diff --git a/www/api-docs/admin.html b/www/api-docs/admin.html
index 6c9412c..aa379ca 100644
--- a/www/api-docs/admin.html
+++ b/www/api-docs/admin.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -160,6 +172,16 @@
Policy for the Anaconda installer. |
|
+
+ bootloader |
+ Policy for the kernel modules, kernel image, and bootloader. |
+
+
|
+
+ certwatch |
+ Digital Certificate Tracking |
+
+
|
consoletype |
@@ -205,11 +227,24 @@ after installation of Red Hat/Fedora systems.
| System log analyzer and reporter |
|
+
+ mrtg |
+ Network traffic graphing |
+
+
|
netutils |
Network analysis utilities |
|
+
+ portage |
+
+Portage Package Management System. The primary package management and
+distribution system for Gentoo.
+ |
+
+
|
prelink |
Prelink ELF shared library mappings. |
diff --git a/www/api-docs/admin_acct.html b/www/api-docs/admin_acct.html
index f24e86d..fb672e8 100644
--- a/www/api-docs/admin_acct.html
+++ b/www/api-docs/admin_acct.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Transition to the accounting management domain.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
@@ -213,9 +225,9 @@ Execute accounting management tools in the caller domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -255,9 +267,9 @@ Execute accounting management data in the caller domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -297,9 +309,9 @@ Create, read, write, and delete process accounting data.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
diff --git a/www/api-docs/admin_alsa.html b/www/api-docs/admin_alsa.html
index adc1e6f..5186dd9 100644
--- a/www/api-docs/admin_alsa.html
+++ b/www/api-docs/admin_alsa.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Domain transition to alsa
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
@@ -213,9 +225,9 @@ Allow read and write access to alsa semaphores.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
@@ -255,9 +267,9 @@ Allow read and write access to alsa shared memory.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
diff --git a/www/api-docs/admin_amanda.html b/www/api-docs/admin_amanda.html
index a5add6d..f34c1ac 100644
--- a/www/api-docs/admin_amanda.html
+++ b/www/api-docs/admin_amanda.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -140,6 +152,48 @@
Interfaces:
+
+
+
+
+
+
+amanda_append_log_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Allow read/writing amanda logs
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain to allow
+
+ |
+No
+ |
+
+
+
+
@@ -171,9 +225,9 @@ Execute amrecover in the amanda_recover domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -213,9 +267,9 @@ Do not audit attempts to read /etc/dumpdates.
|
domain
|
-
+
Domain to not audit.
-
+
|
No
|
@@ -272,9 +326,9 @@ allow the specified role the amanda_recover domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -282,9 +336,9 @@ No
|
role
|
-
+
The role to be allowed the amanda_recover domain.
-
+
|
No
|
@@ -292,9 +346,51 @@ No
|
terminal
|
-
+
The type of the terminal allow the amanda_recover domain to use.
+
+ |
+No
+ |
+
+
+
+
+
+
+amanda_rw_dumpdates_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Allow read/writing /etc/dumpdates.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain to allow
+
|
No
|
@@ -334,9 +430,9 @@ Search amanda library directories.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
diff --git a/www/api-docs/admin_anaconda.html b/www/api-docs/admin_anaconda.html
index 202a711..b4b09ac 100644
--- a/www/api-docs/admin_anaconda.html
+++ b/www/api-docs/admin_anaconda.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
diff --git a/www/api-docs/admin_bootloader.html b/www/api-docs/admin_bootloader.html
new file mode 100644
index 0000000..71e6d53
--- /dev/null
+++ b/www/api-docs/admin_bootloader.html
@@ -0,0 +1,455 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+
Layer: admin
+
Module: bootloader
+
+
Description:
+
+
Policy for the kernel modules, kernel image, and bootloader.
+
+
+
+
+
Interfaces:
+
+
+
+
+
+
+
+bootloader_create_runtime_file(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Read and write the bootloader
+temporary data in /tmp.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+bootloader_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Execute bootloader in the bootloader domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+bootloader_read_config(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Read the bootloader configuration file.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+bootloader_run(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ role
+
+
+
+ ,
+
+
+
+ terminal
+
+
+ )
+
+
+
+
Summary
+
+Execute bootloader interactively and do
+a domain transition to the bootloader domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+|
+role
+ |
+
+The role to be allowed the bootloader domain.
+
+ |
+No
+ |
+
+|
+terminal
+ |
+
+The type of the terminal allow the bootloader domain to use.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+bootloader_rw_config(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Read and write the bootloader
+configuration file.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+bootloader_rw_tmp_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Read and write the bootloader
+temporary data in /tmp.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
+
+
+
Layer: admin
+
Module: certwatch
+
+
Description:
+
+
Digital Certificate Tracking
+
+
+
+
+
Interfaces:
+
+
+
+
+
+
+
+certwatach_run(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ role
+
+
+
+ ,
+
+
+
+ terminal
+
+
+ )
+
+
+
+
Summary
+
+Execute certwatch in the certwatch domain, and
+allow the specified role the certwatch domain,
+and use the caller's terminal. Has a sigchld
+backchannel.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+|
+role
+ |
+
+The role to be allowed the certwatch domain.
+
+ |
+No
+ |
+
+|
+terminal
+ |
+
+The type of the terminal allow the certwatch domain to use.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+certwatch_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Domain transition to certwatch.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
+
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -173,9 +185,9 @@ Execute consoletype in the consoletype domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -215,9 +227,88 @@ Execute consoletype in the caller domain.
|
domain
|
+
+The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+consoletype_run(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ role
+
+
+
+ ,
+
+
+
+ terminal
+
+
+ )
+
+
+
+
Summary
+
+Execute consoletype in the consoletype domain, and
+allow the specified role the consoletype domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
The type of the process performing this action.
+
+ |
+No
+ |
+
+|
+role
+ |
+
+The role to be allowed the consoletype domain.
+
+ |
+No
+ |
+|
+terminal
+ |
+
+The type of the terminal allow the consoletype domain to use.
+
|
No
|
diff --git a/www/api-docs/admin_ddcprobe.html b/www/api-docs/admin_ddcprobe.html
index 4ba8ed2..e840957 100644
--- a/www/api-docs/admin_ddcprobe.html
+++ b/www/api-docs/admin_ddcprobe.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Execute ddcprobe in the ddcprobe domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -230,9 +242,9 @@ allow the specified role the ddcprobe domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -240,9 +252,9 @@ No
|
role
|
-
+
Role to be authenticated for ddcprobe domain.
-
+
|
No
|
@@ -250,9 +262,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the clock domain to use.
-
+
|
No
|
diff --git a/www/api-docs/admin_dmesg.html b/www/api-docs/admin_dmesg.html
index 2c4daf2..0a75d29 100644
--- a/www/api-docs/admin_dmesg.html
+++ b/www/api-docs/admin_dmesg.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Execute dmesg in the dmesg domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -213,9 +225,9 @@ Execute dmesg in the caller domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
diff --git a/www/api-docs/admin_dmidecode.html b/www/api-docs/admin_dmidecode.html
index c4f0eb2..3fde90e 100644
--- a/www/api-docs/admin_dmidecode.html
+++ b/www/api-docs/admin_dmidecode.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Execute dmidecode in the dmidecode domain.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
@@ -230,9 +242,9 @@ allow the specified role the dmidecode domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -240,9 +252,9 @@ No
|
role
|
-
+
The role to be allowed the dmidecode domain.
-
+
|
No
|
@@ -250,9 +262,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the dmidecode domain to use.
-
+
|
No
|
diff --git a/www/api-docs/admin_firstboot.html b/www/api-docs/admin_firstboot.html
index 1d82ab9..4325fc0 100644
--- a/www/api-docs/admin_firstboot.html
+++ b/www/api-docs/admin_firstboot.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -174,9 +186,9 @@ Execute firstboot in the firstboot domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -185,13 +197,13 @@ No
-
+
-
firstboot_dontaudit_use_fd(
+
firstboot_dontaudit_use_fds(
@@ -217,9 +229,9 @@ file descriptor from firstboot.
|
domain
|
-
+
Domain to not audit.
-
+
|
No
|
@@ -276,9 +288,9 @@ allow the specified role the firstboot domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -286,9 +298,9 @@ No
|
role
|
-
+
The role to be allowed the firstboot domain.
-
+
|
No
|
@@ -296,9 +308,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the firstboot domain to use.
-
+
|
No
|
@@ -307,13 +319,13 @@ No
-
+
-
firstboot_use_fd(
+
firstboot_use_fds(
@@ -338,9 +350,9 @@ Inherit and use a file descriptor from firstboot.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -349,13 +361,13 @@ No
-
+
-
firstboot_write_pipe(
+
firstboot_write_pipes(
@@ -380,9 +392,9 @@ Write to a firstboot unnamed pipe.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
diff --git a/www/api-docs/admin_kudzu.html b/www/api-docs/admin_kudzu.html
index c0196a0..87e965f 100644
--- a/www/api-docs/admin_kudzu.html
+++ b/www/api-docs/admin_kudzu.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Execute kudzu in the kudzu domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -182,13 +194,13 @@ No
-
+
-
kudzu_getattr_exec_file(
+
kudzu_getattr_exec_files(
@@ -213,9 +225,9 @@ Get attributes of kudzu executable.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -272,9 +284,9 @@ allow the specified role the kudzu domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -282,9 +294,9 @@ No
|
role
|
-
+
The role to be allowed the kudzu domain.
-
+
|
No
|
@@ -292,9 +304,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the kudzu domain to use.
-
+
|
No
|
diff --git a/www/api-docs/admin_logrotate.html b/www/api-docs/admin_logrotate.html
index 15e7fb4..594e028 100644
--- a/www/api-docs/admin_logrotate.html
+++ b/www/api-docs/admin_logrotate.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Execute logrotate in the logrotate domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -182,13 +194,13 @@ No
-
+
-
logrotate_dontaudit_use_fd(
+
logrotate_dontaudit_use_fds(
@@ -213,9 +225,9 @@ Do not audit attempts to inherit logrotate file descriptors.
|
domain
|
-
+
The type of the process to not audit.
-
+
|
No
|
@@ -255,9 +267,9 @@ Execute logrotate in the caller domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -297,9 +309,9 @@ Read a logrotate temporary files.
|
domain
|
-
+
The type of the process to not audit.
-
+
|
No
|
@@ -356,9 +368,9 @@ allow the specified role the logrotate domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -366,9 +378,9 @@ No
|
role
|
-
+
The role to be allowed the logrotate domain.
-
+
|
No
|
@@ -376,9 +388,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the logrotate domain to use.
-
+
|
No
|
@@ -387,13 +399,13 @@ No
-
+
-
logrotate_use_fd(
+
logrotate_use_fds(
@@ -418,9 +430,9 @@ Inherit and use logrotate file descriptors.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
diff --git a/www/api-docs/admin_logwatch.html b/www/api-docs/admin_logwatch.html
index 5ea9a2a..6653d84 100644
--- a/www/api-docs/admin_logwatch.html
+++ b/www/api-docs/admin_logwatch.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Read logwatch temporary files.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
diff --git a/www/api-docs/admin_mrtg.html b/www/api-docs/admin_mrtg.html
new file mode 100644
index 0000000..5b6e4df
--- /dev/null
+++ b/www/api-docs/admin_mrtg.html
@@ -0,0 +1,205 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+
Layer: admin
+
Module: mrtg
+
+
Description:
+
+
Network traffic graphing
+
+
+
+
+
Interfaces:
+
+
+
+
+
+
+
+mrtg_append_create_logs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Create and append mrtg logs.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
+
+
+
diff --git a/www/api-docs/admin_netutils.html b/www/api-docs/admin_netutils.html
index 23f7ef1..6aaf727 100644
--- a/www/api-docs/admin_netutils.html
+++ b/www/api-docs/admin_netutils.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Execute network utilities in the netutils domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -213,9 +225,9 @@ Execute ping in the ping domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -255,9 +267,9 @@ Execute traceroute in the traceroute domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -297,9 +309,9 @@ Execute network utilities in the caller domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -339,9 +351,9 @@ Execute ping in the caller domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -381,9 +393,9 @@ Execute traceroute in the caller domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -440,9 +452,9 @@ allow the specified role the netutils domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -450,9 +462,9 @@ No
|
role
|
-
+
The role to be allowed the netutils domain.
-
+
|
No
|
@@ -460,9 +472,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the netutils domain to use.
-
+
|
No
|
@@ -519,9 +531,9 @@ allow the specified role the ping domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -529,9 +541,9 @@ No
|
role
|
-
+
The role to be allowed the ping domain.
-
+
|
No
|
@@ -539,9 +551,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the ping domain to use.
-
+
|
No
|
@@ -598,9 +610,9 @@ allow the specified role the ping domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -608,9 +620,9 @@ No
|
role
|
-
+
The role to be allowed the ping domain.
-
+
|
No
|
@@ -618,9 +630,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the ping domain to use.
-
+
|
No
|
@@ -677,9 +689,9 @@ allow the specified role the traceroute domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -687,9 +699,9 @@ No
|
role
|
-
+
The role to be allowed the traceroute domain.
-
+
|
No
|
@@ -697,9 +709,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the traceroute domain to use.
-
+
|
No
|
@@ -756,9 +768,9 @@ allow the specified role the traceroute domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -766,9 +778,9 @@ No
|
role
|
-
+
The role to be allowed the traceroute domain.
-
+
|
No
|
@@ -776,9 +788,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the traceroute domain to use.
-
+
|
No
|
diff --git a/www/api-docs/admin_portage.html b/www/api-docs/admin_portage.html
new file mode 100644
index 0000000..f2be3fc
--- /dev/null
+++ b/www/api-docs/admin_portage.html
@@ -0,0 +1,346 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+
Layer: admin
+
Module: portage
+
+
Interfaces
+
Templates
+
+
Description:
+
+
+Portage Package Management System. The primary package management and
+distribution system for Gentoo.
+
+
+
+
+
+
Interfaces:
+
+
+
+
+
+
+
+portage_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Execute emerge in the portage domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+portage_run(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ role
+
+
+
+ ,
+
+
+
+ terminal
+
+
+ )
+
+
+
+
Summary
+
+Execute emerge in the portage domain, and
+allow the specified role the portage domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+|
+role
+ |
+
+The role to allow the portage domain.
+
+ |
+No
+ |
+
+|
+terminal
+ |
+
+The type of the terminal allow for portage to use.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
Templates:
+
+
+
+
+
+
+
+portage_compile_domain_template(
+
+
+
+
+ prefix
+
+
+ )
+
+
+
+
Summary
+
+Template for portage sandbox.
+
+
+
+
Description
+
+
+Template for portage sandbox. Portage
+does all compiling in the sandbox.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+prefix
+ |
+
+Name to be used to derive types.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
+
+
diff --git a/www/api-docs/admin_prelink.html b/www/api-docs/admin_prelink.html
index 9369b7b..049b94b 100644
--- a/www/api-docs/admin_prelink.html
+++ b/www/api-docs/admin_prelink.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Delete the prelink cache.
|
file_type
|
-
+
Domain allowed access.
-
+
|
No
|
@@ -213,9 +225,9 @@ Execute the prelink program in the prelink domain.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
@@ -256,9 +268,9 @@ prelink log files.
|
file_type
|
-
+
Domain allowed access.
-
+
|
No
|
@@ -298,9 +310,9 @@ Make the specified file type prelinkable.
|
file_type
|
-
+
File type to be prelinked.
-
+
|
No
|
@@ -340,9 +352,9 @@ Read the prelink cache.
|
file_type
|
-
+
Domain allowed access.
-
+
|
No
|
diff --git a/www/api-docs/admin_quota.html b/www/api-docs/admin_quota.html
index 9f24f67..bca2147 100644
--- a/www/api-docs/admin_quota.html
+++ b/www/api-docs/admin_quota.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Execute quota management tools in the quota domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -214,9 +226,9 @@ of filesystem quota data files.
|
domain
|
-
+
Domain to not audit.
-
+
|
No
|
@@ -256,9 +268,9 @@ Summary is missing!
|
?
|
-
+
Parameter descriptions are missing!
-
+
|
No
|
@@ -315,9 +327,9 @@ allow the specified role the quota domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -325,9 +337,9 @@ No
|
role
|
-
+
The role to be allowed the quota domain.
-
+
|
No
|
@@ -335,9 +347,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the quota domain to use.
-
+
|
No
|
diff --git a/www/api-docs/admin_readahead.html b/www/api-docs/admin_readahead.html
index e0e751f..1a64d7e 100644
--- a/www/api-docs/admin_readahead.html
+++ b/www/api-docs/admin_readahead.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
diff --git a/www/api-docs/admin_rpm.html b/www/api-docs/admin_rpm.html
index 0901580..dc6aef0 100644
--- a/www/api-docs/admin_rpm.html
+++ b/www/api-docs/admin_rpm.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,51 @@ Execute rpm programs in the rpm domain.
|
domain
|
-
+
The type of the process performing this action.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+rpm_domtrans_script(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Execute rpm_script programs in the rpm_script domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+|
+domain
+ |
+
+Domain allowed access.
+
|
No
|
@@ -214,9 +268,9 @@ write, and delete the RPM package database.
|
domain
|
-
+
Domain to not audit.
-
+
|
No
|
@@ -256,9 +310,9 @@ Create, read, write, and delete the RPM package database.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -298,9 +352,9 @@ Create, read, write, and delete the RPM log.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -340,9 +394,9 @@ Read the RPM package database.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -351,13 +405,13 @@ No
-
+
-
rpm_read_pipe(
+
rpm_read_pipes(
@@ -382,9 +436,9 @@ Read from an unnamed RPM pipe.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -440,9 +494,9 @@ Execute RPM programs in the RPM domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -450,9 +504,9 @@ No
|
role
|
-
+
The role to allow the RPM domain.
-
+
|
No
|
@@ -460,9 +514,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the RPM domain to use.
-
+
|
No
|
@@ -471,13 +525,13 @@ No
-
+
-rpm_rw_pipe(
+rpm_rw_pipes(
@@ -502,51 +556,9 @@ Read and write an unnamed RPM pipe.
|
domain
|
-
-The type of the process performing this action.
-
- |
-No
- |
-
-
-
-
-
-
-
-
-rpm_script_domtrans(
-
-
-
-
- domain
-
-
- )
-
-
-
-
Summary
-Execute rpm_script programs in the rpm_script domain.
+The type of the process performing this action.
-
-
-
Parameters
-
-| Parameter: | Description: | Optional: |
|---|
-
-|
-domain
- |
-
-Domain allowed access.
-
|
No
|
@@ -555,13 +567,13 @@ No
-
+
-
rpm_use_fd(
+
rpm_use_fds(
@@ -586,9 +598,9 @@ Inherit and use file descriptors from RPM.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -597,13 +609,13 @@ No
-
+
-
rpm_use_script_fd(
+
rpm_use_script_fds(
@@ -628,9 +640,9 @@ Inherit and use file descriptors from RPM scripts.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
diff --git a/www/api-docs/admin_su.html b/www/api-docs/admin_su.html
index 93c3a61..df68f53 100644
--- a/www/api-docs/admin_su.html
+++ b/www/api-docs/admin_su.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -174,9 +186,9 @@ Execute su in the caller domain.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
@@ -253,10 +265,10 @@ by policy writers.
|
userdomain_prefix
|
-
+
The prefix of the user domain (e.g., user
is the prefix for user_t).
-
+
|
No
|
@@ -264,9 +276,9 @@ No
|
user_domain
|
-
+
The type of the user domain.
-
+
|
No
|
@@ -274,9 +286,9 @@ No
|
user_role
|
-
+
The role associated with the user domain.
-
+
|
No
|
@@ -316,9 +328,9 @@ Summary is missing!
|
?
|
-
+
Parameter descriptions are missing!
-
+
|
No
|
diff --git a/www/api-docs/admin_sudo.html b/www/api-docs/admin_sudo.html
index 1aebe36..83cc6a0 100644
--- a/www/api-docs/admin_sudo.html
+++ b/www/api-docs/admin_sudo.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -202,10 +214,10 @@ by policy writers.
|
userdomain_prefix
|
-
+
The prefix of the user domain (e.g., user
is the prefix for user_t).
-
+
|
No
|
@@ -213,9 +225,9 @@ No
|
user_domain
|
-
+
The type of the user domain.
-
+
|
No
|
@@ -223,9 +235,9 @@ No
|
user_role
|
-
+
The role associated with the user domain.
-
+
|
No
|
diff --git a/www/api-docs/admin_tmpreaper.html b/www/api-docs/admin_tmpreaper.html
index f54460a..7e1e14a 100644
--- a/www/api-docs/admin_tmpreaper.html
+++ b/www/api-docs/admin_tmpreaper.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Execute tmpreaper in the caller domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
diff --git a/www/api-docs/admin_updfstab.html b/www/api-docs/admin_updfstab.html
index 51c67f4..f145cae 100644
--- a/www/api-docs/admin_updfstab.html
+++ b/www/api-docs/admin_updfstab.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Execute updfstab in the updfstab domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
diff --git a/www/api-docs/admin_usbmodules.html b/www/api-docs/admin_usbmodules.html
index bc12979..aa50e58 100644
--- a/www/api-docs/admin_usbmodules.html
+++ b/www/api-docs/admin_usbmodules.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Execute usbmodules in the usbmodules domain.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
@@ -231,9 +243,9 @@ and use the caller's terminal.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -241,9 +253,9 @@ No
|
role
|
-
+
The role to be allowed the usbmodules domain.
-
+
|
No
|
@@ -251,9 +263,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the usbmodules domain to use.
-
+
|
No
|
diff --git a/www/api-docs/admin_usermanage.html b/www/api-docs/admin_usermanage.html
index 35249de..3a51f04 100644
--- a/www/api-docs/admin_usermanage.html
+++ b/www/api-docs/admin_usermanage.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -172,9 +184,9 @@ the admin passwd domain.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
@@ -214,9 +226,9 @@ Execute chfn in the chfn domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -256,9 +268,9 @@ Execute groupadd in the groupadd domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -298,9 +310,9 @@ Execute passwd in the passwd domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -340,9 +352,9 @@ Execute useradd in the useradd domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -382,9 +394,9 @@ Read the crack database.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -442,9 +454,9 @@ the admin passwd domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -452,9 +464,9 @@ No
|
role
|
-
+
The role to be allowed the admin passwd domain.
-
+
|
No
|
@@ -462,9 +474,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the admin passwd domain to use.
-
+
|
No
|
@@ -521,9 +533,9 @@ allow the specified role the chfn domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -531,9 +543,9 @@ No
|
role
|
-
+
The role to be allowed the chfn domain.
-
+
|
No
|
@@ -541,9 +553,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the chfn domain to use.
-
+
|
No
|
@@ -600,9 +612,9 @@ allow the specified role the groupadd domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -610,9 +622,9 @@ No
|
role
|
-
+
The role to be allowed the groupadd domain.
-
+
|
No
|
@@ -620,9 +632,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the groupadd domain to use.
-
+
|
No
|
@@ -679,9 +691,9 @@ allow the specified role the passwd domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -689,9 +701,9 @@ No
|
role
|
-
+
The role to be allowed the passwd domain.
-
+
|
No
|
@@ -699,9 +711,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the passwd domain to use.
-
+
|
No
|
@@ -758,9 +770,9 @@ allow the specified role the useradd domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -768,9 +780,9 @@ No
|
role
|
-
+
The role to be allowed the useradd domain.
-
+
|
No
|
@@ -778,9 +790,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the useradd domain to use.
-
+
|
No
|
diff --git a/www/api-docs/admin_vbetool.html b/www/api-docs/admin_vbetool.html
index a17a807..9b2d2a0 100644
--- a/www/api-docs/admin_vbetool.html
+++ b/www/api-docs/admin_vbetool.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -151,12 +163,8 @@
- [
-
domain
- ]
-
)
@@ -175,11 +183,11 @@ Execute vbetool application in the vbetool domain.
|
domain
|
-
+
N/A
-
+
|
-yes
+Yes
|
diff --git a/www/api-docs/admin_vpn.html b/www/api-docs/admin_vpn.html
index 0083db7..2f36b57 100644
--- a/www/api-docs/admin_vpn.html
+++ b/www/api-docs/admin_vpn.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -171,9 +183,9 @@ Execute VPN clients in the vpnc domain.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
@@ -230,9 +242,9 @@ allow the specified role the vpnc domain.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
@@ -240,9 +252,9 @@ No
|
role
|
-
+
The role to be allowed the vpnc domain.
-
+
|
No
|
@@ -250,9 +262,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the vpnc domain to use.
-
+
|
No
|
@@ -292,9 +304,9 @@ Send generic signals to VPN clients.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
diff --git a/www/api-docs/apps.html b/www/api-docs/apps.html
index 161195b..c32f33b 100644
--- a/www/api-docs/apps.html
+++ b/www/api-docs/apps.html
@@ -37,15 +37,33 @@
-
lockdev
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
device locking policy for lockdev |
|
+
+ mono |
+ Run .NET server and client applications on Linux. |
+
+
|
screen |
GNU terminal multiplexer |
@@ -133,10 +156,35 @@
Update database for mlocate |
|
+
+ tvtime |
+ tvtime - a high quality television application |
+
+
|
+
+ uml |
+ Policy for UML |
+
+
|
+
+ userhelper |
+ SELinux utility to run a shell with a new role |
+
+
|
+
+ usernetctl |
+ User network interface configuration helper |
+
+
|
webalizer |
Web server log analysis |
+
|
+
+ wine |
+ Wine Is Not an Emulator. Run Windows programs in Linux. |
+
diff --git a/www/api-docs/apps_cdrecord.html b/www/api-docs/apps_cdrecord.html
index de446cb..47dc647 100644
--- a/www/api-docs/apps_cdrecord.html
+++ b/www/api-docs/apps_cdrecord.html
@@ -37,15 +37,33 @@
-
lockdev
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
|
userdomain_prefix
|
-
+
The prefix of the user domain (e.g., user
is the prefix for user_t).
-
+
|
No
|
@@ -164,9 +182,9 @@ No
|
user_domain
|
-
+
The type of the user domain.
-
+
|
No
|
@@ -174,9 +192,9 @@ No
|
user_role
|
-
+
The role associated with the user domain.
-
+
|
No
|
diff --git a/www/api-docs/apps_gpg.html b/www/api-docs/apps_gpg.html
index 2f17bce..41451b3 100644
--- a/www/api-docs/apps_gpg.html
+++ b/www/api-docs/apps_gpg.html
@@ -37,15 +37,33 @@
-
lockdev
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
+
@@ -112,7 +130,7 @@
- userdomain_prefix
+ userdomain
@@ -120,7 +138,7 @@
- domain
+ role
)
@@ -155,31 +173,30 @@ by policy writers.
|
userdomain_prefix
|
-
+
The prefix of the user domain (e.g., user
is the prefix for user_t).
-
+
|
No
|
|
-userdomain_prefix
+userdomain
|
-
-The prefix of the user domain (e.g., user
-is the prefix for user_t).
-
+
+The user domain.
+
|
No
|
|
-domain
+role
|
-
-The type of the process performing this action.
-
+
+The role associated with the user.
+
|
No
|
diff --git a/www/api-docs/apps_irc.html b/www/api-docs/apps_irc.html
index a3f5cbf..ef61848 100644
--- a/www/api-docs/apps_irc.html
+++ b/www/api-docs/apps_irc.html
@@ -37,15 +37,33 @@
-
lockdev
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
+
@@ -153,10 +171,10 @@ by policy writers.
|
userdomain_prefix
|
-
+
The prefix of the user domain (e.g., user
is the prefix for user_t).
-
+
|
No
|
@@ -164,9 +182,9 @@ No
|
user_domain
|
-
+
The type of the user domain.
-
+
|
No
|
@@ -174,9 +192,9 @@ No
|
user_role
|
-
+
The role associated with the user domain.
-
+
|
No
|
diff --git a/www/api-docs/apps_java.html b/www/api-docs/apps_java.html
index b9a8e77..812977d 100644
--- a/www/api-docs/apps_java.html
+++ b/www/api-docs/apps_java.html
@@ -37,15 +37,33 @@
-
lockdev
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
+
@@ -83,12 +101,63 @@
Layer: apps
Module: java
+Interfaces
+Templates
+
Description:
Java virtual machine
+
+Interfaces:
+
+
+
+
+
+
+
+java_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Execute the java program in the java domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
Templates:
@@ -153,10 +222,10 @@ by policy writers.
|
userdomain_prefix
|
-
+
The prefix of the user domain (e.g., user
is the prefix for user_t).
-
+
|
No
|
@@ -164,9 +233,9 @@ No
|
user_domain
|
-
+
The type of the user domain.
-
+
|
No
|
@@ -174,9 +243,9 @@ No
|
user_role
|
-
+
The role associated with the user domain.
-
+
|
No
|
diff --git a/www/api-docs/apps_loadkeys.html b/www/api-docs/apps_loadkeys.html
index 5dbab61..bceba0a 100644
--- a/www/api-docs/apps_loadkeys.html
+++ b/www/api-docs/apps_loadkeys.html
@@ -37,15 +37,33 @@
-
lockdev
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
+
@@ -123,9 +141,9 @@ Execute the loadkeys program in the loadkeys domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -165,9 +183,9 @@ Execute the loadkeys program in the caller domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -223,9 +241,9 @@ Execute the loadkeys program in the loadkeys domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -233,9 +251,9 @@ No
|
role
|
-
+
The role to allow the loadkeys domain.
-
+
|
No
|
@@ -243,9 +261,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the loadkeys domain to use.
-
+
|
No
|
diff --git a/www/api-docs/apps_lockdev.html b/www/api-docs/apps_lockdev.html
index 4b9dd81..f478a02 100644
--- a/www/api-docs/apps_lockdev.html
+++ b/www/api-docs/apps_lockdev.html
@@ -37,15 +37,33 @@
-
lockdev
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
+
@@ -154,10 +172,10 @@ by policy writers.
|
userdomain_prefix
|
-
+
The prefix of the user domain (e.g., user
is the prefix for user_t).
-
+
|
No
|
@@ -165,9 +183,9 @@ No
|
user_domain
|
-
+
The type of the user domain.
-
+
|
No
|
@@ -175,9 +193,9 @@ No
|
user_role
|
-
+
The role associated with the user domain.
-
+
|
No
|
diff --git a/www/api-docs/apps_mono.html b/www/api-docs/apps_mono.html
new file mode 100644
index 0000000..76c3f14
--- /dev/null
+++ b/www/api-docs/apps_mono.html
@@ -0,0 +1,163 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+
Layer: apps
+
Module: mono
+
+
Description:
+
+
Run .NET server and client applications on Linux.
+
+
+
+
+
Interfaces:
+
+
+
+
+
+
+
+mono_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Execute the mono program in the mono domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
+
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
+
@@ -153,10 +171,10 @@ by policy writers.
|
userdomain_prefix
|
-
+
The prefix of the user domain (e.g., user
is the prefix for user_t).
-
+
|
No
|
@@ -164,9 +182,9 @@ No
|
user_domain
|
-
+
The type of the user domain.
-
+
|
No
|
@@ -174,9 +192,9 @@ No
|
user_role
|
-
+
The role associated with the user domain.
-
+
|
No
|
diff --git a/www/api-docs/apps_slocate.html b/www/api-docs/apps_slocate.html
index 0dcf640..af3a5c5 100644
--- a/www/api-docs/apps_slocate.html
+++ b/www/api-docs/apps_slocate.html
@@ -37,15 +37,33 @@
-
lockdev
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
+
@@ -123,9 +141,9 @@ Create the locate log with append mode.
|
domain
|
-
+
Domain allowed access.
-
+
|
No
|
diff --git a/www/api-docs/apps_tvtime.html b/www/api-docs/apps_tvtime.html
new file mode 100644
index 0000000..73d6f70
--- /dev/null
+++ b/www/api-docs/apps_tvtime.html
@@ -0,0 +1,213 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+
Layer: apps
+
Module: tvtime
+
+
Description:
+
+
tvtime - a high quality television application
+
+
+
+
+
+
Templates:
+
+
+
+
+
+
+
+tvtime_per_userdomain_template(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ user_domain
+
+
+
+ ,
+
+
+
+ user_role
+
+
+ )
+
+
+
+
Summary
+
+The per user domain template for the tvtime module.
+
+
+
+
Description
+
+
+This template creates a derived domains which are used
+for tvtime.
+
+
+This template is invoked automatically for each user, and
+generally does not need to be invoked directly
+by policy writers.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+user_domain
+ |
+
+The type of the user domain.
+
+ |
+No
+ |
+
+|
+user_role
+ |
+
+The role associated with the user domain.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
+
+
Layer: apps
+
Module: uml
+
+
Interfaces
+
Templates
+
+
Description:
+
+
Policy for UML
+
+
+
+
+
Interfaces:
+
+
+
+
+
+
+
+uml_manage_util_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Manage uml utility files.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+uml_setattr_util_sockets(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Set attributes on uml utility socket files.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
Templates:
+
+
+
+
+
+
+
+uml_per_userdomain_template(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ user_domain
+
+
+
+ ,
+
+
+
+ user_role
+
+
+ )
+
+
+
+
Summary
+
+The per user domain template for the uml module.
+
+
+
+
Description
+
+
+This template creates a derived domains which are used
+for uml program.
+
+
+This template is invoked automatically for each user, and
+generally does not need to be invoked directly
+by policy writers.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+user_domain
+ |
+
+The type of the user domain.
+
+ |
+No
+ |
+
+|
+user_role
+ |
+
+The role associated with the user domain.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
+
+
Layer: apps
+
Module: userhelper
+
+
Interfaces
+
Templates
+
+
Description:
+
+
SELinux utility to run a shell with a new role
+
+
+
+
+
Interfaces:
+
+
+
+
+
+
+
+userhelper_dontaudit_search_config(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Do not audit attempts to search
+the userhelper configuration directory.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain to not audit.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+userhelper_search_config(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Search the userhelper configuration directory.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
Templates:
+
+
+
+
+
+
+
+userhelper_per_userdomain_template(
+
+
+
+
+ userdomain_prefix
+
+
+
+ ,
+
+
+
+ user_domain
+
+
+
+ ,
+
+
+
+ user_role
+
+
+ )
+
+
+
+
Summary
+
+The per user domain template for the userhelper module.
+
+
+
+
Description
+
+
+This template creates a derived domains which are used
+for userhelper.
+
+
+This template is invoked automatically for each user, and
+generally does not need to be invoked directly
+by policy writers.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+userdomain_prefix
+ |
+
+The prefix of the user domain (e.g., user
+is the prefix for user_t).
+
+ |
+No
+ |
+
+|
+user_domain
+ |
+
+The type of the user domain.
+
+ |
+No
+ |
+
+|
+user_role
+ |
+
+The role associated with the user domain.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
+
+
Layer: apps
+
Module: usernetctl
+
+
Description:
+
+
User network interface configuration helper
+
+
+
+
+
Interfaces:
+
+
+
+
+
+
+
+usernetctl_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Execute usernetctl in the usernetctl domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
+
+
+
+
+usernetctl_run(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ role
+
+
+
+ ,
+
+
+
+ terminal
+
+
+ )
+
+
+
+
Summary
+
+Execute usernetctl in the usernetctl domain, and
+allow the specified role the usernetctl domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+|
+role
+ |
+
+The role to be allowed the usernetctl domain.
+
+ |
+No
+ |
+
+|
+terminal
+ |
+
+The type of the terminal allow the usernetctl domain to use.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
+
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
+
@@ -123,9 +141,9 @@ Execute webalizer in the webalizer domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -182,9 +200,9 @@ allow the specified role the webalizer domain.
|
domain
|
-
+
The type of the process performing this action.
-
+
|
No
|
@@ -192,9 +210,9 @@ No
|
role
|
-
+
The role to be allowed the webalizer domain.
-
+
|
No
|
@@ -202,9 +220,9 @@ No
|
terminal
|
-
+
The type of the terminal allow the webalizer domain to use.
-
+
|
No
|
diff --git a/www/api-docs/apps_wine.html b/www/api-docs/apps_wine.html
new file mode 100644
index 0000000..0157947
--- /dev/null
+++ b/www/api-docs/apps_wine.html
@@ -0,0 +1,163 @@
+
+
+
+ Security Enhanced Linux Reference Policy
+
+
+
+
+
+
+
+
+
+
Layer: apps
+
Module: wine
+
+
Description:
+
+
Wine Is Not an Emulator. Run Windows programs in Linux.
+
+
+
+
+
Interfaces:
+
+
+
+
+
+
+
+wine_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
Summary
+
+Execute the wine program in the wine domain.
+
+
+
+
Parameters
+
+| Parameter: | Description: | Optional: |
|---|
+
+|
+domain
+ |
+
+Domain allowed access.
+
+ |
+No
+ |
+
+
+
+
+
+
+
Return
+
+
+
+
+
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -112,24 +124,39 @@
-
lockdev
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
+
kernel
- -
- bootloader
-
-
corecommands
@@ -151,6 +178,9 @@
-
kernel
+ -
+ mcs
+
-
mls
@@ -400,12 +430,12 @@
-
uucp
- -
- xdm
-
-
xfs
+ -
+ xserver
+
-
zebra
@@ -512,8 +542,13 @@
false
Description
-
-Enabling secure mode disallows programs, such asnewrole, from transitioning to administrativeuser domains.
+
+
+Enabling secure mode disallows programs, such as
+newrole, from transitioning to administrative
+user domains.
+
+
false
Description
-
-Disable transitions to insmod.
+
+
+Disable transitions to insmod.
+
+
@@ -536,8 +574,13 @@ Disable transitions to insmod.
false
Description
-
-boolean to determine whether the system permits loading policy, settingenforcing mode, and changing boolean values. Set this to true and youhave to reboot to set it back
+
+
+boolean to determine whether the system permits loading policy, setting
+enforcing mode, and changing boolean values. Set this to true and you
+have to reboot to set it back
+
+
diff --git a/www/api-docs/global_tunables.html b/www/api-docs/global_tunables.html
index c22677c..1bde781 100644
--- a/www/api-docs/global_tunables.html
+++ b/www/api-docs/global_tunables.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -112,24 +124,39 @@
-
lockdev
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
+
kernel
+
+
+
allow_execheap
+
+
Default value
+
false
+
+
Description
+
+
+Allow making the heap executable.
+
+
false
Description
-
-Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
+
+
+Allow making anonymous memory executable, e.g.
+for runtime-code generation or executable stack.
+
+
@@ -536,8 +588,12 @@ Allow making anonymous memory executable, e.g.for runtime-code generation or exe
false
Description
-
-Allow making a modified private filemapping executable (text relocation).
+
+
+Allow making a modified private file
+mapping executable (text relocation).
+
+
@@ -548,8 +604,12 @@ Allow making a modified private filemapping executable (text relocation).false
Description
-
-Allow making the stack executable via mprotect.Also requires allow_execmem.
+
+
+Allow making the stack executable via mprotect.
+Also requires allow_execmem.
+
+
@@ -560,8 +620,12 @@ Allow making the stack executable via mprotect.Also requires allow_execmem.<
false
Description
-
-Allow ftp servers to modify public filesused for public file transfer services.
+
+
+Allow ftp servers to modify public files
+used for public file transfer services.
+
+
@@ -572,8 +636,11 @@ Allow ftp servers to modify public filesused for public file transfer services.<
false
Description
-
-Allow gpg executable stack
+
+
+Allow gpg executable stack
+
+
@@ -584,8 +651,11 @@ Allow gpg executable stack
true
Description
-
-Allow gssd to read temp directory.
+
+
+Allow gssd to read temp directory.
+
+
@@ -596,8 +666,12 @@ Allow gssd to read temp directory.
false
Description
-
-Allow Apache to modify public filesused for public file transfer services.
+
+
+Allow Apache to modify public files
+used for public file transfer services.
+
+
@@ -608,8 +682,11 @@ Allow Apache to modify public filesused for public file transfer services.false
Description
-
-Allow java executable stack
+
+
+Allow java executable stack
+
+
@@ -620,8 +697,11 @@ Allow java executable stack
false
Description
-
-Allow system to run with kerberos
+
+
+Allow system to run with kerberos
+
+
@@ -632,8 +712,11 @@ Allow system to run with kerberos
false
Description
-
-Allow sysadm to ptrace all processes
+
+
+Allow sysadm to ptrace all processes
+
+
@@ -644,8 +727,12 @@ Allow sysadm to ptrace all processes
false
Description
-
-Allow rsync to modify public filesused for public file transfer services.
+
+
+Allow rsync to modify public files
+used for public file transfer services.
+
+
@@ -656,8 +743,11 @@ Allow rsync to modify public filesused for public file transfer services.false
Description
-
-Allow sasl to read shadow
+
+
+Allow sasl to read shadow
+
+
@@ -668,8 +758,12 @@ Allow sasl to read shadow
false
Description
-
-Allow samba to modify public filesused for public file transfer services.
+
+
+Allow samba to modify public files
+used for public file transfer services.
+
+
@@ -680,8 +774,11 @@ Allow samba to modify public filesused for public file transfer services.false
Description
-
-allow host key based authentication
+
+
+allow host key based authentication
+
+
@@ -692,8 +789,27 @@ allow host key based authentication
false
Description
-
-Allow users to connect to mysql
+
+
+Allow users to connect to mysql
+
+
+
+
+
+
+
allow_write_xshm
+
+
Default value
+
false
+
+
Description
+
+
+Allows clients to write to the X server shared
+memory segments.
+
+
false
Description
-
-Allow system to run with NIS
+
+
+Allow system to run with NIS
+
+
@@ -716,8 +835,13 @@ Allow system to run with NIS
false
Description
-
-Allow cdrecord to read various content.nfs, samba, removable devices, user tempand untrusted content files
+
+
+Allow cdrecord to read various content.
+nfs, samba, removable devices, user temp
+and untrusted content files
+
+
@@ -728,8 +852,12 @@ Allow cdrecord to read various content.nfs, samba, removable devices, user tempa
false
Description
-
-Allow system cron jobs to relabel filesystemfor restoring file contexts.
+
+
+Allow system cron jobs to relabel filesystem
+for restoring file contexts.
+
+
@@ -740,8 +868,12 @@ Allow system cron jobs to relabel filesystemfor restoring file contexts.
false
Description
-
-Enable extra rules in the cron domainto support fcron.
+
+
+Enable extra rules in the cron domain
+to support fcron.
+
+
@@ -752,8 +884,11 @@ Enable extra rules in the cron domainto support fcron.
false
Description
-
-Allow ftp to read and write files in the user home directories
+
+
+Allow ftp to read and write files in the user home directories
+
+
@@ -764,8 +899,11 @@ Allow ftp to read and write files in the user home directories
false
Description
-
-Allow ftpd to run directly without inetd
+
+
+Allow ftpd to run directly without inetd
+
+
@@ -776,8 +914,11 @@ Allow ftpd to run directly without inetd
false
Description
-
-Allow httpd to use built in scripting (usually php)
+
+
+Allow httpd to use built in scripting (usually php)
+
+
@@ -788,8 +929,11 @@ Allow httpd to use built in scripting (usually php)
false
Description
-
-Allow http daemon to tcp connect
+
+
+Allow http daemon to tcp connect
+
+
@@ -800,8 +944,11 @@ Allow http daemon to tcp connect
false
Description
-
-allow httpd to connect to mysql/posgresql
+
+
+Allow httpd to connect to mysql/posgresql
+
+
@@ -812,8 +959,11 @@ allow httpd to connect to mysql/posgresql
false
Description
-
-allow httpd to act as a relay
+
+
+Allow httpd to act as a relay
+
+
@@ -824,8 +974,11 @@ allow httpd to act as a relay
false
Description
-
-Allow httpd cgi support
+
+
+Allow httpd cgi support
+
+
@@ -836,8 +989,12 @@ Allow httpd cgi support
false
Description
-
-Allow httpd to act as a FTP server bylistening on the ftp port.
+
+
+Allow httpd to act as a FTP server by
+listening on the ftp port.
+
+
@@ -848,8 +1005,11 @@ Allow httpd to act as a FTP server bylistening on the ftp port.
false
Description
-
-Allow httpd to read home directories
+
+
+Allow httpd to read home directories
+
+
@@ -860,8 +1020,11 @@ Allow httpd to read home directories
false
Description
-
-Run SSI execs in system CGI script domain.
+
+
+Run SSI execs in system CGI script domain.
+
+
@@ -872,8 +1035,11 @@ Run SSI execs in system CGI script domain.
false
Description
-
-Allow http daemon to communicate with the TTY
+
+
+Allow http daemon to communicate with the TTY
+
+
@@ -884,8 +1050,11 @@ Allow http daemon to communicate with the TTY
false
Description
-
-Run CGI in the main httpd domain
+
+
+Run CGI in the main httpd domain
+
+
@@ -896,8 +1065,12 @@ Run CGI in the main httpd domain
false
Description
-
-Allow BIND to write the master zone files.Generally this is used for dynamic DNS.
+
+
+Allow BIND to write the master zone files.
+Generally this is used for dynamic DNS.
+
+
@@ -908,8 +1081,11 @@ Allow BIND to write the master zone files.Generally this is used for dynamic DNS
false
Description
-
-Allow nfs to be exported read only
+
+
+Allow nfs to be exported read only
+
+
@@ -920,8 +1096,11 @@ Allow nfs to be exported read only
false
Description
-
-Allow nfs to be exported read/write.
+
+
+Allow nfs to be exported read/write.
+
+
@@ -932,8 +1111,11 @@ Allow nfs to be exported read/write.
false
Description
-
-Allow pppd to load kernel modules for certain modems
+
+
+Allow pppd to load kernel modules for certain modems
+
+
@@ -944,8 +1126,11 @@ Allow pppd to load kernel modules for certain modems
false
Description
-
-Allow pppd to be run for a regular user
+
+
+Allow pppd to be run for a regular user
+
+
@@ -956,8 +1141,11 @@ Allow pppd to be run for a regular user
false
Description
-
-Allow reading of default_t files.
+
+
+Allow reading of default_t files.
+
+
@@ -968,8 +1156,13 @@ Allow reading of default_t files.
false
Description
-
-Allow applications to read untrusted contentIf this is disallowed, Internet content hasto be manually relabeled for read access to be granted
+
+
+Allow applications to read untrusted content
+If this is disallowed, Internet content has
+to be manually relabeled for read access to be granted
+
+
@@ -980,8 +1173,11 @@ Allow applications to read untrusted contentIf this is disallowed, Internet cont
false
Description
-
-Allow ssh to run from inetd instead of as a daemon.
+
+
+Allow ssh to run from inetd instead of as a daemon.
+
+
@@ -992,8 +1188,11 @@ Allow ssh to run from inetd instead of as a daemon.
false
Description
-
-Allow samba to export user home directories.
+
+
+Allow samba to export user home directories.
+
+
@@ -1004,8 +1203,11 @@ Allow samba to export user home directories.
false
Description
-
-Allow spamassassin to do DNS lookups
+
+
+Allow spamassassin to do DNS lookups
+
+
@@ -1016,8 +1218,26 @@ Allow spamassassin to do DNS lookups
false
Description
-
-Allow user spamassassin clients to use the network.
+
+
+Allow user spamassassin clients to use the network.
+
+
+
+
+
+
+
spamd_enable_home_dirs
+
+
Default value
+
true
+
+
Description
+
+
+Allow spammd to read/write user home directories.
+
+
false
Description
-
-Allow squid to connect to all ports, not justHTTP, FTP, and Gopher ports.
+
+
+Allow squid to connect to all ports, not just
+HTTP, FTP, and Gopher ports.
+
+
@@ -1040,8 +1264,11 @@ Allow squid to connect to all ports, not justHTTP, FTP, and Gopher ports.false
Description
-
-Allow ssh logins as sysadm_r:sysadm_t
+
+
+Allow ssh logins as sysadm_r:sysadm_t
+
+
@@ -1052,8 +1279,12 @@ Allow ssh logins as sysadm_r:sysadm_t
false
Description
-
-Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)
+
+
+Allow staff_r users to search the sysadm home
+dir and read files (such as ~/.bashrc)
+
+
@@ -1064,8 +1295,12 @@ Allow staff_r users to search the sysadm homedir and read files (such as ~/.bash
false
Description
-
-Configure stunnel to be a standalone daemon orinetd service.
+
+
+Configure stunnel to be a standalone daemon or
+inetd service.
+
+
@@ -1076,8 +1311,11 @@ Configure stunnel to be a standalone daemon orinetd service.
false
Description
-
-Support NFS home directories
+
+
+Support NFS home directories
+
+
@@ -1088,8 +1326,11 @@ Support NFS home directories
false
Description
-
-Support SAMBA home directories
+
+
+Support SAMBA home directories
+
+
@@ -1100,8 +1341,11 @@ Support SAMBA home directories
false
Description
-
-Allow regular users direct mouse access
+
+
+Allow regular users direct mouse access
+
+
@@ -1112,8 +1356,11 @@ Allow regular users direct mouse access
false
Description
-
-Allow users to read system messages.
+
+
+Allow users to read system messages.
+
+
@@ -1124,8 +1371,12 @@ Allow users to read system messages.
false
Description
-
-Allow users to control network interfaces(also needs USERCTL=true)
+
+
+Allow users to control network interfaces
+(also needs USERCTL=true)
+
+
@@ -1136,8 +1387,11 @@ Allow users to control network interfaces(also needs USERCTL=true)
false
Description
-
-Control users use of ping and traceroute
+
+
+Control users use of ping and traceroute
+
+
@@ -1148,8 +1402,12 @@ Control users use of ping and traceroute
false
Description
-
-Allow user to r/w files on filesystemsthat do not have extended attributes (FAT, CDROM, FLOPPY)
+
+
+Allow user to r/w files on filesystems
+that do not have extended attributes (FAT, CDROM, FLOPPY)
+
+
@@ -1160,8 +1418,11 @@ Allow user to r/w files on filesystemsthat do not have extended attributes (FAT,
false
Description
-
-Allow users to rw usb devices
+
+
+Allow users to rw usb devices
+
+
@@ -1172,8 +1433,13 @@ Allow users to rw usb devices
false
Description
-
-Allow users to run TCP servers (bind to ports and accept connection fromthe same domain and outside users) disabling this forces FTP passive modeand may change other protocols.
+
+
+Allow users to run TCP servers (bind to ports and accept connection from
+the same domain and outside users) disabling this forces FTP passive mode
+and may change other protocols.
+
+
@@ -1184,8 +1450,11 @@ Allow users to run TCP servers (bind to ports and accept connection fromthe same
false
Description
-
-Allow w to display everyone
+
+
+Allow w to display everyone
+
+
@@ -1196,8 +1465,28 @@ Allow w to display everyone
false
Description
-
-Allow applications to write untrusted contentIf this is disallowed, no Internet contentwill be stored.
+
+
+Allow applications to write untrusted content
+If this is disallowed, no Internet content
+will be stored.
+
+
+
+
+
+
+
xdm_sysadm_login
+
+
Default value
+
false
+
+
Description
+
+
+Allow xdm logins as sysadm
+
+
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -112,24 +124,39 @@
-
lockdev
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
+
kernel
- -
- bootloader
-
-
corecommands
@@ -151,6 +178,9 @@
-
kernel
+ -
+ mcs
+
-
mls
@@ -400,12 +430,12 @@
-
uucp
- -
- xdm
-
-
xfs
+ -
+ xserver
+
-
zebra
@@ -535,6 +565,16 @@
Policy for the Anaconda installer. |
|
+
+ bootloader |
+ Policy for the kernel modules, kernel image, and bootloader. |
+
+
|
+
+ certwatch |
+ Digital Certificate Tracking |
+
+
|
consoletype |
@@ -580,11 +620,24 @@ after installation of Red Hat/Fedora systems.
| System log analyzer and reporter |
|
+
+ mrtg |
+ Network traffic graphing |
+
+
|
netutils |
Network analysis utilities |
|
+
+ portage |
+
+Portage Package Management System. The primary package management and
+distribution system for Gentoo.
+ |
+
+
|
prelink |
Prelink ELF shared library mappings. |
@@ -680,11 +733,6 @@ and unlabeled processes and objects.
|
-
- bootloader |
- Policy for the kernel modules, kernel image, and bootloader. |
-
-
|
corecommands |
@@ -730,6 +778,11 @@ and unlabeled processes and objects.
|
|
+
+ mcs |
+ Multicategory security policy |
+
+
|
mls |
Multilevel security policy |
@@ -805,6 +858,11 @@ Policy for kernel security interface, in particular, selinuxfs.
device locking policy for lockdev |
|
+
+ mono |
+ Run .NET server and client applications on Linux. |
+
+
|
screen |
GNU terminal multiplexer |
@@ -815,10 +873,35 @@ Policy for kernel security interface, in particular, selinuxfs.
Update database for mlocate |
|
+
+ tvtime |
+ tvtime - a high quality television application |
+
+
|
+
+ uml |
+ Policy for UML |
+
+
|
+
+ userhelper |
+ SELinux utility to run a shell with a new role |
+
+
|
+
+ usernetctl |
+ User network interface configuration helper |
+
+
|
webalizer |
Web server log analysis |
+
|
+
+ wine |
+ Wine Is Not an Emulator. Run Windows programs in Linux. |
+
@@ -1395,16 +1478,16 @@ from Windows NT servers.
Unix to Unix Copy |
|
-
- xdm |
- X windows login display manager |
-
-
|
xfs |
X Windows Font Server |
|
+
+ xserver |
+ X Windows Server |
+
+
|
zebra |
Zebra border gateway protocol network routing service |
diff --git a/www/api-docs/interfaces.html b/www/api-docs/interfaces.html
index adfe364..46df10f 100644
--- a/www/api-docs/interfaces.html
+++ b/www/api-docs/interfaces.html
@@ -25,6 +25,12 @@
-
anaconda
+ -
+ bootloader
+
+ -
+ certwatch
+
-
consoletype
@@ -49,9 +55,15 @@
-
logwatch
+ -
+ mrtg
+
-
netutils
+ -
+ portage
+
-
prelink
@@ -112,24 +124,39 @@
-
lockdev
+ -
+ mono
+
-
screen
-
slocate
+ -
+ tvtime
+
+ -
+ uml
+
+ -
+ userhelper
+
+ -
+ usernetctl
+
-
webalizer
+ -
+ wine
+
+
kernel
+Module:
+amanda
+Layer:
+admin
+
+
+amanda_append_log_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Allow read/writing amanda logs
+
+
+
+
+Module:
+amanda
+Layer:
+admin
+
+
+amanda_rw_dumpdates_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Allow read/writing /etc/dumpdates.
+
+
+
+
-Module:
+Module:
apache
Layer:
services
-apache_dontaudit_rw_stream_socket(
+apache_dontaudit_rw_stream_sockets(
@@ -997,13 +1079,13 @@ unix domain stream sockets.
-Module:
+Module:
apache
Layer:
services
-apache_dontaudit_rw_sys_script_stream_socket(
+apache_dontaudit_rw_sys_script_stream_sockets(
@@ -1024,13 +1106,13 @@ system script unix domain stream sockets.
-Module:
+Module:
apache
Layer:
services
-apache_dontaudit_rw_tcp_socket(
+apache_dontaudit_rw_tcp_sockets(
@@ -1078,6 +1160,33 @@ module directories.
+Module:
+apache
+Layer:
+services
+
+
+apache_exec_modules(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Allow the specified domain to execute
+apache modules.
+
+
+
+
+
+
+Module:
+apache
+Layer:
+services
+
+
+apache_read_sys_content(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read apache system content
+
+
+
+
+
+
-Module:
+Module:
apache
Layer:
services
-apache_use_fd(
+apache_use_fds(
@@ -1450,13 +1585,13 @@ Execute APM in the apm domain.
-Module:
+Module:
apm
Layer:
services
-apm_rw_stream_socket(
+apm_rw_stream_sockets(
@@ -1502,13 +1637,13 @@ Connect to apmd over an unix stream socket.
-Module:
+Module:
apm
Layer:
services
-apm_use_fd(
+apm_use_fds(
@@ -1528,13 +1663,13 @@ Use file descriptors for apmd.
-Module:
+Module:
apm
Layer:
services
-apm_write_pipe(
+apm_write_pipes(
@@ -1554,13 +1689,13 @@ Write to apmd unnamed pipes.
-Module:
+Module:
arpwatch
Layer:
services
-arpwatch_dontaudit_rw_packet_socket(
+arpwatch_dontaudit_rw_packet_sockets(
@@ -2137,18 +2272,18 @@ Execute the pam program.
-Module:
+Module:
authlogin
Layer:
system
-
auth_filetrans_login_records(
+
auth_getattr_shadow(
- ?
+ domain
)
@@ -2156,25 +2291,25 @@ system
-Summary is missing!
+Get the attributes of the shadow passwords file.
-Module:
+Module:
authlogin
Layer:
system
-
auth_getattr_shadow(
+
auth_list_pam_console_data(
- domain
+ ?
)
@@ -2182,20 +2317,20 @@ system
-Get the attributes of the shadow passwords file.
+Summary is missing!
-Module:
+Module:
authlogin
Layer:
system
-
auth_list_pam_console_data(
+
auth_log_filetrans_login_records(
@@ -2260,12 +2395,8 @@ system
- [
-
exception_types
- ]
-
)
@@ -2332,6 +2463,32 @@ Summary is missing!
+Module:
+authlogin
+Layer:
+system
+
+
+auth_manage_pam_pid(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Manage pam PID files.
+
+
+
+
+
+
+Module:
+authlogin
+Layer:
+system
+
+
+auth_manage_var_auth(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Manage var auth files. Used by various other applications
+and pam applets etc.
+
+
+
+
+
+
@@ -2416,12 +2596,8 @@ system
- [
-
exception_types
- ]
-
)
@@ -2455,12 +2631,8 @@ system
- [
-
exception_types
- ]
-
)
@@ -2624,12 +2796,8 @@ system
- [
-
exception_types
- ]
-
)
@@ -3069,6 +3237,33 @@ Execute automount in the automount domain.
+Module:
+automount
+Layer:
+services
+
+
+automount_dontaudit_getattr_tmp_dirs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to get the attributes
+of automount temporary directories.
+
+
+
+
+
+
-Module:
+Module:
bind
Layer:
services
-bind_manage_config_dir(
+bind_manage_config_dirs(
@@ -3375,13 +3570,13 @@ Search the BIND cache directory.
-Module:
+Module:
bind
Layer:
services
-bind_setattr_pid_dir(
+bind_setattr_pid_dirs(
@@ -3602,62 +3797,10 @@ allow the specified role the bluetooth_helper domain.
-Module:
-bootloader
-Layer:
-kernel
-
-
-bootloader_create_kernel_img(
-
-
-
-
- domain
-
-
- )
-
-
-
-
-Install a kernel into the /boot directory.
-
-
-
-
-
-
-Module:
-bootloader
-Layer:
-kernel
-
-
-bootloader_create_kernel_symbol_table(
-
-
-
-
- domain
-
-
- )
-
-
-
-
-Install a system.map into the /boot directory.
-
-
-
-
-
-
-Module:
+Module:
bootloader
-Layer:
-kernel
+Layer:
+admin
bootloader_create_runtime_file(
@@ -3681,13 +3824,13 @@ temporary data in /tmp.
-Module:
+Module:
bootloader
-Layer:
-kernel
+Layer:
+admin
-
bootloader_delete_kernel(
+
bootloader_domtrans(
@@ -3700,20 +3843,20 @@ kernel
-Delete a kernel from /boot.
+Execute bootloader in the bootloader domain.
-Module:
+Module:
bootloader
-Layer:
-kernel
+Layer:
+admin
-
bootloader_delete_kernel_symbol_table(
+
bootloader_read_config(
@@ -3726,20 +3869,20 @@ kernel
-Delete a system.map in the /boot directory.
+Read the bootloader configuration file.
-Module:
+Module:
bootloader
-Layer:
-kernel
+Layer:
+admin
-
bootloader_domtrans(
+
bootloader_run(
@@ -3747,57 +3890,20 @@ kernel
domain
- )
-
-
-
-
-Execute bootloader in the bootloader domain.
-
-
-
-
-
-
-Module:
-bootloader
-Layer:
-kernel
-
-
-bootloader_dontaudit_getattr_boot_dir(
-
+ ,
- domain
-
- )
-
-
-
-
-Do not audit attempts to get attributes
-of the /boot directory.
-
-
-
-
-
-
-Module:
-bootloader
-Layer:
-kernel
-
-
-
bootloader_dontaudit_search_boot(
+ role
+
+ ,
- domain
+
+ terminal
)
@@ -3805,25 +3911,26 @@ kernel
-Do not audit attempts to search the /boot directory.
+Execute bootloader interactively and do
+a domain transition to the bootloader domain.
-Module:
+Module:
bootloader
-Layer:
-kernel
+Layer:
+admin
-
bootloader_filetrans_modules(
+
bootloader_rw_config(
- ?
+ domain
)
@@ -3831,20 +3938,21 @@ kernel
-Summary is missing!
+Read and write the bootloader
+configuration file.
-Module:
+Module:
bootloader
-Layer:
-kernel
+Layer:
+admin
-
bootloader_getattr_boot_dir(
+
bootloader_rw_tmp_files(
@@ -3857,20 +3965,21 @@ kernel
-Get attributes of the /boot directory.
+Read and write the bootloader
+temporary data in /tmp.
-Module:
-bootloader
-Layer:
-kernel
+Module:
+canna
+Layer:
+services
-
bootloader_getattr_kernel_modules(
+
canna_stream_connect(
@@ -3883,20 +3992,20 @@ kernel
-Get the attributes of kernel module files.
+Connect to Canna using a unix domain stream socket.
-Module:
-bootloader
-Layer:
-kernel
+Module:
+certwatch
+Layer:
+admin
-
bootloader_list_kernel_modules(
+
certwatach_run(
@@ -3904,30 +4013,20 @@ kernel
domain
- )
-
-
-
-
-List the contents of the kernel module directories.
-
-
-
-
-
-
-Module:
-bootloader
-Layer:
-kernel
-
-
-
bootloader_manage_kernel_modules(
+
+ ,
+
+
+
+ role
+
+ ,
- domain
+
+ terminal
)
@@ -3935,21 +4034,23 @@ kernel
-Create, read, write, and delete
-kernel module files.
+Execute certwatch in the certwatch domain, and
+allow the specified role the certwatch domain,
+and use the caller's terminal. Has a sigchld
+backchannel.
-Module:
-bootloader
-Layer:
-kernel
+Module:
+certwatch
+Layer:
+admin
-
bootloader_read_config(
+
certwatch_domtrans(
@@ -3962,20 +4063,20 @@ kernel
-Read the bootloader configuration file.
+Domain transition to certwatch.
-Module:
-bootloader
-Layer:
-kernel
+Module:
+clock
+Layer:
+system
-
bootloader_read_kernel_modules(
+
clock_domtrans(
@@ -3988,20 +4089,20 @@ kernel
-Read kernel module files.
+Execute hwclock in the clock domain.
-Module:
-bootloader
-Layer:
-kernel
+Module:
+clock
+Layer:
+system
-
bootloader_read_kernel_symbol_table(
+
clock_exec(
@@ -4014,20 +4115,20 @@ kernel
-Read system.map in the /boot directory.
+Execute hwclock in the caller domain.
-Module:
-bootloader
-Layer:
-kernel
+Module:
+clock
+Layer:
+system
-
bootloader_run(
+
clock_run(
@@ -4056,21 +4157,21 @@ kernel
-Execute bootloader interactively and do
-a domain transition to the bootloader domain.
+Execute hwclock in the clock domain, and
+allow the specified role the hwclock domain.
-Module:
-bootloader
-Layer:
-kernel
+Module:
+clock
+Layer:
+system
-
bootloader_rw_boot_symlinks(
+
clock_rw_adjtime(
@@ -4083,21 +4184,20 @@ kernel
-Read and write symbolic links
-in the /boot directory.
+Allow executing domain to modify clock drift
-Module:
-bootloader
-Layer:
-kernel
+Module:
+consoletype
+Layer:
+admin
-
bootloader_rw_config(
+
consoletype_domtrans(
@@ -4110,21 +4210,20 @@ kernel
-Read and write the bootloader
-configuration file.
+Execute consoletype in the consoletype domain.
-Module:
-bootloader
-Layer:
-kernel
+Module:
+consoletype
+Layer:
+admin
-
bootloader_rw_tmp_file(
+
consoletype_exec(
@@ -4137,21 +4236,20 @@ kernel
-Read and write the bootloader
-temporary data in /tmp.
+Execute consoletype in the caller domain.
-Module:
-bootloader
-Layer:
-kernel
+Module:
+consoletype
+Layer:
+admin
-
bootloader_search_boot(
+
consoletype_run(
@@ -4159,25 +4257,42 @@ kernel
domain
+
+ ,
+
+
+
+ role
+
+
+
+ ,
+
+
+
+ terminal
+
+
)
-Search the /boot directory.
+Execute consoletype in the consoletype domain, and
+allow the specified role the consoletype domain.
-Module:
-bootloader
+Module:
+corecommands
Layer:
kernel
-
bootloader_search_kernel_modules(
+
corecmd_bin_alias(
@@ -4190,20 +4305,20 @@ kernel
-Search the contents of the kernel module directories.
+Create a aliased type to generic bin files.
-Module:
-bootloader
+Module:
+corecommands
Layer:
kernel
-
bootloader_write_kernel_modules(
+
corecmd_bin_domtrans(
@@ -4211,25 +4326,34 @@ kernel
domain
+
+ ,
+
+
+
+ target_domain
+
+
)
-Write kernel module files.
+Execute a file in a bin directory
+in the specified domain.
-Module:
-canna
-Layer:
-services
+Module:
+corecommands
+Layer:
+kernel
-
canna_stream_connect(
+
corecmd_bin_spec_domtrans(
@@ -4237,25 +4361,36 @@ services
domain
+
+ ,
+
+
+
+ target_domain
+
+
)
-Connect to Canna using a unix domain stream socket.
+Execute a file in a bin directory
+in the specified domain but do not
+do it automatically. This is an explicit
+transition, requiring the caller to use setexeccon().
-Module:
-clock
-Layer:
-system
+Module:
+corecommands
+Layer:
+kernel
-
clock_domtrans(
+
corecmd_check_exec_shell(
@@ -4268,25 +4403,25 @@ system
-Execute hwclock in the clock domain.
+Check if a shell is executable (DAC-wise).
-Module:
-clock
-Layer:
-system
+Module:
+corecommands
+Layer:
+kernel
-
clock_exec(
+
corecmd_dontaudit_getattr_sbin_files(
- domain
+ ?
)
@@ -4294,20 +4429,20 @@ system
-Execute hwclock in the caller domain.
+Summary is missing!
-Module:
-clock
-Layer:
-system
+Module:
+corecommands
+Layer:
+kernel
-
clock_run(
+
corecmd_dontaudit_search_sbin(
@@ -4315,47 +4450,31 @@ system
domain
-
- ,
-
-
-
- role
-
-
-
- ,
-
-
-
- terminal
-
-
)
-Execute hwclock in the clock domain, and
-allow the specified role the hwclock domain.
+Do not audit attempts to search
+sbin directories.
-Module:
-clock
-Layer:
-system
+Module:
+corecommands
+Layer:
+kernel
-
clock_rw_adjtime(
+
corecmd_exec_bin(
- domain
+ ?
)
@@ -4363,25 +4482,25 @@ system
-Allow executing domain to modify clock drift
+Summary is missing!
-Module:
-consoletype
-Layer:
-admin
+Module:
+corecommands
+Layer:
+kernel
-
consoletype_domtrans(
+
corecmd_exec_chroot(
- domain
+ ?
)
@@ -4389,25 +4508,25 @@ admin
-Execute consoletype in the consoletype domain.
+Summary is missing!
-Module:
-consoletype
-Layer:
-admin
+Module:
+corecommands
+Layer:
+kernel
-
consoletype_exec(
+
corecmd_exec_ls(
- domain
+ ?
)
@@ -4415,25 +4534,25 @@ admin
-Execute consoletype in the caller domain.
+Summary is missing!
-Module:
+Module:
corecommands
Layer:
kernel
-
corecmd_bin_alias(
+
corecmd_exec_sbin(
- domain
+ ?
)
@@ -4441,33 +4560,25 @@ kernel
-Create a aliased type to generic bin files.
+Summary is missing!
-Module:
+Module:
corecommands
Layer:
kernel
-
corecmd_bin_domtrans(
-
-
-
-
- domain
-
+
corecmd_exec_shell(
- ,
-
- target_domain
+ ?
)
@@ -4475,21 +4586,20 @@ kernel
-Execute a file in a bin directory
-in the specified domain.
+Summary is missing!
-Module:
+Module:
corecommands
Layer:
kernel
-
corecmd_check_exec_shell(
+
corecmd_getattr_bin_files(
@@ -4502,229 +4612,20 @@ kernel
-Check if a shell is executable (DAC-wise).
+Get the attributes of files in bin directories.
-Module:
+Module:
corecommands
Layer:
kernel
-corecmd_dontaudit_getattr_sbin_file(
-
-
-
-
- ?
-
-
- )
-
-
-
-
-Summary is missing!
-
-
-
-
-
-
-Module:
-corecommands
-Layer:
-kernel
-
-
-corecmd_dontaudit_search_sbin(
-
-
-
-
- domain
-
-
- )
-
-
-
-
-Do not audit attempts to search
-sbin directories.
-
-
-
-
-
-
-Module:
-corecommands
-Layer:
-kernel
-
-
-corecmd_exec_bin(
-
-
-
-
- ?
-
-
- )
-
-
-
-
-Summary is missing!
-
-
-
-
-
-
-Module:
-corecommands
-Layer:
-kernel
-
-
-corecmd_exec_chroot(
-
-
-
-
- ?
-
-
- )
-
-
-
-
-Summary is missing!
-
-
-
-
-
-
-Module:
-corecommands
-Layer:
-kernel
-
-
-corecmd_exec_ls(
-
-
-
-
- ?
-
-
- )
-
-
-
-
-Summary is missing!
-
-
-
-
-
-
-Module:
-corecommands
-Layer:
-kernel
-
-
-corecmd_exec_sbin(
-
-
-
-
- ?
-
-
- )
-
-
-
-
-Summary is missing!
-
-
-
-
-
-
-Module:
-corecommands
-Layer:
-kernel
-
-
-corecmd_exec_shell(
-
-
-
-
- ?
-
-
- )
-
-
-
-
-Summary is missing!
-
-
-
-
-
-
-Module:
-corecommands
-Layer:
-kernel
-
-
-corecmd_getattr_bin_file(
-
-
-
-
- domain
-
-
- )
-
-
-
-
-Get the attributes of files in bin directories.
-
-
-
-
-
-
-Module:
-corecommands
-Layer:
-kernel
-
-
-corecmd_getattr_sbin_file(
+corecmd_getattr_sbin_files(
@@ -4900,13 +4801,13 @@ Mmap a sbin file as executable.
-Module:
+Module:
corecommands
Layer:
kernel
-corecmd_read_bin_file(
+corecmd_read_bin_files(
@@ -4926,13 +4827,13 @@ Read files in bin directories.
-Module:
+Module:
corecommands
Layer:
kernel
-corecmd_read_bin_pipe(
+corecmd_read_bin_pipes(
@@ -4952,13 +4853,13 @@ Read pipes in bin directories.
-Module:
+Module:
corecommands
Layer:
kernel
-corecmd_read_bin_socket(
+corecmd_read_bin_sockets(
@@ -4978,13 +4879,13 @@ Read named sockets in bin directories.
-Module:
+Module:
corecommands
Layer:
kernel
-corecmd_read_bin_symlink(
+corecmd_read_bin_symlinks(
@@ -5004,13 +4905,13 @@ Read symbolic links in bin directories.
-Module:
+Module:
corecommands
Layer:
kernel
-corecmd_read_sbin_file(
+corecmd_read_sbin_files(
@@ -5030,13 +4931,13 @@ Read files in sbin directories.
-Module:
+Module:
corecommands
Layer:
kernel
-corecmd_read_sbin_pipe(
+corecmd_read_sbin_pipes(
@@ -5056,13 +4957,13 @@ Read named pipes in sbin directories.
-Module:
+Module:
corecommands
Layer:
kernel
-corecmd_read_sbin_socket(
+corecmd_read_sbin_sockets(
@@ -5082,13 +4983,13 @@ Read named sockets in sbin directories.
-Module:
+Module:
corecommands
Layer:
kernel
-corecmd_read_sbin_symlink(
+corecmd_read_sbin_symlinks(
@@ -5195,6 +5096,43 @@ in the specified domain.
+Module:
+corecommands
+Layer:
+kernel
+
+
+corecmd_sbin_spec_domtrans(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ target_domain
+
+
+ )
+
+
+
+
+Execute a file in a sbin directory
+in the specified domain but do not
+do it automatically. This is an explicit
+transition, requiring the caller to use setexeccon().
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_dontaudit_tcp_bind_all_ports(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attepts to bind TCP sockets to any ports.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_rw_ppp_dev(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read and write the point-to-point device.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_rw_tun_tap_dev(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read and write the TUN/TAP virtual network device.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_tcp_bind_bgp_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Bind TCP sockets to the bgp port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_tcp_bind_router_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Bind TCP sockets to the router port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_tcp_connect_bgp_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Make a TCP connection to the bgp port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_tcp_connect_router_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Make a TCP connection to the router port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_tcp_sendrecv_bgp_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Send and receive TCP traffic on the bgp port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_tcp_sendrecv_router_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Send and receive TCP traffic on the router port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_udp_bind_bgp_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Bind UDP sockets to the bgp port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_udp_bind_router_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Bind UDP sockets to the router port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_udp_receive_bgp_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Receive UDP traffic on the bgp port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_udp_receive_router_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Receive UDP traffic on the router port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_udp_send_bgp_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Send UDP traffic on the bgp port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_udp_send_router_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Send UDP traffic on the router port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_udp_sendrecv_bgp_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Send and receive UDP traffic on the bgp port.
+
+
+
+
+
+
+Module:
+corenetwork
+Layer:
+kernel
+
+
+corenet_udp_sendrecv_router_port(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Send and receive UDP traffic on the router port.
+
+
+
+
+
+
-Module:
-corenetwork
-Layer:
-kernel
-
-
-corenet_use_ppp_device(
-
-
-
-
- domain
-
-
- )
-
-
-
-
-Read and write the point-to-point device.
-
-
-
-
-
-
-Module:
-corenetwork
-Layer:
-kernel
-
-
-corenet_use_tun_tap_device(
-
-
-
-
- domain
-
-
- )
-
-
-
-
-Read and write the TUN/TAP virtual network device.
-
-
-
-
-
-
@@ -24668,13 +24992,13 @@ CPUcontrol stub interface. No access allowed.
-Module:
+Module:
cron
Layer:
services
-
cron_crw_tcp_socket(
+
cron_anacron_domtrans_system_job(
@@ -24687,20 +25011,20 @@ services
-Create, read, and write a cron daemon TCP socket.
+Execute APM in the apm domain.
-Module:
+Module:
cron
Layer:
services
-
cron_domtrans_anacron_system_job(
+
cron_dontaudit_append_system_job_tmp_files(
@@ -24713,20 +25037,21 @@ services
-Execute APM in the apm domain.
+Do not audit attempts to append temporary
+files from the system cron jobs.
-Module:
+Module:
cron
Layer:
services
-
cron_dontaudit_append_system_job_tmp_files(
+
cron_dontaudit_write_pipes(
@@ -24739,21 +25064,20 @@ services
-Do not audit attempts to append temporary
-files from the system cron jobs.
+Do not audit attempts to write cron daemon unnamed pipes.
-Module:
+Module:
cron
Layer:
services
-
cron_dontaudit_write_pipe(
+
cron_read_pipes(
@@ -24766,20 +25090,20 @@ services
-Do not audit attempts to write cron daemon unnamed pipes.
+Read a cron daemon unnamed pipe.
-Module:
+Module:
cron
Layer:
services
-
cron_read_pipe(
+
cron_read_system_job_tmp_files(
@@ -24792,20 +25116,20 @@ services
-Read a cron daemon unnamed pipe.
+Read temporary files from the system cron jobs.
-Module:
+Module:
cron
Layer:
services
-
cron_read_system_job_tmp_files(
+
cron_rw_pipes(
@@ -24818,20 +25142,20 @@ services
-Read temporary files from the system cron jobs.
+Read and write a cron daemon unnamed pipe.
-Module:
+Module:
cron
Layer:
services
-
cron_rw_pipe(
+
cron_rw_system_job_pipes(
@@ -24844,20 +25168,20 @@ services
-Read and write a cron daemon unnamed pipe.
+Read and write a system cron job unnamed pipe.
-Module:
+Module:
cron
Layer:
services
-
cron_rw_system_job_pipe(
+
cron_rw_tcp_sockets(
@@ -24870,7 +25194,7 @@ services
-Read and write a system cron job unnamed pipe.
+Read, and write cron daemon TCP sockets.
@@ -24964,13 +25288,13 @@ from the system cron jobs.
-Module:
+Module:
cron
Layer:
services
-cron_use_fd(
+cron_use_fds(
@@ -24991,13 +25315,13 @@ from the cron daemon.
-Module:
+Module:
cron
Layer:
services
-cron_use_system_job_fd(
+cron_use_system_job_fds(
@@ -25018,13 +25342,13 @@ from system cron jobs.
-Module:
+Module:
cron
Layer:
services
-cron_write_system_job_pipe(
+cron_write_system_job_pipes(
@@ -25150,6 +25474,32 @@ Execute cups_config in the cups_config domain.
+Module:
+cups
+Layer:
+services
+
+
+cups_read_config(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read cups configuration files.
+
+
+
+
+
+
+Module:
+cups
+Layer:
+services
+
+
+cups_tcp_connect(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Connect to cups over TCP.
+
+
+
+
+
+
+Module:
+cups
+Layer:
+services
+
+
+cups_write_log(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Write cups log files.
+
+
+
+
+
+
-Module:
+Module:
dbus
Layer:
services
-
dbus_send_system_bus_msg(
+
dbus_send_system_bus(
@@ -25588,12 +25990,8 @@ services
- [
-
domain
- ]
-
)
@@ -25739,7 +26137,7 @@ kernel
- domain
+ file_type
)
@@ -25747,20 +26145,20 @@ kernel
-Mount a usbfs filesystem.
+Associate a file to a usbfs filesystem.
-Module:
+Module:
devices
Layer:
kernel
-dev_create_cardmgr(
+dev_create_cardmgr_dev(
@@ -25782,39 +26180,13 @@ with the correct type.
-Module:
-devices
-Layer:
-kernel
-
-
-dev_create_dir(
-
-
-
-
- domain
-
-
- )
-
-
-
-
-Create a directory in the device directory.
-
-
-
-
-
-
-Module:
+Module:
devices
Layer:
kernel
-dev_create_generic_chr_file(
+dev_create_generic_chr_files(
@@ -25834,13 +26206,13 @@ Allow read, write, and create for generic character device files.
-Module:
+Module:
devices
Layer:
kernel
-
dev_del_generic_symlinks(
+
dev_create_generic_dirs(
@@ -25853,20 +26225,20 @@ kernel
-Delete symbolic links in device directories.
+Create a directory in the device directory.
-Module:
+Module:
devices
Layer:
kernel
-dev_delete_generic_file(
+dev_delete_generic_files(
@@ -25886,13 +26258,39 @@ Delete generic files in /dev.
-Module:
+Module:
devices
Layer:
kernel
-dev_delete_lvm_control(
+dev_delete_generic_symlinks(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Delete symbolic links in device directories.
+
+
+
+
+
+
+Module:
+devices
+Layer:
+kernel
+
+
+dev_delete_lvm_control_dev(
@@ -25964,13 +26362,13 @@ Dontaudit getattr on all character file device nodes.
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_getattr_apm_bios(
+dev_dontaudit_getattr_apm_bios_dev(
@@ -25991,13 +26389,13 @@ the apm bios device node.
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_getattr_generic_blk_file(
+dev_dontaudit_getattr_generic_blk_files(
@@ -26017,13 +26415,13 @@ Dontaudit getattr on generic block devices.
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_getattr_generic_chr_file(
+dev_dontaudit_getattr_generic_chr_files(
@@ -26043,13 +26441,13 @@ Dontaudit getattr for generic character device files.
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_getattr_generic_pipe(
+dev_dontaudit_getattr_generic_pipes(
@@ -26095,13 +26493,13 @@ dontaudit getattr raw memory devices (e.g. /dev/mem).
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_getattr_misc(
+dev_dontaudit_getattr_misc_dev(
@@ -26122,13 +26520,13 @@ of miscellaneous devices.
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_getattr_scanner(
+dev_dontaudit_getattr_scanner_dev(
@@ -26149,13 +26547,13 @@ the scanner device.
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_getattr_usbfs_dir(
+dev_dontaudit_getattr_usbfs_dirs(
@@ -26307,6 +26705,33 @@ Do not audit attempts to read the framebuffer.
+Module:
+devices
+Layer:
+kernel
+
+
+dev_dontaudit_read_rand(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to read from random
+number generator devices (e.g., /dev/random)
+
+
+
+
+
+
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_rw_dri_dev(
+dev_dontaudit_rw_dri(
@@ -26386,6 +26811,32 @@ Dontaudit getattr for generic device files.
+Module:
+devices
+Layer:
+kernel
+
+
+dev_dontaudit_rw_misc(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to read and write miscellaneous devices.
+
+
+
+
+
+
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_setattr_apm_bios(
+dev_dontaudit_setattr_apm_bios_dev(
@@ -26439,13 +26890,13 @@ the apm bios device node.
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_setattr_framebuffer(
+dev_dontaudit_setattr_framebuffer_dev(
@@ -26466,13 +26917,13 @@ of the framebuffer device node.
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_setattr_generic_blk_file(
+dev_dontaudit_setattr_generic_blk_files(
@@ -26492,13 +26943,13 @@ Dontaudit setattr on generic block devices.
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_setattr_generic_chr_file(
+dev_dontaudit_setattr_generic_chr_files(
@@ -26518,13 +26969,13 @@ Dontaudit setattr for generic character device files.
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_setattr_generic_symlink(
+dev_dontaudit_setattr_generic_symlinks(
@@ -26545,13 +26996,13 @@ of symbolic links in device directories (/dev).
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_setattr_misc(
+dev_dontaudit_setattr_misc_dev(
@@ -26572,13 +27023,13 @@ of miscellaneous devices.
-Module:
+Module:
devices
Layer:
kernel
-dev_dontaudit_setattr_scanner(
+dev_dontaudit_setattr_scanner_dev(
@@ -26626,13 +27077,13 @@ of video4linux device nodes.
-Module:
+Module:
devices
Layer:
kernel
-dev_filetrans_dev_node(
+dev_filetrans(
@@ -26747,13 +27198,13 @@ Getattr on all character file device nodes.
-Module:
+Module:
devices
Layer:
kernel
-dev_getattr_apm_bios(
+dev_getattr_apm_bios_dev(
@@ -26773,13 +27224,13 @@ Get the attributes of the apm bios device node.
-Module:
+Module:
devices
Layer:
kernel
-dev_getattr_cpu(
+dev_getattr_cpu_dev(
@@ -26800,13 +27251,39 @@ microcode and id interfaces.
-Module:
+Module:
+devices
+Layer:
+kernel
+
+
+dev_getattr_dri_dev(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+getattr the dri devices.
+
+
+
+
+
+
+Module:
devices
Layer:
kernel
-dev_getattr_framebuffer(
+dev_getattr_framebuffer_dev(
@@ -26826,13 +27303,13 @@ Get the attributes of the framebuffer device node.
-Module:
+Module:
devices
Layer:
kernel
-dev_getattr_generic_blk_file(
+dev_getattr_generic_blk_files(
@@ -26852,13 +27329,13 @@ Allow getattr on generic block devices.
-Module:
+Module:
devices
Layer:
kernel
-dev_getattr_generic_chr_file(
+dev_getattr_generic_chr_files(
@@ -26878,13 +27355,13 @@ Allow getattr for generic character device files.
-Module:
+Module:
devices
Layer:
kernel
-dev_getattr_misc(
+dev_getattr_misc_dev(
@@ -26904,13 +27381,13 @@ Get the attributes of miscellaneous devices.
-Module:
+Module:
devices
Layer:
kernel
-dev_getattr_mouse(
+dev_getattr_mouse_dev(
@@ -26930,13 +27407,13 @@ Get the attributes of the mouse devices.
-Module:
+Module:
devices
Layer:
kernel
-dev_getattr_mtrr(
+dev_getattr_mtrr_dev(
@@ -26956,13 +27433,13 @@ Get the attributes of the mtrr device.
-Module:
+Module:
devices
Layer:
kernel
-dev_getattr_power_management(
+dev_getattr_power_mgmt_dev(
@@ -26982,13 +27459,13 @@ Get the attributes of the the power management device.
-Module:
+Module:
devices
Layer:
kernel
-dev_getattr_scanner(
+dev_getattr_scanner_dev(
@@ -27008,13 +27485,13 @@ Get the attributes of the scanner device.
-Module:
+Module:
devices
Layer:
kernel
-dev_getattr_snd_dev(
+dev_getattr_sound_dev(
@@ -27034,13 +27511,13 @@ Get the attributes of the sound devices.
-Module:
+Module:
devices
Layer:
kernel
-dev_getattr_sysfs_dir(
+dev_getattr_sysfs_dirs(
@@ -27060,13 +27537,13 @@ Get the attributes of sysfs directories.
-Module:
+Module:
devices
Layer:
kernel
-dev_getattr_usbfs_dir(
+dev_getattr_usbfs_dirs(
@@ -27268,13 +27745,39 @@ Read, write, create, and delete all character device files.
-Module:
+Module:
+devices
+Layer:
+kernel
+
+
+dev_manage_all_dev_nodes(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create, delete, read, and write device nodes in device directories.
+
+
+
+
+
+
+Module:
devices
Layer:
kernel
-dev_manage_cardmgr(
+dev_manage_cardmgr_dev(
@@ -27295,13 +27798,13 @@ the PCMCIA card manager device.
-Module:
+Module:
devices
Layer:
kernel
-
dev_manage_dev_nodes(
+
dev_manage_dri_dev(
@@ -27314,20 +27817,20 @@ kernel
-Create, delete, read, and write device nodes in device directories.
+Create, read, write, and delete the dri devices.
-Module:
+Module:
devices
Layer:
kernel
-dev_manage_generic_blk_file(
+dev_manage_generic_blk_files(
@@ -27347,13 +27850,13 @@ Create, delete, read, and write block device files.
-Module:
+Module:
devices
Layer:
kernel
-dev_manage_generic_chr_file(
+dev_manage_generic_chr_files(
@@ -27373,6 +27876,32 @@ Create, delete, read, and write character device files.
+Module:
+devices
+Layer:
+kernel
+
+
+dev_manage_generic_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Create a file in the device directory.
+
+
+
+
+
+
Module:
devices
Layer:
@@ -27653,7 +28182,8 @@ kernel
-Read from random devices (e.g., /dev/random)
+Read from random number generator
+devices (e.g., /dev/random)
@@ -27712,13 +28242,13 @@ Read the realtime clock (/dev/rtc).
-Module:
+Module:
devices
Layer:
kernel
-dev_read_snd_dev(
+dev_read_sound(
@@ -27738,13 +28268,13 @@ Read the sound devices.
-Module:
+Module:
devices
Layer:
kernel
-dev_read_snd_mixer_dev(
+dev_read_sound_mixer(
@@ -27869,13 +28399,13 @@ Allow full relabeling (to and from) of all device nodes.
-Module:
+Module:
devices
Layer:
kernel
-dev_relabel_dev_dirs(
+dev_relabel_generic_dev_dirs(
@@ -27921,13 +28451,13 @@ Relabel symbolic links in device directories.
-Module:
+Module:
devices
Layer:
kernel
-dev_rw_agp_dev(
+dev_rw_agp(
@@ -28052,13 +28582,13 @@ Read and write the the hardware SSL accelerator.
-Module:
+Module:
devices
Layer:
kernel
-dev_rw_dri_dev(
+dev_rw_dri(
@@ -28078,13 +28608,39 @@ Read and write the dri devices.
-Module:
+Module:
+devices
+Layer:
+kernel
+
+
+dev_rw_framebuffer(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read and write the framebuffer.
+
+
+
+
+
+
+Module:
devices
Layer:
kernel
-dev_rw_generic_file(
+dev_rw_generic_files(
@@ -28104,13 +28660,13 @@ Read and write generic files in /dev.
-Module:
+Module:
devices
Layer:
kernel
-
dev_rw_lvm_control(
+
dev_rw_generic_usb_dev(
@@ -28123,20 +28679,20 @@ kernel
-Read and write the lvm control device.
+Read and write generic the USB devices.
-Module:
+Module:
devices
Layer:
kernel
-
dev_rw_mouse(
+
dev_rw_input_dev(
@@ -28149,20 +28705,20 @@ kernel
-Read and write to mouse devices.
+Read input event devices (/dev/input).
-Module:
+Module:
devices
Layer:
kernel
-
dev_rw_null_dev(
+
dev_rw_lvm_control(
@@ -28175,20 +28731,20 @@ kernel
-Read and write to the null device (/dev/null).
+Read and write the lvm control device.
-Module:
+Module:
devices
Layer:
kernel
-
dev_rw_power_management(
+
dev_rw_mouse(
@@ -28201,20 +28757,20 @@ kernel
-Read and write the the power management device.
+Read and write to mouse devices.
-Module:
+Module:
devices
Layer:
kernel
-
dev_rw_printer(
+
dev_rw_mtrr(
@@ -28227,20 +28783,20 @@ kernel
-Read and write the printer device.
+Read and write the mtrr device.
-Module:
+Module:
devices
Layer:
kernel
-
dev_rw_realtime_clock(
+
dev_rw_null(
@@ -28253,20 +28809,20 @@ kernel
-Read and set the realtime clock (/dev/rtc).
+Read and write to the null device (/dev/null).
-Module:
+Module:
devices
Layer:
kernel
-
dev_rw_scanner(
+
dev_rw_power_management(
@@ -28279,20 +28835,20 @@ kernel
-Read and write the scanner device.
+Read and write the the power management device.
-Module:
+Module:
devices
Layer:
kernel
-
dev_rw_sysfs(
+
dev_rw_printer(
@@ -28305,20 +28861,20 @@ kernel
-Allow caller to modify hardware state information.
+Read and write the printer device.
-Module:
+Module:
devices
Layer:
kernel
-
dev_rw_usbfs(
+
dev_rw_realtime_clock(
@@ -28331,20 +28887,20 @@ kernel
-Allow caller to modify usb hardware configuration files.
+Read and set the realtime clock (/dev/rtc).
-Module:
+Module:
devices
Layer:
kernel
-
dev_rw_zero_dev(
+
dev_rw_scanner(
@@ -28357,20 +28913,20 @@ kernel
-Read and write to the zero device (/dev/zero).
+Read and write the scanner device.
-Module:
+Module:
devices
Layer:
kernel
-
dev_rwx_zero_dev(
+
dev_rw_sysfs(
@@ -28383,20 +28939,20 @@ kernel
-Read, write, and execute the zero device (/dev/zero).
+Allow caller to modify hardware state information.
-Module:
+Module:
devices
Layer:
kernel
-
dev_rx_raw_memory(
+
dev_rw_usbfs(
@@ -28409,20 +28965,20 @@ kernel
-Read and execute raw memory devices (e.g. /dev/mem).
+Allow caller to modify usb hardware configuration files.
-Module:
+Module:
devices
Layer:
kernel
-
dev_search_sysfs(
+
dev_rw_xserver_misc(
@@ -28435,20 +28991,20 @@ kernel
-Search the sysfs directories.
+Read and write X server miscellaneous devices.
-Module:
+Module:
devices
Layer:
kernel
-
dev_search_usbfs(
+
dev_rw_zero(
@@ -28461,20 +29017,20 @@ kernel
-Search the directory containing USB hardware information.
+Read and write to the zero device (/dev/zero).
-Module:
+Module:
devices
Layer:
kernel
-
dev_setattr_all_blk_files(
+
dev_rwx_zero(
@@ -28487,20 +29043,20 @@ kernel
-Setattr on all block file device nodes.
+Read, write, and execute the zero device (/dev/zero).
-Module:
+Module:
devices
Layer:
kernel
-
dev_setattr_all_chr_files(
+
dev_rx_raw_memory(
@@ -28513,20 +29069,20 @@ kernel
-Setattr on all character file device nodes.
+Read and execute raw memory devices (e.g. /dev/mem).
-Module:
+Module:
devices
Layer:
kernel
-
dev_setattr_apm_bios(
+
dev_search_sysfs(
@@ -28539,20 +29095,20 @@ kernel
-Set the attributes of the apm bios device node.
+Search the sysfs directories.
-Module:
+Module:
devices
Layer:
kernel
-
dev_setattr_dev_dir(
+
dev_search_usbfs(
@@ -28565,20 +29121,20 @@ kernel
-Set the attributes of /dev directories.
+Search the directory containing USB hardware information.
-Module:
+Module:
devices
Layer:
kernel
-
dev_setattr_framebuffer(
+
dev_setattr_all_blk_files(
@@ -28591,20 +29147,20 @@ kernel
-Set the attributes of the framebuffer device node.
+Setattr on all block file device nodes.
-Module:
+Module:
devices
Layer:
kernel
-
dev_setattr_misc(
+
dev_setattr_all_chr_files(
@@ -28617,20 +29173,20 @@ kernel
-Set the attributes of miscellaneous devices.
+Setattr on all character file device nodes.
-Module:
+Module:
devices
Layer:
kernel
-
dev_setattr_mouse(
+
dev_setattr_apm_bios_dev(
@@ -28643,20 +29199,150 @@ kernel
-Set the attributes of the mouse devices.
+Set the attributes of the apm bios device node.
-Module:
+Module:
devices
Layer:
kernel
-dev_setattr_power_management(
+dev_setattr_dri_dev(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Setattr the dri devices.
+
+
+
+
+
+
+Module:
+devices
+Layer:
+kernel
+
+
+dev_setattr_framebuffer_dev(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Set the attributes of the framebuffer device node.
+
+
+
+
+
+
+Module:
+devices
+Layer:
+kernel
+
+
+dev_setattr_generic_dirs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Set the attributes of /dev directories.
+
+
+
+
+
+
+Module:
+devices
+Layer:
+kernel
+
+
+dev_setattr_misc_dev(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Set the attributes of miscellaneous devices.
+
+
+
+
+
+
+Module:
+devices
+Layer:
+kernel
+
+
+dev_setattr_mouse_dev(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Set the attributes of the mouse devices.
+
+
+
+
+
+
+Module:
+devices
+Layer:
+kernel
+
+
+dev_setattr_power_mgmt_dev(
@@ -28676,13 +29362,13 @@ Set the attributes of the the power management device.
-Module:
+Module:
devices
Layer:
kernel
-dev_setattr_printer(
+dev_setattr_printer_dev(
@@ -28702,13 +29388,13 @@ Set the attributes of the printer device nodes.
-Module:
+Module:
devices
Layer:
kernel
-dev_setattr_scanner(
+dev_setattr_scanner_dev(
@@ -28728,13 +29414,13 @@ Set the attributes of the scanner device.
-Module:
+Module:
devices
Layer:
kernel
-dev_setattr_snd_dev(
+dev_setattr_sound_dev(
@@ -28990,13 +29676,13 @@ Set the realtime clock (/dev/rtc).
-Module:
+Module:
devices
Layer:
kernel
-dev_write_snd_dev(
+dev_write_sound(
@@ -29016,13 +29702,13 @@ Write the sound devices.
-Module:
+Module:
devices
Layer:
kernel
-dev_write_snd_mixer_dev(
+dev_write_sound_mixer(
@@ -29122,13 +29808,13 @@ server state files.
-Module:
+Module:
dictd
Layer:
services
-dictd_use(
+dictd_tcp_connect(
@@ -29650,13 +30336,13 @@ session ID of all domains.
-Module:
+Module:
domain
Layer:
kernel
-domain_dontaudit_list_all_domains_proc(
+domain_dontaudit_list_all_domains_state(
@@ -29837,13 +30523,13 @@ state directory (/proc/pid) of all domains.
-Module:
+Module:
domain
Layer:
kernel
-domain_dontaudit_use_wide_inherit_fd(
+domain_dontaudit_use_interactive_fds(
@@ -29924,6 +30610,32 @@ an entry point for the domain.
+Module:
+domain
+Layer:
+kernel
+
+
+domain_entry_file_spec_domtrans(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Execute an entry_type in the specified domain.
+
+
+
+
+
+
+Module:
+domain
+Layer:
+kernel
+
+
+domain_interactive_fd(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+
+Summary is missing!
+
+
+
+
+
+
-Module:
+Module:
domain
Layer:
kernel
-domain_obj_id_change_exempt(
+domain_obj_id_change_exemption(
@@ -30319,13 +31057,13 @@ file types.
-Module:
+Module:
domain
Layer:
kernel
-domain_role_change_exempt(
+domain_role_change_exemption(
@@ -30424,13 +31162,13 @@ Send a child terminated signal to all domains.
-Module:
+Module:
domain
Layer:
kernel
-domain_sigchld_wide_inherit_fd(
+domain_sigchld_interactive_fds(
@@ -30529,13 +31267,13 @@ Send a stop signal to all domains.
-Module:
+Module:
domain
Layer:
kernel
-domain_subj_id_change_exempt(
+domain_subj_id_change_exemption(
@@ -30556,13 +31294,13 @@ changing of user identity.
-Module:
+Module:
domain
Layer:
kernel
-domain_system_change_exempt(
+domain_system_change_exemption(
@@ -30636,13 +31374,13 @@ Unconfined access to domains.
-Module:
+Module:
domain
Layer:
kernel
-domain_use_wide_inherit_fd(
+domain_use_interactive_fds(
@@ -30691,32 +31429,6 @@ constraints.
-Module:
-domain
-Layer:
-kernel
-
-
-domain_wide_inherit_fd(
-
-
-
-
- ?
-
-
- )
-
-
-
-
-Summary is missing!
-
-
-
-
-
-
-Module:
+Module:
files
Layer:
kernel
-
files_config_file(
+
files_boot_filetrans(
- file_type
+ domain
+
+
+
+ ,
+
+
+
+ private_type
+
+
+
+ ,
+
+
+
+ object_class
)
@@ -30790,26 +31518,26 @@ kernel
-Make the specified type a
-configuration file.
+Create a private type object in boot
+with an automatic type transition
-Module:
+Module:
files
Layer:
kernel
-
files_create_boot_flag(
+
files_config_file(
- ?
+ file_type
)
@@ -30817,25 +31545,26 @@ kernel
-Summary is missing!
+Make the specified type a
+configuration file.
-Module:
+Module:
files
Layer:
kernel
-
files_delete_all_locks(
+
files_create_boot_dirs(
- ?
+ domain
)
@@ -30843,20 +31572,20 @@ kernel
-Summary is missing!
+Create directories in /boot
-Module:
+Module:
files
Layer:
kernel
-files_delete_all_pid_dirs(
+files_create_boot_flag(
@@ -30876,18 +31605,18 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_delete_all_pids(
+
files_create_kernel_img(
- ?
+ domain
)
@@ -30895,20 +31624,20 @@ kernel
-Summary is missing!
+Install a kernel into the /boot directory.
-Module:
+Module:
files
Layer:
kernel
-
files_delete_etc_files(
+
files_create_kernel_symbol_table(
@@ -30921,20 +31650,20 @@ kernel
-Delete system configuration files in /etc.
+Install a system.map into the /boot directory.
-Module:
+Module:
files
Layer:
kernel
-files_delete_root_dir_entry(
+files_delete_all_locks(
@@ -30954,18 +31683,18 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_dontaudit_getattr_all_dirs(
+
files_delete_all_pid_dirs(
- domain
+ ?
)
@@ -30973,26 +31702,25 @@ kernel
-Do not audit attempts to get the attributes
-of all directories.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_dontaudit_getattr_all_files(
+
files_delete_all_pids(
- domain
+ ?
)
@@ -31000,21 +31728,20 @@ kernel
-Do not audit attempts to get the attributes
-of all files.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_dontaudit_getattr_all_pipes(
+
files_delete_etc_files(
@@ -31027,21 +31754,20 @@ kernel
-Do not audit attempts to get the attributes
-of all named pipes.
+Delete system configuration files in /etc.
-Module:
+Module:
files
Layer:
kernel
-
files_dontaudit_getattr_all_sockets(
+
files_delete_kernel(
@@ -31054,21 +31780,20 @@ kernel
-Do not audit attempts to get the attributes
-of all named sockets.
+Delete a kernel from /boot.
-Module:
+Module:
files
Layer:
kernel
-
files_dontaudit_getattr_all_symlinks(
+
files_delete_kernel_modules(
@@ -31081,21 +31806,234 @@ kernel
-Do not audit attempts to get the attributes
-of all symbolic links.
+Delete kernel module files.
-Module:
+Module:
files
Layer:
kernel
-files_dontaudit_getattr_default_dir(
+files_delete_kernel_symbol_table(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Delete a system.map in the /boot directory.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_delete_root_dir_entry(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+
+Summary is missing!
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_dontaudit_getattr_all_dirs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to get the attributes
+of all directories.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_dontaudit_getattr_all_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to get the attributes
+of all files.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_dontaudit_getattr_all_pipes(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to get the attributes
+of all named pipes.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_dontaudit_getattr_all_sockets(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to get the attributes
+of all named sockets.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_dontaudit_getattr_all_symlinks(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to get the attributes
+of all symbolic links.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_dontaudit_getattr_boot_dirs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to get attributes
+of the /boot directory.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_dontaudit_getattr_default_dirs(
@@ -31171,13 +32109,13 @@ attributes of the home directories root
-Module:
+Module:
files
Layer:
kernel
-files_dontaudit_getattr_non_security_blk_dev(
+files_dontaudit_getattr_non_security_blk_files(
@@ -31198,13 +32136,13 @@ of non security block devices.
-Module:
+Module:
files
Layer:
kernel
-files_dontaudit_getattr_non_security_chr_dev(
+files_dontaudit_getattr_non_security_chr_files(
@@ -31333,13 +32271,13 @@ of non security symbolic links.
-Module:
+Module:
files
Layer:
kernel
-files_dontaudit_getattr_pid_dir(
+files_dontaudit_getattr_pid_dirs(
@@ -31360,13 +32298,13 @@ of the /var/run directory.
-Module:
+Module:
files
Layer:
kernel
-files_dontaudit_getattr_tmp_dir(
+files_dontaudit_getattr_tmp_dirs(
@@ -31575,13 +32513,13 @@ created on boot, such as mtab.
-Module:
+Module:
files
Layer:
kernel
-files_dontaudit_read_root_file(
+files_dontaudit_read_root_files(
@@ -31601,13 +32539,13 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-files_dontaudit_rw_root_chr_dev(
+files_dontaudit_rw_root_chr_files(
@@ -31627,13 +32565,13 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-files_dontaudit_rw_root_file(
+files_dontaudit_rw_root_files(
@@ -31679,6 +32617,32 @@ Summary is missing!
+Module:
+files
+Layer:
+kernel
+
+
+files_dontaudit_search_boot(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to search the /boot directory.
+
+
+
+
+
+
-Module:
+Module:
files
Layer:
kernel
-files_dontaudit_search_isid_type_dir(
+files_dontaudit_search_isid_type_dirs(
@@ -31787,6 +32751,33 @@ the /var/run directory.
+Module:
+files
+Layer:
+kernel
+
+
+files_dontaudit_search_spool(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Do not audit attempts to search generic
+spool directories.
+
+
+
+
+
+
-Module:
+Module:
files
Layer:
kernel
-files_dontaudit_write_var(
+files_dontaudit_write_var_dirs(
@@ -31892,6 +32883,32 @@ Do not audit attempts to write to /var.
+Module:
+files
+Layer:
+kernel
+
+
+files_etc_filetrans(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+
+Summary is missing!
+
+
+
+
+
+
-Module:
+Module:
files
Layer:
kernel
-
files_filetrans_etc(
+
files_getattr_all_dirs(
- ?
+ domain
)
@@ -31989,20 +33006,20 @@ kernel
-Summary is missing!
+Get the attributes of all directories.
-Module:
+Module:
files
Layer:
kernel
-
files_filetrans_home(
+
files_getattr_all_files(
@@ -32010,24 +33027,30 @@ kernel
domain
-
- ,
-
-
-
- home_type
-
+ )
+
+
+
+
+Get the attributes of all files.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+
files_getattr_all_pipes(
- ,
-
-
- [
-
- object
- ]
+ domain
)
@@ -32035,25 +33058,25 @@ kernel
-Create objects in /home.
+Get the attributes of all named pipes.
-Module:
+Module:
files
Layer:
kernel
-
files_filetrans_lock(
+
files_getattr_all_sockets(
- ?
+ domain
)
@@ -32061,25 +33084,25 @@ kernel
-Summary is missing!
+Get the attributes of all named sockets.
-Module:
+Module:
files
Layer:
kernel
-
files_filetrans_pid(
+
files_getattr_all_symlinks(
- ?
+ domain
)
@@ -32087,20 +33110,20 @@ kernel
-Summary is missing!
+Get the attributes of all symbolic links.
-Module:
+Module:
files
Layer:
kernel
-
files_filetrans_root(
+
files_getattr_boot_dirs(
@@ -32108,24 +33131,30 @@ kernel
domain
-
- ,
-
-
-
- private type
-
+ )
+
+
+
+
+Get attributes of the /boot directory.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+
files_getattr_default_dirs(
- ,
-
- [
-
- object
-
- ]
+ domain
)
@@ -32133,21 +33162,20 @@ kernel
-Create an object in the root directory, with a private
-type.
+Getattr of directories with the default file type.
-Module:
+Module:
files
Layer:
kernel
-files_filetrans_tmp(
+files_getattr_generic_locks(
@@ -32167,13 +33195,13 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_filetrans_usr(
+
files_getattr_home_dir(
@@ -32181,45 +33209,26 @@ kernel
domain
-
- ,
-
-
-
- file_type
-
-
-
- ,
-
-
-
- [
-
- object_class
-
- ]
-
-
)
-Create objects in the /usr directory
+Get the attributes of the home directories root
+(/home).
-Module:
+Module:
files
Layer:
kernel
-
files_filetrans_var(
+
files_getattr_isid_type_dirs(
@@ -32227,45 +33236,26 @@ kernel
domain
-
- ,
-
-
-
- file_type
-
-
-
- ,
-
-
-
- [
-
- object_class
-
- ]
-
-
)
-Create objects in the /var directory
+Getattr of directories on new filesystems
+that have not yet been labeled.
-Module:
+Module:
files
Layer:
kernel
-
files_filetrans_var_lib(
+
files_getattr_kernel_modules(
@@ -32273,24 +33263,30 @@ kernel
domain
-
- ,
-
-
-
- file_type
-
+ )
+
+
+
+
+Get the attributes of kernel module files.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+
files_getattr_tmp_dirs(
- ,
-
- [
-
- object_class
-
- ]
+ domain
)
@@ -32298,20 +33294,20 @@ kernel
-Create objects in the /var/lib directory
+Get the attributes of the tmp directory (/tmp).
-Module:
+Module:
files
Layer:
kernel
-
files_getattr_all_dirs(
+
files_getattr_usr_files(
@@ -32324,20 +33320,20 @@ kernel
-Get the attributes of all directories.
+Get the attributes of files in /usr.
-Module:
+Module:
files
Layer:
kernel
-
files_getattr_all_file_type_sockets(
+
files_getattr_var_lib_dirs(
@@ -32350,21 +33346,20 @@ kernel
-Get the attributes of all sockets
-with the type of a file.
+Get the attributes of the /var/lib directory.
-Module:
+Module:
files
Layer:
kernel
-
files_getattr_all_files(
+
files_home_filetrans(
@@ -32372,25 +33367,41 @@ kernel
domain
+
+ ,
+
+
+
+ home_type
+
+
+
+ ,
+
+
+
+ object
+
+
)
-Get the attributes of all files.
+Create objects in /home.
-Module:
+Module:
files
Layer:
kernel
-
files_getattr_all_pipes(
+
files_kernel_modules_filetrans(
@@ -32398,30 +33409,47 @@ kernel
domain
+
+ ,
+
+
+
+ private_type
+
+
+
+ ,
+
+
+
+ object_class
+
+
)
-Get the attributes of all named pipes.
+Create objects in the kernel module directories
+with a private type via an automatic type transition.
-Module:
+Module:
files
Layer:
kernel
-
files_getattr_all_sockets(
+
files_list_all(
- domain
+ ?
)
@@ -32429,20 +33457,20 @@ kernel
-Get the attributes of all named sockets.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_getattr_all_symlinks(
+
files_list_default(
@@ -32455,25 +33483,25 @@ kernel
-Get the attributes of all symbolic links.
+List contents of directories with the default file type.
-Module:
+Module:
files
Layer:
kernel
-
files_getattr_default_dir(
+
files_list_etc(
- domain
+ ?
)
@@ -32481,25 +33509,25 @@ kernel
-Getattr of directories with the default file type.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_getattr_generic_locks(
+
files_list_home(
- ?
+ domain
)
@@ -32507,20 +33535,20 @@ kernel
-Summary is missing!
+Get listing of home directories.
-Module:
+Module:
files
Layer:
kernel
-
files_getattr_home_dir(
+
files_list_isid_type_dirs(
@@ -32533,21 +33561,21 @@ kernel
-Get the attributes of the home directories root
-(/home).
+List the contents of directories on new filesystems
+that have not yet been labeled.
-Module:
+Module:
files
Layer:
kernel
-
files_getattr_isid_type_dir(
+
files_list_kernel_modules(
@@ -32560,78 +33588,25 @@ kernel
-Getattr of directories on new filesystems
-that have not yet been labeled.
-
-
-
-
-
-
-Module:
-files
-Layer:
-kernel
-
-
-files_getattr_tmp_dir(
-
-
-
-
- domain
-
-
- )
-
-
-
-
-Get the attributes of the tmp directory (/tmp).
-
-
-
-
-
-
-Module:
-files
-Layer:
-kernel
-
-
-files_getattr_usr_files(
-
-
-
-
- domain
-
-
- )
-
-
-
-
-Get the attributes of files in /usr.
+List the contents of the kernel module directories.
-Module:
+Module:
files
Layer:
kernel
-
files_getattr_var_lib_dir(
+
files_list_mnt(
- domain
+ ?
)
@@ -32639,20 +33614,20 @@ kernel
-Get the attributes of the /var/lib directory.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_list_all(
+
files_list_non_security(
@@ -32665,20 +33640,20 @@ kernel
-List the contents of all directories.
+List all non-security directories.
-Module:
+Module:
files
Layer:
kernel
-files_list_all_dirs(
+files_list_pids(
@@ -32698,18 +33673,18 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_list_default(
+
files_list_root(
- domain
+ ?
)
@@ -32717,20 +33692,20 @@ kernel
-List contents of directories with the default file type.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-files_list_etc(
+files_list_spool(
@@ -32750,13 +33725,13 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_list_home(
+
files_list_tmp(
@@ -32769,20 +33744,20 @@ kernel
-Get listing of home directories.
+Read the tmp directory (/tmp).
-Module:
+Module:
files
Layer:
kernel
-
files_list_isid_type_dir(
+
files_list_usr(
@@ -32795,26 +33770,26 @@ kernel
-List the contents of directories on new filesystems
-that have not yet been labeled.
+List the contents of generic
+directories in /usr.
-Module:
+Module:
files
Layer:
kernel
-
files_list_mnt(
+
files_list_var(
- ?
+ domain
)
@@ -32822,20 +33797,20 @@ kernel
-Summary is missing!
+List the contents of /var.
-Module:
+Module:
files
Layer:
kernel
-
files_list_non_security(
+
files_list_var_lib(
@@ -32848,25 +33823,25 @@ kernel
-List all non-security directories.
+List the contents of the /var/lib directory.
-Module:
+Module:
files
Layer:
kernel
-
files_list_pids(
+
files_list_world_readable(
- ?
+ domain
)
@@ -32874,20 +33849,20 @@ kernel
-Summary is missing!
+List world-readable directories.
-Module:
+Module:
files
Layer:
kernel
-files_list_root(
+files_lock_file(
@@ -32907,13 +33882,13 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-files_list_spool(
+files_lock_filetrans(
@@ -32933,13 +33908,13 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_list_tmp(
+
files_manage_all_files(
@@ -32947,57 +33922,12 @@ kernel
domain
- )
-
-
-
-
-Read the tmp directory (/tmp).
-
-
-
-
-
-
-Module:
-files
-Layer:
-kernel
-
-
-files_list_usr(
-
-
-
-
- domain
-
- )
-
-
-
-
-List the contents of generic
-directories in /usr.
-
-
-
-
-
-
-Module:
-files
-Layer:
-kernel
-
-
-
files_list_var(
-
+ ,
- domain
+ exception_types
)
@@ -33005,20 +33935,21 @@ kernel
-List the contents of /var.
+Manage all files on the filesystem, except
+the listed exceptions.
-Module:
+Module:
files
Layer:
kernel
-
files_list_var_lib(
+
files_manage_boot_files(
@@ -33031,20 +33962,21 @@ kernel
-List the contents of the /var/lib directory.
+Create, read, write, and delete files
+in the /boot directory.
-Module:
+Module:
files
Layer:
kernel
-
files_list_world_readable(
+
files_manage_boot_symlinks(
@@ -33057,20 +33989,21 @@ kernel
-List world-readable directories.
+Create, read, write, and delete symbolic links
+in the /boot directory.
-Module:
+Module:
files
Layer:
kernel
-files_lock_file(
+files_manage_etc_files(
@@ -33090,13 +34023,13 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_manage_all_files(
+
files_manage_etc_runtime_files(
@@ -33104,38 +34037,27 @@ kernel
domain
-
- ,
-
-
-
- [
-
- exception_types
-
- ]
-
-
)
-Manage all files on the filesystem, except
-the listed exceptions.
+Create, read, write, and delete files in
+/etc that are dynamically created on boot,
+such as mtab.
-Module:
+Module:
files
Layer:
kernel
-files_manage_etc_files(
+files_manage_generic_locks(
@@ -33155,41 +34077,13 @@ Summary is missing!
-Module:
-files
-Layer:
-kernel
-
-
-files_manage_etc_runtime_files(
-
-
-
-
- domain
-
-
- )
-
-
-
-
-Create, read, write, and delete files in
-/etc that are dynamically created on boot,
-such as mtab.
-
-
-
-
-
-
-Module:
+Module:
files
Layer:
kernel
-files_manage_generic_locks(
+files_manage_generic_spool(
@@ -33235,18 +34129,18 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_manage_generic_spools(
+
files_manage_isid_type_blk_files(
- ?
+ domain
)
@@ -33254,20 +34148,21 @@ kernel
-Summary is missing!
+Create, read, write, and delete block device nodes
+on new filesystems that have not yet been labeled.
-Module:
+Module:
files
Layer:
kernel
-
files_manage_isid_type_blk_node(
+
files_manage_isid_type_chr_files(
@@ -33280,7 +34175,7 @@ kernel
-Create, read, write, and delete block device nodes
+Create, read, write, and delete character device nodes
on new filesystems that have not yet been labeled.
@@ -33288,13 +34183,13 @@ on new filesystems that have not yet been labeled.
-Module:
+Module:
files
Layer:
kernel
-
files_manage_isid_type_chr_node(
+
files_manage_isid_type_dirs(
@@ -33307,7 +34202,7 @@ kernel
-Create, read, write, and delete character device nodes
+Create, read, write, and delete directories
on new filesystems that have not yet been labeled.
@@ -33315,13 +34210,13 @@ on new filesystems that have not yet been labeled.
-Module:
+Module:
files
Layer:
kernel
-
files_manage_isid_type_dir(
+
files_manage_isid_type_files(
@@ -33334,7 +34229,7 @@ kernel
-Create, read, write, and delete directories
+Create, read, write, and delete files
on new filesystems that have not yet been labeled.
@@ -33342,13 +34237,13 @@ on new filesystems that have not yet been labeled.
-Module:
+Module:
files
Layer:
kernel
-
files_manage_isid_type_file(
+
files_manage_isid_type_symlinks(
@@ -33361,7 +34256,7 @@ kernel
-Create, read, write, and delete files
+Create, read, write, and delete symbolic links
on new filesystems that have not yet been labeled.
@@ -33369,13 +34264,13 @@ on new filesystems that have not yet been labeled.
-Module:
+Module:
files
Layer:
kernel
-
files_manage_isid_type_symlink(
+
files_manage_kernel_modules(
@@ -33388,8 +34283,8 @@ kernel
-Create, read, write, and delete symbolic links
-on new filesystems that have not yet been labeled.
+Create, read, write, and delete
+kernel module files.
@@ -33739,13 +34634,13 @@ Mount a filesystem on a directory with the default file type.
-Module:
+Module:
files
Layer:
kernel
-files_mounton_isid_type_dir(
+files_mounton_isid_type_dirs(
@@ -33844,6 +34739,32 @@ Summary is missing!
+Module:
+files
+Layer:
+kernel
+
+
+files_pid_filetrans(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+
+Summary is missing!
+
+
+
+
+
+
-Module:
+Module:
files
Layer:
kernel
-files_read_all_blk_nodes(
+files_read_all_blk_files(
@@ -34039,13 +34960,13 @@ Read all block nodes with file types.
-Module:
+Module:
files
Layer:
kernel
-
files_read_all_chr_nodes(
+
files_read_all_chr_files(
@@ -34084,12 +35005,8 @@ kernel
- [
-
exception_types
- ]
-
)
@@ -34149,12 +35066,8 @@ kernel
- [
-
exception_types
- ]
-
)
@@ -34266,12 +35179,8 @@ kernel
- [
-
exception_types
- ]
-
)
@@ -34443,13 +35352,13 @@ created on boot, such as mtab.
-Module:
+Module:
files
Layer:
kernel
-files_read_generic_spools(
+files_read_generic_spool(
@@ -34521,13 +35430,13 @@ Read symbolic links in the tmp directory (/tmp).
-Module:
+Module:
files
Layer:
kernel
-files_read_isid_type_file(
+files_read_isid_type_files(
@@ -34548,6 +35457,58 @@ that have not yet been labeled.
+Module:
+files
+Layer:
+kernel
+
+
+files_read_kernel_modules(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read kernel module files.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_read_kernel_symbol_table(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read system.map in the /boot directory.
+
+
+
+
+
+
-Module:
+Module:
files
Layer:
kernel
-
files_read_var_symlink(
+
files_read_var_symlinks(
@@ -34879,12 +35840,8 @@ kernel
- [
-
exception_types
- ]
-
)
@@ -34925,6 +35882,58 @@ Relabel from and to generic files in /etc.
+Module:
+files
+Layer:
+kernel
+
+
+files_relabel_kernel_modules(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Relabel from and to kernel module files.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_relabelfrom_boot_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Relabel from files in the /boot directory.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_root_filetrans(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ private type
+
+
+
+ ,
+
+
+
+ object
+
+
+ )
+
+
+
+
+Create an object in the root directory, with a private
+type.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_rw_boot_symlinks(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read and write symbolic links
+in the /boot directory.
+
+
+
+
+
+
-Module:
+Module:
files
Layer:
kernel
-files_rw_isid_type_blk_node(
+files_rw_isid_type_blk_files(
@@ -35109,13 +36188,13 @@ that have not yet been labeled.
-Module:
+Module:
files
Layer:
kernel
-files_rw_isid_type_dir(
+files_rw_isid_type_dirs(
@@ -35136,13 +36215,13 @@ that have not yet been labeled.
-Module:
+Module:
files
Layer:
kernel
-
files_rw_locks_dir(
+
files_rw_lock_dirs(
@@ -35174,7 +36253,7 @@ kernel
- domain
+ ?
)
@@ -35182,25 +36261,25 @@ kernel
-Search all directories.
+Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-
files_search_all_dirs(
+
files_search_boot(
- ?
+ domain
)
@@ -35208,7 +36287,7 @@ kernel
-Summary is missing!
+Search the /boot directory.
@@ -35293,6 +36372,32 @@ Search home directories root (/home).
+Module:
+files
+Layer:
+kernel
+
+
+files_search_kernel_modules(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Search the contents of the kernel module directories.
+
+
+
+
+
+
Module:
files
Layer:
@@ -35304,7 +36409,7 @@ kernel
- ?
+ domain
)
@@ -35312,7 +36417,7 @@ kernel
-Summary is missing!
+Search the locks directory (/var/lock).
@@ -35501,18 +36606,18 @@ Search the /var/lib directory.
-Module:
+Module:
files
Layer:
kernel
-
files_search_var_lib_dir(
+
files_security_file(
- domain
+ file_type
)
@@ -35520,25 +36625,27 @@ kernel
-Search directories in /var/lib.
+Make the specified type a file that
+should not be dontaudited from
+browsing from user domains.
-Module:
+Module:
files
Layer:
kernel
-
files_security_file(
+
files_setattr_all_tmp_dirs(
- file_type
+ domain
)
@@ -35546,22 +36653,20 @@ kernel
-Make the specified type a file that
-should not be dontaudited from
-browsing from user domains.
+Set the attributes of all tmp directories.
-Module:
+Module:
files
Layer:
kernel
-
files_setattr_all_tmp_dirs(
+
files_setattr_etc_dirs(
@@ -35574,25 +36679,25 @@ kernel
-Set the attributes of all tmp directories.
+Set the attributes of the /etc directories.
-Module:
+Module:
files
Layer:
kernel
-
files_setattr_etc_dir(
+
files_tmp_file(
- domain
+ file_type
)
@@ -35600,25 +36705,26 @@ kernel
-Set the attributes of the /etc directories.
+Make the specified type a file
+used for temporary files.
-Module:
+Module:
files
Layer:
kernel
-
files_tmp_file(
+
files_tmp_filetrans(
- file_type
+ ?
)
@@ -35626,8 +36732,7 @@ kernel
-Make the specified type a file
-used for temporary files.
+Summary is missing!
@@ -35766,13 +36871,165 @@ Summary is missing!
-Module:
+Module:
files
Layer:
kernel
-files_write_non_security_dir(
+files_usr_filetrans(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ object_class
+
+
+ )
+
+
+
+
+Create objects in the /usr directory
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_var_filetrans(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ object_class
+
+
+ )
+
+
+
+
+Create objects in the /var directory
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_var_lib_filetrans(
+
+
+
+
+ domain
+
+
+
+ ,
+
+
+
+ file_type
+
+
+
+ ,
+
+
+
+ object_class
+
+
+ )
+
+
+
+
+Create objects in the /var/lib directory
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_write_kernel_modules(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Write kernel module files.
+
+
+
+
+
+
+Module:
+files
+Layer:
+kernel
+
+
+files_write_non_security_dirs(
@@ -35870,13 +37127,13 @@ Execute firstboot in the firstboot domain.
-Module:
+Module:
firstboot
Layer:
admin
-firstboot_dontaudit_use_fd(
+firstboot_dontaudit_use_fds(
@@ -35940,13 +37197,13 @@ allow the specified role the firstboot domain.
-Module:
+Module:
firstboot
Layer:
admin
-firstboot_use_fd(
+firstboot_use_fds(
@@ -35966,13 +37223,13 @@ Inherit and use a file descriptor from firstboot.
-Module:
+Module:
firstboot
Layer:
admin
-firstboot_write_pipe(
+firstboot_write_pipes(
@@ -36383,13 +37640,13 @@ of directories on a NFS filesystem.
-Module:
+Module:
filesystem
Layer:
kernel
-fs_dontaudit_list_removable_dirs(
+fs_dontaudit_list_removable(
@@ -36602,13 +37859,13 @@ files on a NFS filesystem.
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_dontaudit_rw_cifs_files(
+
fs_dontaudit_read_ramfs_files(
@@ -36621,21 +37878,46 @@ kernel
-Do not audit attempts to read or
-write files on a CIFS or SMB filesystem.
+Dontaudit read on a ramfs files.
-Module:
+Module:
filesystem
Layer:
kernel
-fs_dontaudit_rw_nfs_files(
+fs_dontaudit_read_ramfs_pipes(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Dontaudit read on a ramfs fifo_files.
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+
fs_dontaudit_rw_cifs_files(
@@ -36649,20 +37931,20 @@ kernel
Do not audit attempts to read or
-write files on a NFS filesystem.
+write files on a CIFS or SMB filesystem.
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_dontaudit_rw_tmpfs_files(
+
fs_dontaudit_rw_nfs_files(
@@ -36675,21 +37957,21 @@ kernel
-Do not audit attempts to read or write
-generic tmpfs files.
+Do not audit attempts to read or
+write files on a NFS filesystem.
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_dontaudit_use_tmpfs_chr_dev(
+
fs_dontaudit_rw_tmpfs_files(
@@ -36702,20 +37984,21 @@ kernel
-dontaudit Read and write character nodes on tmpfs filesystems.
+Do not audit attempts to read or write
+generic tmpfs files.
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_exec_noxattr(
+
fs_dontaudit_search_ramfs(
@@ -36728,21 +38011,20 @@ kernel
-Execute files on a filesystem that does
-not support extended attributes.
+Dontaudit Search directories on a ramfs
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_execute_cifs_files(
+
fs_dontaudit_use_tmpfs_chr_dev(
@@ -36755,22 +38037,20 @@ kernel
-Execute files on a CIFS or SMB
-network filesystem, in the caller
-domain.
+dontaudit Read and write character nodes on tmpfs filesystems.
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_execute_nfs_files(
+
fs_exec_cifs_files(
@@ -36783,25 +38063,27 @@ kernel
-Execute files on a NFS filesystem.
+Execute files on a CIFS or SMB
+network filesystem, in the caller
+domain.
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_filetrans_tmpfs(
+
fs_exec_nfs_files(
- ?
+ domain
)
@@ -36809,20 +38091,20 @@ kernel
-Summary is missing!
+Execute files on a NFS filesystem.
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_get_all_fs_quotas(
+
fs_exec_noxattr(
@@ -36835,20 +38117,21 @@ kernel
-Get the quotas of all filesystems.
+Execute files on a filesystem that does
+not support extended attributes.
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_get_xattr_fs_quota(
+
fs_get_all_fs_quotas(
@@ -36861,8 +38144,7 @@ kernel
-Get the filesystem quotas of a filesystem
-with extended attributes.
+Get the quotas of all filesystems.
@@ -36888,9 +38170,8 @@ kernel
-Get the quotas of a persistent
-filesystem which has extended
-attributes, such as ext3, JFS, or XFS.
+Get the filesystem quotas of a filesystem
+with extended attributes.
@@ -37353,13 +38634,13 @@ filesystem.
-Module:
+Module:
filesystem
Layer:
kernel
-fs_getattr_tmpfs_dir(
+fs_getattr_tmpfs_dirs(
@@ -37487,6 +38768,32 @@ CIFS or SMB filesystem.
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_list_inotifyfs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+List inotifyfs filesystem.
+
+
+
+
+
+
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_list_tmpfs(
+
fs_list_rpc(
@@ -37558,20 +38865,20 @@ kernel
-List the contents of generic tmpfs directories.
+Read directories of RPC file system pipes.
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_make_noxattr_fs(
+
fs_list_tmpfs(
@@ -37584,9 +38891,7 @@ kernel
-Transform specified type into a filesystem
-type which does not have extended attribute
-support.
+List the contents of generic tmpfs directories.
@@ -37890,13 +39195,13 @@ on a CIFS or SMB network filesystem.
-Module:
+Module:
filesystem
Layer:
kernel
-fs_manage_tmpfs_blk_dev(
+fs_manage_tmpfs_blk_files(
@@ -37917,13 +39222,13 @@ on tmpfs filesystems.
-Module:
+Module:
filesystem
Layer:
kernel
-fs_manage_tmpfs_chr_dev(
+fs_manage_tmpfs_chr_files(
@@ -38403,6 +39708,34 @@ in the specified domain.
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_noxattr_type(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Transform specified type into a filesystem
+type which does not have extended attribute
+support.
+
+
+
+
+
+
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_read_rpc_dirs(
+
fs_read_rpc_files(
@@ -38656,20 +39989,20 @@ kernel
-Read directories of RPC file system pipes.
+Read files of RPC file system pipes.
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_read_rpc_files(
+
fs_read_rpc_sockets(
@@ -38682,20 +40015,20 @@ kernel
-Read files of RPC file system pipes.
+Read sockets of RPC file system pipes.
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_read_rpc_sockets(
+
fs_read_rpc_symlinks(
@@ -38708,20 +40041,20 @@ kernel
-Read sockets of RPC file system pipes.
+Read symbolic links of RPC file system pipes.
-Module:
+Module:
filesystem
Layer:
kernel
-
fs_read_rpc_symlinks(
+
fs_read_tmpfs_symlinks(
@@ -38734,7 +40067,7 @@ kernel
-Read symbolic links of RPC file system pipes.
+Read tmpfs link files.
@@ -38773,13 +40106,13 @@ without specifying the interpreter.
-Module:
+Module:
filesystem
Layer:
kernel
-fs_relabel_tmpfs_blk_dev(
+fs_relabel_tmpfs_blk_file(
@@ -38799,13 +40132,13 @@ Relabel block nodes on tmpfs filesystems.
-Module:
+Module:
filesystem
Layer:
kernel
-fs_relabel_tmpfs_chr_dev(
+fs_relabel_tmpfs_chr_file(
@@ -39259,13 +40592,13 @@ Read and write NFS server files.
-Module:
+Module:
filesystem
Layer:
kernel
-fs_rw_ramfs_pipe(
+fs_rw_ramfs_pipes(
@@ -39285,13 +40618,65 @@ Read and write a named pipe on a ramfs filesystem.
-Module:
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_rw_tmpfs_blk_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read and write block nodes on tmpfs filesystems.
+
+
+
+
+
+
+Module:
filesystem
Layer:
kernel
-fs_rw_tmpfs_file(
+fs_rw_tmpfs_chr_files(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Read and write character nodes on tmpfs filesystems.
+
+
+
+
+
+
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_rw_tmpfs_files(
@@ -39390,6 +40775,32 @@ Search directories on a CIFS or SMB filesystem.
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_search_inotifyfs(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Search inotifyfs filesystem.
+
+
+
+
+
+
-Module:
+Module:
filesystem
Layer:
kernel
-fs_search_removable_dirs(
+fs_search_removable(
@@ -39494,13 +40905,13 @@ Search removable storage directories.
-Module:
+Module:
filesystem
Layer:
kernel
-fs_search_rpc_dirs(
+fs_search_rpc(
@@ -39572,13 +40983,13 @@ Set the quotas of all filesystems.
-Module:
+Module:
filesystem
Layer:
kernel
-fs_set_xattr_fs_quota(
+fs_set_xattr_fs_quotas(
@@ -39599,13 +41010,13 @@ with extended attributes.
-Module:
+Module:
filesystem
Layer:
kernel
-fs_setattr_tmpfs_dir(
+fs_setattr_tmpfs_dirs(
@@ -39625,6 +41036,32 @@ Set the attributes of tmpfs directories.
+Module:
+filesystem
+Layer:
+kernel
+
+
+fs_tmpfs_filetrans(
+
+
+
+
+ ?
+
+
+ )
+
+
+
+
+Summary is missing!
+
+
+
+
+
+
-Module:
-filesystem
-Layer:
-kernel
-
-
-fs_use_tmpfs_blk_dev(
-
-
-
-
- domain
-
-
- )
-
-
-
-
-Read and write block nodes on tmpfs filesystems.
-
-
-
-
-
-
-Module:
-filesystem
-Layer:
-kernel
-
-
-fs_use_tmpfs_chr_dev(
-
-
-
-
- domain
-
-
- )
-
-
-
-
-Read and write character nodes on tmpfs filesystems.
-
-
-
-
-
-
-Module:
+Module:
filesystem
Layer:
kernel
-fs_write_ramfs_pipe(
+fs_write_ramfs_pipes(
@@ -40097,13 +41482,13 @@ Write to named pipe on a ramfs filesystem.
-Module:
+Module:
filesystem
Layer:
kernel
-fs_write_ramfs_socket(
+fs_write_ramfs_sockets(
@@ -40402,13 +41787,13 @@ Execute gettys in the getty domain.
-Module:
+Module:
getty
Layer:
system
-
getty_modify_config(
+
getty_read_config(
@@ -40421,20 +41806,20 @@ system
-Allow process to edit getty config file.
+Allow process to read getty config file.
-Module:
+Module:
getty
Layer:
system
-
getty_read_config(
+
getty_read_log(
@@ -40447,20 +41832,20 @@ system
-Allow process to read getty config file.
+Allow process to read getty log file.
-Module:
+Module:
getty
Layer:
system
-
getty_read_log(
+
getty_rw_config(
@@ -40473,7 +41858,33 @@ system
-Allow process to read getty log file.
+Allow process to edit getty config file.
+
+
+
+
+
+
+Module:
+getty
+Layer:
+system
+
+
+getty_use_fds(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Inherit and use getty file descriptors.
@@ -40562,6 +41973,33 @@ control channel named socket.
+Module:
+gpm
+Layer:
+services
+
+
+gpm_stream_connect(
+
+
+
+
+ domain
+
+
+ )
+
+
+
+
+Connect to GPM over a unix domain
+stream socket.
+
+
+
+
+
+
-Module:
+Module:
hal
Layer:
services
-hal_dgram_sendto(
+hal_dgram_send(
@@ -40842,13 +42280,13 @@ Summary is missing!
-Module:
+Module:
hotplug
Layer:
system
-hotplug_dontaudit_use_fd(
+hotplug_dontaudit_use_fds(
@@ -40894,13 +42332,13 @@ Summary is missing!
-Module:
+Module:
hotplug
Layer:
system
-hotplug_getattr_config_dir(
+hotplug_getattr_config_dirs(
@@ -40972,13 +42410,13 @@ Search the hotplug configuration directory.
-Module:
+Module:
hotplug
Layer:
system
-hotplug_use_fd(
+hotplug_use_fds(
@@ -41110,13 +42548,13 @@ Run inetd child process in the inet child domain
-Module:
+Module:
inetd
Layer:
services
-inetd_rw_tcp_socket(
+inetd_rw_tcp_sockets(
@@ -41230,13 +42668,13 @@ Define the specified domain as a TCP inetd service.
-Module:
+Module:
inetd
Layer:
services
-inetd_udp_sendto(
+inetd_udp_send(
@@ -41290,13 +42728,13 @@ Define the specified domain as a UDP inetd service.
-Module:
+Module:
inetd
Layer:
services
-inetd_use_fd(
+inetd_use_fds(
@@ -41490,13 +42928,13 @@ Summary is missing!
-Module:
+Module:
init
Layer:
system
-init_dontaudit_lock_pid(
+init_dontaudit_lock_utmp(
@@ -41517,13 +42955,13 @@ init script pid files.
-Module:
+Module:
init
Layer:
system
-