2005-06-15 15:45:57 +00:00
|
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<title>
|
|
|
|
Security Enhanced Linux Reference Policy
|
|
|
|
</title>
|
|
|
|
<style type="text/css" media="all">@import "style.css";</style>
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<div id="Header">Security Enhanced Linux Reference Policy</div>
|
|
|
|
<div id='Menu'>
|
|
|
|
|
|
|
|
<a href="admin.html">+
|
|
|
|
admin</a></br/>
|
|
|
|
<div id='subitem'>
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
<a href="apps.html">+
|
|
|
|
apps</a></br/>
|
|
|
|
<div id='subitem'>
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
2005-06-15 15:45:57 +00:00
|
|
|
<a href="kernel.html">+
|
|
|
|
kernel</a></br/>
|
|
|
|
<div id='subitem'>
|
|
|
|
|
|
|
|
- <a href='kernel_bootloader.html'>
|
|
|
|
bootloader</a><br/>
|
|
|
|
|
|
|
|
- <a href='kernel_corenetwork.html'>
|
|
|
|
corenetwork</a><br/>
|
|
|
|
|
|
|
|
- <a href='kernel_devices.html'>
|
|
|
|
devices</a><br/>
|
|
|
|
|
|
|
|
- <a href='kernel_filesystem.html'>
|
|
|
|
filesystem</a><br/>
|
|
|
|
|
|
|
|
- <a href='kernel_kernel.html'>
|
|
|
|
kernel</a><br/>
|
|
|
|
|
|
|
|
- <a href='kernel_selinux.html'>
|
|
|
|
selinux</a><br/>
|
|
|
|
|
|
|
|
- <a href='kernel_storage.html'>
|
|
|
|
storage</a><br/>
|
|
|
|
|
|
|
|
- <a href='kernel_terminal.html'>
|
|
|
|
terminal</a><br/>
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<a href="services.html">+
|
|
|
|
services</a></br/>
|
|
|
|
<div id='subitem'>
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<a href="system.html">+
|
|
|
|
system</a></br/>
|
|
|
|
<div id='subitem'>
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<br/><p/>
|
|
|
|
<a href="interfaces.html">* Interface Index</a>
|
2005-07-05 13:36:21 +00:00
|
|
|
<br/><p/>
|
|
|
|
<a href="templates.html">* Template Index</a>
|
2005-06-15 15:45:57 +00:00
|
|
|
</div>
|
|
|
|
|
|
|
|
<div id="Content">
|
2005-07-05 13:36:21 +00:00
|
|
|
<a name="top":></a>
|
2005-06-15 15:45:57 +00:00
|
|
|
<h1>Layer: kernel</h1><p/>
|
|
|
|
<h2>Module: selinux</h2><p/>
|
2005-07-05 13:36:21 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
2005-06-15 15:45:57 +00:00
|
|
|
<h3>Description:</h3>
|
|
|
|
|
2005-07-07 17:19:13 +00:00
|
|
|
<p><p>
|
2005-06-15 15:45:57 +00:00
|
|
|
Policy for kernel security interface, in particular, selinuxfs.
|
2005-07-07 17:19:13 +00:00
|
|
|
</p></p>
|
|
|
|
|
|
|
|
|
|
|
|
<p>This module is required to be included in all policies.</p>
|
2005-06-15 15:45:57 +00:00
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
|
|
|
|
<a name="interfaces"></a>
|
2005-06-15 15:45:57 +00:00
|
|
|
<h3>Interfaces: </h3>
|
|
|
|
|
|
|
|
<div id="interface">
|
|
|
|
|
|
|
|
|
|
|
|
<div id="codeblock">
|
|
|
|
|
|
|
|
<b>selinux_compute_access_vector</b>(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
domain
|
|
|
|
|
|
|
|
|
|
|
|
)<br>
|
|
|
|
</div>
|
|
|
|
<div id="description">
|
2005-06-15 21:11:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
<h5>Description</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<p>
|
2005-07-05 13:36:21 +00:00
|
|
|
Allows caller to compute an access vector.
|
2005-06-15 21:11:49 +00:00
|
|
|
</p>
|
|
|
|
|
|
|
|
<h5>Parameters</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="80%">
|
|
|
|
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
domain
|
|
|
|
</td><td>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
The process type allowed to compute an access vector.
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</td><td>
|
|
|
|
No
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div id="interface">
|
|
|
|
|
|
|
|
|
|
|
|
<div id="codeblock">
|
|
|
|
|
|
|
|
<b>selinux_compute_create_context</b>(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
domain
|
|
|
|
|
|
|
|
|
|
|
|
)<br>
|
|
|
|
</div>
|
|
|
|
<div id="description">
|
2005-06-15 21:11:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
<h5>Description</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<p>
|
2005-07-05 13:36:21 +00:00
|
|
|
|
2005-06-15 21:11:49 +00:00
|
|
|
</p>
|
|
|
|
|
|
|
|
<h5>Parameters</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="80%">
|
|
|
|
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
domain
|
|
|
|
</td><td>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</td><td>
|
|
|
|
No
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div id="interface">
|
|
|
|
|
|
|
|
|
|
|
|
<div id="codeblock">
|
|
|
|
|
|
|
|
<b>selinux_compute_relabel_context</b>(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
domain
|
|
|
|
|
|
|
|
|
|
|
|
)<br>
|
|
|
|
</div>
|
|
|
|
<div id="description">
|
2005-06-15 21:11:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
<h5>Description</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<p>
|
2005-07-05 13:36:21 +00:00
|
|
|
|
2005-06-15 21:11:49 +00:00
|
|
|
</p>
|
|
|
|
|
|
|
|
<h5>Parameters</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="80%">
|
|
|
|
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
domain
|
|
|
|
</td><td>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
The process type to
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</td><td>
|
|
|
|
No
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div id="interface">
|
|
|
|
|
|
|
|
|
|
|
|
<div id="codeblock">
|
|
|
|
|
|
|
|
<b>selinux_compute_user_contexts</b>(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
domain
|
|
|
|
|
|
|
|
|
|
|
|
)<br>
|
|
|
|
</div>
|
|
|
|
<div id="description">
|
2005-06-15 21:11:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
<h5>Description</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<p>
|
2005-07-05 13:36:21 +00:00
|
|
|
Allows caller to compute possible contexts for a user.
|
2005-06-15 21:11:49 +00:00
|
|
|
</p>
|
|
|
|
|
|
|
|
<h5>Parameters</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="80%">
|
|
|
|
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
domain
|
|
|
|
</td><td>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
The process type allowed to compute user contexts.
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</td><td>
|
|
|
|
No
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div id="interface">
|
|
|
|
|
|
|
|
|
|
|
|
<div id="codeblock">
|
|
|
|
|
|
|
|
<b>selinux_get_enforce_mode</b>(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
domain
|
|
|
|
|
|
|
|
|
|
|
|
)<br>
|
|
|
|
</div>
|
|
|
|
<div id="description">
|
2005-06-15 21:11:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
<h5>Description</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<p>
|
2005-07-05 13:36:21 +00:00
|
|
|
Allows the caller to get the mode of policy enforcement
|
|
|
|
(enforcing or permissive mode).
|
2005-06-15 21:11:49 +00:00
|
|
|
</p>
|
|
|
|
|
|
|
|
<h5>Parameters</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="80%">
|
|
|
|
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
domain
|
|
|
|
</td><td>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
The process type to allow to get the enforcing mode.
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</td><td>
|
|
|
|
No
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div id="interface">
|
|
|
|
|
|
|
|
|
|
|
|
<div id="codeblock">
|
|
|
|
|
|
|
|
<b>selinux_get_fs_mount</b>(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
domain
|
|
|
|
|
|
|
|
|
|
|
|
)<br>
|
|
|
|
</div>
|
|
|
|
<div id="description">
|
2005-06-15 21:11:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
<h5>Description</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<p>
|
2005-07-05 13:36:21 +00:00
|
|
|
Gets the caller the mountpoint of the selinuxfs filesystem.
|
2005-06-15 21:11:49 +00:00
|
|
|
</p>
|
|
|
|
|
|
|
|
<h5>Parameters</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="80%">
|
|
|
|
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
domain
|
|
|
|
</td><td>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
The process type requesting the selinuxfs mountpoint.
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</td><td>
|
|
|
|
No
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div id="interface">
|
|
|
|
|
|
|
|
|
|
|
|
<div id="codeblock">
|
|
|
|
|
|
|
|
<b>selinux_load_policy</b>(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
domain
|
|
|
|
|
|
|
|
|
|
|
|
)<br>
|
|
|
|
</div>
|
|
|
|
<div id="description">
|
2005-06-15 21:11:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
<h5>Description</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<p>
|
2005-07-05 13:36:21 +00:00
|
|
|
Allow caller to load the policy into the kernel.
|
2005-06-15 21:11:49 +00:00
|
|
|
</p>
|
|
|
|
|
|
|
|
<h5>Parameters</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="80%">
|
|
|
|
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
domain
|
|
|
|
</td><td>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
The process type that will load the policy.
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</td><td>
|
|
|
|
No
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div id="interface">
|
|
|
|
|
|
|
|
|
|
|
|
<div id="codeblock">
|
|
|
|
|
|
|
|
<b>selinux_set_boolean</b>(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
domain
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
,
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[
|
|
|
|
|
|
|
|
booltype
|
|
|
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
)<br>
|
|
|
|
</div>
|
|
|
|
<div id="description">
|
2005-06-15 21:11:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
<h5>Description</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<p>
|
2005-07-05 13:36:21 +00:00
|
|
|
Allow caller to set the state of Booleans to
|
|
|
|
enable or disable conditional portions of the policy.
|
2005-06-15 21:11:49 +00:00
|
|
|
</p>
|
|
|
|
|
|
|
|
<h5>Parameters</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="80%">
|
|
|
|
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
domain
|
|
|
|
</td><td>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
The process type allowed to set the Boolean.
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</td><td>
|
|
|
|
No
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
booltype
|
|
|
|
</td><td>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
The type of Booleans the caller is allowed to set.
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</td><td>
|
|
|
|
yes
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div id="interface">
|
|
|
|
|
|
|
|
|
|
|
|
<div id="codeblock">
|
|
|
|
|
|
|
|
<b>selinux_set_enforce_mode</b>(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
domain
|
|
|
|
|
|
|
|
|
|
|
|
)<br>
|
|
|
|
</div>
|
|
|
|
<div id="description">
|
2005-06-15 21:11:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
<h5>Description</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<p>
|
2005-07-05 13:36:21 +00:00
|
|
|
Allow caller to set the mode of policy enforcement
|
|
|
|
(enforcing or permissive mode).
|
2005-06-15 21:11:49 +00:00
|
|
|
</p>
|
|
|
|
|
|
|
|
<h5>Parameters</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="80%">
|
|
|
|
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
domain
|
|
|
|
</td><td>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
The process type to allow to set the enforcement mode.
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</td><td>
|
|
|
|
No
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div id="interface">
|
|
|
|
|
|
|
|
|
|
|
|
<div id="codeblock">
|
|
|
|
|
|
|
|
<b>selinux_set_parameters</b>(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
domain
|
|
|
|
|
|
|
|
|
|
|
|
)<br>
|
|
|
|
</div>
|
|
|
|
<div id="description">
|
2005-06-15 21:11:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
<h5>Description</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<p>
|
2005-07-05 13:36:21 +00:00
|
|
|
Allow caller to set selinux security parameters.
|
2005-06-15 21:11:49 +00:00
|
|
|
</p>
|
|
|
|
|
|
|
|
<h5>Parameters</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="80%">
|
|
|
|
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
domain
|
|
|
|
</td><td>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
The process type to allow to set security parameters.
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</td><td>
|
|
|
|
No
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div id="interface">
|
|
|
|
|
|
|
|
|
2005-07-07 17:19:13 +00:00
|
|
|
<div id="codeblock">
|
|
|
|
|
|
|
|
<b>selinux_unconfined</b>(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
domain
|
|
|
|
|
|
|
|
|
|
|
|
)<br>
|
|
|
|
</div>
|
|
|
|
<div id="description">
|
|
|
|
|
|
|
|
|
|
|
|
<h5>Description</h5>
|
|
|
|
<p>
|
|
|
|
Unconfined access to the SELinux security server.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h5>Parameters</h5>
|
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="80%">
|
|
|
|
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
domain
|
|
|
|
</td><td>
|
|
|
|
|
|
|
|
Domain allowed access.
|
|
|
|
|
|
|
|
</td><td>
|
|
|
|
No
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div id="interface">
|
|
|
|
|
|
|
|
|
2005-06-15 15:45:57 +00:00
|
|
|
<div id="codeblock">
|
|
|
|
|
|
|
|
<b>selinux_validate_context</b>(
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
domain
|
|
|
|
|
|
|
|
|
|
|
|
)<br>
|
|
|
|
</div>
|
|
|
|
<div id="description">
|
2005-06-15 21:11:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
<h5>Description</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<p>
|
2005-07-05 13:36:21 +00:00
|
|
|
Allows caller to validate security contexts.
|
2005-06-15 21:11:49 +00:00
|
|
|
</p>
|
|
|
|
|
|
|
|
<h5>Parameters</h5>
|
2005-06-15 15:45:57 +00:00
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="80%">
|
|
|
|
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
|
|
|
|
|
|
|
|
<tr><td>
|
|
|
|
domain
|
|
|
|
</td><td>
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
The process type permitted to validate contexts.
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</td><td>
|
|
|
|
No
|
|
|
|
</td></tr>
|
|
|
|
|
|
|
|
</table>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
2005-07-05 13:36:21 +00:00
|
|
|
<a href=#top>Return</a>
|
|
|
|
|
|
|
|
|
2005-06-15 15:45:57 +00:00
|
|
|
|
|
|
|
</div>
|
|
|
|
</body>
|
|
|
|
</html>
|