved ports. +Bind UDP sockets to the fingerd port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_amanda_port( +corenet_udp_bind_ftp_data_port( @@ -7059,16 +8545,22 @@ kernel

)

+Bind UDP sockets to the ftp_data port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_compat_ipv4_node( +corenet_udp_bind_ftp_port( @@ -7079,16 +8571,22 @@ kernel

)

+Bind UDP sockets to the ftp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_dbskkd_port( +corenet_udp_bind_generic_node( @@ -7099,16 +8597,22 @@ kernel

)

+Bind UDP sockets to generic nodes. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_dhcpc_port( +corenet_udp_bind_generic_port( @@ -7119,16 +8623,22 @@ kernel

)

+Bind UDP sockets to generic ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_dhcpd_port( +corenet_udp_bind_howl_port( @@ -7139,16 +8649,22 @@ kernel

)

+Bind UDP sockets to the howl port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_dict_port( +corenet_udp_bind_http_cache_port( @@ -7159,16 +8675,22 @@ kernel

)

+Bind UDP sockets to the http_cache port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_dns_port( +corenet_udp_bind_http_port( @@ -7179,16 +8701,22 @@ kernel

)

+Bind UDP sockets to the http port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_eth0( +corenet_udp_bind_inaddr_any_node( @@ -7199,16 +8727,22 @@ kernel

)

+Bind UDP sockets to the inaddr_any node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_eth1( +corenet_udp_bind_inetd_child_port( @@ -7219,16 +8753,22 @@ kernel

)

+Bind UDP sockets to the inetd_child port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_eth2( +corenet_udp_bind_innd_port( @@ -7239,16 +8779,22 @@ kernel

)

+Bind UDP sockets to the innd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_fingerd_port( +corenet_udp_bind_ipp_port( @@ -7259,16 +8805,22 @@ kernel

)

+Bind UDP sockets to the ipp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_ftp_data_port( +corenet_udp_bind_kerberos_admin_port( @@ -7279,16 +8831,22 @@ kernel

)

+Bind UDP sockets to the kerberos_admin port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_ftp_port( +corenet_udp_bind_kerberos_master_port( @@ -7299,16 +8857,22 @@ kernel

)

+Bind UDP sockets to the kerberos_master port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_generic_if( +corenet_udp_bind_kerberos_port( @@ -7321,20 +8885,20 @@ kernel

-Receive UDP network traffic on generic interfaces. +Bind UDP sockets to the kerberos port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_generic_node( +corenet_udp_bind_ktalkd_port( @@ -7347,20 +8911,20 @@ kernel

-Receive UDP network traffic on generic nodes. +Bind UDP sockets to the ktalkd port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_generic_port( +corenet_udp_bind_ldap_port( @@ -7373,20 +8937,20 @@ kernel

-Receive UDP network traffic on generic ports. +Bind UDP sockets to the ldap port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_howl_port( +corenet_udp_bind_link_local_node( @@ -7397,16 +8961,22 @@ kernel

)

+Bind UDP sockets to the link_local node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_http_cache_port( +corenet_udp_bind_lo_node( @@ -7417,16 +8987,22 @@ kernel

)

+Bind UDP sockets to the lo node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_http_port( +corenet_udp_bind_mail_port( @@ -7437,16 +9013,22 @@ kernel

)

+Bind UDP sockets to the mail port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_inaddr_any_node( +corenet_udp_bind_mapped_ipv4_node( @@ -7457,16 +9039,22 @@ kernel

)

+Bind UDP sockets to the mapped_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_inetd_child_port( +corenet_udp_bind_multicast_node( @@ -7477,16 +9065,22 @@ kernel

)

+Bind UDP sockets to the multicast node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_innd_port( +corenet_udp_bind_mysqld_port( @@ -7497,16 +9091,22 @@ kernel

)

+Bind UDP sockets to the mysqld port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_ipp_port( +corenet_udp_bind_nmbd_port( @@ -7517,16 +9117,22 @@ kernel

)

+Bind UDP sockets to the nmbd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_ippp0( +corenet_udp_bind_pop_port( @@ -7537,16 +9143,22 @@ kernel

)

+Bind UDP sockets to the pop port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_ipsec0( +corenet_udp_bind_portmap_port( @@ -7557,16 +9169,22 @@ kernel

)

+Bind UDP sockets to the portmap port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_ipsec1( +corenet_udp_bind_postgresql_port( @@ -7577,16 +9195,22 @@ kernel

)

+Bind UDP sockets to the postgresql port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_ipsec2( +corenet_udp_bind_printer_port( @@ -7597,16 +9221,22 @@ kernel

)

+Bind UDP sockets to the printer port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_kerberos_admin_port( +corenet_udp_bind_pxe_port( @@ -7617,16 +9247,22 @@ kernel

)

+Bind UDP sockets to the pxe port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_kerberos_master_port( +corenet_udp_bind_radacct_port( @@ -7637,16 +9273,22 @@ kernel

)

+Bind UDP sockets to the radacct port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_kerberos_port( +corenet_udp_bind_radius_port( @@ -7657,16 +9299,22 @@ kernel

)

+Bind UDP sockets to the radius port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_ktalkd_port( +corenet_udp_bind_reserved_port( @@ -7677,16 +9325,22 @@ kernel

)

+Bind UDP sockets to generic reserved ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_ldap_port( +corenet_udp_bind_rsh_port( @@ -7697,16 +9351,22 @@ kernel

)

+Bind UDP sockets to the rsh port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_link_local_node( +corenet_udp_bind_rsync_port( @@ -7717,16 +9377,22 @@ kernel

)

+Bind UDP sockets to the rsync port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_lo( +corenet_udp_bind_site_local_node( @@ -7737,16 +9403,22 @@ kernel

)

+Bind UDP sockets to the site_local node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_lo_node( +corenet_udp_bind_smbd_port( @@ -7757,16 +9429,22 @@ kernel

)

+Bind UDP sockets to the smbd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_mail_port( +corenet_udp_bind_smtp_port( @@ -7777,16 +9455,22 @@ kernel

)

+Bind UDP sockets to the smtp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_mapped_ipv4_node( +corenet_udp_bind_snmp_port( @@ -7797,16 +9481,22 @@ kernel

)

+Bind UDP sockets to the snmp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_multicast_node( +corenet_udp_bind_ssh_port( @@ -7817,16 +9507,22 @@ kernel

)

+Bind UDP sockets to the ssh port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_mysqld_port( +corenet_udp_bind_swat_port( @@ -7837,16 +9533,22 @@ kernel

)

+Bind UDP sockets to the swat port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_nmbd_port( +corenet_udp_bind_syslogd_port( @@ -7857,16 +9559,22 @@ kernel

)

+Bind UDP sockets to the syslogd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_pop_port( +corenet_udp_bind_telnetd_port( @@ -7877,16 +9585,22 @@ kernel

)

+Bind UDP sockets to the telnetd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_portmap_port( +corenet_udp_bind_tftp_port( @@ -7897,16 +9611,22 @@ kernel

)

+Bind UDP sockets to the tftp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_postgresql_port( +corenet_udp_bind_unspec_node( @@ -7917,16 +9637,22 @@ kernel

)

+Bind UDP sockets to the unspec node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_printer_port( +corenet_udp_bind_vnc_port( @@ -7937,16 +9663,22 @@ kernel

)

+Bind UDP sockets to the vnc port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_pxe_port( +corenet_udp_bind_xserver_port( @@ -7957,16 +9689,22 @@ kernel

)

+Bind UDP sockets to the xserver port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_radacct_port( +corenet_udp_bind_zebra_port( @@ -7977,16 +9715,22 @@ kernel

)

+Bind UDP sockets to the zebra port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_radius_port( +corenet_udp_receive_all_if( @@ -7997,16 +9741,22 @@ kernel

)

+Receive UDP network traffic on all interfaces. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_reserved_port( +corenet_udp_receive_all_nodes( @@ -8019,20 +9769,20 @@ kernel

-Receive UDP network traffic on generic reserved ports. +Receive UDP network traffic on all nodes.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_rsh_port( +corenet_udp_receive_all_ports( @@ -8043,16 +9793,22 @@ kernel

)

+Receive UDP network traffic on all ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_rsync_port( +corenet_udp_receive_all_reserved_ports( @@ -8063,16 +9819,22 @@ kernel

)

+Receive UDP network traffic on all reserved ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_site_local_node( +corenet_udp_receive_amanda_port( @@ -8083,16 +9845,22 @@ kernel

)

+Receive UDP traffic on the amanda port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_smbd_port( +corenet_udp_receive_compat_ipv4_node( @@ -8103,16 +9871,22 @@ kernel

)

+Receive UDP traffic on the compat_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_smtp_port( +corenet_udp_receive_dbskkd_port( @@ -8123,16 +9897,22 @@ kernel

)

+Receive UDP traffic on the dbskkd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_snmp_port( +corenet_udp_receive_dhcpc_port( @@ -8143,16 +9923,22 @@ kernel

)

+Receive UDP traffic on the dhcpc port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_ssh_port( +corenet_udp_receive_dhcpd_port( @@ -8163,16 +9949,22 @@ kernel

)

+Receive UDP traffic on the dhcpd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_swat_port( +corenet_udp_receive_dict_port( @@ -8183,16 +9975,22 @@ kernel

)

+Receive UDP traffic on the dict port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_syslogd_port( +corenet_udp_receive_dns_port( @@ -8203,16 +10001,22 @@ kernel

)

+Receive UDP traffic on the dns port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_telnetd_port( +corenet_udp_receive_eth0( @@ -8223,16 +10027,22 @@ kernel

)

+Receive UDP network traffic on the eth0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_tftp_port( +corenet_udp_receive_eth1( @@ -8243,16 +10053,22 @@ kernel

)

+Receive UDP network traffic on the eth1 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_unspec_node( +corenet_udp_receive_eth2( @@ -8263,16 +10079,22 @@ kernel

)

+Receive UDP network traffic on the eth2 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_vnc_port( +corenet_udp_receive_fingerd_port( @@ -8283,16 +10105,22 @@ kernel

)

+Receive UDP traffic on the fingerd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_xserver_port( +corenet_udp_receive_ftp_data_port( @@ -8303,16 +10131,22 @@ kernel

)

+Receive UDP traffic on the ftp_data port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_receive_zebra_port( +corenet_udp_receive_ftp_port( @@ -8323,16 +10157,22 @@ kernel

)

+Receive UDP traffic on the ftp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_all_if( +corenet_udp_receive_generic_if( @@ -8345,20 +10185,20 @@ kernel

-Send UDP network traffic on all interfaces. +Receive UDP network traffic on generic interfaces.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_all_nodes( +corenet_udp_receive_generic_node( @@ -8371,20 +10211,20 @@ kernel

-Send UDP network traffic on all nodes. +Receive UDP network traffic on generic nodes.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_all_ports( +corenet_udp_receive_generic_port( @@ -8397,20 +10237,20 @@ kernel

-Send UDP network traffic on all ports. +Receive UDP network traffic on generic ports.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_all_reserved_ports( +corenet_udp_receive_howl_port( @@ -8423,20 +10263,20 @@ kernel

-Send UDP network traffic on all reserved ports. +Receive UDP traffic on the howl port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_amanda_port( +corenet_udp_receive_http_cache_port( @@ -8447,16 +10287,22 @@ kernel

)

+Receive UDP traffic on the http_cache port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_compat_ipv4_node( +corenet_udp_receive_http_port( @@ -8467,16 +10313,22 @@ kernel

)

+Receive UDP traffic on the http port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_dbskkd_port( +corenet_udp_receive_inaddr_any_node( @@ -8487,16 +10339,22 @@ kernel

)

+Receive UDP traffic on the inaddr_any node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_dhcpc_port( +corenet_udp_receive_inetd_child_port( @@ -8507,16 +10365,22 @@ kernel

)

+Receive UDP traffic on the inetd_child port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_dhcpd_port( +corenet_udp_receive_innd_port( @@ -8527,16 +10391,22 @@ kernel

)

+Receive UDP traffic on the innd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_dict_port( +corenet_udp_receive_ipp_port( @@ -8547,16 +10417,22 @@ kernel

)

+Receive UDP traffic on the ipp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_dns_port( +corenet_udp_receive_ippp0( @@ -8567,16 +10443,22 @@ kernel

)

+Receive UDP network traffic on the ippp0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_eth0( +corenet_udp_receive_ipsec0( @@ -8587,16 +10469,22 @@ kernel

)

+Receive UDP network traffic on the ipsec0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_eth1( +corenet_udp_receive_ipsec1( @@ -8607,16 +10495,22 @@ kernel

)

+Receive UDP network traffic on the ipsec1 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_eth2( +corenet_udp_receive_ipsec2( @@ -8627,16 +10521,22 @@ kernel

)

+Receive UDP network traffic on the ipsec2 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_fingerd_port( +corenet_udp_receive_kerberos_admin_port( @@ -8647,16 +10547,22 @@ kernel

)

+Receive UDP traffic on the kerberos_admin port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_ftp_data_port( +corenet_udp_receive_kerberos_master_port( @@ -8667,16 +10573,22 @@ kernel

)

+Receive UDP traffic on the kerberos_master port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_ftp_port( +corenet_udp_receive_kerberos_port( @@ -8687,16 +10599,22 @@ kernel

)

+Receive UDP traffic on the kerberos port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_generic_if( +corenet_udp_receive_ktalkd_port( @@ -8709,20 +10627,20 @@ kernel

-Send UDP network traffic on generic interfaces. +Receive UDP traffic on the ktalkd port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_generic_node( +corenet_udp_receive_ldap_port( @@ -8735,20 +10653,20 @@ kernel

-Send UDP network traffic on generic nodes. +Receive UDP traffic on the ldap port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_generic_port( +corenet_udp_receive_link_local_node( @@ -8761,20 +10679,20 @@ kernel

-Send UDP network traffic on generic ports. +Receive UDP traffic on the link_local node.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_howl_port( +corenet_udp_receive_lo( @@ -8785,16 +10703,22 @@ kernel

)

+Receive UDP network traffic on the lo interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_http_cache_port( +corenet_udp_receive_lo_node( @@ -8805,16 +10729,22 @@ kernel

)

+Receive UDP traffic on the lo node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_http_port( +corenet_udp_receive_mail_port( @@ -8825,16 +10755,22 @@ kernel

)

+Receive UDP traffic on the mail port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_inaddr_any_node( +corenet_udp_receive_mapped_ipv4_node( @@ -8845,16 +10781,22 @@ kernel

)

+Receive UDP traffic on the mapped_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_inetd_child_port( +corenet_udp_receive_multicast_node( @@ -8865,16 +10807,22 @@ kernel

)

+Receive UDP traffic on the multicast node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_innd_port( +corenet_udp_receive_mysqld_port( @@ -8885,16 +10833,22 @@ kernel

)

+Receive UDP traffic on the mysqld port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_ipp_port( +corenet_udp_receive_nmbd_port( @@ -8905,16 +10859,22 @@ kernel

)

+Receive UDP traffic on the nmbd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_ippp0( +corenet_udp_receive_pop_port( @@ -8925,16 +10885,22 @@ kernel

)

+Receive UDP traffic on the pop port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_ipsec0( +corenet_udp_receive_portmap_port( @@ -8945,16 +10911,22 @@ kernel

)

+Receive UDP traffic on the portmap port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_ipsec1( +corenet_udp_receive_postgresql_port( @@ -8965,16 +10937,22 @@ kernel

)

+Receive UDP traffic on the postgresql port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_ipsec2( +corenet_udp_receive_printer_port( @@ -8985,16 +10963,22 @@ kernel

)

+Receive UDP traffic on the printer port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_kerberos_admin_port( +corenet_udp_receive_pxe_port( @@ -9005,16 +10989,22 @@ kernel

)

+Receive UDP traffic on the pxe port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_kerberos_master_port( +corenet_udp_receive_radacct_port( @@ -9025,16 +11015,22 @@ kernel

)

+Receive UDP traffic on the radacct port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_kerberos_port( +corenet_udp_receive_radius_port( @@ -9045,16 +11041,22 @@ kernel

)

+Receive UDP traffic on the radius port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_ktalkd_port( +corenet_udp_receive_reserved_port( @@ -9065,16 +11067,22 @@ kernel

)

+Receive UDP network traffic on generic reserved ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_ldap_port( +corenet_udp_receive_rsh_port( @@ -9085,16 +11093,22 @@ kernel

)

+Receive UDP traffic on the rsh port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_link_local_node( +corenet_udp_receive_rsync_port( @@ -9105,16 +11119,22 @@ kernel

)

+Receive UDP traffic on the rsync port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_lo( +corenet_udp_receive_site_local_node( @@ -9125,16 +11145,22 @@ kernel

)

+Receive UDP traffic on the site_local node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_lo_node( +corenet_udp_receive_smbd_port( @@ -9145,16 +11171,22 @@ kernel

)

+Receive UDP traffic on the smbd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_mail_port( +corenet_udp_receive_smtp_port( @@ -9165,16 +11197,22 @@ kernel

)

+Receive UDP traffic on the smtp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_mapped_ipv4_node( +corenet_udp_receive_snmp_port( @@ -9185,16 +11223,22 @@ kernel

)

+Receive UDP traffic on the snmp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_multicast_node( +corenet_udp_receive_ssh_port( @@ -9205,16 +11249,22 @@ kernel

)

+Receive UDP traffic on the ssh port. +

+ +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_mysqld_port( +corenet_udp_receive_swat_port( @@ -9225,16 +11275,22 @@ kernel

)

+Receive UDP traffic on the swat port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_nmbd_port( +corenet_udp_receive_syslogd_port( @@ -9245,16 +11301,22 @@ kernel

)

+Receive UDP traffic on the syslogd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_pop_port( +corenet_udp_receive_telnetd_port( @@ -9265,16 +11327,22 @@ kernel

)

+Receive UDP traffic on the telnetd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_portmap_port( +corenet_udp_receive_tftp_port( @@ -9285,16 +11353,22 @@ kernel

)

+Receive UDP traffic on the tftp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_postgresql_port( +corenet_udp_receive_unspec_node( @@ -9305,16 +11379,22 @@ kernel

)

+Receive UDP traffic on the unspec node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_printer_port( +corenet_udp_receive_vnc_port( @@ -9325,16 +11405,22 @@ kernel

)

+Receive UDP traffic on the vnc port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_pxe_port( +corenet_udp_receive_xserver_port( @@ -9345,16 +11431,22 @@ kernel

)

+Receive UDP traffic on the xserver port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_radacct_port( +corenet_udp_receive_zebra_port( @@ -9365,16 +11457,22 @@ kernel

)

+Receive UDP traffic on the zebra port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_radius_port( +corenet_udp_send_all_if( @@ -9385,16 +11483,22 @@ kernel

)

+Send UDP network traffic on all interfaces. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_reserved_port( +corenet_udp_send_all_nodes( @@ -9407,20 +11511,20 @@ kernel

-Send UDP network traffic on generic reserved ports. +Send UDP network traffic on all nodes.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_rsh_port( +corenet_udp_send_all_ports( @@ -9431,16 +11535,22 @@ kernel

)

+Send UDP network traffic on all ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_rsync_port( +corenet_udp_send_all_reserved_ports( @@ -9451,16 +11561,22 @@ kernel

)

+Send UDP network traffic on all reserved ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_site_local_node( +corenet_udp_send_amanda_port( @@ -9471,16 +11587,22 @@ kernel

)

+Send UDP traffic on the amanda port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_smbd_port( +corenet_udp_send_compat_ipv4_node( @@ -9491,16 +11613,22 @@ kernel

)

+Send UDP traffic on the compat_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_smtp_port( +corenet_udp_send_dbskkd_port( @@ -9511,16 +11639,22 @@ kernel

)

+Send UDP traffic on the dbskkd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_snmp_port( +corenet_udp_send_dhcpc_port( @@ -9531,16 +11665,22 @@ kernel

)

+Send UDP traffic on the dhcpc port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_ssh_port( +corenet_udp_send_dhcpd_port( @@ -9551,16 +11691,22 @@ kernel

)

+Send UDP traffic on the dhcpd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_swat_port( +corenet_udp_send_dict_port( @@ -9571,16 +11717,22 @@ kernel

)

+Send UDP traffic on the dict port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_syslogd_port( +corenet_udp_send_dns_port( @@ -9591,16 +11743,22 @@ kernel

)

+Send UDP traffic on the dns port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_telnetd_port( +corenet_udp_send_eth0( @@ -9611,16 +11769,22 @@ kernel

)

+Send UDP network traffic on the eth0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_tftp_port( +corenet_udp_send_eth1( @@ -9631,16 +11795,22 @@ kernel

)

+Send UDP network traffic on the eth1 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_unspec_node( +corenet_udp_send_eth2( @@ -9651,16 +11821,22 @@ kernel

)

+Send UDP network traffic on the eth2 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_vnc_port( +corenet_udp_send_fingerd_port( @@ -9671,16 +11847,22 @@ kernel

)

+Send UDP traffic on the fingerd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_xserver_port( +corenet_udp_send_ftp_data_port( @@ -9691,16 +11873,22 @@ kernel

)

+Send UDP traffic on the ftp_data port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_send_zebra_port( +corenet_udp_send_ftp_port( @@ -9711,16 +11899,22 @@ kernel

)

+Send UDP traffic on the ftp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_all_if( +corenet_udp_send_generic_if( @@ -9733,20 +11927,20 @@ kernel

-Send and receive UDP network traffic on all interfaces. +Send UDP network traffic on generic interfaces.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_all_nodes( +corenet_udp_send_generic_node( @@ -9759,20 +11953,20 @@ kernel

-Send and receive UDP network traffic on all nodes. +Send UDP network traffic on generic nodes.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_all_ports( +corenet_udp_send_generic_port( @@ -9785,20 +11979,20 @@ kernel

-Send and receive UDP network traffic on all ports. +Send UDP network traffic on generic ports.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_all_reserved_ports( +corenet_udp_send_howl_port( @@ -9811,20 +12005,20 @@ kernel

-Send and receive UDP network traffic on all reserved ports. +Send UDP traffic on the howl port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_amanda_port( +corenet_udp_send_http_cache_port( @@ -9835,16 +12029,22 @@ kernel

)

+Send UDP traffic on the http_cache port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_compat_ipv4_node( +corenet_udp_send_http_port( @@ -9855,16 +12055,22 @@ kernel

)

+Send UDP traffic on the http port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_dbskkd_port( +corenet_udp_send_inaddr_any_node( @@ -9875,16 +12081,22 @@ kernel

)

+Send UDP traffic on the inaddr_any node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_dhcpc_port( +corenet_udp_send_inetd_child_port( @@ -9895,16 +12107,22 @@ kernel

)

+Send UDP traffic on the inetd_child port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_dhcpd_port( +corenet_udp_send_innd_port( @@ -9915,16 +12133,22 @@ kernel

)

+Send UDP traffic on the innd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_dict_port( +corenet_udp_send_ipp_port( @@ -9935,16 +12159,22 @@ kernel

)

+Send UDP traffic on the ipp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_dns_port( +corenet_udp_send_ippp0( @@ -9955,16 +12185,22 @@ kernel

)

+Send UDP network traffic on the ippp0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_eth0( +corenet_udp_send_ipsec0( @@ -9975,16 +12211,22 @@ kernel

)

+Send UDP network traffic on the ipsec0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_eth1( +corenet_udp_send_ipsec1( @@ -9995,16 +12237,22 @@ kernel

)

- +

+Send UDP network traffic on the ipsec1 interface. +

+ +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_eth2( +corenet_udp_send_ipsec2( @@ -10015,16 +12263,22 @@ kernel

)

+Send UDP network traffic on the ipsec2 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_fingerd_port( +corenet_udp_send_kerberos_admin_port( @@ -10035,16 +12289,22 @@ kernel

)

+Send UDP traffic on the kerberos_admin port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_ftp_data_port( +corenet_udp_send_kerberos_master_port( @@ -10055,16 +12315,22 @@ kernel

)

+Send UDP traffic on the kerberos_master port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_ftp_port( +corenet_udp_send_kerberos_port( @@ -10075,16 +12341,22 @@ kernel

)

+Send UDP traffic on the kerberos port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_generic_if( +corenet_udp_send_ktalkd_port( @@ -10097,20 +12369,20 @@ kernel

-Send and Receive UDP network traffic on generic interfaces. +Send UDP traffic on the ktalkd port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_generic_node( +corenet_udp_send_ldap_port( @@ -10123,20 +12395,20 @@ kernel

-Send and receive UDP network traffic on generic nodes. +Send UDP traffic on the ldap port.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_generic_port( +corenet_udp_send_link_local_node( @@ -10149,20 +12421,20 @@ kernel

-Send and receive UDP network traffic on generic ports. +Send UDP traffic on the link_local node.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_howl_port( +corenet_udp_send_lo( @@ -10173,16 +12445,22 @@ kernel

)

+Send UDP network traffic on the lo interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_http_cache_port( +corenet_udp_send_lo_node( @@ -10193,16 +12471,22 @@ kernel

)

+Send UDP traffic on the lo node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_http_port( +corenet_udp_send_mail_port( @@ -10213,16 +12497,22 @@ kernel

)

+Send UDP traffic on the mail port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_inaddr_any_node( +corenet_udp_send_mapped_ipv4_node( @@ -10233,16 +12523,22 @@ kernel

)

+Send UDP traffic on the mapped_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_inetd_child_port( +corenet_udp_send_multicast_node( @@ -10253,16 +12549,22 @@ kernel

)

+Send UDP traffic on the multicast node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_innd_port( +corenet_udp_send_mysqld_port( @@ -10273,16 +12575,22 @@ kernel

)

+Send UDP traffic on the mysqld port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_ipp_port( +corenet_udp_send_nmbd_port( @@ -10293,16 +12601,22 @@ kernel

)

+Send UDP traffic on the nmbd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_ippp0( +corenet_udp_send_pop_port( @@ -10313,16 +12627,22 @@ kernel

)

+Send UDP traffic on the pop port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_ipsec0( +corenet_udp_send_portmap_port( @@ -10333,16 +12653,22 @@ kernel

)

+Send UDP traffic on the portmap port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_ipsec1( +corenet_udp_send_postgresql_port( @@ -10353,16 +12679,22 @@ kernel

)

+Send UDP traffic on the postgresql port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_ipsec2( +corenet_udp_send_printer_port( @@ -10373,16 +12705,22 @@ kernel

)

+Send UDP traffic on the printer port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_kerberos_admin_port( +corenet_udp_send_pxe_port( @@ -10393,16 +12731,22 @@ kernel

)

+Send UDP traffic on the pxe port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_kerberos_master_port( +corenet_udp_send_radacct_port( @@ -10413,16 +12757,22 @@ kernel

)

+Send UDP traffic on the radacct port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_kerberos_port( +corenet_udp_send_radius_port( @@ -10433,16 +12783,22 @@ kernel

)

+Send UDP traffic on the radius port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_ktalkd_port( +corenet_udp_send_reserved_port( @@ -10453,16 +12809,22 @@ kernel

)

+Send UDP network traffic on generic reserved ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_ldap_port( +corenet_udp_send_rsh_port( @@ -10473,16 +12835,22 @@ kernel

)

+Send UDP traffic on the rsh port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_link_local_node( +corenet_udp_send_rsync_port( @@ -10493,16 +12861,22 @@ kernel

)

+Send UDP traffic on the rsync port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_lo( +corenet_udp_send_site_local_node( @@ -10513,16 +12887,22 @@ kernel

)

+Send UDP traffic on the site_local node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_lo_node( +corenet_udp_send_smbd_port( @@ -10533,16 +12913,22 @@ kernel

)

+Send UDP traffic on the smbd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_mail_port( +corenet_udp_send_smtp_port( @@ -10553,16 +12939,22 @@ kernel

)

+Send UDP traffic on the smtp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_mapped_ipv4_node( +corenet_udp_send_snmp_port( @@ -10573,16 +12965,22 @@ kernel

)

+Send UDP traffic on the snmp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_multicast_node( +corenet_udp_send_ssh_port( @@ -10593,16 +12991,22 @@ kernel

)

+Send UDP traffic on the ssh port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_mysqld_port( +corenet_udp_send_swat_port( @@ -10613,16 +13017,22 @@ kernel

)

+Send UDP traffic on the swat port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_nmbd_port( +corenet_udp_send_syslogd_port( @@ -10633,16 +13043,22 @@ kernel

)

+Send UDP traffic on the syslogd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_pop_port( +corenet_udp_send_telnetd_port( @@ -10653,16 +13069,22 @@ kernel

)

+Send UDP traffic on the telnetd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_portmap_port( +corenet_udp_send_tftp_port( @@ -10673,16 +13095,22 @@ kernel

)

+Send UDP traffic on the tftp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_postgresql_port( +corenet_udp_send_unspec_node( @@ -10693,16 +13121,22 @@ kernel

)

+Send UDP traffic on the unspec node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_printer_port( +corenet_udp_send_vnc_port( @@ -10713,16 +13147,22 @@ kernel

)

+Send UDP traffic on the vnc port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_pxe_port( +corenet_udp_send_xserver_port( @@ -10733,16 +13173,22 @@ kernel

)

+Send UDP traffic on the xserver port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_radacct_port( +corenet_udp_send_zebra_port( @@ -10753,16 +13199,22 @@ kernel

)

+Send UDP traffic on the zebra port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_radius_port( +corenet_udp_sendrecv_all_if( @@ -10773,16 +13225,22 @@ kernel

)

+Send and receive UDP network traffic on all interfaces. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_reserved_port( +corenet_udp_sendrecv_all_nodes( @@ -10795,20 +13253,20 @@ kernel

-Send and receive UDP network traffic on generic reserved ports. +Send and receive UDP network traffic on all nodes.

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_rsh_port( +corenet_udp_sendrecv_all_ports( @@ -10819,16 +13277,22 @@ kernel

)

+Send and receive UDP network traffic on all ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_rsync_port( +corenet_udp_sendrecv_all_reserved_ports( @@ -10839,16 +13303,22 @@ kernel

)

+Send and receive UDP network traffic on all reserved ports. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_site_local_node( +corenet_udp_sendrecv_amanda_port( @@ -10859,16 +13329,22 @@ kernel

)

+Send and receive UDP traffic on the amanda port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_smbd_port( +corenet_udp_sendrecv_compat_ipv4_node( @@ -10879,16 +13355,22 @@ kernel

)

+Send and receive UDP traffic on the compat_ipv4 node. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_smtp_port( +corenet_udp_sendrecv_dbskkd_port( @@ -10899,16 +13381,22 @@ kernel

)

+Send and receive UDP traffic on the dbskkd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_snmp_port( +corenet_udp_sendrecv_dhcpc_port( @@ -10919,16 +13407,22 @@ kernel

)

+Send and receive UDP traffic on the dhcpc port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_ssh_port( +corenet_udp_sendrecv_dhcpd_port( @@ -10939,16 +13433,22 @@ kernel

)

+Send and receive UDP traffic on the dhcpd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_swat_port( +corenet_udp_sendrecv_dict_port( @@ -10959,16 +13459,22 @@ kernel

)

+Send and receive UDP traffic on the dict port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_syslogd_port( +corenet_udp_sendrecv_dns_port( @@ -10979,16 +13485,22 @@ kernel

)

+Send and receive UDP traffic on the dns port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_telnetd_port( +corenet_udp_sendrecv_eth0( @@ -10999,16 +13511,22 @@ kernel

)

+Send and receive UDP network traffic on the eth0 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_tftp_port( +corenet_udp_sendrecv_eth1( @@ -11019,16 +13537,22 @@ kernel

)

+Send and receive UDP network traffic on the eth1 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_unspec_node( +corenet_udp_sendrecv_eth2( @@ -11039,16 +13563,22 @@ kernel

)

+Send and receive UDP network traffic on the eth2 interface. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_vnc_port( +corenet_udp_sendrecv_fingerd_port( @@ -11059,16 +13589,22 @@ kernel

)

+Send and receive UDP traffic on the fingerd port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_xserver_port( +corenet_udp_sendrecv_ftp_data_port( @@ -11079,16 +13615,22 @@ kernel

)

+Send and receive UDP traffic on the ftp_data port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_udp_sendrecv_zebra_port( +corenet_udp_sendrecv_ftp_port( @@ -11099,16 +13641,22 @@ kernel

)

+Send and receive UDP traffic on the ftp port. +

-Module: +Module: corenetwork

Layer: kernel

-corenet_unconfined( +corenet_udp_sendrecv_generic_if( @@ -11121,20 +13669,20 @@ kernel

-Unconfined access to network objects. +Send and Receive UDP network traffic on generic interfaces.

-Module: +Module: corenetwork

Layer: kernel

-corenet_use_tun_tap_device( +corenet_udp_sendrecv_generic_node( @@ -11147,20 +13695,20 @@ kernel

-Read and write the TUN/TAP virtual network device. +Send and receive UDP network traffic on generic nodes.

-Module: -cron

-Layer: -services

+Module: +corenetwork

+Layer: +kernel

-cron_read_pipe( +corenet_udp_sendrecv_generic_port( @@ -11173,20 +13721,20 @@ services

-Read a cron daemon unnamed pipe +Send and receive UDP network traffic on generic ports.

-Module: -cron

-Layer: -services

+Module: +corenetwork

+Layer: +kernel

-cron_rw_log( +corenet_udp_sendrecv_howl_port( @@ -11199,20 +13747,20 @@ services

-Read and write the cron daemon log files. +Send and receive UDP traffic on the howl port.

-Module: -cron

-Layer: -services

+Module: +corenetwork

+Layer: +kernel

-cron_search_spool( +corenet_udp_sendrecv_http_cache_port( @@ -11225,20 +13773,20 @@ services

-Search the directory containing user cron tables. +Send and receive UDP traffic on the http_cache port.

-Module: -cron

-Layer: -services

+Module: +corenetwork

+Layer: +kernel

-cron_system_entry( +corenet_udp_sendrecv_http_port( @@ -11246,34 +13794,25 @@ services

domain - - , - - - - entrypoint - - )

-Make the specified program domain accessable -from the system cron jobs. +Send and receive UDP traffic on the http port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_create_dev_node( +corenet_udp_sendrecv_inaddr_any_node( @@ -11281,42 +13820,25 @@ kernel

domain - - , - - - - file - - - - , - - - - objectclass(es) - - )

-Create, read, and write device nodes. The node -will be transitioned to the type provided. +Send and receive UDP traffic on the inaddr_any node.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_create_dir( +corenet_udp_sendrecv_inetd_child_port( @@ -11329,20 +13851,20 @@ kernel

-Create a directory in the device directory. +Send and receive UDP traffic on the inetd_child port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_create_generic_chr_file( +corenet_udp_sendrecv_innd_port( @@ -11355,20 +13877,20 @@ kernel

-Allow read, write, and create for generic character device files. +Send and receive UDP traffic on the innd port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_del_generic_symlinks( +corenet_udp_sendrecv_ipp_port( @@ -11381,20 +13903,20 @@ kernel

-Delete symbolic links in device directories. +Send and receive UDP traffic on the ipp port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_delete_lvm_control( +corenet_udp_sendrecv_ippp0( @@ -11407,20 +13929,20 @@ kernel

-Delete the lvm control device. +Send and receive UDP network traffic on the ippp0 interface.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_getattr_all_blk_files( +corenet_udp_sendrecv_ipsec0( @@ -11433,20 +13955,20 @@ kernel

-Dontaudit getattr on all block file device nodes. +Send and receive UDP network traffic on the ipsec0 interface.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_getattr_all_chr_files( +corenet_udp_sendrecv_ipsec1( @@ -11459,20 +13981,20 @@ kernel

-Dontaudit getattr on all character file device nodes. +Send and receive UDP network traffic on the ipsec1 interface.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_getattr_apm_bios( +corenet_udp_sendrecv_ipsec2( @@ -11485,21 +14007,20 @@ kernel

-Do not audit attempts to get the attributes of -the apm bios device node. +Send and receive UDP network traffic on the ipsec2 interface.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_getattr_generic_blk_file( +corenet_udp_sendrecv_kerberos_admin_port( @@ -11512,20 +14033,20 @@ kernel

-Dontaudit getattr on generic block devices. +Send and receive UDP traffic on the kerberos_admin port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_getattr_generic_chr_file( +corenet_udp_sendrecv_kerberos_master_port( @@ -11538,20 +14059,20 @@ kernel

-Dontaudit getattr for generic character device files. +Send and receive UDP traffic on the kerberos_master port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_getattr_generic_pipe( +corenet_udp_sendrecv_kerberos_port( @@ -11564,20 +14085,20 @@ kernel

-Dontaudit getattr on generic pipes. +Send and receive UDP traffic on the kerberos port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_getattr_misc( +corenet_udp_sendrecv_ktalkd_port( @@ -11590,21 +14111,20 @@ kernel

-Do not audit attempts to get the attributes -of miscellaneous devices. +Send and receive UDP traffic on the ktalkd port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_getattr_scanner( +corenet_udp_sendrecv_ldap_port( @@ -11617,21 +14137,20 @@ kernel

-Do not audit attempts to get the attributes of -the scanner device. +Send and receive UDP traffic on the ldap port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_getattr_video_dev( +corenet_udp_sendrecv_link_local_node( @@ -11644,21 +14163,20 @@ kernel

-Do not audit attempts to get the attributes -of video4linux device nodes. +Send and receive UDP traffic on the link_local node.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_list_all_dev_nodes( +corenet_udp_sendrecv_lo( @@ -11671,20 +14189,20 @@ kernel

-Dontaudit attempts to list all device nodes. +Send and receive UDP network traffic on the lo interface.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_read_framebuffer( +corenet_udp_sendrecv_lo_node( @@ -11697,20 +14215,20 @@ kernel

-Do not audit attempts to read the framebuffer. +Send and receive UDP traffic on the lo node.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_rw_dri_dev( +corenet_udp_sendrecv_mail_port( @@ -11723,20 +14241,20 @@ kernel

-Dontaudit read and write on the dri devices. +Send and receive UDP traffic on the mail port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_rw_generic_dev_nodes( +corenet_udp_sendrecv_mapped_ipv4_node( @@ -11749,20 +14267,20 @@ kernel

-Dontaudit getattr for generic device files. +Send and receive UDP traffic on the mapped_ipv4 node.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_search_sysfs( +corenet_udp_sendrecv_multicast_node( @@ -11775,20 +14293,20 @@ kernel

-Do not audit attempts to search sysfs. +Send and receive UDP traffic on the multicast node.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_setattr_apm_bios( +corenet_udp_sendrecv_mysqld_port( @@ -11801,21 +14319,20 @@ kernel

-Do not audit attempts to set the attributes of -the apm bios device node. +Send and receive UDP traffic on the mysqld port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_setattr_framebuffer( +corenet_udp_sendrecv_nmbd_port( @@ -11828,21 +14345,20 @@ kernel

-Dot not audit attempts to set the attributes -of the framebuffer device node. +Send and receive UDP traffic on the nmbd port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_setattr_generic_blk_file( +corenet_udp_sendrecv_pop_port( @@ -11855,20 +14371,20 @@ kernel

-Dontaudit setattr on generic block devices. +Send and receive UDP traffic on the pop port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_setattr_generic_chr_file( +corenet_udp_sendrecv_portmap_port( @@ -11881,20 +14397,20 @@ kernel

-Dontaudit setattr for generic character device files. +Send and receive UDP traffic on the portmap port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_setattr_misc( +corenet_udp_sendrecv_postgresql_port( @@ -11907,21 +14423,20 @@ kernel

-Do not audit attempts to set the attributes -of miscellaneous devices. +Send and receive UDP traffic on the postgresql port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_setattr_scanner( +corenet_udp_sendrecv_printer_port( @@ -11934,21 +14449,20 @@ kernel

-Do not audit attempts to set the attributes of -the scanner device. +Send and receive UDP traffic on the printer port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_dontaudit_setattr_video_dev( +corenet_udp_sendrecv_pxe_port( @@ -11961,21 +14475,20 @@ kernel

-Do not audit attempts to set the attributes -of video4linux device nodes. +Send and receive UDP traffic on the pxe port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_agp_dev( +corenet_udp_sendrecv_radacct_port( @@ -11988,20 +14501,20 @@ kernel

-Getattr the agp devices. +Send and receive UDP traffic on the radacct port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_all_blk_files( +corenet_udp_sendrecv_radius_port( @@ -12014,20 +14527,20 @@ kernel

-Getattr on all block file device nodes. +Send and receive UDP traffic on the radius port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_all_chr_files( +corenet_udp_sendrecv_reserved_port( @@ -12040,20 +14553,20 @@ kernel

-Getattr on all character file device nodes. +Send and receive UDP network traffic on generic reserved ports.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_apm_bios( +corenet_udp_sendrecv_rsh_port( @@ -12066,20 +14579,20 @@ kernel

-Get the attributes of the apm bios device node. +Send and receive UDP traffic on the rsh port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_framebuffer( +corenet_udp_sendrecv_rsync_port( @@ -12092,20 +14605,20 @@ kernel

-Get the attributes of the framebuffer device node. +Send and receive UDP traffic on the rsync port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_generic_blk_file( +corenet_udp_sendrecv_site_local_node( @@ -12118,20 +14631,20 @@ kernel

-Allow getattr on generic block devices. +Send and receive UDP traffic on the site_local node.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_generic_chr_file( +corenet_udp_sendrecv_smbd_port( @@ -12144,20 +14657,20 @@ kernel

-Allow getattr for generic character device files. +Send and receive UDP traffic on the smbd port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_misc( +corenet_udp_sendrecv_smtp_port( @@ -12170,20 +14683,20 @@ kernel

-Get the attributes of miscellaneous devices. +Send and receive UDP traffic on the smtp port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_mouse( +corenet_udp_sendrecv_snmp_port( @@ -12196,20 +14709,20 @@ kernel

-Get the attributes of the mouse devices. +Send and receive UDP traffic on the snmp port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_power_management( +corenet_udp_sendrecv_ssh_port( @@ -12222,20 +14735,20 @@ kernel

-Get the attributes of the the power management device. +Send and receive UDP traffic on the ssh port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_scanner( +corenet_udp_sendrecv_swat_port( @@ -12248,20 +14761,20 @@ kernel

-Get the attributes of the scanner device. +Send and receive UDP traffic on the swat port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_snd_dev( +corenet_udp_sendrecv_syslogd_port( @@ -12274,20 +14787,20 @@ kernel

-Get the attributes of the sound devices. +Send and receive UDP traffic on the syslogd port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_sysfs_dir( +corenet_udp_sendrecv_telnetd_port( @@ -12300,20 +14813,20 @@ kernel

-Get the attributes of sysfs directories. +Send and receive UDP traffic on the telnetd port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_getattr_video_dev( +corenet_udp_sendrecv_tftp_port( @@ -12326,20 +14839,20 @@ kernel

-Get the attributes of video4linux devices. +Send and receive UDP traffic on the tftp port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_list_all_dev_nodes( +corenet_udp_sendrecv_unspec_node( @@ -12352,20 +14865,20 @@ kernel

-List all of the device nodes in a device directory. +Send and receive UDP traffic on the unspec node.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_list_usbfs( +corenet_udp_sendrecv_vnc_port( @@ -12378,20 +14891,20 @@ kernel

-Allow caller to get a list of usb hardware. +Send and receive UDP traffic on the vnc port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_manage_all_blk_files( +corenet_udp_sendrecv_xserver_port( @@ -12404,20 +14917,20 @@ kernel

-Read, write, create, and delete all block device files. +Send and receive UDP traffic on the xserver port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_manage_all_chr_files( +corenet_udp_sendrecv_zebra_port( @@ -12430,20 +14943,20 @@ kernel

-Read, write, create, and delete all character device files. +Send and receive UDP traffic on the zebra port.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_manage_dev_nodes( +corenet_unconfined( @@ -12456,20 +14969,20 @@ kernel

-Create, delete, read, and write device nodes in device directories. +Unconfined access to network objects.

-Module: -devices

+Module: +corenetwork

Layer: kernel

-dev_manage_generic_blk_file( +corenet_use_tun_tap_device( @@ -12482,21 +14995,20 @@ kernel

-Allow read, write, create, and delete for generic -block files. +Read and write the TUN/TAP virtual network device.

-Module: -devices

-Layer: -kernel

+Module: +cron

+Layer: +services

-dev_manage_generic_blk_file( +cron_read_pipe( @@ -12509,20 +15021,20 @@ kernel

-Create, delete, read, and write block device files. +Read a cron daemon unnamed pipe

-Module: -devices

-Layer: -kernel

+Module: +cron

+Layer: +services

-dev_manage_generic_chr_file( +cron_rw_log( @@ -12535,20 +15047,20 @@ kernel

-Create, delete, read, and write character device files. +Read and write the cron daemon log files.

-Module: -devices

-Layer: -kernel

+Module: +cron

+Layer: +services

-dev_manage_generic_symlinks( +cron_search_spool( @@ -12561,20 +15073,20 @@ kernel

-Create, delete, read, and write symbolic links in device directories. +Search the directory containing user cron tables.

-Module: -devices

-Layer: -kernel

+Module: +cron

+Layer: +services

-dev_mount_usbfs( +cron_system_entry( @@ -12582,30 +15094,55 @@ kernel

domain + + , + + + + entrypoint + + )

-Mount a usbfs filesystem. +Make the specified program domain accessable +from the system cron jobs.

-Module: +Module: devices

Layer: kernel

-dev_node( +dev_create_dev_node( - object_type + domain + + + + , + + + + file + + + + , + + + + objectclass(es) )
@@ -12613,21 +15150,21 @@ kernel

-Make the passed in type a type appropriate for -use on device nodes (usually files in /dev). +Create, read, and write device nodes. The node +will be transitioned to the type provided.

-Module: +Module: devices

Layer: kernel

-dev_read_cpuid( +dev_create_dir( @@ -12640,20 +15177,20 @@ kernel

-Read the multiplexed input device (/dev/input). +Create a directory in the device directory.

-Module: +Module: devices

Layer: kernel

-dev_read_framebuffer( +dev_create_generic_chr_file( @@ -12666,20 +15203,20 @@ kernel

-Read the framebuffer. +Allow read, write, and create for generic character device files.

-Module: +Module: devices

Layer: kernel

-dev_read_input( +dev_del_generic_symlinks( @@ -12692,20 +15229,20 @@ kernel

-Read the multiplexed input device (/dev/input). +Delete symbolic links in device directories.

-Module: +Module: devices

Layer: kernel

-dev_read_lvm_control( +dev_delete_lvm_control( @@ -12718,20 +15255,20 @@ kernel

-Read the lvm comtrol device. +Delete the lvm control device.

-Module: +Module: devices

Layer: kernel

-dev_read_misc( +dev_dontaudit_getattr_all_blk_files( @@ -12744,20 +15281,20 @@ kernel

-Read miscellaneous devices. +Dontaudit getattr on all block file device nodes.

-Module: +Module: devices

Layer: kernel

-dev_read_mouse( +dev_dontaudit_getattr_all_chr_files( @@ -12770,20 +15307,20 @@ kernel

-Read the mouse devices. +Dontaudit getattr on all character file device nodes.

-Module: +Module: devices

Layer: kernel

-dev_read_mtrr( +dev_dontaudit_getattr_apm_bios( @@ -12796,20 +15333,21 @@ kernel

-Read the mtrr device. +Do not audit attempts to get the attributes of +the apm bios device node.

-Module: +Module: devices

Layer: kernel

-dev_read_rand( +dev_dontaudit_getattr_generic_blk_file( @@ -12822,20 +15360,20 @@ kernel

-Read from random devices (e.g., /dev/random) +Dontaudit getattr on generic block devices.

-Module: +Module: devices

Layer: kernel

-dev_read_raw_memory( +dev_dontaudit_getattr_generic_chr_file( @@ -12848,20 +15386,20 @@ kernel

-Read raw memory devices (e.g. /dev/mem). +Dontaudit getattr for generic character device files.

-Module: +Module: devices

Layer: kernel

-dev_read_realtime_clock( +dev_dontaudit_getattr_generic_pipe( @@ -12874,20 +15412,20 @@ kernel

-Read the realtime clock (/dev/rtc). +Dontaudit getattr on generic pipes.

-Module: +Module: devices

Layer: kernel

-dev_read_snd_dev( +dev_dontaudit_getattr_misc( @@ -12900,20 +15438,21 @@ kernel

-Read the sound devices. +Do not audit attempts to get the attributes +of miscellaneous devices.

-Module: +Module: devices

Layer: kernel

-dev_read_snd_mixer_dev( +dev_dontaudit_getattr_scanner( @@ -12926,20 +15465,21 @@ kernel

-Read the sound mixer devices. +Do not audit attempts to get the attributes of +the scanner device.

-Module: +Module: devices

Layer: kernel

-dev_read_sysfs( +dev_dontaudit_getattr_video_dev( @@ -12952,20 +15492,21 @@ kernel

-Allow caller to read hardware state information. +Do not audit attempts to get the attributes +of video4linux device nodes.

-Module: +Module: devices

Layer: kernel

-dev_read_urand( +dev_dontaudit_list_all_dev_nodes( @@ -12978,20 +15519,20 @@ kernel

-Read from pseudo random devices (e.g., /dev/urandom) +Dontaudit attempts to list all device nodes.

-Module: +Module: devices

Layer: kernel

-dev_read_usbfs( +dev_dontaudit_read_framebuffer( @@ -13004,21 +15545,20 @@ kernel

-Read USB hardware information using -the usbfs filesystem interface. +Do not audit attempts to read the framebuffer.

-Module: +Module: devices

Layer: kernel

-dev_relabel_all_dev_nodes( +dev_dontaudit_rw_cardmgr( @@ -13031,20 +15571,21 @@ kernel

-Allow full relabeling (to and from) of all device nodes. +Do not audit attempts to read and +write the PCMCIA card manager device.

-Module: +Module: devices

Layer: kernel

-dev_relabel_dev_dirs( +dev_dontaudit_rw_dri_dev( @@ -13057,20 +15598,20 @@ kernel

-Allow full relabeling (to and from) of directories in /dev. +Dontaudit read and write on the dri devices.

-Module: +Module: devices

Layer: kernel

-dev_relabel_generic_symlinks( +dev_dontaudit_rw_generic_dev_nodes( @@ -13083,20 +15624,20 @@ kernel

-Relabel symbolic links in device directories. +Dontaudit getattr for generic device files.

-Module: +Module: devices

Layer: kernel

-dev_rw_agp_dev( +dev_dontaudit_search_sysfs( @@ -13109,20 +15650,20 @@ kernel

-Read and write the agp devices. +Do not audit attempts to search sysfs.

-Module: +Module: devices

Layer: kernel

-dev_rw_apm_bios( +dev_dontaudit_setattr_apm_bios( @@ -13135,20 +15676,21 @@ kernel

-Read and write the apm bios. +Do not audit attempts to set the attributes of +the apm bios device node.

-Module: +Module: devices

Layer: kernel

-dev_rw_cpu_microcode( +dev_dontaudit_setattr_framebuffer( @@ -13161,21 +15703,21 @@ kernel

-Read and write the the cpu microcode device. This -is required to load cpu microcode. +Dot not audit attempts to set the attributes +of the framebuffer device node.

-Module: +Module: devices

Layer: kernel

-dev_rw_dri_dev( +dev_dontaudit_setattr_generic_blk_file( @@ -13188,20 +15730,20 @@ kernel

-Read and write the dri devices. +Dontaudit setattr on generic block devices.

-Module: +Module: devices

Layer: kernel

-dev_rw_lvm_control( +dev_dontaudit_setattr_generic_chr_file( @@ -13214,20 +15756,20 @@ kernel

-Read and write the lvm control device. +Dontaudit setattr for generic character device files.

-Module: +Module: devices

Layer: kernel

-dev_rw_null_dev( +dev_dontaudit_setattr_generic_symlink( @@ -13240,20 +15782,21 @@ kernel

-Read and write to the null device (/dev/null). +Do not audit attempts to set the attributes +of symbolic links in device directories (/dev).

-Module: +Module: devices

Layer: kernel

-dev_rw_power_management( +dev_dontaudit_setattr_misc( @@ -13266,20 +15809,21 @@ kernel

-Read and write the the power management device. +Do not audit attempts to set the attributes +of miscellaneous devices.

-Module: +Module: devices

Layer: kernel

-dev_rw_realtime_clock( +dev_dontaudit_setattr_scanner( @@ -13292,20 +15836,21 @@ kernel

-Read the realtime clock (/dev/rtc). +Do not audit attempts to set the attributes of +the scanner device.

-Module: +Module: devices

Layer: kernel

-dev_rw_scanner( +dev_dontaudit_setattr_video_dev( @@ -13318,20 +15863,21 @@ kernel

-Read and write the scanner device. +Do not audit attempts to set the attributes +of video4linux device nodes.

-Module: +Module: devices

Layer: kernel

-dev_rw_sysfs( +dev_getattr_agp_dev( @@ -13344,20 +15890,20 @@ kernel

-Allow caller to modify hardware state information. +Getattr the agp devices.

-Module: +Module: devices

Layer: kernel

-dev_rw_usbfs( +dev_getattr_all_blk_files( @@ -13370,20 +15916,20 @@ kernel

-Allow caller to modify usb hardware configuration files. +Getattr on all block file device nodes.

-Module: +Module: devices

Layer: kernel

-dev_rw_zero_dev( +dev_getattr_all_chr_files( @@ -13396,20 +15942,20 @@ kernel

-Read and write to the zero device (/dev/zero). +Getattr on all character file device nodes.

-Module: +Module: devices

Layer: kernel

-dev_rwx_zero_dev( +dev_getattr_apm_bios( @@ -13422,20 +15968,20 @@ kernel

-Read, write, and execute the zero device (/dev/zero). +Get the attributes of the apm bios device node.

-Module: +Module: devices

Layer: kernel

-dev_rx_raw_memory( +dev_getattr_framebuffer( @@ -13448,20 +15994,20 @@ kernel

-Read and execute raw memory devices (e.g. /dev/mem). +Get the attributes of the framebuffer device node.

-Module: +Module: devices

Layer: kernel

-dev_search_sysfs( +dev_getattr_generic_blk_file( @@ -13474,20 +16020,20 @@ kernel

-Search sysfs. +Allow getattr on generic block devices.

-Module: +Module: devices

Layer: kernel

-dev_search_usbfs( +dev_getattr_generic_chr_file( @@ -13500,20 +16046,20 @@ kernel

-Search the directory containing USB hardware information. +Allow getattr for generic character device files.

-Module: +Module: devices

Layer: kernel

-dev_setattr_all_blk_files( +dev_getattr_misc( @@ -13526,20 +16072,20 @@ kernel

-Setattr on all block file device nodes. +Get the attributes of miscellaneous devices.

-Module: +Module: devices

Layer: kernel

-dev_setattr_all_chr_files( +dev_getattr_mouse( @@ -13552,20 +16098,20 @@ kernel

-Setattr on all character file device nodes. +Get the attributes of the mouse devices.

-Module: +Module: devices

Layer: kernel

-dev_setattr_apm_bios( +dev_getattr_power_management( @@ -13578,20 +16124,20 @@ kernel

-Set the attributes of the apm bios device node. +Get the attributes of the the power management device.

-Module: +Module: devices

Layer: kernel

-dev_setattr_framebuffer( +dev_getattr_scanner( @@ -13604,20 +16150,20 @@ kernel

-Set the attributes of the framebuffer device node. +Get the attributes of the scanner device.

-Module: +Module: devices

Layer: kernel

-dev_setattr_misc( +dev_getattr_snd_dev( @@ -13630,20 +16176,20 @@ kernel

-Set the attributes of miscellaneous devices. +Get the attributes of the sound devices.

-Module: +Module: devices

Layer: kernel

-dev_setattr_mouse( +dev_getattr_sysfs_dir( @@ -13656,20 +16202,20 @@ kernel

-Set the attributes of the mouse devices. +Get the attributes of sysfs directories.

-Module: +Module: devices

Layer: kernel

-dev_setattr_power_management( +dev_getattr_usbfs_dir( @@ -13682,20 +16228,20 @@ kernel

-Set the attributes of the the power management device. +Get the attributes of a directory in the usb filesystem.

-Module: +Module: devices

Layer: kernel

-dev_setattr_scanner( +dev_getattr_video_dev( @@ -13708,20 +16254,20 @@ kernel

-Set the attributes of the scanner device. +Get the attributes of video4linux devices.

-Module: +Module: devices

Layer: kernel

-dev_setattr_snd_dev( +dev_list_all_dev_nodes( @@ -13734,20 +16280,20 @@ kernel

-Set the attributes of the sound devices. +List all of the device nodes in a device directory.

-Module: +Module: devices

Layer: kernel

-dev_setattr_video_dev( +dev_list_sysfs( @@ -13760,20 +16306,20 @@ kernel

-Set the attributes of video4linux device nodes. +List the contents of the sysfs directories.

-Module: +Module: devices

Layer: kernel

-dev_unconfined( +dev_list_usbfs( @@ -13786,20 +16332,20 @@ kernel

-Unconfined access to devices. +Allow caller to get a list of usb hardware.

-Module: +Module: devices

Layer: kernel

-dev_write_framebuffer( +dev_manage_all_blk_files( @@ -13812,20 +16358,20 @@ kernel

-Write the framebuffer. +Read, write, create, and delete all block device files.

-Module: +Module: devices

Layer: kernel

-dev_write_misc( +dev_manage_all_chr_files( @@ -13838,20 +16384,20 @@ kernel

-Write miscellaneous devices. +Read, write, create, and delete all character device files.

-Module: +Module: devices

Layer: kernel

-dev_write_mtrr( +dev_manage_dev_nodes( @@ -13864,20 +16410,20 @@ kernel

-Write the mtrr device. +Create, delete, read, and write device nodes in device directories.

-Module: +Module: devices

Layer: kernel

-dev_write_rand( +dev_manage_generic_blk_file( @@ -13890,22 +16436,21 @@ kernel

-Write to the random device (e.g., /dev/random). This adds -entropy used to generate the random data read from the -random device. +Allow read, write, create, and delete for generic +block files.

-Module: +Module: devices

Layer: kernel

-dev_write_raw_memory( +dev_manage_generic_blk_file( @@ -13918,20 +16463,20 @@ kernel

-Write raw memory devices (e.g. /dev/mem). +Create, delete, read, and write block device files.

-Module: +Module: devices

Layer: kernel

-dev_write_realtime_clock( +dev_manage_generic_chr_file( @@ -13944,20 +16489,20 @@ kernel

-Read the realtime clock (/dev/rtc). +Create, delete, read, and write character device files.

-Module: +Module: devices

Layer: kernel

-dev_write_snd_dev( +dev_manage_generic_symlinks( @@ -13970,20 +16515,20 @@ kernel

-Write the sound devices. +Create, delete, read, and write symbolic links in device directories.

-Module: +Module: devices

Layer: kernel

-dev_write_snd_mixer_dev( +dev_mount_usbfs( @@ -13996,25 +16541,25 @@ kernel

-Write the sound mixer devices. +Mount a usbfs filesystem.

-Module: +Module: devices

Layer: kernel

-dev_write_urand( +dev_node( - domain + object_type )
@@ -14022,21 +16567,21 @@ kernel

-Write to the pseudo random device (e.g., /dev/urandom). This -sets the random number generator seed. +Make the passed in type a type appropriate for +use on device nodes (usually files in /dev).

-Module: +Module: devices

Layer: kernel

-dev_wx_raw_memory( +dev_read_cpuid( @@ -14049,20 +16594,20 @@ kernel

-Write and execute raw memory devices (e.g. /dev/mem). +Read the CPU identity.

-Module: -dmesg

-Layer: -admin

+Module: +devices

+Layer: +kernel

-dmesg_domtrans( +dev_read_framebuffer( @@ -14073,16 +16618,22 @@ admin

)

+Read the framebuffer. +

-Module: -dmesg

-Layer: -admin

+Module: +devices

+Layer: +kernel

-dmesg_exec( +dev_read_input( @@ -14093,21 +16644,27 @@ admin

)

+Read input event devices (/dev/input). +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_base_domain_type( +dev_read_lvm_control( - ? + domain )
@@ -14115,20 +16672,20 @@ system

-Summary is missing! +Read the lvm comtrol device.

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_dontaudit_getattr_all_tcp_sockets( +dev_read_misc( @@ -14139,16 +16696,22 @@ system

)

+Read miscellaneous devices. +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_dontaudit_getattr_all_udp_sockets( +dev_read_mouse( @@ -14159,16 +16722,22 @@ system

)

+Read the mouse devices. +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_dontaudit_getattr_all_unix_dgram_sockets( +dev_read_mtrr( @@ -14179,16 +16748,22 @@ system

)

+Read the mtrr device. +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_dontaudit_getattr_all_unnamed_pipes( +dev_read_rand( @@ -14199,16 +16774,22 @@ system

)

+Read from random devices (e.g., /dev/random) +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_dontaudit_list_all_domains_proc( +dev_read_raw_memory( @@ -14219,21 +16800,27 @@ system

)

+Read raw memory devices (e.g. /dev/mem). +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_dontaudit_use_wide_inherit_fd( +dev_read_realtime_clock( - ? + domain )
@@ -14241,25 +16828,25 @@ system

-Summary is missing! +Read the realtime clock (/dev/rtc).

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_dyntrans_type( +dev_read_snd_dev( - ? + domain )
@@ -14267,25 +16854,25 @@ system

-Summary is missing! +Read the sound devices.

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_entry_file( +dev_read_snd_mixer_dev( - ? + domain )
@@ -14293,25 +16880,25 @@ system

-Summary is missing! +Read the sound mixer devices.

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_exec_all_entry_files( +dev_read_sysfs( - ? + domain )
@@ -14319,20 +16906,20 @@ system

-Summary is missing! +Allow caller to read hardware state information.

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_getsession_all_domains( +dev_read_urand( @@ -14343,16 +16930,22 @@ system

)

+Read from pseudo random devices (e.g., /dev/urandom) +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_kill_all_domains( +dev_read_usbfs( @@ -14363,16 +16956,23 @@ system

)

+Read USB hardware information using +the usbfs filesystem interface. +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_obj_id_change_exempt( +dev_relabel_all_dev_nodes( @@ -14383,16 +16983,22 @@ system

)

+Allow full relabeling (to and from) of all device nodes. +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_read_all_domains_state( +dev_relabel_dev_dirs( @@ -14403,21 +17009,27 @@ system

)

+Allow full relabeling (to and from) of directories in /dev. +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_read_all_entry_files( +dev_relabel_generic_symlinks( - ? + domain )
@@ -14425,20 +17037,20 @@ system

-Summary is missing! +Relabel symbolic links in device directories.

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_role_change_exempt( +dev_rw_agp_dev( @@ -14449,21 +17061,27 @@ system

)

+Read and write the agp devices. +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_setpriority_all_domains( +dev_rw_apm_bios( - ? + domain )
@@ -14471,20 +17089,20 @@ system

-Summary is missing! +Read and write the apm bios.

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_sigchld_all_domains( +dev_rw_cpu_microcode( @@ -14495,16 +17113,23 @@ system

)

+Read and write the the CPU microcode device. This +is required to load CPU microcode. +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_sigchld_wide_inherit_fd( +dev_rw_dri_dev( @@ -14517,21 +17142,20 @@ system

-Send a SIGCHLD signal to domains whose file -discriptors are widely inheritable. +Read and write the dri devices.

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_signal_all_domains( +dev_rw_generic_file( @@ -14542,16 +17166,22 @@ system

)

+Read and write generic files in /dev. +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_signull_all_domains( +dev_rw_lvm_control( @@ -14562,16 +17192,22 @@ system

)

+Read and write the lvm control device. +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_sigstop_all_domains( +dev_rw_null_dev( @@ -14582,16 +17218,22 @@ system

)

+Read and write to the null device (/dev/null). +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_subj_id_change_exempt( +dev_rw_power_management( @@ -14602,21 +17244,27 @@ system

)

+Read and write the the power management device. +

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_type( +dev_rw_realtime_clock( - ? + domain )
@@ -14624,20 +17272,20 @@ system

-Summary is missing! +Read and set the realtime clock (/dev/rtc).

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_unconfined( +dev_rw_scanner( @@ -14650,25 +17298,25 @@ system

-Unconfined access to domains. +Read and write the scanner device.

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_use_wide_inherit_fd( +dev_rw_sysfs( - ? + domain )
@@ -14676,25 +17324,25 @@ system

-Summary is missing! +Allow caller to modify hardware state information.

-Module: -domain

-Layer: -system

+Module: +devices

+Layer: +kernel

-domain_wide_inherit_fd( +dev_rw_usbfs( - ? + domain )
@@ -14702,25 +17350,25 @@ system

-Summary is missing! +Allow caller to modify usb hardware configuration files.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_create_boot_flag( +dev_rw_zero_dev( - ? + domain )
@@ -14728,25 +17376,25 @@ system

-Summary is missing! +Read and write to the zero device (/dev/zero).

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_create_etc_config( +dev_rwx_zero_dev( - ? + domain )
@@ -14754,20 +17402,20 @@ system

-Summary is missing! +Read, write, and execute the zero device (/dev/zero).

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_create_home_dirs( +dev_rx_raw_memory( @@ -14775,38 +17423,30 @@ system

domain - - , - - - - home_type - - )

-Create home directories +Read and execute raw memory devices (e.g. /dev/mem).

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_create_lock( +dev_search_sysfs( - ? + domain )
@@ -14814,25 +17454,25 @@ system

-Summary is missing! +Search the sysfs directories.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_create_pid( +dev_search_usbfs( - ? + domain )
@@ -14840,20 +17480,20 @@ system

-Summary is missing! +Search the directory containing USB hardware information.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_create_root( +dev_setattr_all_blk_files( @@ -14861,48 +17501,30 @@ system

domain - - , - - - - [ - - private type - - ] - - - - , - - - - [ - - object - - ] - - )

+Setattr on all block file device nodes. +

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_create_tmp_files( +dev_setattr_all_chr_files( - ? + domain )
@@ -14910,25 +17532,25 @@ system

-Summary is missing! +Setattr on all character file device nodes.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_delete_all_locks( +dev_setattr_apm_bios( - ? + domain )
@@ -14936,25 +17558,25 @@ system

-Summary is missing! +Set the attributes of the apm bios device node.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_delete_all_pids( +dev_setattr_dev_dir( - ? + domain )
@@ -14962,25 +17584,25 @@ system

-Summary is missing! +Set the attributes of /dev directories.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_delete_all_tmp_files( +dev_setattr_framebuffer( - ? + domain )
@@ -14988,20 +17610,20 @@ system

-Summary is missing! +Set the attributes of the framebuffer device node.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_delete_etc_files( +dev_setattr_misc( @@ -15012,21 +17634,27 @@ system

)

+Set the attributes of miscellaneous devices. +

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_delete_root_dir_entry( +dev_setattr_mouse( - ? + domain )
@@ -15034,20 +17662,20 @@ system

-Summary is missing! +Set the attributes of the mouse devices.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_dontaudit_ioctl_all_pids( +dev_setattr_power_management( @@ -15058,21 +17686,27 @@ system

)

+Set the attributes of the the power management device. +

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_dontaudit_read_root_file( +dev_setattr_printer( - ? + domain )
@@ -15080,25 +17714,25 @@ system

-Summary is missing! +Set the attributes of the printer device nodes.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_dontaudit_rw_root_chr_dev( +dev_setattr_scanner( - ? + domain )
@@ -15106,25 +17740,25 @@ system

-Summary is missing! +Set the attributes of the scanner device.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_dontaudit_rw_root_file( +dev_setattr_snd_dev( - ? + domain )
@@ -15132,25 +17766,25 @@ system

-Summary is missing! +Set the attributes of the sound devices.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_dontaudit_search_all_dirs( +dev_setattr_video_dev( - ? + domain )
@@ -15158,20 +17792,20 @@ system

-Summary is missing! +Set the attributes of video4linux device nodes.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_dontaudit_search_isid_type_dir( +dev_unconfined( @@ -15184,26 +17818,25 @@ system

-Do not audit attempts to search directories on new filesystems -that have not yet been labeled. +Unconfined access to devices.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_dontaudit_search_pids( +dev_write_framebuffer( - ? + domain )
@@ -15211,25 +17844,25 @@ system

-Summary is missing! +Write the framebuffer.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_dontaudit_search_var( +dev_write_misc( - ? + domain )
@@ -15237,20 +17870,20 @@ system

-Summary is missing! +Write miscellaneous devices.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_dontaudit_write_all_pids( +dev_write_mtrr( @@ -15261,21 +17894,27 @@ system

)

+Write the mtrr device. +

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_exec_etc_files( +dev_write_rand( - ? + domain )
@@ -15283,20 +17922,22 @@ system

-Summary is missing! +Write to the random device (e.g., /dev/random). This adds +entropy used to generate the random data read from the +random device.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_exec_usr_files( +dev_write_raw_memory( @@ -15307,21 +17948,27 @@ system

)

+Write raw memory devices (e.g. /dev/mem). +

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_getattr_all_files( +dev_write_realtime_clock( - ? + domain )
@@ -15329,25 +17976,25 @@ system

-Summary is missing! +Set the realtime clock (/dev/rtc).

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_getattr_generic_locks( +dev_write_snd_dev( - ? + domain )
@@ -15355,25 +18002,25 @@ system

-Summary is missing! +Write the sound devices.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_list_all_dirs( +dev_write_snd_mixer_dev( - ? + domain )
@@ -15381,25 +18028,25 @@ system

-Summary is missing! +Write the sound mixer devices.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_list_etc( +dev_write_urand( - ? + domain )
@@ -15407,20 +18054,21 @@ system

-Summary is missing! +Write to the pseudo random device (e.g., /dev/urandom). This +sets the random number generator seed.

-Module: -files

-Layer: -system

+Module: +devices

+Layer: +kernel

-files_list_home( +dev_wx_raw_memory( @@ -15433,25 +18081,25 @@ system

-Get listing of home directories. +Write and execute raw memory devices (e.g. /dev/mem).

-Module: -files

-Layer: -system

+Module: +dmesg

+Layer: +admin

-files_list_mnt( +dmesg_domtrans( - ? + domain )
@@ -15459,25 +18107,25 @@ system

-Summary is missing! +Execute dmesg in the dmesg domain.

-Module: -files

-Layer: -system

+Module: +dmesg

+Layer: +admin

-files_list_pids( +dmesg_exec( - ? + domain )
@@ -15485,20 +18133,20 @@ system

-Summary is missing! +Execute dmesg in the caller domain.

-Module: -files

+Module: +domain

Layer: system

 
-files_list_root(
+domain_base_domain_type(
 	
@@ -15518,18 +18166,18 @@ Summary is missing!

-Module: -files

+Module: +domain

Layer: system

-files_list_spool( +domain_dontaudit_getattr_all_sockets( - ? + domain )
@@ -15537,25 +18185,26 @@ system

-Summary is missing! +Do not audit attempts to get the attributes +of all domains sockets, for all socket types.

-Module: -files

+Module: +domain

Layer: system

-files_lock_file( +domain_dontaudit_getattr_all_tcp_sockets( - ? + domain )
@@ -15563,20 +18212,21 @@ system

-Summary is missing! +Do not audit attempts to get the attributes +of all domains TCP sockets.

-Module: -files

+Module: +domain

Layer: system

-files_manage_all_files( +domain_dontaudit_getattr_all_udp_sockets( @@ -15584,88 +18234,71 @@ system

domain - - , - - - - [ - - exception_types - - ] - - )

+Do not audit attempts to get the attributes +of all domains UDP sockets. +

-Module: -files

+Module: +domain

Layer: system

 
-files_manage_etc_files(
+domain_dontaudit_getattr_all_unix_dgram_sockets(
 	
-		?
+		domain
 		
 	)

-Summary is missing! -

-Module: -files

+Module: +domain

Layer: system

 
-files_manage_etc_runtime_files(
+domain_dontaudit_getattr_all_unnamed_pipes(
 	
-		?
+		domain
 		
 	)

-Summary is missing! -

-Module: -files

+Module: +domain

Layer: system

-files_manage_generic_locks( +domain_dontaudit_getsession_all_domains( - ? + domain )
@@ -15673,51 +18306,46 @@ system

-Summary is missing! +Do not audit attempts to get the +session ID of all domains.

-Module: -files

+Module: +domain

Layer: system

 
-files_manage_generic_spool_dirs(
+domain_dontaudit_list_all_domains_proc(
 	
-		?
+		domain
 		
 	)

-Summary is missing! -

-Module: -files

+Module: +domain

Layer: system

-files_manage_generic_spools( +domain_dontaudit_read_all_domains_state( - ? + domain )
@@ -15725,20 +18353,21 @@ system

-Summary is missing! +Do not audit attempts to read the process +state (/proc/pid) of all domains.

-Module: -files

+Module: +domain

Layer: system

-files_manage_isid_type_blk_node( +domain_dontaudit_rw_all_key_sockets( @@ -15751,21 +18380,21 @@ system

-Create, read, write, and delete block device nodes -on new filesystems that have not yet been labeled. +Do not audit attempts to read or write +all domains key sockets.

-Module: -files

+Module: +domain

Layer: system

-files_manage_isid_type_chr_node( +domain_dontaudit_rw_all_udp_sockets( @@ -15778,26 +18407,26 @@ system

-Create, read, write, and delete character device nodes -on new filesystems that have not yet been labeled. +Do not audit attempts to read or write +all domains UDP sockets.

-Module: -files

+Module: +domain

Layer: system

-files_manage_isid_type_dir( +domain_dontaudit_use_wide_inherit_fd( - domain + ? )
@@ -15805,26 +18434,25 @@ system

-Create, read, write, and delete directories -on new filesystems that have not yet been labeled. +Summary is missing!

-Module: -files

+Module: +domain

Layer: system

-files_manage_isid_type_file( +domain_dyntrans_type( - domain + ? )
@@ -15832,26 +18460,25 @@ system

-Create, read, write, and delete files -on new filesystems that have not yet been labeled. +Summary is missing!

-Module: -files

+Module: +domain

Layer: system

-files_manage_isid_type_symlink( +domain_entry_file( - domain + ? )
@@ -15859,26 +18486,25 @@ system

-Create, read, write, and delete symbolic links -on new filesystems that have not yet been labeled. +Summary is missing!

-Module: -files

+Module: +domain

Layer: system

-files_manage_lost_found( +domain_exec_all_entry_files( - domain + ? )
@@ -15886,26 +18512,25 @@ system

-Create, read, write, and delete objects in -lost+found directories. +Summary is missing!

-Module: -files

+Module: +domain

Layer: system

-files_manage_urandom_seed( +domain_getattr_all_sockets( - ? + domain )
@@ -15913,25 +18538,26 @@ system

-Summary is missing! +Get the attributes of all domains +sockets, for all socket types.

-Module: -files

+Module: +domain

Layer: system

-files_mount_all_file_type_fs( +domain_getsession_all_domains( - ? + domain )
@@ -15939,77 +18565,65 @@ system

-Summary is missing! +Get the session ID of all domains.

-Module: -files

+Module: +domain

Layer: system

 
-files_mounton_all_mountpoints(
+domain_kill_all_domains(
 	
-		?
+		domain
 		
 	)

-Summary is missing! -

-Module: -files

+Module: +domain

Layer: system

 
-files_mountpoint(
+domain_obj_id_change_exempt(
 	
-		?
+		domain
 		
 	)

-Summary is missing! -

-Module: -files

+Module: +domain

Layer: system

-files_pid_file( +domain_read_all_domains_state( - ? + domain )
@@ -16017,20 +18631,20 @@ system

-Summary is missing! +Read the process state (/proc/pid) of all domains.

-Module: -files

+Module: +domain

Layer: system

 
-files_read_all_pids(
+domain_read_all_entry_files(
 	
@@ -16050,39 +18664,33 @@ Summary is missing!

-Module: -files

+Module: +domain

Layer: system

 
-files_read_etc_files(
+domain_role_change_exempt(
 	
-		?
+		domain
 		
 	)

-Summary is missing! -

-Module: -files

+Module: +domain

Layer: system

 
-files_read_etc_runtime_files(
+domain_setpriority_all_domains(
 	
@@ -16102,44 +18710,38 @@ Summary is missing!

-Module: -files

+Module: +domain

Layer: system

 
-files_read_generic_spools(
+domain_sigchld_all_domains(
 	
-		?
+		domain
 		
 	)

-Summary is missing! -

-Module: -files

+Module: +domain

Layer: system

-files_read_usr_files( +domain_sigchld_wide_inherit_fd( - ? + domain )
@@ -16147,46 +18749,41 @@ system

-Summary is missing! +Send a SIGCHLD signal to domains whose file +discriptors are widely inheritable.

-Module: -files

+Module: +domain

Layer: system

 
-files_read_usr_src_files(
+domain_signal_all_domains(
 	
-		?
+		domain
 		
 	)

-Summary is missing! -

-Module: -files

+Module: +domain

Layer: system

-files_read_var_files( +domain_signull_all_domains( @@ -16197,22 +18794,16 @@ system

)

-Read files in the /var directory. -

-Module: -files

+Module: +domain

Layer: system

-files_relabel_all_files( +domain_sigstop_all_domains( @@ -16220,16 +18811,24 @@ system

domain + )
+

+ +

+Module: +domain

+Layer: +system

+ +domain_subj_id_change_exempt( + - , - - - - [ - exception_types - ] + domain )
@@ -16238,13 +18837,13 @@ system

-Module: -files

+Module: +domain

Layer: system

 
-files_relabelto_all_file_type_fs(
+domain_type(
 	
@@ -16264,18 +18863,18 @@ Summary is missing!

-Module: -files

+Module: +domain

Layer: system

-files_rw_etc_files( +domain_unconfined( - ? + domain )
@@ -16283,20 +18882,20 @@ system

-Summary is missing! +Unconfined access to domains.

-Module: -files

+Module: +domain

Layer: system

 
-files_rw_generic_pids(
+domain_use_wide_inherit_fd(
 	
@@ -16316,18 +18915,18 @@ Summary is missing!

-Module: -files

+Module: +domain

Layer: system

-files_rw_isid_type_blk_node( +domain_wide_inherit_fd( - domain + ? )
@@ -16335,26 +18934,25 @@ system

-Read and write block device nodes on new filesystems -that have not yet been labeled. +Summary is missing!

-Module: +Module: files

Layer: system

-files_rw_isid_type_dir( +files_create_boot_flag( - domain + ? )
@@ -16362,21 +18960,20 @@ system

-Read and write directories on new filesystems -that have not yet been labeled. +Summary is missing!

-Module: +Module: files

Layer: system

 
-files_search_all_dirs(
+files_create_etc_config(
 	
@@ -16396,18 +18993,26 @@ Summary is missing!

-Module: +Module: files

Layer: system

-files_search_etc( +files_create_home_dirs( - ? + domain + + + + , + + + + home_type )
@@ -16415,20 +19020,20 @@ system

-Summary is missing! +Create home directories

-Module: +Module: files

Layer: system

 
-files_search_generic_locks(
+files_create_lock(
 	
@@ -16448,18 +19053,18 @@ Summary is missing!

-Module: +Module: files

Layer: system

-files_search_home( +files_create_pid( - domain + ? )
@@ -16467,25 +19072,49 @@ system

-Search home directories. +Summary is missing!

-Module: +Module: files

Layer: system

-files_search_mnt( +files_create_root( - ? + domain + + + + , + + + + [ + + private type + + ] + + + + , + + + + [ + + object + + ] )
@@ -16493,20 +19122,22 @@ system

-Summary is missing! +Create an object in the root directory, with a private +type. If no object class is specified, the +default is file.

-Module: +Module: files

Layer: system

 
-files_search_pids(
+files_create_tmp_files(
 	
@@ -16526,18 +19157,38 @@ Summary is missing!

-Module: +Module: files

Layer: system

-files_search_spool( +files_create_var_lib( - ? + domain + + + + , + + + + file_type + + + + , + + + + [ + + object_class + + ] )
@@ -16545,25 +19196,25 @@ system

-Summary is missing! +Create objects in the /var/lib directory

-Module: +Module: files

Layer: system

-files_search_tmp( +files_delete_all_locks( - domain + ? )
@@ -16571,20 +19222,20 @@ system

-Search the tmp directory (/tmp) +Summary is missing!

-Module: +Module: files

Layer: system

 
-files_search_usr(
+files_delete_all_pids(
 	
@@ -16604,13 +19255,13 @@ Summary is missing!

-Module: +Module: files

Layer: system

 
-files_search_var(
+files_delete_all_tmp_files(
 	
@@ -16630,13 +19281,13 @@ Summary is missing!

-Module: +Module: files

Layer: system

-files_search_var_lib( +files_delete_etc_files( @@ -16647,16 +19298,22 @@ system

)

+Delete system configuration files in /etc. +

-Module: +Module: files

Layer: system

 
-files_tmp_file(
+files_delete_root_dir_entry(
 	
@@ -16676,38 +19333,45 @@ Summary is missing!

-Module: +Module: files

Layer: system

 
-files_tmpfs_file(
+files_dontaudit_getattr_all_dirs(
 	
-		type
+		domain
 		
 	)

+Do not audit attempts to get the attributes +of all directories. +

-Module: +Module: files

Layer: system

-files_type( +files_dontaudit_getattr_all_files( - ? + domain )
@@ -16715,20 +19379,21 @@ system

-Summary is missing! +Do not audit attempts to get the attributes +of all files.

-Module: +Module: files

Layer: system

-files_unconfined( +files_dontaudit_getattr_all_pipes( @@ -16741,25 +19406,26 @@ system

-Unconfined access to files. +Do not audit attempts to get the attributes +of all named pipes.

-Module: +Module: files

Layer: system

-files_unmount_all_file_type_fs( +files_dontaudit_getattr_all_sockets( - ? + domain )
@@ -16767,25 +19433,26 @@ system

-Summary is missing! +Do not audit attempts to get the attributes +of all named sockets.

-Module: +Module: files

Layer: system

-files_unmount_rootfs( +files_dontaudit_getattr_all_symlinks( - ? + domain )
@@ -16793,85 +19460,107 @@ system

-Summary is missing! +Do not audit attempts to get the attributes +of all symbolic links.

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_associate(
+files_dontaudit_getattr_default_dir(
 	
-		file_type
+		domain
 		
 	)

+Do not audit attempts to get the attributes of +directories with the default file type. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_associate_noxattr(
+files_dontaudit_getattr_default_files(
 	
-		file_type
+		domain
 		
 	)

+Do not audit attempts to get the attributes of +files with the default file type. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_associate_tmpfs(
+files_dontaudit_getattr_pid_dir(
 	
-		type
+		domain
 		
 	)

+Do not audit attempts to get the attributes +of the /var/run directory. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_create_tmpfs_data( +files_dontaudit_ioctl_all_pids( - ? + domain )
@@ -16879,100 +19568,124 @@ kernel

-Summary is missing! +Do not audit attempts to ioctl daemon runtime data files.

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_dontaudit_getattr_all_fs(
+files_dontaudit_read_root_file(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_dontaudit_getattr_xattr_fs(
+files_dontaudit_rw_root_chr_dev(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_dontaudit_rw_cifs_files(
+files_dontaudit_rw_root_file(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_dontaudit_rw_nfs_files(
+files_dontaudit_search_all_dirs(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_execute_cifs_files( +files_dontaudit_search_isid_type_dir( @@ -16983,16 +19696,23 @@ kernel

)

+Do not audit attempts to search directories on new filesystems +that have not yet been labeled. +

+ +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_execute_nfs_files( +files_dontaudit_search_locks( @@ -17003,36 +19723,49 @@ kernel

)

+Do not audit attempts to search the +locks directory (/var/lock). +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_get_all_fs_quotas(
+files_dontaudit_search_pids(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_getattr_all_files(
+files_dontaudit_search_var(
 	
@@ -17052,13 +19785,13 @@ Summary is missing!

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_getattr_all_fs( +files_dontaudit_write_all_pids( @@ -17069,36 +19802,48 @@ kernel

)

+Do not audit attempts to write to daemon runtime data files. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_getattr_autofs(
+files_exec_etc_files(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_getattr_cifs( +files_exec_usr_files( @@ -17109,16 +19854,22 @@ kernel

)

+Execute programs in /usr/src in the caller domain. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_getattr_dos_fs( +files_getattr_all_dirs( @@ -17129,36 +19880,48 @@ kernel

)

+Get the attributes of all directories. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_getattr_iso9660_fs(
+files_getattr_all_files(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_getattr_nfs( +files_getattr_all_pipes( @@ -17169,16 +19932,22 @@ kernel

)

+Get the attributes of all named pipes. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_getattr_nfsd_fs( +files_getattr_all_sockets( @@ -17189,16 +19958,22 @@ kernel

)

+Get the attributes of all named sockets. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_getattr_ramfs( +files_getattr_all_symlinks( @@ -17209,36 +19984,48 @@ kernel

)

+Get the attributes of all symbolic links. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_getattr_romfs(
+files_getattr_generic_locks(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_getattr_rpc_pipefs( +files_getattr_var_lib_dir( @@ -17249,36 +20036,48 @@ kernel

)

+Get the attributes of the /var/lib directory. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_getattr_tmpfs(
+files_list_all_dirs(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_getattr_xattr_fs( +files_list_default( @@ -17289,36 +20088,48 @@ kernel

)

+List contents of directories with the default file type. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_make_noxattr_fs(
+files_list_etc(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_manage_cifs_dirs( +files_list_home( @@ -17329,16 +20140,22 @@ kernel

)

+Get listing of home directories. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_manage_cifs_files( +files_list_isid_type_dir( @@ -17349,96 +20166,127 @@ kernel

)

+List the contents of directories on new filesystems +that have not yet been labeled. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_manage_cifs_named_pipes(
+files_list_mnt(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_manage_cifs_named_sockets(
+files_list_pids(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_manage_cifs_symlinks(
+files_list_root(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_manage_nfs_dirs(
+files_list_spool(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_manage_nfs_files( +files_list_world_readable( @@ -17449,36 +20297,48 @@ kernel

)

+List world-readable directories. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_manage_nfs_named_pipes(
+files_lock_file(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_manage_nfs_named_sockets( +files_manage_all_files( @@ -17486,139 +20346,168 @@ kernel

domain - )
-

- -

-Module: -filesystem

-Layer: -kernel

-
-fs_manage_nfs_symlinks(
-	
 		
+			,
 		
 		
-		domain
+		
+			[
+		
+		exception_types
+		
+			]
 		
 	
 	)

 

+Manage all files on the filesystem, except +the listed exceptions. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_manage_tmpfs_blk_dev(
+files_manage_etc_files(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_manage_tmpfs_chr_dev(
+files_manage_etc_runtime_files(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_manage_tmpfs_sockets(
+files_manage_generic_locks(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_manage_tmpfs_symlinks(
+files_manage_generic_spool_dirs(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_mount_all_fs(
+files_manage_generic_spools(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_mount_autofs( +files_manage_isid_type_blk_node( @@ -17629,16 +20518,23 @@ kernel

)

+Create, read, write, and delete block device nodes +on new filesystems that have not yet been labeled. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_mount_cifs( +files_manage_isid_type_chr_node( @@ -17649,16 +20545,23 @@ kernel

)

+Create, read, write, and delete character device nodes +on new filesystems that have not yet been labeled. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_mount_dos_fs( +files_manage_isid_type_dir( @@ -17669,16 +20572,23 @@ kernel

)

+Create, read, write, and delete directories +on new filesystems that have not yet been labeled. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_mount_iso9660_fs( +files_manage_isid_type_file( @@ -17689,36 +20599,23 @@ kernel

)

- -

-Module: -filesystem

-Layer: -kernel

- -fs_mount_nfs( - - - - - domain - - - )
+

+Create, read, write, and delete files +on new filesystems that have not yet been labeled. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_mount_nfsd_fs( +files_manage_isid_type_symlink( @@ -17729,16 +20626,23 @@ kernel

)

+Create, read, write, and delete symbolic links +on new filesystems that have not yet been labeled. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_mount_ramfs( +files_manage_lost_found( @@ -17749,16 +20653,23 @@ kernel

)

+Create, read, write, and delete objects in +lost+found directories. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_mount_romfs( +files_manage_mnt_dirs( @@ -17769,76 +20680,100 @@ kernel

)

+Create, read, write, and delete directories in /mnt. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_mount_rpc_pipefs(
+files_manage_urandom_seed(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_mount_tmpfs(
+files_mount_all_file_type_fs(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_mount_xattr_fs(
+files_mounton_all_mountpoints(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_read_cifs_files( +files_mounton_default( @@ -17849,16 +20784,22 @@ kernel

)

+Mount a filesystem on a directory with the default file type. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_read_cifs_files( +files_mounton_isid_type_dir( @@ -17869,76 +20810,101 @@ kernel

)

+Mount a filesystem on a directory on new filesystems +that has not yet been labeled. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_read_cifs_symlinks(
+files_mountpoint(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_read_nfs_files(
+files_pid_file(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_read_nfs_symlinks(
+files_read_all_pids(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_register_binary_executable_type( +files_read_default_files( @@ -17949,16 +20915,22 @@ kernel

)

+Read files with the default file type. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_relabel_tmpfs_blk_dev( +files_read_default_pipes( @@ -17969,16 +20941,22 @@ kernel

)

+Read named pipes with the default file type. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_relabel_tmpfs_chr_dev( +files_read_default_sockets( @@ -17989,16 +20967,22 @@ kernel

)

+Read sockets with the default file type. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_relabelfrom_dos_fs( +files_read_default_symlinks( @@ -18009,76 +20993,100 @@ kernel

)

+Read symbolic links with the default file type. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_relabelfrom_xattr_fs(
+files_read_etc_files(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_remount_all_fs(
+files_read_etc_runtime_files(
 	
-		domain
+		?
 		
 	)

- +

+Summary is missing! +

+ +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_remount_autofs(
+files_read_generic_spools(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_remount_cifs( +files_read_isid_type_file( @@ -18089,56 +21097,75 @@ kernel

)

+Read files on new filesystems +that have not yet been labeled. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_remount_dos_fs(
+files_read_usr_files(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_remount_iso9660_fs(
+files_read_usr_src_files(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_remount_nfs( +files_read_var_files( @@ -18149,16 +21176,22 @@ kernel

)

+Read files in the /var directory. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_remount_nfsd_fs( +files_read_var_lib_files( @@ -18169,16 +21202,22 @@ kernel

)

+Read generic files in /var/lib +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_remount_ramfs( +files_read_var_symlink( @@ -18189,16 +21228,22 @@ kernel

)

+Read symbolic links in the /var directory. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_remount_romfs( +files_read_world_readable_files( @@ -18209,16 +21254,22 @@ kernel

)

+Read world-readable files. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_remount_rpc_pipefs( +files_read_world_readable_pipes( @@ -18229,16 +21280,22 @@ kernel

)

+Read world-readable named pipes. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_remount_tmpfs( +files_read_world_readable_sockets( @@ -18249,16 +21306,22 @@ kernel

)

+Read world-readable sockets. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_remount_xattr_fs( +files_read_world_readable_symlinks( @@ -18269,16 +21332,22 @@ kernel

)

+Read world-readable symbolic links. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_search_auto_mountpoints( +files_relabel_all_files( @@ -18286,71 +21355,95 @@ kernel

domain + + , + + + + [ + + exception_types + + ] + + )

-Search automount filesystem to use automatically -mounted filesystems. +Relabel all files on the filesystem, except +the listed exceptions.

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_set_all_quotas(
+files_relabelto_all_file_type_fs(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

 
-fs_type(
+files_rw_etc_files(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_unconfined( +files_rw_generic_pids( - domain + ? )
@@ -18358,20 +21451,20 @@ kernel

-Unconfined access to filesystems +Summary is missing!

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_unmount_all_fs( +files_rw_isid_type_blk_node( @@ -18382,16 +21475,23 @@ kernel

)

+Read and write block device nodes on new filesystems +that have not yet been labeled. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

-fs_unmount_autofs( +files_rw_isid_type_dir( @@ -18402,156 +21502,4242 @@ kernel

)

+Read and write directories on new filesystems +that have not yet been labeled. +

-Module: -filesystem

-Layer: -kernel

+Module: +files

+Layer: +system

+
+files_search_all_dirs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +files

+Layer: +system

+
+files_search_etc(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +files

+Layer: +system

+
+files_search_home(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search home directories. +

+ +

+Module: +files

+Layer: +system

+
+files_search_locks(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +files

+Layer: +system

+
+files_search_mnt(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +files

+Layer: +system

+
+files_search_pids(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +files

+Layer: +system

+
+files_search_spool(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +files

+Layer: +system

+
+files_search_tmp(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search the tmp directory (/tmp) +

+ +

+Module: +files

+Layer: +system

+
+files_search_usr(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +files

+Layer: +system

+
+files_search_var(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +files

+Layer: +system

+
+files_search_var_lib(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search the /var/lib directory. +

+ +

+Module: +files

+Layer: +system

+
+files_setattr_etc_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Set the attributes of the /etc directories. +

+ +

+Module: +files

+Layer: +system

+
+files_tmp_file(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +files

+Layer: +system

+
+files_tmpfs_file(
+	
+		
+		
+		
+		type
+		
+	
+	)

+

+ +

+Transform the type into a file, for use on a +virtual memory filesystem (tmpfs). +

+ +

+Module: +files

+Layer: +system

+
+files_type(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +files

+Layer: +system

+
+files_unconfined(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unconfined access to files. +

+ +

+Module: +files

+Layer: +system

+
+files_unmount_all_file_type_fs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +files

+Layer: +system

+
+files_unmount_rootfs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_associate(
+	
+		
+		
+		
+		file_type
+		
+	
+	)

+

+ +

+Associate the specified file type to persistent +filesystems with extended attributes. This +allows a file of this type to be created on +a filesystem such as ext3, JFS, and XFS. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_associate_noxattr(
+	
+		
+		
+		
+		file_type
+		
+	
+	)

+

+ +

+Associate the specified file type to +filesystems which lack extended attributes +support. This allows a file of this type +to be created on a filesystem such as +FAT32, and NFS. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_associate_tmpfs(
+	
+		
+		
+		
+		type
+		
+	
+	)

+

+ +

+Allow the type to associate to tmpfs filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_cifs_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		target_domain
+		
+	
+	)

+

+ +

+Execute a file on a CIFS or SMB filesystem +in the specified domain. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_create_tmpfs_data(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_dontaudit_getattr_all_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to get the attributes +all filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_dontaudit_getattr_xattr_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to +get the attributes of a persistent +filesystem which has extended +attributes, such as ext3, JFS, or XFS. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_dontaudit_list_tmpfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to list the +contents of generic tmpfs directories. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_dontaudit_rw_cifs_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to read or +write files on a CIFS or SMB filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_dontaudit_rw_nfs_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to read or +write files on a NFS filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_exec_noxattr(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute files on a filesystem that does +not support extended attributes. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_execute_cifs_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute files on a CIFS or SMB +network filesystem, in the caller +domain. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_execute_nfs_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute files on a NFS filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_get_all_fs_quotas(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the quotas of all filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_all_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_all_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of all persistent +filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_autofs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of an automount +pseudo filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_cifs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of a CIFS or +SMB network filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_dos_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of a DOS +filesystem, such as FAT32 or NTFS. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_iso9660_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of an iso9660 +filesystem, which is usually used on CDs. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_nfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of a NFS filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_nfsd_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of a NFS server +pseudo filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_ramfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of a RAM filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_romfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of a ROM +filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_rpc_pipefs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of a RPC pipe +filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_tmpfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of a tmpfs +filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_tmpfs_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of tmpfs directories. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_getattr_xattr_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of a persistent +filesystem which has extended +attributes, such as ext3, JFS, or XFS. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_list_all(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+List all directories with a filesystem type. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_list_tmpfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+List the contents of generic tmpfs directories. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_make_noxattr_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Transform specified type into a filesystem +type which does not have extended attribute +support. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_cifs_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete directories +on a CIFS or SMB network filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_cifs_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete files +on a CIFS or SMB network filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_cifs_named_pipes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete named pipes +on a CIFS or SMB network filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_cifs_named_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete named sockets +on a CIFS or SMB network filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_cifs_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete symbolic links +on a CIFS or SMB network filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_nfs_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete directories +on a NFS filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_nfs_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete files +on a NFS filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_nfs_named_pipes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete named pipes +on a NFS filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_nfs_named_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete named sockets +on a NFS filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_nfs_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create, read, write, and delete symbolic links +on a CIFS or SMB network filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_tmpfs_blk_dev(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write, create and delete block nodes +on tmpfs filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_tmpfs_chr_dev(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write, create and delete character +nodes on tmpfs filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_tmpfs_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write, create and delete socket +files on tmpfs filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_manage_tmpfs_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write, create and delete symbolic +links on tmpfs filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_mount_all_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount all filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_mount_autofs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount an automount pseudo filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_mount_cifs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount a CIFS or SMB network filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_mount_dos_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount a DOS filesystem, such as +FAT32 or NTFS. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_mount_iso9660_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount an iso9660 filesystem, which +is usually used on CDs. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_mount_nfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount a NFS filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_mount_nfsd_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount a NFS server pseudo filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_mount_ramfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount a RAM filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_mount_romfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount a ROM filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_mount_rpc_pipefs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount a RPC pipe filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_mount_tmpfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount a tmpfs filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_mount_xattr_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount a persistent filesystem which +has extended attributes, such as +ext3, JFS, or XFS. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_nfs_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		target_domain
+		
+	
+	)

+

+ +

+Execute a file on a NFS filesystem +in the specified domain. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_read_cifs_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read files on a CIFS or SMB filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_read_cifs_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to read or +write files on a CIFS or SMB filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_read_cifs_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read symbolic links on a CIFS or SMB filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_read_nfs_files(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read files on a NFS filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_read_nfs_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read symbolic links on a NFS filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_register_binary_executable_type(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Register an interpreter for new binary +file types, using the kernel binfmt_misc +support. A common use for this is to +register a JVM as an interpreter for +Java byte code. Registered binaries +can be directly executed on a command line +without specifying the interpreter. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_relabel_tmpfs_blk_dev(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Relabel block nodes on tmpfs filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_relabel_tmpfs_chr_dev(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Relabel character nodes on tmpfs filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_relabelfrom_dos_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow changing of the label of a +DOS filesystem using the context= mount option. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_relabelfrom_xattr_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow changing of the label of a +filesystem with extended attributes +using the context= mount option. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_remount_all_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Remount all filesystems. This +allows some mount options to be changed. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_remount_autofs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Remount an automount pseudo filesystem +This allows some mount options to be changed. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_remount_cifs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Remount a CIFS or SMB network filesystem. +This allows some mount options to be changed. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_remount_dos_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Remount a DOS filesystem, such as +FAT32 or NTFS. This allows +some mount options to be changed. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_remount_iso9660_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Remount an iso9660 filesystem, which +is usually used on CDs. This allows +some mount options to be changed. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_remount_nfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Remount a NFS filesystem. This allows +some mount options to be changed. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_remount_nfsd_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Mount a NFS server pseudo filesystem. +This allows some mount options to be changed. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_remount_ramfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Remount a RAM filesystem. This allows +some mount options to be changed. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_remount_romfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Remount a ROM filesystem. This allows +some mount options to be changed. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_remount_rpc_pipefs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Remount a RPC pipe filesystem. This +allows some mount option to be changed. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_remount_tmpfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Remount a tmpfs filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_remount_xattr_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Remount a persistent filesystem which +has extended attributes, such as +ext3, JFS, or XFS. This allows +some mount options to be changed. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_search_auto_mountpoints(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search automount filesystem to use automatically +mounted filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_search_tmpfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search tmpfs directories. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_set_all_quotas(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Set the quotas of all filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_setattr_tmpfs_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Set the attributes of tmpfs directories. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_type(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Transform specified type into a filesystem type. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unconfined(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unconfined access to filesystems +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unmount_all_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unmount all filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unmount_autofs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unmount an automount pseudo filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unmount_cifs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unmount a CIFS or SMB network filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unmount_dos_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unmount a DOS filesystem, such as +FAT32 or NTFS. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unmount_iso9660_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unmount an iso9660 filesystem, which +is usually used on CDs. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unmount_nfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unmount a NFS filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unmount_nfsd_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unmount a NFS server pseudo filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unmount_ramfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unmount a RAM filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unmount_romfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unmount a ROM filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unmount_rpc_pipefs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unmount a RPC pipe filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unmount_tmpfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unmount a tmpfs filesystem. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_unmount_xattr_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Unmount a persistent filesystem which +has extended attributes, such as +ext3, JFS, or XFS. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_use_tmpfs_blk_dev(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write block nodes on tmpfs filesystems. +

+ +

+Module: +filesystem

+Layer: +kernel

+
+fs_use_tmpfs_chr_dev(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write character nodes on tmpfs filesystems. +

+ +

+Module: +fstools

+Layer: +system

+
+fstools_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: +fstools

+Layer: +system

+
+fstools_exec(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: +fstools

+Layer: +system

+
+fstools_run(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		role
+		
+	
+		
+			,
+		
+		
+		
+		terminal
+		
+	
+	)

+

+ +

+Module: +getty

+Layer: +system

+
+getty_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: +getty

+Layer: +system

+
+getty_modify_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: +getty

+Layer: +system

+
+getty_read_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: +getty

+Layer: +system

+
+getty_read_log(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: +hostname

+Layer: +system

+
+hostname_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Execute hostname in the hostname domain. +

+ +

+Module: +hostname

+Layer: +system

+
+hostname_exec(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+ Execute hostname in the caller domain. +

+ +

+Module: +hostname

+Layer: +system

+
+hostname_run(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		role
+		
+	
+		
+			,
+		
+		
+		
+		terminal
+		
+	
+	)

+

+ +

+Execute hostname in the hostname domain, and +allow the specified role the hostname domain. +

+ +

+Module: +hotplug

+Layer: +system

+
+hotplug_domtrans(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +hotplug

+Layer: +system

+
+hotplug_dontaudit_search_config(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +hotplug

+Layer: +system

+
+hotplug_dontaudit_use_fd(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +hotplug

+Layer: +system

+
+hotplug_exec(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +hotplug

+Layer: +system

+
+hotplug_getattr_config_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Get the attributes of the hotplug configuration directory. +

+ +

+Module: +hotplug

+Layer: +system

+
+hotplug_read_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read the configuration files for hotplug. +

+ +

+Module: +hotplug

+Layer: +system

+
+hotplug_search_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search the hotplug configuration directory. +

+ +

+Module: +hotplug

+Layer: +system

+
+hotplug_use_fd(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +inetd

+Layer: +services

+
+inetd_core_service_domain(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entrypoint
+		
+	
+	)

+

+ +

+Define the specified domain as a inetd service. +

+ +

+Module: +inetd

+Layer: +services

+
+inetd_service_domain(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entrypoint
+		
+	
+	)

+

+ +

+Define the specified domain as a TCP and UDP inetd service. +

+ +

+Module: +inetd

+Layer: +services

+
+inetd_tcp_connectto(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Connect to the inetd service using a TCP connection. +

+ +

+Module: +inetd

+Layer: +services

+
+inetd_tcp_service_domain(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entrypoint
+		
+	
+	)

+

+ +

+Define the specified domain as a TCP inetd service. +

+ +

+Module: +inetd

+Layer: +services

+
+inetd_udp_service_domain(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entrypoint
+		
+	
+	)

+

+ +

+Define the specified domain as a UDP inetd service. +

+ +

+Module: +init

+Layer: +system

+
+init_daemon_domain(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entry_point
+		
+	
+	)

+

+ +

+Create a domain for long running processes +(daemons) which can be started by init scripts. +

+ +

+Module: +init

+Layer: +system

+
+init_domain(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		entry_point
+		
+	
+	)

+

+ +

+Create a domain which can be started by init. +

+ +

+Module: +init

+Layer: +system

+
+init_domtrans(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +init

+Layer: +system

+
+init_domtrans_script(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +init

+Layer: +system

+
+init_dontaudit_getattr_initctl(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +init

+Layer: +system

+
+init_dontaudit_rw_script_pid(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +init

+Layer: +system

+
+init_dontaudit_use_fd(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +init

+Layer: +system

+
+init_dontaudit_use_initctl(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +init

+Layer: +system

+
+init_dontaudit_use_script_fd(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

+Summary is missing! +

+ +

+Module: +init

+Layer: +system

 
-fs_unmount_cifs(
+init_dontaudit_use_script_pty(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +init

+Layer: +system

 
-fs_unmount_dos_fs(
+init_dontaudit_write_script_pid(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +init

+Layer: +system

 
-fs_unmount_iso9660_fs(
+init_exec_script(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +init

+Layer: +system

 
-fs_unmount_nfs(
+init_get_process_group(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +init

+Layer: +system

 
-fs_unmount_nfsd_fs(
+init_get_script_process_group(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +init

+Layer: +system

 
-fs_unmount_ramfs(
+init_getattr_initctl(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +init

+Layer: +system

 
-fs_unmount_romfs(
+init_read_script_pid(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +init

+Layer: +system

-fs_unmount_rpc_pipefs( +init_read_script_process_state( @@ -18562,16 +25748,22 @@ kernel

)

+Read the process state (/proc/pid) of the init scripts. +

-Module: -filesystem

-Layer: -kernel

+Module: +init

+Layer: +system

-fs_unmount_tmpfs( +init_run_daemon( @@ -18579,24 +25771,20 @@ kernel

domain - )
-

- -

-Module: -filesystem

-Layer: -kernel

- -fs_unmount_xattr_fs( + + , + + + + role + + , - domain + + terminal )
@@ -18605,33 +25793,39 @@ kernel

-Module: -filesystem

-Layer: -kernel

+Module: +init

+Layer: +system

 
-fs_use_tmpfs_blk_dev(
+init_rw_script_pid(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -filesystem

-Layer: -kernel

+Module: +init

+Layer: +system

-fs_use_tmpfs_chr_dev( +init_rw_script_pipe( @@ -18642,16 +25836,22 @@ kernel

)

+Read and write init script unnamed pipes. +

-Module: -fstools

+Module: +init

Layer: system

-fstools_domtrans( +init_rw_script_tmp_files( @@ -18662,36 +25862,48 @@ system

)

+Read and write init script temporary data. +

-Module: -fstools

+Module: +init

Layer: system

 
-fstools_exec(
+init_sigchld(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -fstools

+Module: +init

Layer: system

-fstools_run( +init_system_domain( @@ -18704,130 +25916,185 @@ system

- role + entry_point - - , + )
+

+ +

+Create a domain for short running processes +which can be started by init scripts. +

+ +

+Module: +init

+Layer: +system

+
+init_udp_sendto_script(
+	
 		
-		terminal
+		domain
 		
 	)

+Send UDP network traffic to init scripts. +

-Module: -getty

+Module: +init

Layer: system

 
-getty_domtrans(
+init_use_fd(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -getty

+Module: +init

Layer: system

 
-getty_modify_config(
+init_use_initctl(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -getty

+Module: +init

Layer: system

 
-getty_read_config(
+init_use_script_fd(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -getty

+Module: +init

Layer: system

 
-getty_read_log(
+init_use_script_pty(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -hostname

+Module: +init

Layer: system

 
-hostname_domtrans(
+init_write_initctl(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -hostname

+Module: +ipsec

Layer: system

-hostname_exec( +ipsec_connectto_unix_stream_socket( @@ -18838,16 +26105,22 @@ system

)

+Connect to an IPSEC unix domain stream socket. +

-Module: -hostname

+Module: +ipsec

Layer: system

-hostname_run( +ipsec_domtrans( @@ -18855,40 +26128,30 @@ system

domain - - , - - - - role - - - - , - - - - terminal - - )

+Execute ipsec in the ipsec domain. +

-Module: -hotplug

+Module: +ipsec

Layer: system

-hotplug_domtrans( +ipsec_exec_mgmt( - ? + domain )
@@ -18896,25 +26159,25 @@ system

-Summary is missing! +Execute the IPSEC management program in the caller domain.

-Module: -hotplug

+Module: +ipsec

Layer: system

-hotplug_dontaudit_search_config( +ipsec_getattr_key_socket( - ? + domain )
@@ -18922,25 +26185,25 @@ system

-Summary is missing! +Get the attributes of an IPSEC key socket.

-Module: -hotplug

+Module: +ipsec

Layer: system

-hotplug_dontaudit_use_fd( +ipsec_manage_pid( - ? + domain )
@@ -18948,25 +26211,25 @@ system

-Summary is missing! +Create, read, write, and delete the IPSEC pid files.

-Module: -hotplug

+Module: +ipsec

Layer: system

-hotplug_exec( +ipsec_read_config( - ? + domain )
@@ -18974,20 +26237,20 @@ system

-Summary is missing! +Read the IPSEC configuration

-Module: -hotplug

+Module: +iptables

Layer: system

-hotplug_read_config( +iptables_domtrans( @@ -19001,39 +26264,33 @@ system

-Module: -hotplug

+Module: +iptables

Layer: system

 
-hotplug_use_fd(
+iptables_exec(
 	
-		?
+		domain
 		
 	)

-Summary is missing! -

-Module: -inetd

-Layer: -services

+Module: +iptables

+Layer: +system

-inetd_core_service_domain( +iptables_run( @@ -19046,33 +26303,7 @@ services

- entrypoint - - - )
-

- -

-Define the specified domain as a inetd service. -

- -

-Module: -inetd

-Layer: -services

- -inetd_service_domain( - - - - - domain + role @@ -19080,28 +26311,22 @@ services

- entrypoint + terminal )

-Define the specified domain as a TCP and UDP inetd service. -

-Module: -inetd

+Module: +kerberos

Layer: services

-inetd_tcp_service_domain( +kerberos_read_conf( @@ -19109,33 +26334,25 @@ services

domain - - , - - - - entrypoint - - )

-Define the specified domain as a TCP inetd service. +Read the kerberos configuration file (/etc/krb5.conf).

-Module: -inetd

+Module: +kerberos

Layer: services

-inetd_udp_service_domain( +kerberos_use( @@ -19143,33 +26360,25 @@ services

domain - - , - - - - entrypoint - - )

-Define the specified domain as a UDP inetd service. +Use kerberos services

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_daemon_domain( +kernel_change_ring_buffer_level( @@ -19177,34 +26386,25 @@ system

domain - - , - - - - entry_point - - )

-Create a domain for long running processes -(daemons) which can be started by init scripts. +Change the level of kernel messages logged to the console.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_domain( +kernel_clear_ring_buffer( @@ -19212,38 +26412,30 @@ system

domain - - , - - - - entry_point - - )

-Create a domain which can be started by init. +Allows the caller to clear the ring buffer.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_domtrans( +kernel_dontaudit_getattr_core( - ? + domain )
@@ -19251,25 +26443,26 @@ system

-Summary is missing! +Do not audit attempts to get the attributes of +core kernel interfaces.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_domtrans_script( +kernel_dontaudit_getattr_message_if( - ? + domain )
@@ -19277,25 +26470,26 @@ system

-Summary is missing! +Do not audit attempts by caller to get the attributes of kernel +message interfaces.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_dontaudit_getattr_initctl( +kernel_dontaudit_getattr_unlabeled_blk_dev( - ? + domain )
@@ -19303,25 +26497,26 @@ system

-Summary is missing! +Do not audit attempts by caller to get attributes for +unlabeled block devices.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_dontaudit_rw_script_pid( +kernel_dontaudit_read_ring_buffer( - ? + domain )
@@ -19329,25 +26524,25 @@ system

-Summary is missing! +Do not audit attempts to read the ring buffer.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_dontaudit_use_fd( +kernel_dontaudit_read_system_state( - ? + domain )
@@ -19355,25 +26550,26 @@ system

-Summary is missing! +Do not audit attempts by caller to +read system state information in proc.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_dontaudit_use_initctl( +kernel_dontaudit_search_network_sysctl_dir( - ? + domain )
@@ -19381,25 +26577,25 @@ system

-Summary is missing! +Do not audit attempts by caller to search sysctl network directories.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_dontaudit_use_script_fd( +kernel_dontaudit_search_sysctl_dir( - ? + domain )
@@ -19407,25 +26603,25 @@ system

-Summary is missing! +Do not audit attempts by caller to search the sysctl directory.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_dontaudit_use_script_pty( +kernel_dontaudit_use_fd( - ? + domain )
@@ -19433,25 +26629,26 @@ system

-Summary is missing! +Do not audit attempts to use +kernel file descriptors.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_dontaudit_write_script_pid( +kernel_get_sysvipc_info( - ? + domain )
@@ -19459,25 +26656,25 @@ system

-Summary is missing! +Get information on all System V IPC objects.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_exec_script( +kernel_getattr_core( - ? + domain )
@@ -19485,25 +26682,25 @@ system

-Summary is missing! +Allows caller to get attribues of core kernel interface.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_get_process_group( +kernel_getattr_message_if( - ? + domain )
@@ -19511,25 +26708,26 @@ system

-Summary is missing! +Allow caller to get the attributes of kernel message +interface (/proc/kmsg).

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_get_script_process_group( +kernel_getattr_proc( - ? + domain )
@@ -19537,25 +26735,25 @@ system

-Summary is missing! +Get the attributes of the proc filesystem.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_getattr_initctl( +kernel_kill_unlabeled( - ? + domain )
@@ -19563,25 +26761,25 @@ system

-Summary is missing! +Send a kill signal to unlabeled processes.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_read_script_pid( +kernel_list_proc( - ? + domain )
@@ -19589,20 +26787,20 @@ system

-Summary is missing! +List the contents of directories in /proc.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_read_script_process_state( +kernel_list_unlabeled( @@ -19615,20 +26813,20 @@ system

-Read the process state (/proc/pid) of the init scripts. +List unlabeled directories.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_run_daemon( +kernel_load_module( @@ -19636,40 +26834,30 @@ system

domain - - , - - - - role - - - - , - - - - terminal - - )

+Allows caller to load kernel modules +

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_rw_script_pid( +kernel_read_all_sysctl( - ? + domain )
@@ -19677,20 +26865,20 @@ system

-Summary is missing! +Allow caller to read all sysctls.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_rw_script_pipe( +kernel_read_device_sysctl( @@ -19703,20 +26891,20 @@ system

-Read and write init script unnamed pipes. +Allow caller to read the device sysctls.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_rw_script_tmp_files( +kernel_read_fs_sysctl( @@ -19729,25 +26917,25 @@ system

-Read and write init script temporary data. +Read filesystem sysctls.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_sigchld( +kernel_read_hotplug_sysctl( - ? + domain )
@@ -19755,20 +26943,20 @@ system

-Summary is missing! +Read the hotplug sysctl.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_system_domain( +kernel_read_irq_sysctl( @@ -19776,34 +26964,25 @@ system

domain - - , - - - - entry_point - - )

-Create a domain for short running processes -which can be started by init scripts. +Read IRQ sysctls.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_udp_sendto_script( +kernel_read_kernel_sysctl( @@ -19816,25 +26995,25 @@ system

-Send UDP network traffic to init scripts. +Read generic kernel sysctls.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_use_fd( +kernel_read_messages( - ? + domain )
@@ -19842,25 +27021,26 @@ system

-Summary is missing! +Allow caller to read kernel messages +using the /proc/kmsg interface.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_use_initctl( +kernel_read_modprobe_sysctl( - ? + domain )
@@ -19868,25 +27048,25 @@ system

-Summary is missing! +Read the modprobe sysctl.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_use_script_fd( +kernel_read_net_sysctl( - ? + domain )
@@ -19894,25 +27074,25 @@ system

-Summary is missing! +Allow caller to read network sysctls.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_use_script_pty( +kernel_read_network_state( - ? + domain )
@@ -19920,25 +27100,25 @@ system

-Summary is missing! +Allow caller to read the network state information.

-Module: -init

-Layer: -system

+Module: +kernel

+Layer: +kernel

-init_write_initctl( +kernel_read_proc_symlinks( - ? + domain )
@@ -19946,20 +27126,20 @@ system

-Summary is missing! +Read symbolic links in /proc.

-Module: -iptables

-Layer: -system

+Module: +kernel

+Layer: +kernel

-iptables_domtrans( +kernel_read_ring_buffer( @@ -19970,36 +27150,48 @@ system

)

+Allows caller to read the ring buffer. +

-Module: -iptables

-Layer: -system

+Module: +kernel

+Layer: +kernel

 
-iptables_exec(
+kernel_read_rpc_sysctl(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -iptables

-Layer: -system

+Module: +kernel

+Layer: +kernel

-iptables_run( +kernel_read_software_raid_state( @@ -20007,35 +27199,25 @@ system

domain - - , - - - - role - - - - , - - - - terminal - - )

+Allow caller to read the state information for software raid. +

-Module: -kerberos

-Layer: -services

+Module: +kernel

+Layer: +kernel

-kerberos_read_conf( +kernel_read_system_state( @@ -20048,20 +27230,20 @@ services

-Read the kerberos configuration file (/etc/krb5.conf). +Allows caller to read system state information in proc.

-Module: -kerberos

-Layer: -services

+Module: +kernel

+Layer: +kernel

-kerberos_use( +kernel_read_unix_sysctl( @@ -20074,20 +27256,21 @@ services

-Use kerberos services +Allow caller to read unix domain +socket sysctls.

-Module: +Module: kernel

Layer: kernel

-kernel_change_ring_buffer_level( +kernel_read_vm_sysctl( @@ -20100,20 +27283,20 @@ kernel

-Change the level of kernel messages logged to the console. +Allow caller to read virtual memory sysctls.

-Module: +Module: kernel

Layer: kernel

-kernel_clear_ring_buffer( +kernel_relabel_unlabeled( @@ -20124,36 +27307,49 @@ kernel

)

+Allow caller to relabel unlabeled objects. +

-Module: +Module: kernel

Layer: kernel

 
-kernel_dontaudit_getattr_core(
+kernel_rootfs_mountpoint(
 	
-		domain
+		directory_type
 		
 	)

+Allows the kernel to mount filesystems on +the specified directory type. +

-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_getattr_message_if( +kernel_rw_all_sysctl( @@ -20164,16 +27360,22 @@ kernel

)

+Read and write all sysctls. +

-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_getattr_unlabeled_blk_dev( +kernel_rw_device_sysctl( @@ -20184,16 +27386,22 @@ kernel

)

+Read and write device sysctls. +

-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_read_ring_buffer( +kernel_rw_fs_sysctl( @@ -20204,16 +27412,22 @@ kernel

)

+Read and write fileystem sysctls. +

-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_read_system_state( +kernel_rw_hotplug_sysctl( @@ -20224,16 +27438,22 @@ kernel

)

+Read and write the hotplug sysctl. +

-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_search_network_sysctl_dir( +kernel_rw_irq_sysctl( @@ -20244,16 +27464,22 @@ kernel

)

+Read and write IRQ sysctls. +

-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_search_sysctl_dir( +kernel_rw_kernel_sysctl( @@ -20264,16 +27490,22 @@ kernel

)

+Read and write generic kernel sysctls. +

-Module: +Module: kernel

Layer: kernel

-kernel_dontaudit_use_fd( +kernel_rw_modprobe_sysctl( @@ -20284,16 +27516,22 @@ kernel

)

+Read and write the modprobe sysctl. +

-Module: +Module: kernel

Layer: kernel

-kernel_get_sysvipc_info( +kernel_rw_net_sysctl( @@ -20304,16 +27542,22 @@ kernel

)

+Allow caller to modiry contents of sysctl network files. +

-Module: +Module: kernel

Layer: kernel

-kernel_getattr_core( +kernel_rw_pipe( @@ -20324,36 +27568,48 @@ kernel

)

+Read and write kernel unnamed pipes. +

-Module: +Module: kernel

Layer: kernel

 
-kernel_getattr_message_if(
+kernel_rw_rpc_sysctl(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: +Module: kernel

Layer: kernel

-kernel_kill_unlabeled( +kernel_rw_software_raid_state( @@ -20364,16 +27620,22 @@ kernel

)

+Allow caller to read and set the state information for software raid. +

-Module: +Module: kernel

Layer: kernel

-kernel_load_module( +kernel_rw_unix_dgram_socket( @@ -20384,16 +27646,22 @@ kernel

)

+Read and write kernel unix datagram sockets. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_all_sysctl( +kernel_rw_unix_sysctl( @@ -20404,16 +27672,23 @@ kernel

)

+Read and write unix domain +socket sysctls. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_device_sysctl( +kernel_rw_unlabeled_dir( @@ -20424,16 +27699,22 @@ kernel

)

+Read and write unlabeled directories. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_fs_sysctl( +kernel_rw_vm_sysctl( @@ -20444,16 +27725,22 @@ kernel

)

+Read and write virtual memory sysctls. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_hotplug_sysctl( +kernel_search_proc( @@ -20464,16 +27751,22 @@ kernel

)

+Search directories in /proc. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_irq_sysctl( +kernel_sendto_unix_dgram_socket( @@ -20484,16 +27777,22 @@ kernel

)

+Send messages to kernel unix datagram sockets. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_kernel_sysctl( +kernel_share_state( @@ -20504,16 +27803,23 @@ kernel

)

+Allows the kernel to share state information with +the caller. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_messages( +kernel_sigchld( @@ -20524,16 +27830,22 @@ kernel

)

+Send a SIGCHLD signal to kernel threads. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_modprobe_sysctl( +kernel_sigchld_unlabeled( @@ -20544,16 +27856,22 @@ kernel

)

+Send a child terminated signal to unlabeled processes. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_net_sysctl( +kernel_signal_unlabeled( @@ -20564,16 +27882,22 @@ kernel

)

+Send general signals to unlabeled processes. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_network_state( +kernel_signull_unlabeled( @@ -20584,16 +27908,22 @@ kernel

)

+Send a null signal to unlabeled processes. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_ring_buffer( +kernel_sigstop_unlabeled( @@ -20604,21 +27934,27 @@ kernel

)

+Send a stop signal to unlabeled processes. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_rpc_sysctl( +kernel_tcp_recvfrom( - ? + domain )
@@ -20626,20 +27962,20 @@ kernel

-Summary is missing! +Receive messages from kernel TCP sockets.

-Module: +Module: kernel

Layer: kernel

-kernel_read_software_raid_state( +kernel_udp_recvfrom( @@ -20650,16 +27986,22 @@ kernel

)

+Receive messages from kernel UDP sockets. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_system_state( +kernel_unconfined( @@ -20670,16 +28012,22 @@ kernel

)

+Unconfined access to the kernel. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_unix_sysctl( +kernel_use_fd( @@ -20690,16 +28038,22 @@ kernel

)

+Permits caller to use kernel file descriptors. +

-Module: +Module: kernel

Layer: kernel

-kernel_read_vm_sysctl( +kernel_use_unlabeled_blk_dev( @@ -20710,16 +28064,22 @@ kernel

)

+Read and write unlabeled block device nodes. +

-Module: +Module: kernel

Layer: kernel

-kernel_relabel_unlabeled( +kernel_userland_entry( @@ -20727,39 +28087,60 @@ kernel

domain + + , + + + + entrypoint + + )

+Allows to start userland processes +by transitioning to the specified domain. +

-Module: -kernel

-Layer: -kernel

+Module: +libraries

+Layer: +system

 
-kernel_rootfs_mountpoint(
+libs_domtrans_ldconfig(
 	
-		directory_type
+		domain
 		
 	)

+Execute ldconfig in the ldconfig domain. +

-Module: -kernel

-Layer: -kernel

+Module: +libraries

+Layer: +system

-kernel_rw_all_sysctl( +libs_exec_ld_so( @@ -20770,16 +28151,22 @@ kernel

)

+Execute the dynamic link/loader in the caller's domain. +

-Module: -kernel

-Layer: -kernel

+Module: +libraries

+Layer: +system

-kernel_rw_device_sysctl( +libs_exec_lib_files( @@ -20790,16 +28177,22 @@ kernel

)

+Execute library scripts in the caller domain. +

-Module: -kernel

-Layer: -kernel

+Module: +libraries

+Layer: +system

-kernel_rw_fs_sysctl( +libs_legacy_use_ld_so( @@ -20810,16 +28203,23 @@ kernel

)

+Use the dynamic link/loader for automatic loading +of shared libraries with legacy support. +

-Module: -kernel

-Layer: -kernel

+Module: +libraries

+Layer: +system

-kernel_rw_hotplug_sysctl( +libs_legacy_use_shared_libs( @@ -20830,16 +28230,23 @@ kernel

)

+Load and execute functions from shared libraries, +with legacy support. +

-Module: -kernel

-Layer: -kernel

+Module: +libraries

+Layer: +system

-kernel_rw_irq_sysctl( +libs_read_lib( @@ -20850,16 +28257,23 @@ kernel

)

+Read files in the library directories, such +as static libraries. +

-Module: -kernel

-Layer: -kernel

+Module: +libraries

+Layer: +system

-kernel_rw_kernel_sysctl( +libs_run_ldconfig( @@ -20867,19 +28281,41 @@ kernel

domain + + , + + + + role + + + + , + + + + terminal + + )

+Execute ldconfig in the ldconfig domain. +

-Module: -kernel

-Layer: -kernel

+Module: +libraries

+Layer: +system

-kernel_rw_modprobe_sysctl( +libs_rw_ld_so_cache( @@ -20890,16 +28326,23 @@ kernel

)

+Modify the dynamic link/loader's cached listing +of shared libraries. +

-Module: -kernel

-Layer: -kernel

+Module: +libraries

+Layer: +system

-kernel_rw_net_sysctl( +libs_search_lib( @@ -20910,21 +28353,27 @@ kernel

)

+Search lib directories. +

-Module: -kernel

-Layer: -kernel

+Module: +libraries

+Layer: +system

-kernel_rw_rpc_sysctl( +libs_use_ld_so( - ? + domain )
@@ -20932,20 +28381,21 @@ kernel

-Summary is missing! +Use the dynamic link/loader for automatic loading +of shared libraries.

-Module: -kernel

-Layer: -kernel

+Module: +libraries

+Layer: +system

-kernel_rw_unix_sysctl( +libs_use_shared_libs( @@ -20956,16 +28406,22 @@ kernel

)

+Load and execute functions from shared libraries. +

-Module: -kernel

-Layer: -kernel

+Module: +locallogin

+Layer: +system

-kernel_rw_vm_sysctl( +locallogin_domtrans( @@ -20976,16 +28432,22 @@ kernel

)

+Execute local logins in the local login domain. +

-Module: -kernel

-Layer: -kernel

+Module: +locallogin

+Layer: +system

-kernel_share_state( +locallogin_signull( @@ -20996,16 +28458,22 @@ kernel

)

+Send a null signal to local login processes. +

-Module: -kernel

-Layer: -kernel

+Module: +locallogin

+Layer: +system

-kernel_sigchld( +locallogin_use_fd( @@ -21016,56 +28484,74 @@ kernel

)

+Allow processes to inherit local login file descriptors +

-Module: -kernel

-Layer: -kernel

+Module: +logging

+Layer: +system

 
-kernel_sigchld_unlabeled(
+logging_append_all_logs(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -kernel

-Layer: -kernel

+Module: +logging

+Layer: +system

 
-kernel_signal_unlabeled(
+logging_create_log(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -kernel

-Layer: -kernel

+Module: +logging

+Layer: +system

-kernel_signull_unlabeled( +logging_domtrans_syslog( @@ -21076,36 +28562,48 @@ kernel

)

+Execute syslogd in the syslog domain. +

-Module: -kernel

-Layer: -kernel

+Module: +logging

+Layer: +system

 
-kernel_sigstop_unlabeled(
+logging_dontaudit_getattr_all_logs(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -kernel

-Layer: -kernel

+Module: +logging

+Layer: +system

-kernel_unconfined( +logging_exec_all_logs( @@ -21118,73 +28616,77 @@ kernel

-Unconfined access to the kernel. +Execute all log files in the caller domain.

-Module: -kernel

-Layer: -kernel

+Module: +logging

+Layer: +system

 
-kernel_use_fd(
+logging_log_file(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -kernel

-Layer: -kernel

+Module: +logging

+Layer: +system

 
-kernel_userland_entry(
-	
-		
-		
-		
-		domain
-		
+logging_manage_all_logs(
 	
 		
-			,
-		
 		
 		
-		entrypoint
+		?
 		
 	
 	)

 

+Summary is missing! +

-Module: -libraries

+Module: +logging

Layer: system

-libs_domtrans_ldconfig( +logging_read_all_logs( - domain + ? )
@@ -21192,25 +28694,25 @@ system

-Execute ldconfig in the ldconfig domain. +Summary is missing!

-Module: -libraries

+Module: +logging

Layer: system

-libs_exec_ld_so( +logging_read_generic_logs( - domain + ? )
@@ -21218,25 +28720,25 @@ system

-Execute the dynamic link/loader in the caller's domain. +Summary is missing!

-Module: -libraries

+Module: +logging

Layer: system

-libs_exec_lib_files( +logging_rw_generic_logs( - domain + ? )
@@ -21244,20 +28746,20 @@ system

-Execute library scripts in the caller domain. +Summary is missing!

-Module: -libraries

+Module: +logging

Layer: system

-libs_legacy_use_ld_so( +logging_rw_log_dir( @@ -21270,21 +28772,20 @@ system

-Use the dynamic link/loader for automatic loading -of shared libraries with legacy support. +Read and write the generic log directory (/var/log).

-Module: -libraries

+Module: +logging

Layer: system

-libs_legacy_use_shared_libs( +logging_search_logs( @@ -21295,28 +28796,21 @@ system

)

-Load and execute functions from shared libraries, -with legacy support. -

-Module: -libraries

+Module: +logging

Layer: system

-libs_read_lib( +logging_send_syslog_msg( - domain + ? )
@@ -21324,42 +28818,25 @@ system

-Read files in the library directories, such -as static libraries. +Summary is missing!

-Module: -libraries

+Module: +logging

Layer: system

-libs_run_ldconfig( - - - - - domain - - - - , - - - - role - +logging_write_generic_logs( - , - - terminal + ? )
@@ -21367,20 +28844,20 @@ system

-Execute ldconfig in the ldconfig domain. +Summary is missing!

-Module: -libraries

-Layer: -system

+Module: +logrotate

+Layer: +admin

-libs_rw_ld_so_cache( +logrotate_domtrans( @@ -21393,21 +28870,20 @@ system

-Modify the dynamic link/loader's cached listing -of shared libraries. +Execute logrotate in the logrotate domain.

-Module: -libraries

-Layer: -system

+Module: +logrotate

+Layer: +admin

-libs_search_lib( +logrotate_dontaudit_use_fd( @@ -21420,20 +28896,20 @@ system

-Search lib directories. +Do not audit attempts to inherit logrotate file descriptors.

-Module: -libraries

-Layer: -system

+Module: +logrotate

+Layer: +admin

-libs_use_ld_so( +logrotate_exec( @@ -21446,26 +28922,41 @@ system

-Use the dynamic link/loader for automatic loading -of shared libraries. +Execute logrotate in the caller domain.

-Module: -libraries

-Layer: -system

+Module: +logrotate

+Layer: +admin

-libs_use_shared_libs( +logrotate_run( + + + + + domain + + + + , + + + + role + + , + - domain + terminal )
@@ -21473,20 +28964,21 @@ system

-Load and execute functions from shared libraries. +Execute logrotate in the logrotate domain, and +allow the specified role the logrotate domain.

-Module: -locallogin

+Module: +lvm

Layer: system

-locallogin_domtrans( +lvm_domtrans( @@ -21497,22 +28989,16 @@ system

)

-Execute local logins in the local login domain. -

-Module: -locallogin

+Module: +lvm

Layer: system

-locallogin_signull( +lvm_read_config( @@ -21523,22 +29009,16 @@ system

)

-Send a null signal to local login processes. -

-Module: -locallogin

+Module: +lvm

Layer: system

-locallogin_use_fd( +lvm_run( @@ -21546,56 +29026,40 @@ system

domain - )
-

- -

-Allow processes to inherit local login file descriptors -

- -

-Module: -logging

-Layer: -system

-
-logging_append_all_logs(
+		
+			,
+		
+		
+		
+		role
+		
 	
 		
+			,
+		
 		
 		
-		?
+		terminal
 		
 	
 	)

 

-Summary is missing! -

-Module: -logging

+Module: +miscfiles

Layer: system

-logging_create_log( +miscfiles_exec_tetex_data( - ? + domain )
@@ -21603,25 +29067,25 @@ system

-Summary is missing! +Execute TeX data programs in the caller domain.

-Module: -logging

+Module: +miscfiles

Layer: system

-logging_dontaudit_getattr_all_logs( +miscfiles_legacy_read_localization( - ? + domain )
@@ -21629,20 +29093,20 @@ system

-Summary is missing! +Allow process to read legacy time localization info

-Module: -logging

+Module: +miscfiles

Layer: system

-logging_exec_all_logs( +miscfiles_read_fonts( @@ -21655,25 +29119,25 @@ system

-Execute all log files in the caller domain. +Read fonts

-Module: -logging

+Module: +miscfiles

Layer: system

-logging_log_file( +miscfiles_read_localization( - ? + domain )
@@ -21681,25 +29145,25 @@ system

-Summary is missing! +Allow process to read localization info

-Module: -logging

+Module: +miscfiles

Layer: system

-logging_manage_all_logs( +miscfiles_read_man_pages( - ? + domain )
@@ -21707,25 +29171,25 @@ system

-Summary is missing! +Allow process to read man pages

-Module: -logging

+Module: +miscfiles

Layer: system

-logging_read_all_logs( +miscfiles_read_tetex_data( - ? + domain )
@@ -21733,25 +29197,25 @@ system

-Summary is missing! +Read TeX data

-Module: -logging

+Module: +miscfiles

Layer: system

-logging_read_generic_logs( +miscfiles_rw_man_cache( - ? + domain )
@@ -21759,46 +29223,41 @@ system

-Summary is missing! +Allow process to create files and dirs in /var/cache/man +and /var/catman/

-Module: -logging

+Module: +modutils

Layer: system

 
-logging_rw_generic_logs(
+modutils_domtrans_depmod(
 	
-		?
+		domain
 		
 	)

-Summary is missing! -

-Module: -logging

+Module: +modutils

Layer: system

-logging_rw_log_dir( +modutils_domtrans_insmod( @@ -21809,22 +29268,16 @@ system

)

-Read and write the generic log directory (/var/log). -

-Module: -logging

+Module: +modutils

Layer: system

-logging_search_logs( +modutils_domtrans_update_mods( @@ -21838,13 +29291,13 @@ system

-Module: -logging

+Module: +modutils

Layer: system

 
-logging_send_syslog_msg(
+modutils_exec_depmod(
 	
@@ -21864,13 +29317,13 @@ Summary is missing!

-Module: -logging

+Module: +modutils

Layer: system

 
-logging_write_generic_logs(
+modutils_exec_insmod(
 	
@@ -21890,18 +29343,18 @@ Summary is missing!

-Module: -logrotate

-Layer: -admin

+Module: +modutils

+Layer: +system

-logrotate_domtrans( +modutils_exec_update_mods( - domain + ? )
@@ -21909,20 +29362,20 @@ admin

-Execute logrotate in the logrotate domain. +Summary is missing!

-Module: -logrotate

-Layer: -admin

+Module: +modutils

+Layer: +system

-logrotate_dontaudit_use_fd( +modutils_read_mods_deps( @@ -21933,22 +29386,16 @@ admin

)

-Do not audit attempts to inherit logrotate file descriptors. -

-Module: -logrotate

-Layer: -admin

+Module: +modutils

+Layer: +system

-logrotate_exec( +modutils_read_module_conf( @@ -21959,22 +29406,16 @@ admin

)

-Execute logrotate in the caller domain. -

-Module: -logrotate

-Layer: -admin

+Module: +modutils

+Layer: +system

-logrotate_run( +modutils_run_depmod( @@ -22001,23 +29442,16 @@ admin

)

-Execute logrotate in the logrotate domain, and -allow the specified role the logrotate domain. -

-Module: -lvm

+Module: +modutils

Layer: system

-lvm_domtrans( +modutils_run_insmod( @@ -22025,24 +29459,20 @@ system

domain - )
-

- -

-Module: -lvm

-Layer: -system

- -lvm_read_config( + + , + + + + role + + , - domain + + terminal )
@@ -22051,13 +29481,13 @@ system

-Module: -lvm

+Module: +modutils

Layer: system

-lvm_run( +modutils_run_update_mods( @@ -22087,13 +29517,13 @@ system

-Module: -miscfiles

+Module: +mount

Layer: system

-miscfiles_legacy_read_localization( +mount_domtrans( @@ -22107,13 +29537,13 @@ system

-Module: -miscfiles

+Module: +mount

Layer: system

-miscfiles_read_fonts( +mount_run( @@ -22121,24 +29551,20 @@ system

domain - )
-

- -

-Module: -miscfiles

-Layer: -system

- -miscfiles_read_localization( + + , + + + + role + + , + - domain + terminal )
@@ -22147,13 +29573,13 @@ system

-Module: -miscfiles

+Module: +mount

Layer: system

-miscfiles_read_man_pages( +mount_send_nfs_client_request( @@ -22167,13 +29593,13 @@ system

-Module: -miscfiles

+Module: +mount

Layer: system

-miscfiles_rw_man_cache( +mount_use_fd( @@ -22187,13 +29613,13 @@ system

-Module: -modutils

-Layer: -system

+Module: +mta

+Layer: +services

-modutils_domtrans_depmod( +mta_dontaudit_read_spool_symlink( @@ -22204,56 +29630,75 @@ system

)

+Do not audit attempts to read a symlink +in the mail spool. +

-Module: -modutils

-Layer: -system

+Module: +mta

+Layer: +services

 
-modutils_domtrans_insmod(
+mta_exec(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -modutils

-Layer: -system

+Module: +mta

+Layer: +services

 
-modutils_domtrans_update_mods(
+mta_getattr_spool(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -modutils

-Layer: -system

+Module: +mta

+Layer: +services

 
-modutils_exec_depmod(
+mta_mailserver(
 	
@@ -22273,13 +29718,13 @@ Summary is missing!

-Module: -modutils

-Layer: -system

+Module: +mta

+Layer: +services

 
-modutils_exec_insmod(
+mta_manage_queue(
 	
@@ -22299,13 +29744,13 @@ Summary is missing!

-Module: -modutils

-Layer: -system

+Module: +mta

+Layer: +services

 
-modutils_exec_update_mods(
+mta_manage_spool(
 	
@@ -22325,13 +29770,13 @@ Summary is missing!

-Module: -modutils

-Layer: -system

+Module: +mta

+Layer: +services

-modutils_read_mods_deps( +mta_read_aliases( @@ -22345,105 +29790,91 @@ system

-Module: -modutils

-Layer: -system

+Module: +mta

+Layer: +services

 
-modutils_read_module_conf(
+mta_rw_aliases(
 	
-		domain
+		?
 		
 	)

+Summary is missing! +

-Module: -modutils

-Layer: -system

+Module: +mta

+Layer: +services

 
-modutils_run_depmod(
-	
-		
-		
-		
-		domain
-		
-	
-		
-			,
-		
-		
-		
-		role
-		
+mta_rw_spool(
 	
 		
-			,
-		
 		
 		
-		terminal
+		?
 		
 	
 	)

 

+Summary is missing! +

-Module: -modutils

-Layer: -system

+Module: +mta

+Layer: +services

 
-modutils_run_insmod(
-	
-		
-		
-		
-		domain
-		
-	
-		
-			,
-		
-		
-		
-		role
-		
+mta_send_mail(
 	
 		
-			,
-		
 		
 		
-		terminal
+		?
 		
 	
 	)

 

+Summary is missing! +

-Module: -modutils

-Layer: -system

+Module: +mta

+Layer: +services

-modutils_run_update_mods( +mta_sendmail_mailserver( @@ -22456,30 +29887,29 @@ system

- role - - - - , - - - - terminal + entry_point )

+Modified mailserver interface for +sendmail daemon use. +

-Module: -mount

-Layer: -system

+Module: +netutils

+Layer: +admin

-mount_domtrans( +netutils_domtrans( @@ -22490,16 +29920,22 @@ system

)

+Execute network utilities in the netutils domain. +

-Module: -mount

-Layer: -system

+Module: +netutils

+Layer: +admin

-mount_run( +netutils_domtrans_ping( @@ -22507,35 +29943,25 @@ system

domain - - , - - - - role - - - - , - - - - terminal - - )

+Execute ping in the ping domain. +

-Module: -mount

-Layer: -system

+Module: +netutils

+Layer: +admin

-mount_send_nfs_client_request( +netutils_domtrans_traceroute( @@ -22546,16 +29972,22 @@ system

)

+Execute traceroute in the traceroute domain. +

-Module: -mount

-Layer: -system

+Module: +netutils

+Layer: +admin

-mount_use_fd( +netutils_exec( @@ -22566,21 +29998,27 @@ system

)

+Execute network utilities in the caller domain. +

-Module: -mta

-Layer: -services

+Module: +netutils

+Layer: +admin

-mta_exec( +netutils_exec_ping( - ? + domain )
@@ -22588,25 +30026,25 @@ services

-Summary is missing! +Execute ping in the caller domain.

-Module: -mta

-Layer: -services

+Module: +netutils

+Layer: +admin

-mta_getattr_spool( +netutils_exec_traceroute( - ? + domain )
@@ -22614,25 +30052,41 @@ services

-Summary is missing! +Execute traceroute in the caller domain.

-Module: -mta

-Layer: -services

+Module: +netutils

+Layer: +admin

-mta_mailserver( +netutils_run( - ? + domain + + + + , + + + + role + + + + , + + + + terminal )
@@ -22640,25 +30094,42 @@ services

-Summary is missing! +Execute network utilities in the netutils domain, and +allow the specified role the netutils domain.

-Module: -mta

-Layer: -services

+Module: +netutils

+Layer: +admin

-mta_manage_queue( +netutils_run_ping( - ? + domain + + + + , + + + + role + + + + , + + + + terminal )
@@ -22666,25 +30137,42 @@ services

-Summary is missing! +Execute ping in the ping domain, and +allow the specified role the ping domain.

-Module: -mta

-Layer: -services

+Module: +netutils

+Layer: +admin

-mta_manage_spool( +netutils_run_traceroute( - ? + domain + + + + , + + + + role + + + + , + + + + terminal )
@@ -22692,20 +30180,21 @@ services

-Summary is missing! +Execute traceroute in the traceroute domain, and +allow the specified role the traceroute domain.

-Module: -mta

+Module: +nis

Layer: services

-mta_read_aliases( +nis_list_var_yp( @@ -22716,21 +30205,27 @@ services

)

+Send UDP network traffic to NIS clients. +

-Module: -mta

+Module: +nis

Layer: services

-mta_rw_aliases( +nis_udp_sendto_ypbind( - ? + domain )
@@ -22738,25 +30233,25 @@ services

-Summary is missing! +Send UDP network traffic to NIS clients.

-Module: -mta

+Module: +nis

Layer: services

-mta_rw_spool( +nis_use_ypbind( - ? + domain )
@@ -22764,25 +30259,25 @@ services

-Summary is missing! +Use the ypbind service to access NIS services.

-Module: -mta

+Module: +nscd

Layer: services

-mta_send_mail( +nscd_domtrans( - ? + domain )
@@ -22790,20 +30285,20 @@ services

-Summary is missing! +Execute NSCD in the nscd domain.

-Module: -mta

+Module: +nscd

Layer: services

-mta_sendmail_mailserver( +nscd_read_pid( @@ -22811,34 +30306,25 @@ services

domain - - , - - - - entry_point - - )

-Modified mailserver interface for -sendmail daemon use. +Read NSCD pid file.

-Module: -netutils

-Layer: -admin

+Module: +nscd

+Layer: +services

-netutils_domtrans( +nscd_unconfined( @@ -22851,20 +30337,20 @@ admin

-Execute network utilities in the netutils domain. +Unconfined access to NSCD services.

-Module: -netutils

-Layer: -admin

+Module: +nscd

+Layer: +services

-netutils_domtrans_ping( +nscd_use_shared_mem( @@ -22877,20 +30363,21 @@ admin

-Execute ping in the ping domain. +Use NSCD services by mapping the database from +an inherited NSCD file descriptor.

-Module: -netutils

-Layer: -admin

+Module: +nscd

+Layer: +services

-netutils_domtrans_traceroute( +nscd_use_socket( @@ -22903,20 +30390,21 @@ admin

-Execute traceroute in the traceroute domain. +Use NSCD services by connecting using +a unix stream socket.

-Module: -netutils

-Layer: -admin

+Module: +pcmcia

+Layer: +system

-netutils_exec( +pcmcia_domtrans_cardctl( @@ -22929,20 +30417,20 @@ admin

-Execute network utilities in the caller domain. +Execute cardctl in the cardmgr domain.

-Module: -netutils

-Layer: -admin

+Module: +pcmcia

+Layer: +system

-netutils_exec_ping( +pcmcia_domtrans_cardmgr( @@ -22955,20 +30443,20 @@ admin

-Execute ping in the caller domain. +Execute cardmgr in the cardmgr domain.

-Module: -netutils

-Layer: -admin

+Module: +pcmcia

+Layer: +system

-netutils_exec_traceroute( +pcmcia_manage_pid( @@ -22981,20 +30469,21 @@ admin

-Execute traceroute in the caller domain. +Create, read, write, and delete +cardmgr pid files.

-Module: -netutils

-Layer: -admin

+Module: +pcmcia

+Layer: +system

-netutils_run( +pcmcia_manage_runtime_chr( @@ -23002,42 +30491,26 @@ admin

domain - - , - - - - role - - - - , - - - - terminal - - )

-Execute network utilities in the netutils domain, and -allow the specified role the netutils domain. +Create, read, write, and delete +cardmgr runtime character nodes.

-Module: -netutils

-Layer: -admin

+Module: +pcmcia

+Layer: +system

-netutils_run_ping( +pcmcia_read_pid( @@ -23045,42 +30518,25 @@ admin

domain - - , - - - - role - - - - , - - - - terminal - - )

-Execute ping in the ping domain, and -allow the specified role the ping domain. +Read cardmgr pid files.

-Module: -netutils

-Layer: -admin

+Module: +pcmcia

+Layer: +system

-netutils_run_traceroute( +pcmcia_run_cardctl( @@ -23109,21 +30565,21 @@ admin

-Execute traceroute in the traceroute domain, and -allow the specified role the traceroute domain. +Execute cardmgr in the cardctl domain, and +allow the specified role the cardmgr domain.

-Module: -nis

-Layer: -services

+Module: +raid

+Layer: +system

-nis_list_var_yp( +raid_domtrans_mdadm( @@ -23136,20 +30592,20 @@ services

-Send UDP network traffic to NIS clients. +Execute software raid tools in the mdadm domain.

-Module: -nis

-Layer: -services

+Module: +raid

+Layer: +system

-nis_udp_sendto_ypbind( +raid_manage_mdadm_pid( @@ -23162,20 +30618,20 @@ services

-Send UDP network traffic to NIS clients. +Create, read, write, and delete the mdadm pid files.

-Module: -nis

+Module: +remotelogin

Layer: services

-nis_use_ypbind( +remotelogin_domtrans( @@ -23186,22 +30642,16 @@ services

)

-Use the ypbind service to access NIS services. -

-Module: -remotelogin

-Layer: -services

+Module: +rpm

+Layer: +admin

-remotelogin_domtrans( +rpm_domtrans( @@ -23212,16 +30662,22 @@ services

)

+Execute rpm programs in the rpm domain. +

-Module: +Module: rpm

Layer: admin

-rpm_domtrans( +rpm_manage_db( @@ -23234,20 +30690,20 @@ admin

-Execute rpm programs in the rpm domain. +Create, read, write, and delete the RPM package database.

-Module: +Module: rpm

Layer: admin

-rpm_manage_db( +rpm_manage_log( @@ -23260,14 +30716,14 @@ admin

-Create, read, write, and delete the RPM package database. +Create, read, write, and delete the RPM log.

-Module: +Module: rpm

Layer: admin

@@ -23293,7 +30749,7 @@ Read the RPM package database.

-Module: +Module: rpm

Layer: admin

@@ -23312,14 +30768,14 @@ admin

-Read from a RPM pipe. +Read from an unnamed RPM pipe.

-Module: +Module: rpm

Layer: admin

@@ -23361,7 +30817,33 @@ Execute RPM programs in the RPM domain.

-Module: +Module: +rpm

+Layer: +admin

+
+rpm_rw_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Read and write an unnamed RPM pipe. +

+ +

+Module: rpm

Layer: admin

@@ -23387,7 +30869,33 @@ Inherit and use file descriptors from RPM.

-Module: +Module: +rpm

+Layer: +admin

+
+rpm_use_script_fd(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Inherit and use file descriptors from RPM scripts. +

+ +

+Module: selinux

Layer: kernel

@@ -23404,10 +30912,16 @@ kernel

)

+Allows caller to compute an access vector. +

-Module: +Module: selinux

Layer: kernel

@@ -23424,10 +30938,16 @@ kernel

)

+ +

-Module: +Module: selinux

Layer: kernel

@@ -23444,10 +30964,16 @@ kernel

)

+ +

-Module: +Module: selinux

Layer: kernel

@@ -23464,10 +30990,42 @@ kernel

)

+Allows caller to compute possible contexts for a user. +

+ +

+Module: +selinux

+Layer: +kernel

+
+selinux_dontaudit_search_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to search selinuxfs. +

-Module: +Module: selinux

Layer: kernel

@@ -23484,10 +31042,17 @@ kernel

)

+Allows the caller to get the mode of policy enforcement +(enforcing or permissive mode). +

-Module: +Module: selinux

Layer: kernel

@@ -23504,10 +31069,16 @@ kernel

)

+Gets the caller the mountpoint of the selinuxfs filesystem. +

-Module: +Module: selinux

Layer: kernel

@@ -23524,10 +31095,16 @@ kernel

)

+Allow caller to load the policy into the kernel. +

-Module: +Module: selinux

Layer: kernel

@@ -23556,10 +31133,17 @@ kernel

)

+Allow caller to set the state of Booleans to +enable or disable conditional portions of the policy. +

-Module: +Module: selinux

Layer: kernel

@@ -23576,10 +31160,17 @@ kernel

)

+Allow caller to set the mode of policy enforcement +(enforcing or permissive mode). +

-Module: +Module: selinux

Layer: kernel

@@ -23596,10 +31187,16 @@ kernel

)

+Allow caller to set selinux security parameters. +

-Module: +Module: selinux

Layer: kernel

@@ -23616,10 +31213,16 @@ kernel

)

+Unconfined access to the SELinux security server. +

-Module: +Module: selinux

Layer: kernel

@@ -23636,10 +31239,16 @@ kernel

)

+Allows caller to validate security contexts. +

-Module: +Module: sendmail

Layer: services

@@ -23659,7 +31268,7 @@ services

-Module: +Module: selinuxutil

Layer: system

@@ -23685,7 +31294,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -23705,7 +31314,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -23725,7 +31334,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -23745,7 +31354,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -23765,7 +31374,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -23785,7 +31394,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -23805,7 +31414,34 @@ system

-Module: +Module: +selinuxutil

+Layer: +system

+
+seutil_dontaudit_search_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Do not audit attempts to search the SELinux +configuration directory (/etc/selinux). +

+ +

+Module: selinuxutil

Layer: system

@@ -23825,7 +31461,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -23851,7 +31487,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -23877,7 +31513,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -23903,7 +31539,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -23929,7 +31565,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -23955,7 +31591,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -23981,7 +31617,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -24007,7 +31643,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -24033,7 +31669,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -24059,7 +31695,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -24085,7 +31721,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -24111,7 +31747,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -24137,7 +31773,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -24163,7 +31799,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -24183,7 +31819,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -24219,7 +31855,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -24255,7 +31891,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -24291,7 +31927,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -24327,7 +31963,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -24363,7 +31999,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -24399,7 +32035,7 @@ system

-Module: +Module: selinuxutil

Layer: system

@@ -24425,7 +32061,7 @@ Search the policy directory with default_context files.

-Module: +Module: selinuxutil

Layer: system

@@ -24451,7 +32087,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -24477,7 +32113,7 @@ Summary is missing!

-Module: +Module: selinuxutil

Layer: system

@@ -24503,7 +32139,7 @@ Summary is missing!

-Module: +Module: ssh

Layer: services

@@ -24527,7 +32163,7 @@ services

-Module: +Module: storage

Layer: kernel

@@ -24553,7 +32189,33 @@ Create block devices in /dev with the fixed disk type.

-Module: +Module: +storage

+Layer: +kernel

+
+storage_create_fixed_disk_tmpfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Create fixed disk device nodes on a tmpfs filesystem. +

+ +

+Module: storage

Layer: kernel

@@ -24580,7 +32242,7 @@ the attributes of fixed disk device nodes.

-Module: +Module: storage

Layer: kernel

@@ -24607,7 +32269,7 @@ the attributes of removable devices device nodes.

-Module: +Module: storage

Layer: kernel

@@ -24634,7 +32296,7 @@ the attributes of fixed disk device nodes.

-Module: +Module: storage

Layer: kernel

@@ -24661,7 +32323,7 @@ the attributes of removable devices device nodes.

-Module: +Module: storage

Layer: kernel

@@ -24688,7 +32350,7 @@ device nodes.

-Module: +Module: storage

Layer: kernel

@@ -24715,7 +32377,7 @@ devices device nodes.

-Module: +Module: storage

Layer: kernel

@@ -24742,7 +32404,7 @@ the generic SCSI interface device nodes.

-Module: +Module: storage

Layer: kernel

@@ -24769,7 +32431,7 @@ for the SCSI generic inerface.

-Module: +Module: storage

Layer: kernel

@@ -24796,7 +32458,7 @@ of device nodes of tape devices.

-Module: +Module: storage

Layer: kernel

@@ -24822,7 +32484,7 @@ Create, read, write, and delete fixed disk device nodes.

-Module: +Module: storage

Layer: kernel

@@ -24851,7 +32513,7 @@ should only be used by trusted domains.

-Module: +Module: storage

Layer: kernel

@@ -24880,7 +32542,7 @@ should only be used by trusted domains.

-Module: +Module: storage

Layer: kernel

@@ -24910,7 +32572,7 @@ should only be used by trusted domains.

-Module: +Module: storage

Layer: kernel

@@ -24939,7 +32601,7 @@ should only be used by trusted domains.

-Module: +Module: storage

Layer: kernel

@@ -24968,7 +32630,7 @@ should only be used by trusted domains.

-Module: +Module: storage

Layer: kernel

@@ -24998,7 +32660,7 @@ should only be used by trusted domains.

-Module: +Module: storage

Layer: kernel

@@ -25028,7 +32690,7 @@ should only be used by trusted domains.

-Module: +Module: storage

Layer: kernel

@@ -25055,7 +32717,7 @@ a tape device.

-Module: +Module: storage

Layer: kernel

@@ -25081,7 +32743,7 @@ Relabel fixed disk device nodes.

-Module: +Module: storage

Layer: kernel

@@ -25108,7 +32770,7 @@ for the SCSI generic inerface.

-Module: +Module: storage

Layer: kernel

@@ -25135,7 +32797,7 @@ device nodes.

-Module: +Module: storage

Layer: kernel

@@ -25162,7 +32824,7 @@ devices device nodes.

-Module: +Module: storage

Layer: kernel

@@ -25189,7 +32851,7 @@ the generic SCSI interface device nodes.

-Module: +Module: storage

Layer: kernel

@@ -25216,7 +32878,7 @@ of device nodes of tape devices.

-Module: +Module: storage

Layer: kernel

@@ -25242,7 +32904,7 @@ Enable a fixed disk device as swap space

-Module: +Module: storage

Layer: kernel

@@ -25268,7 +32930,7 @@ Unconfined access to storage devices.

-Module: +Module: storage

Layer: kernel

@@ -25298,13 +32960,40 @@ should only be used by trusted domains.

-Module: +Module: storage

Layer: kernel

 
-storage_write_tape_device(
+storage_write_tape_device(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Allow the caller to directly read +a tape device. +

+ +

+Module: +sysnetwork

+Layer: +system

+ +sysnet_domtrans_dhcpc( @@ -25315,23 +33004,16 @@ kernel

)

-Allow the caller to directly read -a tape device. -

-Module: +Module: sysnetwork

Layer: system

-sysnet_domtrans_dhcpc( +sysnet_domtrans_ifconfig( @@ -25345,13 +33027,13 @@ system

-Module: +Module: sysnetwork

Layer: system

-sysnet_domtrans_ifconfig( +sysnet_kill_dhcpc( @@ -25362,16 +33044,22 @@ system

)

+Send a kill signal to the dhcp client. +

-Module: +Module: sysnetwork

Layer: system

-sysnet_kill_dhcpc( +sysnet_manage_config( @@ -25384,14 +33072,14 @@ system

-Send a kill signal to the dhcp client. +Create, read, write, and delete network config files.

-Module: +Module: sysnetwork

Layer: system

@@ -25417,7 +33105,7 @@ Allow network init to read network config files.

-Module: +Module: sysnetwork

Layer: system

@@ -25443,7 +33131,7 @@ Read the dhcp client pid file.

-Module: +Module: sysnetwork

Layer: system

@@ -25469,7 +33157,7 @@ Read dhcp client state files.

-Module: +Module: sysnetwork

Layer: system

@@ -25505,7 +33193,7 @@ system

-Module: +Module: sysnetwork

Layer: system

@@ -25531,7 +33219,7 @@ Read and write dhcp configuration files.

-Module: +Module: sysnetwork

Layer: system

@@ -25557,7 +33245,7 @@ Send a SIGCHLD signal to the dhcp client.

-Module: +Module: sysnetwork

Layer: system

@@ -25583,7 +33271,7 @@ Send a generic signal to the dhcp client.

-Module: +Module: sysnetwork

Layer: system

@@ -25609,7 +33297,7 @@ Send a null signal to the dhcp client.

-Module: +Module: sysnetwork

Layer: system

@@ -25635,7 +33323,7 @@ Send a SIGSTOP signal to the dhcp client.

-Module: +Module: terminal

Layer: kernel

@@ -25663,7 +33351,27 @@ kernel

-Module: +Module: +terminal

+Layer: +kernel

+
+term_dontaudit_getattr_all_user_ptys(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: terminal

Layer: kernel

@@ -25683,7 +33391,27 @@ kernel

-Module: +Module: +terminal

+Layer: +kernel

+
+term_dontaudit_getattr_unallocated_ttys(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: terminal

Layer: kernel

@@ -25703,7 +33431,7 @@ kernel

-Module: +Module: terminal

Layer: kernel

@@ -25723,7 +33451,7 @@ kernel

-Module: +Module: terminal

Layer: kernel

@@ -25743,7 +33471,7 @@ kernel

-Module: +Module: terminal

Layer: kernel

@@ -25763,7 +33491,7 @@ kernel

-Module: +Module: terminal

Layer: kernel

@@ -25783,7 +33511,7 @@ kernel

-Module: +Module: terminal

Layer: kernel

@@ -25803,7 +33531,7 @@ kernel

-Module: +Module: terminal

Layer: kernel

@@ -25823,7 +33551,7 @@ kernel

-Module: +Module: terminal

Layer: kernel

@@ -25843,7 +33571,7 @@ kernel

-Module: +Module: terminal

Layer: kernel

@@ -25863,7 +33591,7 @@ kernel

-Module: +Module: terminal

Layer: kernel

@@ -25883,7 +33611,7 @@ kernel

-Module: +Module: terminal

Layer: kernel

@@ -25903,7 +33631,7 @@ kernel

-Module: +Module: terminal

Layer: kernel

@@ -25914,7 +33642,220 @@ kernel

- pty_type + pty_type + + + )
+

+ +

+Module: +terminal

+Layer: +kernel

+
+term_pty(
+	
+		
+		
+		
+		pty_type
+		
+	
+	)

+

+ +

+Module: +terminal

+Layer: +kernel

+
+term_relabel_all_user_ptys(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: +terminal

+Layer: +kernel

+
+term_relabel_all_user_ttys(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: +terminal

+Layer: +kernel

+
+term_relabel_unallocated_ttys(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: +terminal

+Layer: +kernel

+
+term_relabelto_all_user_ptys(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Relabel to all user ptys. +

+ +

+Module: +terminal

+Layer: +kernel

+
+term_reset_tty_labels(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: +terminal

+Layer: +kernel

+
+term_setattr_all_user_ptys(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Set the attributes of all user +pty device nodes. +

+ +

+Module: +terminal

+Layer: +kernel

+
+term_setattr_all_user_ttys(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: +terminal

+Layer: +kernel

+
+term_setattr_console(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Module: +terminal

+Layer: +kernel

+ +term_setattr_unallocated_ttys( + + + + + domain )
@@ -25923,18 +33864,18 @@ kernel

-Module: +Module: terminal

Layer: kernel

-term_pty( +term_tty( - pty_type + tty_type )
@@ -25943,13 +33884,13 @@ kernel

-Module: +Module: terminal

Layer: kernel

-term_relabel_all_user_ptys( +term_use_all_terms( @@ -25963,13 +33904,13 @@ kernel

-Module: +Module: terminal

Layer: kernel

-term_relabel_all_user_ttys( +term_use_all_user_ptys( @@ -25983,13 +33924,13 @@ kernel

-Module: +Module: terminal

Layer: kernel

-term_relabel_unallocated_ttys( +term_use_all_user_ttys( @@ -26003,13 +33944,13 @@ kernel

-Module: +Module: terminal

Layer: kernel

-term_reset_tty_labels( +term_use_console( @@ -26023,13 +33964,13 @@ kernel

-Module: +Module: terminal

Layer: kernel

-term_setattr_all_user_ttys( +term_use_controlling_term( @@ -26043,13 +33984,13 @@ kernel

-Module: +Module: terminal

Layer: kernel

-term_setattr_console( +term_use_generic_pty( @@ -26063,13 +34004,13 @@ kernel

-Module: +Module: terminal

Layer: kernel

-term_setattr_unallocated_ttys( +term_use_unallocated_tty( @@ -26083,18 +34024,26 @@ kernel

-Module: +Module: terminal

Layer: kernel

-term_tty( +term_user_pty( - tty_type + userdomain + + + + , + + + + object_type )
@@ -26103,13 +34052,13 @@ kernel

-Module: +Module: terminal

Layer: kernel

-term_use_all_terms( +term_write_all_user_ttys( @@ -26123,13 +34072,13 @@ kernel

-Module: +Module: terminal

Layer: kernel

-term_use_all_user_ptys( +term_write_console( @@ -26143,13 +34092,13 @@ kernel

-Module: +Module: terminal

Layer: kernel

-term_use_all_user_ttys( +term_write_unallocated_ttys( @@ -26163,13 +34112,13 @@ kernel

-Module: -terminal

-Layer: -kernel

+Module: +udev

+Layer: +system

-term_use_console( +udev_domtrans( @@ -26180,16 +34129,22 @@ kernel

)

+Execute udev in the udev domain. +

-Module: -terminal

-Layer: -kernel

+Module: +udev

+Layer: +system

-term_use_controlling_term( +udev_donaudit_rw_unix_dgram_socket( @@ -26200,16 +34155,23 @@ kernel

)

+Do not audit attempts to read or write +to a udev unix datagram socket. +

-Module: -terminal

-Layer: -kernel

+Module: +udev

+Layer: +system

-term_use_generic_pty( +udev_read_db( @@ -26220,16 +34182,22 @@ kernel

)

+Allow process to read list of devices. +

-Module: -terminal

-Layer: -kernel

+Module: +udev

+Layer: +system

-term_use_unallocated_tty( +udev_rw_db( @@ -26240,44 +34208,48 @@ kernel

)

+Allow process to modify list of devices. +

-Module: -terminal

-Layer: -kernel

+Module: +unconfined

+Layer: +system

 
-term_user_pty(
+unconfined_domtrans(
 	
 		
 		
 		
-		userdomain
-		
-	
-		
-			,
-		
-		
-		
-		object_type
+		domain
 		
 	
 	)

 

+Transition to the unconfined domain. +

-Module: -terminal

-Layer: -kernel

+Module: +unconfined

+Layer: +system

-term_write_all_user_ttys( +unconfined_dontaudit_rw_tcp_socket( @@ -26288,16 +34260,23 @@ kernel

)

+Do not audit attempts to read or write +unconfined domain tcp sockets. +

-Module: -terminal

-Layer: -kernel

+Module: +unconfined

+Layer: +system

-term_write_console( +unconfined_role( @@ -26308,16 +34287,22 @@ kernel

)

+Add the unconfined domain to the specified role. +

-Module: -terminal

-Layer: -kernel

+Module: +unconfined

+Layer: +system

-term_write_unallocated_ttys( +unconfined_run( @@ -26325,19 +34310,35 @@ kernel

domain + + , + + + + role + + + + , + + + + terminal + + )

-Module: -udev

+Module: +unconfined

Layer: system

-udev_domtrans( +unconfined_rw_pipe( @@ -26348,16 +34349,22 @@ system

)

+Read and write unconfined domain unnamed pipes. +

-Module: -udev

+Module: +unconfined

Layer: system

-udev_read_db( +unconfined_shell_domtrans( @@ -26368,16 +34375,22 @@ system

)

+Transition to the unconfined domain by executing a shell. +

-Module: -udev

+Module: +unconfined

Layer: system

-udev_rw_db( +unconfined_sigchld( @@ -26388,16 +34401,22 @@ system

)

+Send a SIGCHLD signal to the unconfined domain. +

-Module: +Module: unconfined

Layer: system

-unconfined_domtrans_shell( +unconfined_use_fd( @@ -26410,20 +34429,20 @@ system

-Transition to the unconfined domain by executing a shell. +Inherit file descriptors from the unconfined domain.

-Module: -unconfined

+Module: +userdomain

Layer: system

-unconfined_role( +userdom_dontaudit_search_all_users_home( @@ -26436,20 +34455,20 @@ system

-Add the unconfined domain to the specified role. +Do not audit attempts to search all users home directories.

-Module: -unconfined

+Module: +userdomain

Layer: system

-unconfined_rw_pipe( +userdom_dontaudit_search_staff_home_dir( @@ -26462,20 +34481,21 @@ system

-Read and write unconfined domain unnamed pipes. +Do not audit attempts to search the staff +users home directory.

-Module: -unconfined

+Module: +userdomain

Layer: system

-unconfined_sigchld( +userdom_dontaudit_search_sysadm_home_dir( @@ -26488,20 +34508,21 @@ system

-Send a SIGCHLD signal to the unconfined domain. +Do not audit attempts to search the sysadm +users home directory.

-Module: -unconfined

+Module: +userdomain

Layer: system

-unconfined_use_fd( +userdom_dontaudit_use_sysadm_terms( @@ -26514,20 +34535,20 @@ system

-Inherit file descriptors from the unconfined domain. +Do not audit attempts to use sysadm ttys and ptys.

-Module: +Module: userdomain

Layer: system

-userdom_dontaudit_use_sysadm_terms( +userdom_dontaudit_use_sysadm_tty( @@ -26540,14 +34561,14 @@ system

-Do not audit attempts to use admin ttys and ptys. +Do not audit attempts to use sysadm ttys.

-Module: +Module: userdomain

Layer: system

@@ -26574,7 +34595,7 @@ file descriptors from all user domains.

-Module: +Module: userdomain

Layer: system

@@ -26601,7 +34622,7 @@ user ttys.

-Module: +Module: userdomain

Layer: system

@@ -26627,7 +34648,7 @@ Read all files in all users home directories.

-Module: +Module: userdomain

Layer: system

@@ -26653,7 +34674,7 @@ Read files in the staff users home directory.

-Module: +Module: userdomain

Layer: system

@@ -26679,7 +34700,7 @@ Read files in the sysadm users home directory.

-Module: +Module: userdomain

Layer: system

@@ -26705,7 +34726,7 @@ Read and write sysadm user unnamed pipes.

-Module: +Module: userdomain

Layer: system

@@ -26731,7 +34752,59 @@ Search all users home directories.

-Module: +Module: +userdomain

+Layer: +system

+
+userdom_search_staff_home_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search the staff users home directory. +

+ +

+Module: +userdomain

+Layer: +system

+
+userdom_search_sysadm_home_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

+Search the sysadm users home directory. +

+ +

+Module: userdomain

Layer: system

@@ -26757,7 +34830,7 @@ Execute a shell in the sysadm domain.

-Module: +Module: userdomain

Layer: system

@@ -26783,7 +34856,7 @@ Send general signals to all user domains.

-Module: +Module: userdomain

Layer: system

@@ -26809,7 +34882,7 @@ Send general signals to unprivileged user domains.

-Module: +Module: userdomain

Layer: system

@@ -26837,7 +34910,7 @@ caller to use setexeccon().

-Module: +Module: userdomain

Layer: system

@@ -26865,7 +34938,7 @@ caller to use setexeccon().

-Module: +Module: userdomain

Layer: system

@@ -26891,7 +34964,7 @@ Unconfined access to user domains.

-Module: +Module: userdomain

Layer: system

@@ -26917,7 +34990,7 @@ Inherit the file descriptors from all user domains

-Module: +Module: userdomain

Layer: system

@@ -26943,7 +35016,7 @@ Inherit and use sysadm file descriptors

-Module: +Module: userdomain

Layer: system

@@ -26969,7 +35042,7 @@ Read and write sysadm ptys.

-Module: +Module: userdomain

Layer: system

@@ -26995,7 +35068,7 @@ Read and write sysadm ttys and ptys.

-Module: +Module: userdomain

Layer: system

@@ -27021,7 +35094,7 @@ Read and write sysadm ttys.

-Module: +Module: userdomain

Layer: system

@@ -27047,7 +35120,7 @@ Inherit the file descriptors from unprivileged user domains.

-Module: +Module: userdomain

Layer: system

@@ -27073,7 +35146,7 @@ Write all unprivileged users files in /tmp

-Module: +Module: usermanage

Layer: admin

@@ -27093,7 +35166,7 @@ admin

-Module: +Module: usermanage

Layer: admin

@@ -27113,7 +35186,7 @@ admin

-Module: +Module: usermanage

Layer: admin

@@ -27133,7 +35206,7 @@ admin

-Module: +Module: usermanage

Layer: admin

@@ -27153,7 +35226,7 @@ admin

-Module: +Module: usermanage

Layer: admin

@@ -27179,7 +35252,7 @@ Read the crack database.

-Module: +Module: usermanage

Layer: admin

@@ -27215,7 +35288,7 @@ admin

-Module: +Module: usermanage

Layer: admin

@@ -27251,7 +35324,7 @@ admin

-Module: +Module: usermanage

Layer: admin

@@ -27287,7 +35360,7 @@ admin

-Module: +Module: usermanage

Layer: admin

diff --git a/www/api-docs/kernel.html b/www/api-docs/kernel.html index bac7cf2..6ede3e3 100644 --- a/www/api-docs/kernel.html +++ b/www/api-docs/kernel.html @@ -64,15 +64,26 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

Layer: kernel

+Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +

+ +

Module:	Description:
Policy for NIS (YP) servers and clients
+ + nscd	Name service cache daemon
remotelogin	Policy for rshd, rlogind, and telnetd.

diff --git a/www/api-docs/kernel_bootloader.html b/www/api-docs/kernel_bootloader.html index 1eb1921..d9fd853 100644 --- a/www/api-docs/kernel_bootloader.html +++ b/www/api-docs/kernel_bootloader.html @@ -64,9 +64,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -74,8 +80,6 @@

Layer: kernel

Module: bootloader

- -

Description:

Policy for the kernel modules, kernel image, and bootloader.

@@ -85,6 +89,7 @@

Interfaces:

@@ -102,12 +107,12 @@

- -

Description

Summary

Install a kernel into the /boot directory.

Parameters

Module:

Description:

@@ -126,6 +131,7 @@ No +

@@ -143,12 +149,12 @@ No

- -

Description

Summary

Install a system.map into the /boot directory.

Parameters

Parameter:	Description:	Optional:

@@ -167,6 +173,7 @@ No +

@@ -208,6 +215,7 @@ No

@@ -225,13 +233,13 @@ No

- -

Description

Summary

Read and write the bootloader temporary data in /tmp.

Parameters

Parameter:	Description:	Optional:

@@ -250,6 +258,7 @@ No +

@@ -267,12 +276,12 @@ No

- -

Description

Summary

Delete a kernel from /boot.

Parameters

Parameter:	Description:	Optional:

@@ -291,6 +300,7 @@ No +

@@ -308,12 +318,12 @@ No

- -

Description

Summary

Delete a system.map in the /boot directory.

Parameters

Parameter:	Description:	Optional:

@@ -332,6 +342,7 @@ No +

@@ -349,12 +360,12 @@ No

- -

Description

Summary

Execute bootloader in the bootloader domain.

Parameters

Parameter:	Description:	Optional:

@@ -373,6 +384,7 @@ No +

@@ -390,12 +402,12 @@ No

- -

Description

Summary

Do not audit attempts to search the /boot directory.

Parameters

Parameter:	Description:	Optional:

@@ -414,12 +426,13 @@ No +

 
-bootloader_list_kernel_modules(
+bootloader_getattr_kernel_modules(
 	
@@ -431,12 +444,54 @@ No

Summary

+Get the attributes of kernel module files. +

+ + +

Parameters

Parameter:	Description:	Optional:

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+fs_mount_xattr_fs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Mount a persistent filesystem which +has extended attributes, such as +ext3, JFS, or XFS. +

+ +

Parameters

@@ -2193,12 +2585,13 @@ No +

 
-fs_mount_xattr_fs(
+fs_nfs_domtrans(
 	
 		
 		
@@ -2206,16 +2599,44 @@ No
 		domain
 		
 	
+		
+			,
+		
+		
+		
+		target_domain
+		
+	
 	)

 

Summary

+Execute a file on a NFS filesystem +in the specified domain. +

Description

-Mount a persistent filesystem which -has extended attributes, such as -ext3, JFS, or XFS. +

+Execute a file on a NFS filesystem +in the specified domain. This allows +the specified domain to execute any file +on a NFS filesystem in the specified +domain. This is not suggested. +

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+This interface was added to handle +home directories on NFS filesystems, +in particular used by the ssh-agent policy. +

Parameters

@@ -2226,7 +2647,17 @@ ext3, JFS, or XFS. domain

+ +

Parameter:

Description:

Optional:

-The type of the domain mounting the filesystem. +The type of the process performing this action. + +

+No +

+target_domain +

+ +The type of the new process.

No @@ -2236,6 +2667,7 @@ No +

@@ -2253,12 +2685,12 @@ No

- -

Description

Summary

Read files on a CIFS or SMB filesystem.

Parameters

@@ -2277,6 +2709,7 @@ No +

@@ -2294,13 +2727,13 @@ No

- -

Description

Summary

Do not audit attempts to read or write files on a CIFS or SMB filesystems.

Parameters

Parameter:	Description:	Optional:

@@ -2319,6 +2752,7 @@ No +

@@ -2336,12 +2770,12 @@ No

- -

Description

Summary

Read symbolic links on a CIFS or SMB filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -2360,6 +2794,7 @@ No +

@@ -2377,12 +2812,12 @@ No

- -

Description

Summary

Read files on a NFS filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -2401,6 +2836,7 @@ No +

@@ -2418,12 +2854,12 @@ No

- -

Description

Summary

Read symbolic links on a NFS filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -2442,6 +2878,7 @@ No +

@@ -2459,8 +2896,7 @@ No

- -

Description

Summary

Register an interpreter for new binary file types, using the kernel binfmt_misc @@ -2471,6 +2907,7 @@ can be directly executed on a command line without specifying the interpreter.

Parameters

Parameter:	Description:	Optional:

@@ -2490,6 +2927,7 @@ No +

@@ -2507,12 +2945,12 @@ No

- -

Description

Summary

Relabel block nodes on tmpfs filesystems.

Parameters

Parameter:	Description:	Optional:

@@ -2531,6 +2969,7 @@ No +

@@ -2548,12 +2987,12 @@ No

- -

Description

Summary

Relabel character nodes on tmpfs filesystems.

Parameters

Parameter:	Description:	Optional:

@@ -2572,6 +3011,7 @@ No +

@@ -2589,13 +3029,13 @@ No

- -

Description

Summary

Allow changing of the label of a DOS filesystem using the context= mount option.

Parameters

Parameter:	Description:	Optional:

@@ -2614,6 +3054,7 @@ No +

@@ -2631,14 +3072,14 @@ No

- -

Description

Summary

Allow changing of the label of a filesystem with extended attributes using the context= mount option.

Parameters

Parameter:	Description:	Optional:

@@ -2657,6 +3098,7 @@ No +

@@ -2674,13 +3116,13 @@ No

- -

Description

Summary

Remount all filesystems. This allows some mount options to be changed.

Parameters

Parameter:	Description:	Optional:

@@ -2699,6 +3141,7 @@ No +

@@ -2716,13 +3159,13 @@ No

- -

Description

Summary

Remount an automount pseudo filesystem This allows some mount options to be changed.

Parameters

Parameter:	Description:	Optional:

@@ -2741,6 +3184,7 @@ No +

@@ -2758,13 +3202,13 @@ No

- -

Description

Summary

Remount a CIFS or SMB network filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:	Optional:

@@ -2783,6 +3227,7 @@ No +

@@ -2800,14 +3245,14 @@ No

- -

Description

Summary

Remount a DOS filesystem, such as FAT32 or NTFS. This allows some mount options to be changed.

Parameters

Parameter:	Description:	Optional:

@@ -2826,6 +3271,7 @@ No +

@@ -2843,14 +3289,14 @@ No

- -

Description

Summary

Remount an iso9660 filesystem, which is usually used on CDs. This allows some mount options to be changed.

Parameters

Parameter:	Description:	Optional:

@@ -2869,6 +3315,7 @@ No +

@@ -2886,13 +3333,13 @@ No

- -

Description

Summary

Remount a NFS filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:	Optional:

@@ -2911,6 +3358,7 @@ No +

@@ -2928,13 +3376,13 @@ No

- -

Description

Summary

Mount a NFS server pseudo filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:	Optional:

@@ -2953,6 +3401,7 @@ No +

@@ -2970,13 +3419,13 @@ No

- -

Description

Summary

Remount a RAM filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:	Optional:

@@ -2995,6 +3444,7 @@ No +

@@ -3012,13 +3462,13 @@ No

- -

Description

Summary

Remount a ROM filesystem. This allows some mount options to be changed.

Parameters

Parameter:	Description:	Optional:

@@ -3037,6 +3487,7 @@ No +

@@ -3054,13 +3505,13 @@ No

- -

Description

Summary

Remount a RPC pipe filesystem. This allows some mount option to be changed.

Parameters

Parameter:	Description:	Optional:

@@ -3079,6 +3530,7 @@ No +

@@ -3096,12 +3548,12 @@ No

- -

Description

Summary

Remount a tmpfs filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -3120,6 +3572,7 @@ No +

@@ -3137,8 +3590,7 @@ No

- -

Description

Summary

Remount a persistent filesystem which has extended attributes, such as @@ -3146,6 +3598,7 @@ ext3, JFS, or XFS. This allows some mount options to be changed.

Parameters

Parameter:	Description:	Optional:

@@ -3164,6 +3617,7 @@ No +

@@ -3206,12 +3660,13 @@ No

 
-fs_set_all_quotas(
+fs_search_tmpfs(
 	
@@ -3223,12 +3678,54 @@ No

Summary

+Search tmpfs directories. +

+ -

Description

Parameters

Parameter:	Description:	Optional:

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + + +

+ + +

+
+fs_set_all_quotas(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

Set the quotas of all filesystems.

Parameters

@@ -3247,12 +3744,13 @@ No +

 
-fs_type(
+fs_setattr_tmpfs_dir(
 	
@@ -3264,12 +3762,54 @@ No

Summary

+Set the attributes of tmpfs directories. +

+ -

Description

Parameters

Parameter:	Description:	Optional:

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+fs_type(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

Transform specified type into a filesystem type.

Parameters

@@ -3288,6 +3828,7 @@ No +

@@ -3329,6 +3870,7 @@ No

@@ -3346,12 +3888,12 @@ No

- -

Description

Summary

Unmount all filesystems.

Parameters

Parameter:	Description:	Optional:

@@ -3370,6 +3912,7 @@ No +

@@ -3387,12 +3930,12 @@ No

- -

Description

Summary

Unmount an automount pseudo filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -3411,6 +3954,7 @@ No +

@@ -3428,12 +3972,12 @@ No

- -

Description

Summary

Unmount a CIFS or SMB network filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -3452,6 +3996,7 @@ No +

@@ -3469,13 +4014,13 @@ No

- -

Description

Summary

Unmount a DOS filesystem, such as FAT32 or NTFS.

Parameters

Parameter:	Description:	Optional:

@@ -3494,6 +4039,7 @@ No +

@@ -3511,13 +4057,13 @@ No

- -

Description

Summary

Unmount an iso9660 filesystem, which is usually used on CDs.

Parameters

Parameter:	Description:	Optional:

@@ -3536,6 +4082,7 @@ No +

@@ -3553,12 +4100,12 @@ No

- -

Description

Summary

Unmount a NFS filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -3577,6 +4124,7 @@ No +

@@ -3594,12 +4142,12 @@ No

- -

Description

Summary

Unmount a NFS server pseudo filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -3618,6 +4166,7 @@ No +

@@ -3635,12 +4184,12 @@ No

- -

Description

Summary

Unmount a RAM filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -3659,6 +4208,7 @@ No +

@@ -3676,12 +4226,12 @@ No

- -

Description

Summary

Unmount a ROM filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -3700,6 +4250,7 @@ No +

@@ -3717,12 +4268,12 @@ No

- -

Description

Summary

Unmount a RPC pipe filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -3741,6 +4292,7 @@ No +

@@ -3758,12 +4310,12 @@ No

- -

Description

Summary

Unmount a tmpfs filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -3782,6 +4334,7 @@ No +

@@ -3799,14 +4352,14 @@ No

- -

Description

Summary

Unmount a persistent filesystem which has extended attributes, such as ext3, JFS, or XFS.

Parameters

Parameter:	Description:	Optional:

@@ -3825,6 +4378,7 @@ No +

@@ -3842,12 +4396,12 @@ No

- -

Description

Summary

Read and write block nodes on tmpfs filesystems.

Parameters

Parameter:	Description:	Optional:

@@ -3866,6 +4420,7 @@ No +

@@ -3883,12 +4438,12 @@ No

- -

Description

Summary

Read and write character nodes on tmpfs filesystems.

Parameters

Parameter:	Description:	Optional:

diff --git a/www/api-docs/kernel_kernel.html b/www/api-docs/kernel_kernel.html index f2594a2..2c9989b 100644 --- a/www/api-docs/kernel_kernel.html +++ b/www/api-docs/kernel_kernel.html @@ -64,9 +64,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -74,8 +80,6 @@

Layer: kernel

Module: kernel

- -

Description:

@@ -89,6 +93,7 @@ Policy for kernel threads, proc filesystem,and unlabeled processes and objects.

Interfaces:

@@ -130,6 +135,7 @@ No

@@ -147,12 +153,12 @@ No

- -

Description

Summary

Allows the caller to clear the ring buffer.

Parameters

Parameter:	Description:	Optional:

@@ -171,6 +177,7 @@ No +

@@ -188,13 +195,13 @@ No

- -

Description

Summary

Do not audit attempts to get the attributes of core kernel interfaces.

Parameters

Parameter:	Description:	Optional:

@@ -213,6 +220,7 @@ No +

@@ -230,13 +238,13 @@ No

- -

Description

Summary

Do not audit attempts by caller to get the attributes of kernel message interfaces.

Parameters

Parameter:	Description:	Optional:

@@ -255,6 +263,7 @@ No +

@@ -272,13 +281,13 @@ No

- -

Description

Summary

Do not audit attempts by caller to get attributes for unlabeled block devices.

Parameters

Parameter:	Description:	Optional:

@@ -297,6 +306,7 @@ No +

@@ -314,12 +324,12 @@ No

- -

Description

Summary

Do not audit attempts to read the ring buffer.

Parameters

Parameter:	Description:	Optional:

@@ -338,6 +348,7 @@ No +

@@ -355,13 +366,13 @@ No

- -

Description

Summary

Do not audit attempts by caller to -read system state information. +read system state information in proc.

Parameters

Parameter:	Description:	Optional:

@@ -380,6 +391,7 @@ No +

@@ -397,12 +409,12 @@ No

- -

Description

Summary

Do not audit attempts by caller to search sysctl network directories.

Parameters

Parameter:	Description:	Optional:

@@ -421,6 +433,7 @@ No +

@@ -438,12 +451,12 @@ No

- -

Description

Summary

Do not audit attempts by caller to search the sysctl directory.

Parameters

Parameter:	Description:	Optional:

@@ -462,6 +475,7 @@ No +

@@ -479,13 +493,13 @@ No

- -

Description

Summary

Do not audit attempts to use kernel file descriptors.

Parameters

Parameter:	Description:	Optional:

@@ -504,6 +518,7 @@ No +

@@ -521,12 +536,12 @@ No

- -

Description

Summary

Get information on all System V IPC objects.

Parameters

Parameter:	Description:	Optional:

@@ -545,6 +560,7 @@ No +

@@ -562,12 +578,12 @@ No

- -

Description

Summary

Allows caller to get attribues of core kernel interface.

Parameters

Parameter:	Description:	Optional:

@@ -586,6 +602,7 @@ No +

@@ -603,13 +620,13 @@ No

- -

Description

Summary

Allow caller to get the attributes of kernel message interface (/proc/kmsg).

Parameters

Parameter:	Description:	Optional:

@@ -628,12 +645,13 @@ No +

 
-kernel_kill_unlabeled(
+kernel_getattr_proc(
 	
@@ -645,12 +663,12 @@ No

- -

Description

Summary

-Send a kill signal to unlabeled processes. +Get the attributes of the proc filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -659,7 +677,7 @@ Send a kill signal to unlabeled processes. domain

Parameter:

Description:

Optional:

-The type of the process performing this action. +Domain allowed access.

No @@ -669,12 +687,13 @@ No +

 
-kernel_load_module(
+kernel_kill_unlabeled(
 	
@@ -686,12 +705,12 @@ No

- -

Description

Summary

-Allows caller to load kernel modules +Send a kill signal to unlabeled processes.

Parameters

@@ -700,7 +719,7 @@ Allows caller to load kernel modules domain

Parameter:

Description:

Optional:

-The process type to allow to load kernel modules. +The type of the process performing this action.

No @@ -710,12 +729,13 @@ No +

 
-kernel_read_all_sysctl(
+kernel_list_proc(
 	
@@ -727,12 +747,12 @@ No

- -

Description

Summary

-Allow caller to read all sysctls. +List the contents of directories in /proc.

Parameters

@@ -741,7 +761,7 @@ Allow caller to read all sysctls. domain

Parameter:

Description:

Optional:

-The type of the process performing this action. +Domain allowed access.

No @@ -751,12 +771,13 @@ No +

 
-kernel_read_device_sysctl(
+kernel_list_unlabeled(
 	
@@ -768,12 +789,12 @@ No

- -

Description

Summary

-Allow caller to read the device sysctls. +List unlabeled directories.

Parameters

@@ -782,7 +803,7 @@ Allow caller to read the device sysctls. domain

Parameter:

Description:

Optional:

-The process type to allow to read the device sysctls. +Domain allowed access.

No @@ -792,12 +813,13 @@ No +

 
-kernel_read_fs_sysctl(
+kernel_load_module(
 	
@@ -809,12 +831,12 @@ No

- -

Description

Summary

-Read filesystem sysctls. +Allows caller to load kernel modules

Parameters

@@ -823,7 +845,7 @@ Read filesystem sysctls. domain

Parameter:

Description:

Optional:

-The type of the process performing this action. +The process type to allow to load kernel modules.

No @@ -833,12 +855,13 @@ No +

 
-kernel_read_hotplug_sysctl(
+kernel_read_all_sysctl(
 	
@@ -850,12 +873,12 @@ No

- -

Description

Summary

-Read the hotplug sysctl. +Allow caller to read all sysctls.

Parameters

@@ -874,12 +897,13 @@ No +

 
-kernel_read_irq_sysctl(
+kernel_read_device_sysctl(
 	
@@ -891,12 +915,12 @@ No

- -

Description

Summary

-Read IRQ sysctls. +Allow caller to read the device sysctls.

Parameters

Parameter:	Description:	Optional:

@@ -905,7 +929,7 @@ Read IRQ sysctls. domain

Parameter:

Description:

Optional:

-The type of the process performing this action. +The process type to allow to read the device sysctls.

No @@ -915,12 +939,13 @@ No +

 
-kernel_read_kernel_sysctl(
+kernel_read_fs_sysctl(
 	
@@ -932,12 +957,12 @@ No

- -

Description

Summary

-Read generic kernel sysctls. +Read filesystem sysctls.

Parameters

@@ -956,12 +981,13 @@ No +

 
-kernel_read_messages(
+kernel_read_hotplug_sysctl(
 	
@@ -973,13 +999,12 @@ No

- -

Description

Summary

-Allow caller to read kernel messages -using the /proc/kmsg interface. +Read the hotplug sysctl.

Parameters

Parameter:	Description:	Optional:

@@ -988,7 +1013,7 @@ using the /proc/kmsg interface. domain

Parameter:

Description:

Optional:

-The process type reading the messages. +The type of the process performing this action.

No @@ -998,12 +1023,13 @@ No +

 
-kernel_read_modprobe_sysctl(
+kernel_read_irq_sysctl(
 	
@@ -1015,12 +1041,12 @@ No

- -

Description

Summary

-Read the modprobe sysctl. +Read IRQ sysctls.

Parameters

@@ -1039,12 +1065,13 @@ No +

 
-kernel_read_net_sysctl(
+kernel_read_kernel_sysctl(
 	
@@ -1056,12 +1083,12 @@ No

- -

Description

Summary

-Allow caller to read network sysctls. +Read generic kernel sysctls.

Parameters

Parameter:	Description:	Optional:

@@ -1080,12 +1107,13 @@ No +

 
-kernel_read_network_state(
+kernel_read_messages(
 	
@@ -1097,12 +1125,13 @@ No

- -

Description

Summary

-Allow caller to read the network state information. +Allow caller to read kernel messages +using the /proc/kmsg interface.

Parameters

Parameter:	Description:	Optional:

@@ -1111,7 +1140,7 @@ Allow caller to read the network state information. domain

Parameter:

Description:

Optional:

-The process type reading the state. +The process type reading the messages.

No @@ -1121,12 +1150,13 @@ No +

 
-kernel_read_ring_buffer(
+kernel_read_modprobe_sysctl(
 	
@@ -1138,12 +1168,12 @@ No

- -

Description

Summary

-Allows caller to read the ring buffer. +Read the modprobe sysctl.

Parameters

@@ -1152,7 +1182,7 @@ Allows caller to read the ring buffer. domain

Parameter:

Description:

Optional:

-The process type allowed to read the ring buffer. +The type of the process performing this action.

No @@ -1162,17 +1192,18 @@ No +

-kernel_read_rpc_sysctl( +kernel_read_net_sysctl( - ? + domain )
@@ -1181,7 +1212,7 @@ No

Summary

-Summary is missing! +Allow caller to read network sysctls.

@@ -1190,10 +1221,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +The type of the process performing this action.

No @@ -1203,12 +1234,13 @@ No +

 
-kernel_read_software_raid_state(
+kernel_read_network_state(
 	
@@ -1220,12 +1252,12 @@ No

- -

Description

Summary

-Allow caller to read the state information for software raid. +Allow caller to read the network state information.

Parameters

@@ -1234,7 +1266,7 @@ Allow caller to read the state information for software raid. domain

Parameter:

Description:

Optional:

-The process type reading software raid state. +The process type reading the state.

No @@ -1244,12 +1276,13 @@ No +

 
-kernel_read_system_state(
+kernel_read_proc_symlinks(
 	
@@ -1261,12 +1294,12 @@ No

- -

Description

Summary

-Allows caller to read system state information. +Read symbolic links in /proc.

Parameters

@@ -1275,7 +1308,7 @@ Allows caller to read system state information. domain

Parameter:

Description:

Optional:

-The process type reading the system state information. +Domain allowed access.

No @@ -1285,12 +1318,13 @@ No +

 
-kernel_read_unix_sysctl(
+kernel_read_ring_buffer(
 	
@@ -1302,13 +1336,12 @@ No

- -

Description

Summary

-Allow caller to read unix domain -socket sysctls. +Allows caller to read the ring buffer.

Parameters

@@ -1317,7 +1350,7 @@ socket sysctls. domain

Parameter:

Description:

Optional:

-The type of the process performing this action. +The process type allowed to read the ring buffer.

No @@ -1327,38 +1360,39 @@ No +

 
-kernel_read_vm_sysctl(
+kernel_read_rpc_sysctl(
 	
-		domain
+		?
 		
 	)

- -

Description

Summary

-Allow caller to read virtual memory sysctls. +Summary is missing!

Parameters

Parameter:

Description:

Optional:

-domain +?

-The type of the process performing this action. +Parameter descriptions are missing!

No @@ -1368,12 +1402,13 @@ No +

 
-kernel_relabel_unlabeled(
+kernel_read_software_raid_state(
 	
@@ -1385,12 +1420,12 @@ No

- -

Description

Summary

-Allow caller to relabel unlabeled objects. +Allow caller to read the state information for software raid.

Parameters

@@ -1399,7 +1434,7 @@ Allow caller to relabel unlabeled objects. domain

Parameter:

Description:

Optional:

-The process type relabeling the objects. +The process type reading software raid state.

No @@ -1409,39 +1444,39 @@ No +

 
-kernel_rootfs_mountpoint(
+kernel_read_system_state(
 	
-		directory_type
+		domain
 		
 	)

- -

Description

Summary

-Allows the kernel to mount filesystems on -the specified directory type. +Allows caller to read system state information in proc.

Parameters

Parameter:

Description:

Optional:

-directory_type +domain

-The type of the directory to use as a mountpoint. +The process type reading the system state information.

No @@ -1451,12 +1486,13 @@ No +

 
-kernel_rw_all_sysctl(
+kernel_read_unix_sysctl(
 	
@@ -1468,12 +1504,13 @@ No

- -

Description

Summary

-Read and write all sysctls. +Allow caller to read unix domain +socket sysctls.

Parameters

@@ -1492,12 +1529,13 @@ No +

 
-kernel_rw_device_sysctl(
+kernel_read_vm_sysctl(
 	
@@ -1509,12 +1547,12 @@ No

- -

Description

Summary

-Read and write device sysctls. +Allow caller to read virtual memory sysctls.

Parameters

Parameter:	Description:	Optional:

@@ -1533,12 +1571,13 @@ No +

 
-kernel_rw_fs_sysctl(
+kernel_relabel_unlabeled(
 	
@@ -1550,12 +1589,12 @@ No

- -

Description

Summary

-Read and write fileystem sysctls. +Allow caller to relabel unlabeled objects.

Parameters

Parameter:	Description:	Optional:

@@ -1564,7 +1603,7 @@ Read and write fileystem sysctls. domain

Parameter:

Description:

Optional:

-The type of the process performing this action. +The process type relabeling the objects.

No @@ -1574,38 +1613,40 @@ No +

 
-kernel_rw_hotplug_sysctl(
+kernel_rootfs_mountpoint(
 	
-		domain
+		directory_type
 		
 	)

- -

Description

Summary

-Read and write the hotplug sysctl. +Allows the kernel to mount filesystems on +the specified directory type.

Parameters

Parameter:

Description:

Optional:

-domain +directory_type

-The type of the process performing this action. +The type of the directory to use as a mountpoint.

No @@ -1615,12 +1656,13 @@ No +

 
-kernel_rw_irq_sysctl(
+kernel_rw_all_sysctl(
 	
@@ -1632,21 +1674,399 @@ No

- -

Description

Summary

+Read and write all sysctls. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+kernel_rw_device_sysctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write device sysctls. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+kernel_rw_fs_sysctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write fileystem sysctls. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+kernel_rw_hotplug_sysctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write the hotplug sysctl. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+kernel_rw_irq_sysctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write IRQ sysctls. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+kernel_rw_kernel_sysctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write generic kernel sysctls. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+kernel_rw_modprobe_sysctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write the modprobe sysctl. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+kernel_rw_net_sysctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Allow caller to modiry contents of sysctl network files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+kernel_rw_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write kernel unnamed pipes. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+kernel_rw_rpc_sysctl(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

-Read and write IRQ sysctls. +Summary is missing!

Parameters

Parameter:

Description:

Optional:

-domain +?

-The type of the process performing this action. +Parameter descriptions are missing!

No @@ -1656,12 +2076,13 @@ No +

 
-kernel_rw_kernel_sysctl(
+kernel_rw_software_raid_state(
 	
@@ -1673,12 +2094,12 @@ No

- -

Description

Summary

-Read and write generic kernel sysctls. +Allow caller to read and set the state information for software raid.

Parameters

@@ -1687,7 +2108,7 @@ Read and write generic kernel sysctls. domain

Parameter:

Description:

Optional:

-The type of the process performing this action. +The process type reading software raid state.

No @@ -1697,12 +2118,13 @@ No +

 
-kernel_rw_modprobe_sysctl(
+kernel_rw_unix_dgram_socket(
 	
@@ -1714,12 +2136,12 @@ No

- -

Description

Summary

-Read and write the modprobe sysctl. +Read and write kernel unix datagram sockets.

Parameters

@@ -1728,7 +2150,7 @@ Read and write the modprobe sysctl. domain

Parameter:

Description:

Optional:

-The type of the process performing this action. +Domain allowed access.

No @@ -1738,12 +2160,13 @@ No +

 
-kernel_rw_net_sysctl(
+kernel_rw_unix_sysctl(
 	
@@ -1755,12 +2178,13 @@ No

- -

Description

Summary

-Allow caller to modiry contents of sysctl network files. +Read and write unix domain +socket sysctls.

Parameters

@@ -1779,17 +2203,18 @@ No +

-kernel_rw_rpc_sysctl( +kernel_rw_unlabeled_dir( - ? + domain )
@@ -1798,7 +2223,7 @@ No

Summary

-Summary is missing! +Read and write unlabeled directories.

@@ -1807,10 +2232,10 @@ Summary is missing!

Parameter:

Description:

Optional:

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain allowed access.

No @@ -1820,12 +2245,13 @@ No +

 
-kernel_rw_unix_sysctl(
+kernel_rw_vm_sysctl(
 	
@@ -1837,13 +2263,12 @@ No

- -

Description

Summary

-Read and write unix domain -socket sysctls. +Read and write virtual memory sysctls.

Parameters

@@ -1862,12 +2287,13 @@ No +

 
-kernel_rw_vm_sysctl(
+kernel_search_proc(
 	
@@ -1879,12 +2305,54 @@ No

Summary

+Search directories in /proc. +

+ + +

Parameters

Parameter:	Description:	Optional:

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+kernel_sendto_unix_dgram_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

Description

Summary

-Read and write virtual memory sysctls. +Send messages to kernel unix datagram sockets.

Parameters

@@ -1893,7 +2361,7 @@ Read and write virtual memory sysctls. domain

Parameter:

Description:

Optional:

-The type of the process performing this action. +Domain allowed access.

No @@ -1903,6 +2371,7 @@ No +

@@ -1920,13 +2389,13 @@ No

- -

Description

Summary

Allows the kernel to share state information with the caller.

Parameters

@@ -1945,6 +2414,7 @@ No +

@@ -1962,12 +2432,12 @@ No

- -

Description

Summary

Send a SIGCHLD signal to kernel threads.

Parameters

Parameter:	Description:	Optional:

@@ -1986,6 +2456,7 @@ No +

@@ -2003,12 +2474,12 @@ No

- -

Description

Summary

Send a child terminated signal to unlabeled processes.

Parameters

Parameter:	Description:	Optional:

@@ -2027,6 +2498,7 @@ No +

@@ -2044,12 +2516,12 @@ No

- -

Description

Summary

Send general signals to unlabeled processes.

Parameters

Parameter:	Description:	Optional:

@@ -2068,6 +2540,7 @@ No +

@@ -2085,12 +2558,12 @@ No

- -

Description

Summary

Send a null signal to unlabeled processes.

Parameters

Parameter:	Description:	Optional:

@@ -2109,6 +2582,7 @@ No +

@@ -2126,12 +2600,12 @@ No

- -

Description

Summary

Send a stop signal to unlabeled processes.

Parameters

Parameter:	Description:	Optional:

@@ -2150,6 +2624,91 @@ No + +

+ + +

+
+kernel_tcp_recvfrom(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Receive messages from kernel TCP sockets. +

+ + +

Parameters

Parameter:	Description:	Optional:

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + + +

+ + +

+
+kernel_udp_recvfrom(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Receive messages from kernel UDP sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ +

@@ -2191,6 +2750,7 @@ No

@@ -2208,12 +2768,12 @@ No

- -

Description

Summary

Permits caller to use kernel file descriptors.

Parameters

@@ -2232,6 +2792,49 @@ No + +

+ + +

+
+kernel_use_unlabeled_blk_dev(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read and write unlabeled block device nodes. +

+ + +

Parameters

Parameter:	Description:	Optional:

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

@@ -2257,13 +2860,13 @@ No

- -

Description

Summary

Allows to start userland processes by transitioning to the specified domain.

Parameters

diff --git a/www/api-docs/kernel_selinux.html b/www/api-docs/kernel_selinux.html index b691441..be0e510 100644 --- a/www/api-docs/kernel_selinux.html +++ b/www/api-docs/kernel_selinux.html @@ -64,9 +64,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -74,8 +80,6 @@

Layer: kernel

Module: selinux

- -

Description:

@@ -89,6 +93,7 @@ Policy for kernel security interface, in particular, selinuxfs.

Interfaces:

@@ -106,12 +111,12 @@ Policy for kernel security interface, in particular, selinuxfs.

- -

Description

Summary

Allows caller to compute an access vector.

Parameters

Parameter:	Description:	Optional:

@@ -130,6 +135,7 @@ No +

@@ -147,12 +153,12 @@ No

- -

Description

Summary

Parameters

Parameter:	Description:	Optional:

@@ -171,6 +177,7 @@ No +

@@ -188,12 +195,12 @@ No

- -

Description

Summary

Parameters

Parameter:	Description:	Optional:

@@ -212,6 +219,7 @@ No +

@@ -229,12 +237,12 @@ No

- -

Description

Summary

Allows caller to compute possible contexts for a user.

Parameters

Parameter:	Description:	Optional:

@@ -253,12 +261,13 @@ No +

 
-selinux_get_enforce_mode(
+selinux_dontaudit_search_fs(
 	
@@ -270,13 +279,55 @@ No

Summary

+Do not audit attempts to search selinuxfs. +

+ + +

Parameters

Parameter:	Description:	Optional:

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ -

Description

+ +

+ + +

+
+selinux_get_enforce_mode(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

Allows the caller to get the mode of policy enforcement (enforcing or permissive mode).

Parameters

@@ -295,6 +346,7 @@ No +

@@ -312,12 +364,12 @@ No

- -

Description

Summary

Gets the caller the mountpoint of the selinuxfs filesystem.

Parameters

Parameter:	Description:	Optional:

@@ -336,6 +388,7 @@ No +

@@ -353,12 +406,12 @@ No

- -

Description

Summary

Allow caller to load the policy into the kernel.

Parameters

Parameter:	Description:	Optional:

@@ -377,6 +430,7 @@ No +

@@ -406,13 +460,13 @@ No

- -

Description

Summary

Allow caller to set the state of Booleans to enable or disable conditional portions of the policy.

Parameters

Parameter:	Description:	Optional:

@@ -441,6 +495,7 @@ yes +

@@ -458,13 +513,13 @@ yes

- -

Description

Summary

Allow caller to set the mode of policy enforcement (enforcing or permissive mode).

Parameters

Parameter:	Description:	Optional:

@@ -483,6 +538,7 @@ No +

@@ -500,12 +556,12 @@ No

- -

Description

Summary

Allow caller to set selinux security parameters.

Parameters

Parameter:	Description:	Optional:

@@ -524,6 +580,7 @@ No +

@@ -541,12 +598,12 @@ No

- -

Description

Summary

Unconfined access to the SELinux security server.

Parameters

Parameter:	Description:	Optional:

@@ -565,6 +622,7 @@ No +

@@ -582,12 +640,12 @@ No

- -

Description

Summary

Allows caller to validate security contexts.

Parameters

Parameter:	Description:	Optional:

diff --git a/www/api-docs/kernel_storage.html b/www/api-docs/kernel_storage.html index 61332b5..a7ac52f 100644 --- a/www/api-docs/kernel_storage.html +++ b/www/api-docs/kernel_storage.html @@ -64,9 +64,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -74,8 +80,6 @@

Layer: kernel

Module: storage

- -

Description:

Policy controlling access to storage devices

@@ -85,6 +89,7 @@

Interfaces:

@@ -126,6 +131,49 @@ No

+ +

+ + +

+
+storage_create_fixed_disk_tmpfs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create fixed disk device nodes on a tmpfs filesystem. +

+ + +

Parameters

Parameter:	Description:	Optional:

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ +

@@ -168,6 +216,7 @@ No

@@ -210,6 +259,7 @@ No

@@ -252,6 +302,7 @@ No

@@ -294,6 +345,7 @@ No

@@ -336,6 +388,7 @@ No

@@ -378,6 +431,7 @@ No

@@ -420,6 +474,7 @@ No

@@ -462,6 +517,7 @@ No

@@ -504,6 +560,7 @@ No

@@ -545,6 +602,7 @@ No

@@ -589,6 +647,7 @@ No

@@ -633,6 +692,7 @@ No

@@ -678,6 +738,7 @@ No

@@ -722,6 +783,7 @@ No

@@ -766,6 +828,7 @@ No

@@ -811,6 +874,7 @@ No

@@ -856,6 +920,7 @@ No

@@ -898,6 +963,7 @@ No

@@ -939,6 +1005,7 @@ No

@@ -981,6 +1048,7 @@ No

@@ -1023,6 +1091,7 @@ No

@@ -1065,6 +1134,7 @@ No

@@ -1107,6 +1177,7 @@ No

@@ -1149,6 +1220,7 @@ No

@@ -1190,6 +1262,7 @@ No

@@ -1231,6 +1304,7 @@ No

@@ -1276,6 +1350,7 @@ No

diff --git a/www/api-docs/kernel_terminal.html b/www/api-docs/kernel_terminal.html index 86b7485..1d7ed1c 100644 --- a/www/api-docs/kernel_terminal.html +++ b/www/api-docs/kernel_terminal.html @@ -64,9 +64,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -74,8 +80,6 @@

Layer: kernel

Module: terminal

- -

Description:

Policy for terminals.

@@ -85,6 +89,7 @@

Interfaces:

@@ -144,6 +149,51 @@ No

+ +

+ + +

+
+term_dontaudit_getattr_all_user_ptys(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ + +

Description

+Do not audit attempts to get the +attributes of any user pty +device nodes. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ +

@@ -187,6 +237,50 @@ No

+ +

+ + +

+
+term_dontaudit_getattr_unallocated_ttys(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ + +

Description

+Do not audit attempts to get the attributes +of all unallocated tty device nodes. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ +

@@ -229,6 +323,7 @@ No

@@ -271,6 +366,7 @@ No

@@ -313,6 +409,7 @@ No

@@ -355,6 +452,7 @@ No

@@ -398,6 +496,7 @@ No

@@ -440,6 +539,7 @@ No

@@ -482,6 +582,7 @@ No

@@ -524,6 +625,7 @@ No

@@ -566,6 +668,7 @@ No

@@ -608,6 +711,7 @@ No

@@ -650,6 +754,7 @@ No

@@ -692,6 +797,7 @@ No

@@ -733,6 +839,7 @@ No

@@ -775,6 +882,7 @@ No

@@ -817,6 +925,7 @@ No

@@ -859,6 +968,49 @@ No

+ +

+ + +

+
+term_relabelto_all_user_ptys(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Relabel to all user ptys. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ +

@@ -901,6 +1053,50 @@ No

+ +

+ + +

+
+term_setattr_all_user_ptys(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Set the attributes of all user +pty device nodes. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ +

@@ -943,6 +1139,7 @@ No

@@ -985,6 +1182,7 @@ No

@@ -1027,6 +1225,7 @@ No

@@ -1068,6 +1267,7 @@ No

@@ -1110,6 +1310,7 @@ No

@@ -1151,6 +1352,7 @@ No

@@ -1192,6 +1394,7 @@ No

@@ -1233,6 +1436,7 @@ No

@@ -1275,6 +1479,7 @@ No

@@ -1318,6 +1523,7 @@ No

@@ -1359,6 +1565,7 @@ No

@@ -1421,6 +1628,7 @@ No

@@ -1462,6 +1670,7 @@ No

@@ -1503,6 +1712,7 @@ No

diff --git a/www/api-docs/services.html b/www/api-docs/services.html index 72329aa..cdb02aa 100644 --- a/www/api-docs/services.html +++ b/www/api-docs/services.html @@ -46,6 +46,9 @@    - nis
+    - + nscd
+    - remotelogin
@@ -64,15 +67,27 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

Layer: services

+ Policy modules for system services, like cron, and network services, + like sshd. +

+ + @@ -112,6 +127,11 @@ + + + diff --git a/www/api-docs/services_cron.html b/www/api-docs/services_cron.html index 7b6981b..1005627 100644 --- a/www/api-docs/services_cron.html +++ b/www/api-docs/services_cron.html @@ -46,6 +46,9 @@    - nis
+    - + nscd
+    - remotelogin
@@ -64,9 +67,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index

- * Template Index + * Template Index

@@ -74,11 +83,9 @@

Layer: services

Module: cron

- Interfaces Templates -

Description:

Periodic execution of scheduled commands.

@@ -88,6 +95,7 @@

Interfaces:

@@ -129,6 +137,7 @@ No

@@ -170,6 +179,7 @@ No

@@ -211,6 +221,7 @@ No

@@ -278,6 +289,7 @@ No

Templates:

@@ -328,6 +340,7 @@ No

diff --git a/www/api-docs/services_inetd.html b/www/api-docs/services_inetd.html index 1e0009c..4fe1bca 100644 --- a/www/api-docs/services_inetd.html +++ b/www/api-docs/services_inetd.html @@ -46,6 +46,9 @@    - nis
+    - + nscd
+    - remotelogin
@@ -64,9 +67,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index

- * Template Index + * Template Index

@@ -74,8 +83,6 @@

Layer: services

Module: inetd

- -

Description:

Internet services daemon.

@@ -85,6 +92,7 @@

Interfaces:

@@ -153,6 +161,7 @@ No

@@ -212,6 +221,49 @@ No

+ +

+ + +

+
+inetd_tcp_connectto(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Connect to the inetd service using a TCP connection. +

+ + +

Parameters

Module:	Description:
Policy for NIS (YP) servers and clients
+ + nscd	Name service cache daemon
remotelogin	Policy for rshd, rlogind, and telnetd.

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

@@ -271,6 +323,7 @@ No

diff --git a/www/api-docs/services_kerberos.html b/www/api-docs/services_kerberos.html index f6f5724..feee704 100644 --- a/www/api-docs/services_kerberos.html +++ b/www/api-docs/services_kerberos.html @@ -46,6 +46,9 @@    - nis
+    - + nscd
+    - remotelogin
@@ -64,9 +67,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -74,8 +83,6 @@

Layer: services

Module: kerberos

- -

Description:

@@ -84,10 +91,20 @@ This policy supports:

Servers: -

kadmind
krb5kdc

kadmind

krb5kdc

Clients: -

kinit
kdestroy
klist
ksu (incomplete)

kinit

kdestroy

klist

ksu (incomplete)

@@ -95,6 +112,7 @@ Clients:

Interfaces:

@@ -136,6 +154,7 @@ No

diff --git a/www/api-docs/services_mta.html b/www/api-docs/services_mta.html index 036a1fc..4da53ac 100644 --- a/www/api-docs/services_mta.html +++ b/www/api-docs/services_mta.html @@ -46,6 +46,9 @@    - nis
+    - + nscd
+    - remotelogin
@@ -64,9 +67,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index

- * Template Index + * Template Index

@@ -74,11 +83,9 @@

Layer: services

Module: mta

- Interfaces Templates -

Description:

Policy common to all email tranfer agents.

@@ -88,6 +95,50 @@

Interfaces:

+ +

+ + +

+
+mta_dontaudit_read_spool_symlink(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read a symlink +in the mail spool. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ +

@@ -129,6 +180,7 @@ No

@@ -170,6 +222,7 @@ No

@@ -211,6 +264,7 @@ No

@@ -252,6 +306,7 @@ No

@@ -293,6 +348,7 @@ No

@@ -334,6 +390,7 @@ No

@@ -375,6 +432,7 @@ No

@@ -416,6 +474,7 @@ No

@@ -457,6 +516,7 @@ No

@@ -540,6 +600,7 @@ No

Templates:

diff --git a/www/api-docs/services_nis.html b/www/api-docs/services_nis.html index 9670fc7..b58cbca 100644 --- a/www/api-docs/services_nis.html +++ b/www/api-docs/services_nis.html @@ -46,6 +46,9 @@    - nis
+    - + nscd
+    - remotelogin
@@ -64,9 +67,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index

- * Template Index + * Template Index

@@ -74,8 +83,6 @@

Layer: services

Module: nis

- -

Description:

Policy for NIS (YP) servers and clients

@@ -85,6 +92,7 @@

Interfaces:

@@ -126,6 +134,7 @@ No

@@ -167,6 +176,7 @@ No

diff --git a/www/api-docs/services_nscd.html b/www/api-docs/services_nscd.html new file mode 100644 index 0000000..6a24dba --- /dev/null +++ b/www/api-docs/services_nscd.html @@ -0,0 +1,314 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ +    - + cron
+ +    - + inetd
+ +    - + kerberos
+ +    - + mta
+ +    - + nis
+ +    - + nscd
+ +    - + remotelogin
+ +    - + sendmail
+ +    - + ssh
+ +

+ + + + system
+

+ +

+ * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index +

+ +

Layer: services

Module: nscd

+ +

Description:

+ +

Name service cache daemon

+ + + + +

Interfaces:

+ + +

+
+nscd_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute NSCD in the nscd domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+nscd_read_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read NSCD pid file. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+nscd_unconfined(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Unconfined access to NSCD services. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+nscd_use_shared_mem(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Use NSCD services by mapping the database from +an inherited NSCD file descriptor. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+nscd_use_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Use NSCD services by connecting using +a unix stream socket. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +Return + + + +

+ + diff --git a/www/api-docs/services_remotelogin.html b/www/api-docs/services_remotelogin.html index 70a0b7b..794830e 100644 --- a/www/api-docs/services_remotelogin.html +++ b/www/api-docs/services_remotelogin.html @@ -46,6 +46,9 @@    - nis
+    - + nscd
+    - remotelogin
@@ -64,9 +67,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index

- * Template Index + * Template Index

@@ -74,8 +83,6 @@

Layer: services

Module: remotelogin

- -

Description:

Policy for rshd, rlogind, and telnetd.

@@ -85,6 +92,7 @@

Interfaces:

diff --git a/www/api-docs/services_sendmail.html b/www/api-docs/services_sendmail.html index 1dd53f4..9612b2f 100644 --- a/www/api-docs/services_sendmail.html +++ b/www/api-docs/services_sendmail.html @@ -46,6 +46,9 @@    - nis
+    - + nscd
+    - remotelogin
@@ -64,9 +67,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index

- * Template Index + * Template Index

@@ -74,8 +83,6 @@

Layer: services

Module: sendmail

- -

Description:

Policy for sendmail.

@@ -85,6 +92,7 @@

Interfaces:

diff --git a/www/api-docs/services_ssh.html b/www/api-docs/services_ssh.html index 46a0a11..4064836 100644 --- a/www/api-docs/services_ssh.html +++ b/www/api-docs/services_ssh.html @@ -46,6 +46,9 @@    - nis
+    - + nscd
+    - remotelogin
@@ -64,9 +67,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index

- * Template Index + * Template Index

@@ -74,11 +83,9 @@

Layer: services

Module: ssh

- Interfaces Templates -

Description:

Secure shell client and server policy.

@@ -88,6 +95,7 @@

Interfaces:

@@ -134,6 +142,7 @@ No

Templates:

@@ -190,6 +199,7 @@ No

diff --git a/www/api-docs/system.html b/www/api-docs/system.html index 267d377..7ba1ca2 100644 --- a/www/api-docs/system.html +++ b/www/api-docs/system.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,15 +118,26 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

Layer: system

+ Policy modules for system functions from init to multi-user login. +

+ + @@ -193,6 +213,11 @@ connection and disconnection of devices at runtime. + + + @@ -233,6 +258,16 @@ connection and disconnection of devices at runtime. + + + + + + diff --git a/www/api-docs/system_authlogin.html b/www/api-docs/system_authlogin.html index 89a2f0c..f0d265d 100644 --- a/www/api-docs/system_authlogin.html +++ b/www/api-docs/system_authlogin.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,11 +134,9 @@

Layer: system

Module: authlogin

- Interfaces Templates -

Description:

Common policy for authentication and user login.

@@ -133,6 +146,7 @@

Interfaces:

@@ -174,6 +188,7 @@ No

@@ -215,6 +230,7 @@ No

@@ -274,6 +290,7 @@ No

@@ -315,6 +332,7 @@ No

@@ -356,6 +374,7 @@ No

@@ -397,6 +416,7 @@ No

@@ -414,12 +434,13 @@ No

- -

Description

Summary

- +Do not audit attempts to get the attributes +of the shadow passwords file.

Parameters

Module:	Description:
System initialization programs (init and init scripts).
+ + ipsec	TCP/IP encryption
iptables	Policy for iptables.	Policy for mount.
+ + pcmcia	PCMCIA card management services
+ + raid	RAID array management tools
selinuxutil	Policy for SELinux policy and userland applications.

@@ -428,7 +449,7 @@ No domain

Parameter:

Description:

Optional:

-The type of the process performing this action. +Domain to not audit.

No @@ -438,6 +459,7 @@ No +

@@ -480,6 +502,7 @@ No

@@ -521,6 +544,7 @@ No

@@ -562,6 +586,49 @@ No

+ +

+ + +

+
+auth_getattr_shadow(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of the shadow passwords file. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ +

@@ -603,6 +670,7 @@ No

@@ -644,6 +712,7 @@ No

@@ -709,6 +778,7 @@ yes

@@ -750,6 +820,7 @@ No

@@ -791,6 +862,7 @@ No

@@ -832,6 +904,7 @@ No

@@ -873,6 +946,7 @@ No

@@ -914,6 +988,7 @@ No

@@ -955,6 +1030,7 @@ No

@@ -996,6 +1072,7 @@ No

@@ -1061,6 +1138,7 @@ yes

@@ -1102,6 +1180,7 @@ No

@@ -1179,6 +1258,7 @@ No

@@ -1256,6 +1336,7 @@ No

@@ -1297,6 +1378,7 @@ No

@@ -1338,6 +1420,7 @@ No

@@ -1379,6 +1462,7 @@ No

@@ -1420,6 +1504,60 @@ No

+ +

+ + +

+
+auth_unconfined(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Unconfined access to the authlogin module. +

+ + +

Description

+Unconfined access to the authlogin module. +

+Currently, this only allows assertions for +the shadow passwords file (/etc/shadow) to +be passed. No access is granted yet. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ Return @@ -1427,6 +1565,7 @@ No

Templates:

diff --git a/www/api-docs/system_clock.html b/www/api-docs/system_clock.html index fba0684..a58833e 100644 --- a/www/api-docs/system_clock.html +++ b/www/api-docs/system_clock.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: clock

- -

Description:

Policy for reading and setting the hardware clock.

@@ -130,6 +143,7 @@

Interfaces:

@@ -171,6 +185,7 @@ No

@@ -212,6 +227,7 @@ No

@@ -290,6 +306,7 @@ No

diff --git a/www/api-docs/system_corecommands.html b/www/api-docs/system_corecommands.html index cb66c7f..9a61b14 100644 --- a/www/api-docs/system_corecommands.html +++ b/www/api-docs/system_corecommands.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: corecommands

- -

Description:

@@ -133,17 +146,26 @@ in /bin, /sbin, /usr/bin, and /usr/sbin.

Interfaces:

-corecmd_chroot_exec_chroot( +corecmd_bin_domtrans( - ? + domain + + + + , + + + + target_domain )
@@ -152,19 +174,50 @@ in /bin, /sbin, /usr/bin, and /usr/sbin.

Summary

-Summary is missing! +Execute a file in a bin directory +in the specified domain.

Description

+Execute a file in a bin directory +in the specified domain. This allows +the specified domain to execute any file +on these filesystems in the specified +domain. This is not suggested. +

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+This interface was added to handle +the ssh-agent policy. +

Parameters

+ +

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +The type of the process performing this action. + +

+No +

+target_domain +

+ +The type of the new process.

No @@ -174,56 +227,39 @@ No +

 
-corecmd_domtrans_shell(
-	
-		
-		
-		
-		domain
-		
+corecmd_dontaudit_getattr_sbin_file(
 	
 		
-			,
-		
 		
 		
-		target_domain
+		?
 		
 	
 	)

 

- -

Description

Summary

-Execute a shell in the target domain. +Summary is missing!

Parameters

- -

Parameter:

Description:

Optional:

-domain -

- -The type of the process performing this action. - -

-No -

-target_domain +?

-The type of the shell process. +Parameter descriptions are missing!

No @@ -233,12 +269,13 @@ No +

 
-corecmd_dontaudit_getattr_sbin_file(
+corecmd_exec_bin(
 	
@@ -274,12 +311,13 @@ No

 
-corecmd_exec_bin(
+corecmd_exec_chroot(
 	
@@ -315,6 +353,7 @@ No

@@ -356,6 +395,7 @@ No

@@ -397,6 +437,7 @@ No

@@ -438,6 +479,7 @@ No

@@ -479,6 +521,7 @@ No

@@ -520,6 +563,7 @@ No

@@ -561,6 +605,7 @@ No

@@ -602,6 +647,133 @@ No

+ +

+ + +

+
+corecmd_read_bin_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read files in bin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+corecmd_read_bin_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read pipes in bin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+corecmd_read_bin_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read named sockets in bin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ +

@@ -643,6 +815,133 @@ No

+ +

+ + +

+
+corecmd_read_sbin_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read files in sbin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+corecmd_read_sbin_pipe(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read named pipes in sbin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+corecmd_read_sbin_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read named sockets in sbin directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ +

@@ -684,6 +983,7 @@ No

@@ -725,6 +1025,7 @@ No

@@ -766,6 +1067,79 @@ No

+ +

+ + +

+
+corecmd_shell_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		target_domain
+		
+	
+	)

+

+ +

Summary

+Execute a shell in the specified domain. +

+ + +

Description

+Execute a shell in the specified domain. +

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

+ +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +
+target_domain +	+ +The type of the shell process. + +	+No +

+ +

@@ -807,6 +1181,7 @@ No

@@ -835,9 +1210,16 @@ No

Description

Execute a shell in the target domain. This is an explicit transition, requiring the caller to use setexeccon(). +

+No interprocess communication (signals, pipes, +etc.) is provided by this interface since +the domains are not owned by this module. +

Parameters

diff --git a/www/api-docs/system_domain.html b/www/api-docs/system_domain.html index 7ab8532..18e7ff2 100644 --- a/www/api-docs/system_domain.html +++ b/www/api-docs/system_domain.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index

- * Template Index + * Template Index

@@ -119,11 +134,9 @@

Layer: system

Module: domain

- Interfaces Templates -

Description:

Core policy for domains.

@@ -135,6 +148,7 @@

Interfaces:

@@ -176,12 +190,13 @@ No

 
-domain_dontaudit_getattr_all_tcp_sockets(
+domain_dontaudit_getattr_all_sockets(
 	
@@ -193,13 +208,68 @@ No

Summary

+Do not audit attempts to get the attributes +of all domains sockets, for all socket types. +

Description

+Do not audit attempts to get the attributes +of all domains sockets, for all socket types. +

+This interface was added for PCMCIA cardmgr +and is probably excessive. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+domain_dontaudit_getattr_all_tcp_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

Do not audit attempts to get the attributes of all domains TCP sockets.

Parameters

@@ -218,6 +288,7 @@ No +

@@ -235,13 +306,13 @@ No

- -

Description

Summary

Do not audit attempts to get the attributes of all domains UDP sockets.

Parameters

Parameter:	Description:	Optional:

@@ -260,6 +331,7 @@ No +

@@ -302,6 +374,7 @@ No

@@ -344,6 +417,50 @@ No

+ +

+ + +

+
+domain_dontaudit_getsession_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to get the +session ID of all domains. +

+ + +

Parameters

Parameter:	Description:	Optional:

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ +

@@ -386,6 +503,136 @@ No

+ +

+ + +

+
+domain_dontaudit_read_all_domains_state(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read the process +state (/proc/pid) of all domains. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_rw_all_key_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read or write +all domains key sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+domain_dontaudit_rw_all_udp_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read or write +all domains UDP sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ +

@@ -427,6 +674,7 @@ No

@@ -468,6 +716,7 @@ No

@@ -509,6 +758,7 @@ No

@@ -550,12 +800,13 @@ No

 
-domain_getsession_all_domains(
+domain_getattr_all_sockets(
 	
@@ -567,12 +818,67 @@ No

Summary

+Get the attributes of all domains +sockets, for all socket types. +

Description

+Get the attributes of all domains +sockets, for all socket types. +

+This is commonly used for domains +that can use lsof on all domains. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+domain_getsession_all_domains(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

Get the session ID of all domains.

Parameters

@@ -591,6 +897,7 @@ No +

@@ -632,6 +939,7 @@ No

@@ -674,6 +982,7 @@ No

@@ -691,12 +1000,12 @@ No

- -

Description

Summary

Read the process state (/proc/pid) of all domains.

Parameters

Parameter:	Description:	Optional:

@@ -715,6 +1024,7 @@ No +

@@ -756,6 +1066,7 @@ No

@@ -798,6 +1109,7 @@ No

@@ -839,6 +1151,7 @@ No

@@ -880,6 +1193,7 @@ No

@@ -922,6 +1236,7 @@ No

@@ -963,6 +1278,7 @@ No

@@ -1004,6 +1320,7 @@ No

@@ -1045,6 +1362,7 @@ No

@@ -1087,6 +1405,7 @@ No

@@ -1128,6 +1447,7 @@ No

@@ -1169,6 +1489,7 @@ No

@@ -1210,6 +1531,7 @@ No

@@ -1258,6 +1580,7 @@ No

Templates:

@@ -1299,6 +1622,7 @@ No

diff --git a/www/api-docs/system_files.html b/www/api-docs/system_files.html index b2b23a6..b54badf 100644 --- a/www/api-docs/system_files.html +++ b/www/api-docs/system_files.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,17 +134,20 @@

Layer: system

Module: files

- -

Description:

This module contains basic filesystem types and interfaces. This includes: -

The concept of different file types including basic -files, mount points, tmp files, etc.
Access to groups of files and all files.
Types and interfaces for the basic filesystem layout -(/, /etc, /tmp, /usr, etc.).

The concept of different file types including basic +files, mount points, tmp files, etc.

Access to groups of files and all files.

Types and interfaces for the basic filesystem layout +(/, /etc, /tmp, /usr, etc.).

@@ -139,6 +157,7 @@ files, mount points, tmp files, etc.

Access to groups of files and all f

Interfaces:

@@ -180,6 +199,7 @@ No

@@ -221,6 +241,7 @@ No

@@ -280,6 +301,7 @@ No

@@ -321,6 +343,7 @@ No

@@ -362,6 +385,7 @@ No

@@ -403,14 +427,14 @@ No

- -

Description

Summary

Create an object in the root directory, with a private type. If no object class is specified, the default is file.

Parameters

Parameter:	Description:	Optional:

@@ -452,6 +476,7 @@ yes +

@@ -493,6 +518,89 @@ No

+ +

+ + +

+
+files_create_var_lib(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		file_type
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		object_class
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Create objects in the /var/lib directory +

+ + +

Parameters

Parameter:	Description:	Optional:

+ + + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +
+file_type +	+ +The type of the object to be created + +	+No +
+object_class +	+ +The object class. If not specified, file is used. + +	+yes +

+ +

@@ -534,6 +642,7 @@ No

@@ -575,6 +684,7 @@ No

@@ -616,6 +726,7 @@ No

@@ -633,12 +744,12 @@ No

- -

Description

Summary

Delete system configuration files in /etc.

Parameters

@@ -657,6 +768,7 @@ No +

@@ -698,12 +810,13 @@ No

 
-files_dontaudit_ioctl_all_pids(
+files_dontaudit_getattr_all_dirs(
 	
@@ -715,12 +828,13 @@ No

- -

Description

Summary

-Do not audit attempts to ioctl daemon runtime data files. +Do not audit attempts to get the attributes +of all directories.

Parameters

Parameter:	Description:	Optional:

@@ -729,7 +843,7 @@ Do not audit attempts to ioctl daemon runtime data files. domain

Parameter:

Description:

Optional:

-The type of the process performing this action. +Domain to not audit.

No @@ -739,17 +853,18 @@ No +

-files_dontaudit_read_root_file( +files_dontaudit_getattr_all_files( - ? + domain )
@@ -758,7 +873,8 @@ No

Summary

-Summary is missing! +Do not audit attempts to get the attributes +of all files.

@@ -767,10 +883,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain to not audit.

No @@ -780,17 +896,18 @@ No +

-files_dontaudit_rw_root_chr_dev( +files_dontaudit_getattr_all_pipes( - ? + domain )
@@ -799,7 +916,8 @@ No

Summary

-Summary is missing! +Do not audit attempts to get the attributes +of all named pipes.

@@ -808,10 +926,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain to not audit.

No @@ -821,17 +939,18 @@ No +

-files_dontaudit_rw_root_file( +files_dontaudit_getattr_all_sockets( - ? + domain )
@@ -840,7 +959,8 @@ No

Summary

-Summary is missing! +Do not audit attempts to get the attributes +of all named sockets.

@@ -849,10 +969,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain to not audit.

No @@ -862,17 +982,18 @@ No +

-files_dontaudit_search_all_dirs( +files_dontaudit_getattr_all_symlinks( - ? + domain )
@@ -881,7 +1002,8 @@ No

Summary

-Summary is missing! +Do not audit attempts to get the attributes +of all symbolic links.

@@ -890,10 +1012,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain to not audit.

No @@ -903,12 +1025,13 @@ No +

-files_dontaudit_search_isid_type_dir( +files_dontaudit_getattr_default_dir( @@ -922,8 +1045,8 @@ No

Summary

-Do not audit attempts to search directories on new filesystems -that have not yet been labeled. +Do not audit attempts to get the attributes of +directories with the default file type.

@@ -935,7 +1058,7 @@ that have not yet been labeled. domain

-The type of the process performing this action. +Domain to not audit.

No @@ -945,17 +1068,18 @@ No +

-files_dontaudit_search_pids( +files_dontaudit_getattr_default_files( - ? + domain )
@@ -964,7 +1088,8 @@ No

Summary

-Summary is missing! +Do not audit attempts to get the attributes of +files with the default file type.

@@ -973,10 +1098,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain to not audit.

No @@ -986,17 +1111,18 @@ No +

-files_dontaudit_search_var( +files_dontaudit_getattr_pid_dir( - ? + domain )
@@ -1005,7 +1131,8 @@ No

Summary

-Summary is missing! +Do not audit attempts to get the attributes +of the /var/run directory.

@@ -1014,10 +1141,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain to not audit.

No @@ -1027,12 +1154,13 @@ No +

 
-files_dontaudit_write_all_pids(
+files_dontaudit_ioctl_all_pids(
 	
@@ -1044,12 +1172,12 @@ No

- -

Description

Summary

-Do not audit attempts to write to daemon runtime data files. +Do not audit attempts to ioctl daemon runtime data files.

Parameters

@@ -1068,12 +1196,13 @@ No +

 
-files_exec_etc_files(
+files_dontaudit_read_root_file(
 	
@@ -1109,38 +1238,39 @@ No

 
-files_exec_usr_files(
+files_dontaudit_rw_root_chr_dev(
 	
-		domain
+		?
 		
 	)

- -

Description

Summary

-Execute programs in /usr/src in the caller domain. +Summary is missing!

Parameters

Parameter:	Description:	Optional:

Parameter:

Description:

Optional:

-domain +?

-The type of the process performing this action. +Parameter descriptions are missing!

No @@ -1150,12 +1280,13 @@ No +

 
-files_getattr_all_files(
+files_dontaudit_rw_root_file(
 	
@@ -1191,12 +1322,13 @@ No

 
-files_getattr_generic_locks(
+files_dontaudit_search_all_dirs(
 	
@@ -1232,17 +1364,18 @@ No

-files_list_all_dirs( +files_dontaudit_search_isid_type_dir( - ? + domain )
@@ -1251,7 +1384,8 @@ No

Summary

-Summary is missing! +Do not audit attempts to search directories on new filesystems +that have not yet been labeled.

@@ -1260,10 +1394,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +The type of the process performing this action.

No @@ -1273,17 +1407,18 @@ No +

-files_list_etc( +files_dontaudit_search_locks( - ? + domain )
@@ -1292,7 +1427,8 @@ No

Summary

-Summary is missing! +Do not audit attempts to search the +locks directory (/var/lock).

@@ -1301,10 +1437,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain to not audit.

No @@ -1314,17 +1450,18 @@ No +

-files_list_home( +files_dontaudit_search_pids( - domain + ? )
@@ -1333,7 +1470,7 @@ No

Summary

-Get listing of home directories. +Summary is missing!

@@ -1342,10 +1479,10 @@ Get listing of home directories.

Parameter:

Description:

Optional:

-domain +?

-The type of the process performing this action. +Parameter descriptions are missing!

No @@ -1355,12 +1492,13 @@ No +

 
-files_list_mnt(
+files_dontaudit_search_var(
 	
@@ -1396,12 +1534,55 @@ No

 
-files_list_pids(
+files_dontaudit_write_all_pids(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to write to daemon runtime data files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_exec_etc_files(
 	
@@ -1437,17 +1618,1308 @@ No

 
-files_list_root(
+files_exec_usr_files(
 	
-		?
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute programs in /usr/src in the caller domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_getattr_all_dirs(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_getattr_all_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_getattr_all_pipes(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all named pipes. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_getattr_all_sockets(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all named sockets. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_getattr_all_symlinks(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of all symbolic links. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_getattr_generic_locks(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_getattr_var_lib_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of the /var/lib directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_list_all_dirs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_list_default(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List contents of directories with the default file type. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_list_etc(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_list_home(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get listing of home directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_list_isid_type_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List the contents of directories on new filesystems +that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_list_mnt(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_list_pids(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_list_root(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_list_spool(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_list_world_readable(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+List world-readable directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+files_lock_file(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_manage_all_files(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+			[
+		
+		exception_types
+		
+			]
+		
+	
+	)

+

+ +

Summary

+Manage all files on the filesystem, except +the listed exceptions. +

+ + +

Parameters

+ + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the domain perfoming this action. + +	+No +
+exception_types +	+ +The types to be excluded. Each type or attribute +must be negated by the caller. + +	+yes +

+ + +

+
+files_manage_etc_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_manage_etc_runtime_files(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_manage_generic_locks(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_manage_generic_spool_dirs(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_manage_generic_spools(
+	
+		
+		
+		
+		?
+		
+	
+	)

+

+ +

Summary

+Summary is missing! +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+? +	+ +Parameter descriptions are missing! + +	+No +

+ + +

+
+files_manage_isid_type_blk_node(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete block device nodes +on new filesystems that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_manage_isid_type_chr_node(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete character device nodes +on new filesystems that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_manage_isid_type_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete directories +on new filesystems that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_manage_isid_type_file(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete files +on new filesystems that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+files_manage_isid_type_symlink(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete symbolic links +on new filesystems that have not yet been labeled. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+ +files_manage_lost_found( + + + + + domain )
@@ -1456,7 +2928,8 @@ No

Summary

-Summary is missing! +Create, read, write, and delete objects in +lost+found directories.

@@ -1465,10 +2938,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +The type of the process performing this action.

No @@ -1478,17 +2951,18 @@ No +

-files_list_spool( +files_manage_mnt_dirs( - ? + domain )
@@ -1497,7 +2971,7 @@ No

Summary

-Summary is missing! +Create, read, write, and delete directories in /mnt.

@@ -1506,10 +2980,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain allowed access.

No @@ -1519,12 +2993,13 @@ No +

 
-files_lock_file(
+files_manage_urandom_seed(
 	
@@ -1560,77 +3035,55 @@ No

 
-files_manage_all_files(
-	
-		
-		
-		
-		domain
-		
+files_mount_all_file_type_fs(
 	
 		
-			,
-		
 		
 		
-			[
-		
-		exception_types
-		
-			]
+		?
 		
 	
 	)

 

- -

Description

Summary

-Manage all files on the filesystem, except -the listed exceptions. +Summary is missing!

Parameters

- -

Parameter:	Description:	Optional:
-domain +?	-The type of the domain perfoming this action. +Parameter descriptions are missing!	No
-exception_types -	- -The types to be excluded. Each type or attribute -must be negated by the caller. - -	-yes -

 
-files_manage_etc_files(
+files_mounton_all_mountpoints(
 	
@@ -1666,17 +3119,18 @@ No

-files_manage_etc_runtime_files( +files_mounton_default( - ? + domain )
@@ -1685,7 +3139,7 @@ No

Summary

-Summary is missing! +Mount a filesystem on a directory with the default file type.

@@ -1694,10 +3148,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain allowed access.

No @@ -1707,17 +3161,18 @@ No +

-files_manage_generic_locks( +files_mounton_isid_type_dir( - ? + domain )
@@ -1726,7 +3181,8 @@ No

Summary

-Summary is missing! +Mount a filesystem on a directory on new filesystems +that has not yet been labeled.

@@ -1735,10 +3191,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +The type of the process performing this action.

No @@ -1748,12 +3204,13 @@ No +

 
-files_manage_generic_spool_dirs(
+files_mountpoint(
 	
@@ -1789,12 +3246,13 @@ No

 
-files_manage_generic_spools(
+files_pid_file(
 	
@@ -1830,17 +3288,18 @@ No

-files_manage_isid_type_blk_node( +files_read_all_pids( - domain + ? )
@@ -1849,8 +3308,7 @@ No

Summary

-Create, read, write, and delete block device nodes -on new filesystems that have not yet been labeled. +Summary is missing!

@@ -1859,10 +3317,10 @@ on new filesystems that have not yet been labeled.

Parameter:

Description:

Optional:

-domain +?

-The type of the process performing this action. +Parameter descriptions are missing!

No @@ -1872,12 +3330,13 @@ No +

-files_manage_isid_type_chr_node( +files_read_default_files( @@ -1891,8 +3350,7 @@ No

Summary

-Create, read, write, and delete character device nodes -on new filesystems that have not yet been labeled. +Read files with the default file type.

@@ -1904,7 +3362,7 @@ on new filesystems that have not yet been labeled. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -1914,12 +3372,13 @@ No +

-files_manage_isid_type_dir( +files_read_default_pipes( @@ -1933,8 +3392,7 @@ No

Summary

-Create, read, write, and delete directories -on new filesystems that have not yet been labeled. +Read named pipes with the default file type.

@@ -1946,7 +3404,7 @@ on new filesystems that have not yet been labeled. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -1956,12 +3414,13 @@ No +

-files_manage_isid_type_file( +files_read_default_sockets( @@ -1975,8 +3434,7 @@ No

Summary

-Create, read, write, and delete files -on new filesystems that have not yet been labeled. +Read sockets with the default file type.

@@ -1988,7 +3446,7 @@ on new filesystems that have not yet been labeled. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -1998,12 +3456,13 @@ No +

-files_manage_isid_type_symlink( +files_read_default_symlinks( @@ -2017,8 +3476,7 @@ No

Summary

-Create, read, write, and delete symbolic links -on new filesystems that have not yet been labeled. +Read symbolic links with the default file type.

@@ -2030,7 +3488,7 @@ on new filesystems that have not yet been labeled. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2040,17 +3498,18 @@ No +

-files_manage_lost_found( +files_read_etc_files( - domain + ? )
@@ -2059,8 +3518,7 @@ No

Summary

-Create, read, write, and delete objects in -lost+found directories. +Summary is missing!

@@ -2069,10 +3527,10 @@ lost+found directories.

Parameter:

Description:

Optional:

-domain +?

-The type of the process performing this action. +Parameter descriptions are missing!

No @@ -2082,12 +3540,13 @@ No +

 
-files_manage_urandom_seed(
+files_read_etc_runtime_files(
 	
@@ -2123,12 +3582,13 @@ No

 
-files_mount_all_file_type_fs(
+files_read_generic_spools(
 	
@@ -2164,17 +3624,18 @@ No

-files_mounton_all_mountpoints( +files_read_isid_type_file( - ? + domain )
@@ -2183,7 +3644,8 @@ No

Summary

-Summary is missing! +Read files on new filesystems +that have not yet been labeled.

@@ -2192,10 +3654,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +The type of the process performing this action.

No @@ -2205,12 +3667,13 @@ No +

 
-files_mountpoint(
+files_read_usr_files(
 	
@@ -2246,12 +3709,13 @@ No

 
-files_pid_file(
+files_read_usr_src_files(
 	
@@ -2287,17 +3751,18 @@ No

-files_read_all_pids( +files_read_var_files( - ? + domain )
@@ -2306,7 +3771,7 @@ No

Summary

-Summary is missing! +Read files in the /var directory.

@@ -2315,10 +3780,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +The type of the process performing this action.

No @@ -2328,17 +3793,18 @@ No +

-files_read_etc_files( +files_read_var_lib_files( - ? + domain )
@@ -2347,7 +3813,7 @@ No

Summary

-Summary is missing! +Read generic files in /var/lib

@@ -2356,10 +3822,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain allowed access.

No @@ -2369,17 +3835,18 @@ No +

-files_read_etc_runtime_files( +files_read_var_symlink( - ? + domain )
@@ -2388,7 +3855,7 @@ No

Summary

-Summary is missing! +Read symbolic links in the /var directory.

@@ -2397,10 +3864,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain allowed access.

No @@ -2410,17 +3877,18 @@ No +

-files_read_generic_spools( +files_read_world_readable_files( - ? + domain )
@@ -2429,7 +3897,7 @@ No

Summary

-Summary is missing! +Read world-readable files.

@@ -2438,10 +3906,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain allowed access.

No @@ -2451,17 +3919,18 @@ No +

-files_read_usr_files( +files_read_world_readable_pipes( - ? + domain )
@@ -2470,7 +3939,7 @@ No

Summary

-Summary is missing! +Read world-readable named pipes.

@@ -2479,10 +3948,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain allowed access.

No @@ -2492,17 +3961,18 @@ No +

-files_read_usr_src_files( +files_read_world_readable_sockets( - ? + domain )
@@ -2511,7 +3981,7 @@ No

Summary

-Summary is missing! +Read world-readable sockets.

@@ -2520,10 +3990,10 @@ Summary is missing!

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +Domain allowed access.

No @@ -2533,12 +4003,13 @@ No +

-files_read_var_files( +files_read_world_readable_symlinks( @@ -2552,7 +4023,7 @@ No

Summary

-Read files in the /var directory. +Read world-readable symbolic links.

@@ -2564,7 +4035,7 @@ Read files in the /var directory. domain

-The type of the process performing this action. +Domain allowed access.

No @@ -2574,6 +4045,7 @@ No +

@@ -2603,13 +4075,13 @@ No

- -

Description

Summary

Relabel all files on the filesystem, except the listed exceptions.

Parameters

@@ -2639,6 +4111,7 @@ yes +

@@ -2680,6 +4153,7 @@ No

@@ -2721,6 +4195,7 @@ No

@@ -2762,6 +4237,7 @@ No

@@ -2804,6 +4280,7 @@ No

@@ -2846,6 +4323,7 @@ No

@@ -2887,6 +4365,7 @@ No

@@ -2928,17 +4407,18 @@ No

-files_search_generic_locks( +files_search_home( - ? + domain )
@@ -2947,7 +4427,7 @@ No

Summary

-Summary is missing! +Search home directories.

@@ -2956,10 +4436,10 @@ Summary is missing!

Parameter:

Description:

Optional:

Parameter:

Description:

Optional:

-? +domain

-Parameter descriptions are missing! +The type of the process performing this action.

No @@ -2969,17 +4449,18 @@ No +

-files_search_home( +files_search_locks( - domain + ? )
@@ -2988,7 +4469,7 @@ No

Summary

-Search home directories. +Summary is missing!

@@ -2997,10 +4478,10 @@ Search home directories.

Parameter:

Description:

Optional:

-domain +?

-The type of the process performing this action. +Parameter descriptions are missing!

No @@ -3010,6 +4491,7 @@ No +

@@ -3051,6 +4533,7 @@ No

@@ -3092,6 +4575,7 @@ No

@@ -3133,6 +4617,7 @@ No

@@ -3174,6 +4659,7 @@ No

@@ -3215,6 +4701,7 @@ No

@@ -3256,6 +4743,7 @@ No

@@ -3273,12 +4761,12 @@ No

- -

Description

Summary

Search the /var/lib directory.

Parameters

@@ -3297,6 +4785,49 @@ No + +

+ + +

+
+files_setattr_etc_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Set the attributes of the /etc directories. +

+ + +

Parameters

Parameter:	Description:	Optional:

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

@@ -3338,6 +4869,7 @@ No

@@ -3355,13 +4887,13 @@ No

- -

Description

Summary

Transform the type into a file, for use on a virtual memory filesystem (tmpfs).

Parameters

@@ -3380,6 +4912,7 @@ No +

@@ -3421,6 +4954,7 @@ No

@@ -3462,6 +4996,7 @@ No

@@ -3503,6 +5038,7 @@ No

diff --git a/www/api-docs/system_fstools.html b/www/api-docs/system_fstools.html index bf68ba9..4e57788 100644 --- a/www/api-docs/system_fstools.html +++ b/www/api-docs/system_fstools.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: fstools

- -

Description:

Tools for filesystem management, such as mkfs and fsck.

@@ -130,6 +143,7 @@

Interfaces:

@@ -171,6 +185,7 @@ No

@@ -212,6 +227,7 @@ No

diff --git a/www/api-docs/system_getty.html b/www/api-docs/system_getty.html index 810af4d..a26aa51 100644 --- a/www/api-docs/system_getty.html +++ b/www/api-docs/system_getty.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: getty

- -

Description:

Policy for getty.

@@ -130,6 +143,7 @@

Interfaces:

@@ -171,6 +185,7 @@ No

@@ -212,6 +227,7 @@ No

@@ -253,6 +269,7 @@ No

diff --git a/www/api-docs/system_hostname.html b/www/api-docs/system_hostname.html index 93e46aa..c0d4a1f 100644 --- a/www/api-docs/system_hostname.html +++ b/www/api-docs/system_hostname.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: hostname

- -

Description:

Policy for changing the system host name.

@@ -130,6 +143,7 @@

Interfaces:

@@ -147,12 +161,12 @@

- -

Description

Summary

Execute hostname in the hostname domain.

Parameters

Parameter:	Description:	Optional:

@@ -162,7 +176,6 @@ domain + +

Parameter:

Description:

Optional:

The type of the process performing this action. -Has a sigchld signal backchannel.

No @@ -172,6 +185,7 @@ No +

@@ -189,13 +203,12 @@ No

- -

Description

Summary

- Execute hostname in the hostname domain, and - Has a sigchld signal backchannel. + Execute hostname in the caller domain.

Parameters

@@ -214,6 +227,7 @@ No +

@@ -247,14 +261,13 @@ No

- -

Description

Summary

Execute hostname in the hostname domain, and allow the specified role the hostname domain. -Has a sigchld signal backchannel.

Parameters

Parameter:	Description:	Optional:

diff --git a/www/api-docs/system_hotplug.html b/www/api-docs/system_hotplug.html index 519b4a9..edc3348 100644 --- a/www/api-docs/system_hotplug.html +++ b/www/api-docs/system_hotplug.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: hotplug

- -

Description:

@@ -133,6 +146,7 @@ connection and disconnection of devices at runtime.

Interfaces:

@@ -174,6 +188,7 @@ No

@@ -215,6 +230,7 @@ No

@@ -256,6 +272,7 @@ No

@@ -297,12 +314,13 @@ No

 
-hotplug_read_config(
+hotplug_getattr_config_dir(
 	
@@ -314,12 +332,54 @@ No

Summary

+Get the attributes of the hotplug configuration directory. +

+ + +

Parameters

Parameter:	Description:	Optional:

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + + +

+ + +

+
+hotplug_read_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

Description

Summary

Read the configuration files for hotplug.

Parameters

@@ -338,6 +398,49 @@ No + +

+ + +

+
+hotplug_search_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search the hotplug configuration directory. +

+ + +

Parameters

Parameter:	Description:	Optional:

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ +

diff --git a/www/api-docs/system_init.html b/www/api-docs/system_init.html index 265a959..943e4df 100644 --- a/www/api-docs/system_init.html +++ b/www/api-docs/system_init.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: init

- -

Description:

System initialization programs (init and init scripts).

@@ -130,6 +143,7 @@

Interfaces:

@@ -190,6 +204,7 @@ No

@@ -249,6 +264,7 @@ No

@@ -290,6 +306,7 @@ No

@@ -331,6 +348,7 @@ No

@@ -372,6 +390,7 @@ No

@@ -413,6 +432,7 @@ No

@@ -454,6 +474,7 @@ No

@@ -495,6 +516,7 @@ No

@@ -536,6 +558,7 @@ No

@@ -577,6 +600,7 @@ No

@@ -618,6 +642,7 @@ No

@@ -659,6 +684,7 @@ No

@@ -700,6 +726,7 @@ No

@@ -741,6 +768,7 @@ No

@@ -782,6 +810,7 @@ No

@@ -823,6 +852,7 @@ No

@@ -864,6 +894,7 @@ No

@@ -941,6 +972,7 @@ No

@@ -982,6 +1014,7 @@ No

@@ -1023,6 +1056,7 @@ No

@@ -1064,6 +1098,7 @@ No

@@ -1105,6 +1140,7 @@ No

@@ -1165,6 +1201,7 @@ No

@@ -1206,6 +1243,7 @@ No

@@ -1247,6 +1285,7 @@ No

@@ -1288,6 +1327,7 @@ No

@@ -1329,6 +1369,7 @@ No

@@ -1370,6 +1411,7 @@ No

diff --git a/www/api-docs/system_ipsec.html b/www/api-docs/system_ipsec.html new file mode 100644 index 0000000..141bb74 --- /dev/null +++ b/www/api-docs/system_ipsec.html @@ -0,0 +1,405 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ +

+ + + + system
+

+ +

+ * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index +

+ +

Layer: system

Module: ipsec

+ +

Description:

+ +

TCP/IP encryption

+ + + + +

Interfaces:

+ + +

+
+ipsec_connectto_unix_stream_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Connect to an IPSEC unix domain stream socket. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+ipsec_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute ipsec in the ipsec domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+ipsec_exec_mgmt(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute the IPSEC management program in the caller domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+ipsec_getattr_key_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Get the attributes of an IPSEC key socket. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+ipsec_manage_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete the IPSEC pid files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+ipsec_read_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read the IPSEC configuration +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +Return + + + +

+ + diff --git a/www/api-docs/system_iptables.html b/www/api-docs/system_iptables.html index c57dd88..64e13a7 100644 --- a/www/api-docs/system_iptables.html +++ b/www/api-docs/system_iptables.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: iptables

- -

Description:

Policy for iptables.

@@ -130,6 +143,7 @@

Interfaces:

@@ -171,6 +185,7 @@ No

@@ -212,6 +227,7 @@ No

diff --git a/www/api-docs/system_libraries.html b/www/api-docs/system_libraries.html index ff2c5b3..b584b79 100644 --- a/www/api-docs/system_libraries.html +++ b/www/api-docs/system_libraries.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: libraries

- -

Description:

Policy for system libraries.

@@ -130,6 +143,7 @@

Interfaces:

@@ -171,6 +185,7 @@ No

@@ -212,6 +227,7 @@ No

@@ -253,6 +269,7 @@ No

@@ -295,6 +312,7 @@ No

@@ -337,6 +355,7 @@ No

@@ -379,6 +398,7 @@ No

@@ -456,6 +476,7 @@ No

@@ -498,6 +519,7 @@ No

@@ -539,6 +561,7 @@ No

@@ -581,6 +604,7 @@ No

diff --git a/www/api-docs/system_locallogin.html b/www/api-docs/system_locallogin.html index 34495f7..97b095a 100644 --- a/www/api-docs/system_locallogin.html +++ b/www/api-docs/system_locallogin.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: locallogin

- -

Description:

Policy for local logins.

@@ -130,6 +143,7 @@

Interfaces:

@@ -171,6 +185,7 @@ No

@@ -212,6 +227,7 @@ No

diff --git a/www/api-docs/system_logging.html b/www/api-docs/system_logging.html index bc1079e..041aa38 100644 --- a/www/api-docs/system_logging.html +++ b/www/api-docs/system_logging.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: logging

- -

Description:

Policy for the kernel message logger and system logging daemon.

@@ -130,6 +143,7 @@

Interfaces:

@@ -171,6 +185,7 @@ No

@@ -212,6 +227,49 @@ No

+ +

+ + +

+
+logging_domtrans_syslog(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute syslogd in the syslog domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ +

@@ -253,6 +311,7 @@ No

@@ -294,6 +353,7 @@ No

@@ -335,6 +395,7 @@ No

@@ -376,6 +437,7 @@ No

@@ -417,6 +479,7 @@ No

@@ -458,6 +521,7 @@ No

@@ -499,6 +563,7 @@ No

@@ -540,6 +605,7 @@ No

@@ -583,6 +649,7 @@ No

@@ -624,6 +691,7 @@ No

diff --git a/www/api-docs/system_lvm.html b/www/api-docs/system_lvm.html index ce57f08..6adcd81 100644 --- a/www/api-docs/system_lvm.html +++ b/www/api-docs/system_lvm.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: lvm

- -

Description:

Policy for logical volume management programs.

@@ -130,6 +143,7 @@

Interfaces:

@@ -171,6 +185,7 @@ No

@@ -212,6 +227,7 @@ No

diff --git a/www/api-docs/system_miscfiles.html b/www/api-docs/system_miscfiles.html index 1bf647e..a671d49 100644 --- a/www/api-docs/system_miscfiles.html +++ b/www/api-docs/system_miscfiles.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: miscfiles

- -

Description:

Miscelaneous files.

@@ -130,12 +143,13 @@

Interfaces:

 
-miscfiles_legacy_read_localization(
+miscfiles_exec_tetex_data(
 	
@@ -147,11 +161,53 @@

Summary

+Execute TeX data programs in the caller domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Type type of the process performing this action. + +	+No +

+ + +

 
-Description
+miscfiles_legacy_read_localization(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

- Allow process to read legacy time localization info -

+Allow process to read legacy time localization info +

Parameters

@@ -161,8 +217,8 @@ domain @@ -171,6 +227,7 @@ No +

@@ -188,11 +245,11 @@ No

- -

Description

Summary

- Allow process to read fonts files -

+Read fonts +

Parameters

- Type type of the process performing this action. - +Type type of the process performing this action. +

@@ -202,8 +259,8 @@ No domain @@ -212,6 +269,7 @@ No +

@@ -229,11 +287,11 @@ No

- -

Description

Summary

- Allow process to read localization info -

+Allow process to read localization info +

Parameters

- Type type of the process performing this action. - +Type type of the process performing this action. +

@@ -243,8 +301,8 @@ No domain @@ -253,6 +311,7 @@ No +

@@ -270,11 +329,53 @@ No

Summary

+Allow process to read man pages +

+ + +

Parameters

- Type type of the process performing this action. - +Type type of the process performing this action. +

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +Type type of the process performing this action. + +	+No +

+ + +

 
-Description
+miscfiles_read_tetex_data(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

- Allow process to read manpages -

+Read TeX data +

Parameters

@@ -284,8 +385,8 @@ No domain @@ -294,6 +395,7 @@ No +

@@ -311,12 +413,12 @@ No

- -

Description

Summary

- Allow process to create files and dirs in /var/cache/man - and /var/catman/ -

+Allow process to create files and dirs in /var/cache/man +and /var/catman/ +

Parameters

- Type type of the process performing this action. - +Type type of the process performing this action. +

@@ -326,8 +428,8 @@ No domain diff --git a/www/api-docs/system_modutils.html b/www/api-docs/system_modutils.html index fdbb731..4fc6849 100644 --- a/www/api-docs/system_modutils.html +++ b/www/api-docs/system_modutils.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: modutils

- -

Description:

Policy for kernel module utilities

@@ -130,6 +143,7 @@

Interfaces:

@@ -171,6 +185,7 @@ No

@@ -212,6 +227,7 @@ No

@@ -253,6 +269,7 @@ No

@@ -294,6 +311,7 @@ No

@@ -335,6 +353,7 @@ No

@@ -376,6 +395,7 @@ No

@@ -417,6 +437,7 @@ No

@@ -459,6 +480,7 @@ No

@@ -536,6 +558,7 @@ No

@@ -616,6 +639,7 @@ No

diff --git a/www/api-docs/system_mount.html b/www/api-docs/system_mount.html index 48b6164..9f37162 100644 --- a/www/api-docs/system_mount.html +++ b/www/api-docs/system_mount.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: mount

- -

Description:

Policy for mount.

@@ -130,6 +143,7 @@

Interfaces:

@@ -171,6 +185,7 @@ No

@@ -250,6 +265,7 @@ No

@@ -292,6 +308,7 @@ No

diff --git a/www/api-docs/system_pcmcia.html b/www/api-docs/system_pcmcia.html new file mode 100644 index 0000000..1634927 --- /dev/null +++ b/www/api-docs/system_pcmcia.html @@ -0,0 +1,444 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ +

+ + + + system
+

+ +

+ * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index +

+ +

Layer: system

Module: pcmcia

+ +

Description:

+ +

PCMCIA card management services

+ + + + +

Interfaces:

+ + +

+
+pcmcia_domtrans_cardctl(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute cardctl in the cardmgr domain. +

+ + +

Parameters

- Type type of the process performing this action. - +Type type of the process performing this action. +

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+pcmcia_domtrans_cardmgr(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute cardmgr in the cardmgr domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+pcmcia_manage_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete +cardmgr pid files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+pcmcia_manage_runtime_chr(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete +cardmgr runtime character nodes. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+pcmcia_read_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Read cardmgr pid files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ + +

+
+pcmcia_run_cardctl(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		role
+		
+	
+		
+			,
+		
+		
+		
+		terminal
+		
+	
+	)

+

+ +

Summary

+Execute cardmgr in the cardctl domain, and +allow the specified role the cardmgr domain. +

+ + +

Parameters

+ + + + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +
+role +	+ +The role to be allowed the cardmgr domain. + +	+No +
+terminal +	+ +The type of the terminal allow the cardmgr domain to use. + +	+No +

+ + +Return + + + +

+ + diff --git a/www/api-docs/system_raid.html b/www/api-docs/system_raid.html new file mode 100644 index 0000000..6da77a0 --- /dev/null +++ b/www/api-docs/system_raid.html @@ -0,0 +1,247 @@ + + + + Security Enhanced Linux Reference Policy + + + + + +

+ + + + admin
+

+ +

+ + + + apps
+

+ +

+ + + + kernel
+

+ +

+ + + + services
+

+ +

+ + + + system
+

+ +

+ * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index +

+ +

Layer: system

Module: raid

+ +

Description:

+ +

RAID array management tools

+ + + + +

Interfaces:

+ + +

+
+raid_domtrans_mdadm(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Execute software raid tools in the mdadm domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+
+raid_manage_mdadm_pid(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete the mdadm pid files. +

+ + +

Description

+Create, read, write, and delete the mdadm pid files. +

+Added for use in the init module. +

+ +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +Return + + + +

+ + diff --git a/www/api-docs/system_selinuxutil.html b/www/api-docs/system_selinuxutil.html index 6ed7287..96f9534 100644 --- a/www/api-docs/system_selinuxutil.html +++ b/www/api-docs/system_selinuxutil.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: selinuxutil

- -

Description:

Policy for SELinux policy and userland applications.

@@ -130,6 +143,7 @@

Interfaces:

@@ -171,6 +185,7 @@ No

@@ -212,6 +227,7 @@ No

@@ -253,6 +269,7 @@ No

@@ -294,6 +311,7 @@ No

@@ -335,6 +353,7 @@ No

@@ -376,6 +395,7 @@ No

@@ -417,6 +437,50 @@ No

+ +

+ + +

+
+seutil_dontaudit_search_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to search the SELinux +configuration directory (/etc/selinux). +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ +

@@ -459,6 +523,7 @@ No

@@ -500,6 +565,7 @@ No

@@ -541,6 +607,7 @@ No

@@ -582,6 +649,7 @@ No

@@ -623,6 +691,7 @@ No

@@ -664,6 +733,7 @@ No

@@ -705,6 +775,7 @@ No

@@ -746,6 +817,7 @@ No

@@ -787,6 +859,7 @@ No

@@ -828,6 +901,7 @@ No

@@ -869,6 +943,7 @@ No

@@ -910,6 +985,7 @@ No

@@ -951,6 +1027,7 @@ No

@@ -992,6 +1069,7 @@ No

@@ -1033,6 +1111,7 @@ No

@@ -1113,6 +1192,7 @@ No

@@ -1193,6 +1273,7 @@ No

@@ -1272,6 +1353,7 @@ No

@@ -1351,6 +1433,7 @@ No

@@ -1430,6 +1513,7 @@ No

@@ -1509,6 +1593,7 @@ No

@@ -1550,6 +1635,7 @@ No

@@ -1591,6 +1677,7 @@ No

@@ -1632,6 +1719,7 @@ No

diff --git a/www/api-docs/system_sysnetwork.html b/www/api-docs/system_sysnetwork.html index 3dca320..d2522d7 100644 --- a/www/api-docs/system_sysnetwork.html +++ b/www/api-docs/system_sysnetwork.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans

- * Template Index + * Global Tunables +

+ * Layer Index +

+ * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: sysnetwork

- -

Description:

Policy for network configuration: ifconfig and dhcp client.

@@ -130,6 +143,7 @@

Interfaces:

@@ -171,6 +185,7 @@ No

@@ -212,6 +227,7 @@ No

@@ -253,6 +269,49 @@ No

+ +

+ + +

+
+sysnet_manage_config(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Create, read, write, and delete network config files. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ +

@@ -294,6 +353,7 @@ No

@@ -335,6 +395,7 @@ No

@@ -376,6 +437,7 @@ No

@@ -455,6 +517,7 @@ No

@@ -496,6 +559,7 @@ No

@@ -537,6 +601,7 @@ No

@@ -578,6 +643,7 @@ No

@@ -619,6 +685,7 @@ No

diff --git a/www/api-docs/system_udev.html b/www/api-docs/system_udev.html index d6d9caa..51ca4ed 100644 --- a/www/api-docs/system_udev.html +++ b/www/api-docs/system_udev.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,8 +134,6 @@

Layer: system

Module: udev

- -

Description:

Policy for udev.

@@ -130,6 +143,7 @@

Interfaces:

@@ -147,11 +161,54 @@

Summary

+Execute udev in the udev domain. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +

+ + +

+ -

Description

+
+udev_donaudit_rw_unix_dgram_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

- Execute udev in the udev domain. -

+Do not audit attempts to read or write +to a udev unix datagram socket. +

Parameters

@@ -161,8 +218,8 @@ domain @@ -171,6 +228,7 @@ No +

@@ -188,11 +246,11 @@ No

- -

Description

Summary

- Allow process to read list of devices. -

+Allow process to read list of devices. +

Parameters

- The type of the process performing this action. - +Domain to not audit. +

@@ -202,8 +260,8 @@ No domain @@ -212,6 +270,7 @@ No +

@@ -229,11 +288,11 @@ No

- -

Description

Summary

- Allow process to modify list of devices. -

+Allow process to modify list of devices. +

Parameters

- The type of the process performing this action. - +The type of the process performing this action. +

@@ -243,8 +302,8 @@ No domain diff --git a/www/api-docs/system_unconfined.html b/www/api-docs/system_unconfined.html index a57bce1..78263a3 100644 --- a/www/api-docs/system_unconfined.html +++ b/www/api-docs/system_unconfined.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index

- * Template Index + * Template Index

@@ -119,11 +134,9 @@

Layer: system

Module: unconfined

- Interfaces Templates -

Description:

The unconfined domain.

@@ -133,12 +146,13 @@

Interfaces:

-unconfined_domtrans_shell( +unconfined_domtrans( @@ -152,7 +166,7 @@

Summary

-Transition to the unconfined domain by executing a shell. +Transition to the unconfined domain.

@@ -174,6 +188,62 @@ No

+ +

+ + +

+
+unconfined_dontaudit_rw_tcp_socket(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to read or write +unconfined domain tcp sockets. +

+ + +

Description

+Do not audit attempts to read or write +unconfined domain tcp sockets. +

+This interface was added due to a broken +symptom in ldconfig. +

+ +

Parameters

- The type of the process performing this action. - +The type of the process performing this action. +

+ + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ +

@@ -215,6 +285,85 @@ No

+ +

+ + +

+
+unconfined_run(
+	
+		
+		
+		
+		domain
+		
+	
+		
+			,
+		
+		
+		
+		role
+		
+	
+		
+			,
+		
+		
+		
+		terminal
+		
+	
+	)

+

+ + +

Description

+Execute specified programs in the unconfined domain. +

+ +

Parameters

+ + + + + + + + + +

Parameter:	Description:	Optional:
+domain +	+ +The type of the process performing this action. + +	+No +
+role +	+ +The role to allow the unconfined domain. + +	+No +
+terminal +	+ +The type of the terminal allow the unconfined domain to use. + +	+No +

+ +

@@ -256,6 +405,49 @@ No

+ +

+ + +

+
+unconfined_shell_domtrans(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Transition to the unconfined domain by executing a shell. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain allowed access. + +	+No +

+ +

@@ -297,6 +489,7 @@ No

@@ -345,6 +538,7 @@ No

Templates:

diff --git a/www/api-docs/system_userdomain.html b/www/api-docs/system_userdomain.html index 0d4c3b9..8644d40 100644 --- a/www/api-docs/system_userdomain.html +++ b/www/api-docs/system_userdomain.html @@ -67,6 +67,9 @@    - init
+    - + ipsec
+    - iptables
@@ -91,6 +94,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -109,9 +118,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index

- * Template Index + * Interface Index +

+ * Template Index

@@ -119,11 +134,9 @@

Layer: system

Module: userdomain

- Interfaces Templates -

Description:

Policy for user domains

@@ -133,6 +146,135 @@

Interfaces:

+ +

+ + +

+
+userdom_dontaudit_search_all_users_home(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to search all users home directories. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+userdom_dontaudit_search_staff_home_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to search the staff +users home directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+userdom_dontaudit_search_sysadm_home_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to search the sysadm +users home directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ +

@@ -152,7 +294,7 @@

Summary

-Do not audit attempts to use admin ttys and ptys. +Do not audit attempts to use sysadm ttys and ptys.

@@ -164,7 +306,49 @@ Do not audit attempts to use admin ttys and ptys. domain

-The type of the process performing this action. +Domain to not audit. + +

+No +

+ + + +

+ + +

+
+userdom_dontaudit_use_sysadm_tty(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Do not audit attempts to use sysadm ttys. +

+ + +

Parameters

+ + + +

Parameter:

Description:

Optional:

+domain +

+ +Domain to not audit.

No @@ -174,6 +358,7 @@ No +

@@ -216,6 +401,7 @@ No

@@ -258,6 +444,7 @@ No

@@ -299,6 +486,7 @@ No

@@ -340,6 +528,7 @@ No

@@ -381,6 +570,7 @@ No

@@ -422,6 +612,7 @@ No

@@ -463,6 +654,91 @@ No

+ +

+ + +

+
+userdom_search_staff_home_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search the staff users home directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ + +

+
+userdom_search_sysadm_home_dir(
+	
+		
+		
+		
+		domain
+		
+	
+	)

+

+ +

Summary

+Search the sysadm users home directory. +

+ + +

Parameters

+ + + + + +

Parameter:	Description:	Optional:
+domain +	+ +Domain to not audit. + +	+No +

+ +

@@ -504,6 +780,7 @@ No

@@ -545,6 +822,7 @@ No

@@ -586,6 +864,7 @@ No

@@ -629,6 +908,7 @@ No

@@ -672,6 +952,7 @@ No

@@ -713,6 +994,7 @@ No

@@ -754,6 +1036,7 @@ No

@@ -795,6 +1078,7 @@ No

@@ -836,6 +1120,7 @@ No

@@ -877,6 +1162,7 @@ No

@@ -918,6 +1204,7 @@ No

@@ -959,6 +1246,7 @@ No

@@ -1007,6 +1295,7 @@ No

Templates:

@@ -1037,6 +1326,20 @@ This template creates a user domain, types, and rules for the user's tty, pty, home directories, tmp, and tmpfs files.

+The privileges given to administrative users are: +

Raw disk access

Set all sysctls

All kernel ring buffer controls

Set SELinux enforcement mode (enforcing/permissive)

Set SELinux booleans

Relabel all files but shadow

Create, read, write, and delete all files but shadow

Manage source and binary format SELinux policy

Run insmod

Parameters

@@ -1058,6 +1361,7 @@ No

@@ -1115,6 +1419,7 @@ No

diff --git a/www/api-docs/templates.html b/www/api-docs/templates.html index 258b89c..8188d2a 100644 --- a/www/api-docs/templates.html +++ b/www/api-docs/templates.html @@ -91,6 +91,9 @@    - nis
+    - + nscd
+    - remotelogin
@@ -136,6 +139,9 @@    - init
+    - + ipsec
+    - iptables
@@ -160,6 +166,12 @@    - mount
+    - + pcmcia
+ +    - + raid
+    - selinuxutil
@@ -178,9 +190,15 @@

- * Interface Index + * Global Booleans +

+ * Global Tunables +

+ * Layer Index +

+ * Interface Index

- * Template Index + * Template Index

@@ -188,7 +206,7 @@

-Module: +Module: userdomain

Layer: system

@@ -214,7 +232,7 @@ The template for creating an administrative user.

-Module: +Module: authlogin

Layer: system

@@ -240,7 +258,7 @@ The per user domain template for the authlogin module.