update for release

This commit is contained in:
Chris PeBenito 2005-08-02 17:21:46 +00:00
parent 369b504740
commit 8b1125a766
60 changed files with 21320 additions and 2753 deletions

View File

@ -58,15 +58,26 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<h1>Layer: admin</h1><p/>
<p><p>
Policy modules for administrative functions, such as package management.
</p></p><br/>
<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>

View File

@ -58,9 +58,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -68,8 +74,6 @@
<h1>Layer: admin</h1><p/>
<h2>Module: consoletype</h2><p/>
<h3>Description:</h3>
<p><p>
@ -81,6 +85,7 @@ Determine of the console connected to the controlling terminal.
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_consoletype_domtrans"></a>
<div id="interface">
@ -122,6 +127,7 @@ No
</div>
</div>
<a name="link_consoletype_exec"></a>
<div id="interface">

View File

@ -58,9 +58,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -68,8 +74,6 @@
<h1>Layer: admin</h1><p/>
<h2>Module: dmesg</h2><p/>
<h3>Description:</h3>
<p><p>Policy for dmesg.</p></p>
@ -79,6 +83,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_dmesg_domtrans"></a>
<div id="interface">
@ -96,12 +101,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute dmesg in the dmesg domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -120,6 +125,7 @@ No
</div>
</div>
<a name="link_dmesg_exec"></a>
<div id="interface">
@ -137,12 +143,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute dmesg in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -58,9 +58,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -68,8 +74,6 @@
<h1>Layer: admin</h1><p/>
<h2>Module: logrotate</h2><p/>
<h3>Description:</h3>
<p><p>Rotate and archive system logs</p></p>
@ -79,6 +83,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_logrotate_domtrans"></a>
<div id="interface">
@ -120,6 +125,7 @@ No
</div>
</div>
<a name="link_logrotate_dontaudit_use_fd"></a>
<div id="interface">
@ -161,6 +167,7 @@ No
</div>
</div>
<a name="link_logrotate_exec"></a>
<div id="interface">
@ -202,6 +209,7 @@ No
</div>
</div>
<a name="link_logrotate_run"></a>
<div id="interface">

View File

@ -58,9 +58,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -68,8 +74,6 @@
<h1>Layer: admin</h1><p/>
<h2>Module: netutils</h2><p/>
<h3>Description:</h3>
<p><p>Network analysis utilities</p></p>
@ -79,6 +83,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_netutils_domtrans"></a>
<div id="interface">
@ -120,6 +125,7 @@ No
</div>
</div>
<a name="link_netutils_domtrans_ping"></a>
<div id="interface">
@ -161,6 +167,7 @@ No
</div>
</div>
<a name="link_netutils_domtrans_traceroute"></a>
<div id="interface">
@ -202,6 +209,7 @@ No
</div>
</div>
<a name="link_netutils_exec"></a>
<div id="interface">
@ -243,6 +251,7 @@ No
</div>
</div>
<a name="link_netutils_exec_ping"></a>
<div id="interface">
@ -284,6 +293,7 @@ No
</div>
</div>
<a name="link_netutils_exec_traceroute"></a>
<div id="interface">
@ -325,6 +335,7 @@ No
</div>
</div>
<a name="link_netutils_run"></a>
<div id="interface">
@ -403,6 +414,7 @@ No
</div>
</div>
<a name="link_netutils_run_ping"></a>
<div id="interface">
@ -481,6 +493,7 @@ No
</div>
</div>
<a name="link_netutils_run_traceroute"></a>
<div id="interface">

View File

@ -58,9 +58,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -68,8 +74,6 @@
<h1>Layer: admin</h1><p/>
<h2>Module: rpm</h2><p/>
<h3>Description:</h3>
<p><p>Policy for the RPM package manager.</p></p>
@ -79,6 +83,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_rpm_domtrans"></a>
<div id="interface">
@ -120,6 +125,7 @@ No
</div>
</div>
<a name="link_rpm_manage_db"></a>
<div id="interface">
@ -161,6 +167,49 @@ No
</div>
</div>
<a name="link_rpm_manage_log"></a>
<div id="interface">
<div id="codeblock">
<b>rpm_manage_log</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete the RPM log.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_rpm_read_db"></a>
<div id="interface">
@ -202,6 +251,7 @@ No
</div>
</div>
<a name="link_rpm_read_pipe"></a>
<div id="interface">
@ -221,7 +271,7 @@ No
<h5>Summary</h5>
<p>
Read from a RPM pipe.
Read from an unnamed RPM pipe.
</p>
@ -243,6 +293,7 @@ No
</div>
</div>
<a name="link_rpm_run"></a>
<div id="interface">
@ -320,6 +371,49 @@ No
</div>
</div>
<a name="link_rpm_rw_pipe"></a>
<div id="interface">
<div id="codeblock">
<b>rpm_rw_pipe</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read and write an unnamed RPM pipe.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_rpm_use_fd"></a>
<div id="interface">
@ -343,6 +437,48 @@ Inherit and use file descriptors from RPM.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_rpm_use_script_fd"></a>
<div id="interface">
<div id="codeblock">
<b>rpm_use_script_fd</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Inherit and use file descriptors from RPM scripts.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -58,9 +58,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -68,8 +74,6 @@
<h1>Layer: admin</h1><p/>
<h2>Module: usermanage</h2><p/>
<h3>Description:</h3>
<p><p>Policy for managing user accounts.</p></p>
@ -79,6 +83,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_usermanage_domtrans_chfn"></a>
<div id="interface">
@ -120,6 +125,7 @@ No
</div>
</div>
<a name="link_usermanage_domtrans_groupadd"></a>
<div id="interface">
@ -161,6 +167,7 @@ No
</div>
</div>
<a name="link_usermanage_domtrans_passwd"></a>
<div id="interface">
@ -202,6 +209,7 @@ No
</div>
</div>
<a name="link_usermanage_domtrans_useradd"></a>
<div id="interface">
@ -243,6 +251,7 @@ No
</div>
</div>
<a name="link_usermanage_read_crack_db"></a>
<div id="interface">
@ -284,6 +293,7 @@ No
</div>
</div>
<a name="link_usermanage_run_chfn"></a>
<div id="interface">
@ -362,6 +372,7 @@ No
</div>
</div>
<a name="link_usermanage_run_groupadd"></a>
<div id="interface">
@ -440,6 +451,7 @@ No
</div>
</div>
<a name="link_usermanage_run_passwd"></a>
<div id="interface">
@ -518,6 +530,7 @@ No
</div>
</div>
<a name="link_usermanage_run_useradd"></a>
<div id="interface">

View File

@ -43,15 +43,24 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<h1>Layer: apps</h1><p/>
<p><p>Policy modules for applications</p></p><br/>
<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>

View File

@ -43,9 +43,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -63,6 +69,7 @@
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_gpg_per_userdomain_template"></a>
<div id="template">

View File

@ -0,0 +1,226 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_gpg.html'>
gpg</a><br/>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_bootloader.html'>
bootloader</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_corenetwork.html'>
corenetwork</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_devices.html'>
devices</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_filesystem.html'>
filesystem</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_kernel.html'>
kernel</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_selinux.html'>
selinux</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_storage.html'>
storage</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_terminal.html'>
terminal</a><br/>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_authlogin.html'>
authlogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_clock.html'>
clock</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_corecommands.html'>
corecommands</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_domain.html'>
domain</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_files.html'>
files</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_fstools.html'>
fstools</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_getty.html'>
getty</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hostname.html'>
hostname</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hotplug.html'>
hotplug</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_libraries.html'>
libraries</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_locallogin.html'>
locallogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_logging.html'>
logging</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_lvm.html'>
lvm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_miscfiles.html'>
miscfiles</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_modutils.html'>
modutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_sysnetwork.html'>
sysnetwork</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
udev</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
unconfined</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
userdomain</a><br/>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<h3>Global booleans:</h3>
<div id="interface">
<div id="codeblock">secure_mode</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Enabling secure mode disallows programs, such as
newrole, from transitioning to administrative
user domains.
</p></p>
</div></div>
</div>
</body>
</html>

View File

@ -0,0 +1,503 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_gpg.html'>
gpg</a><br/>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_bootloader.html'>
bootloader</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_corenetwork.html'>
corenetwork</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_devices.html'>
devices</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_filesystem.html'>
filesystem</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_kernel.html'>
kernel</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_selinux.html'>
selinux</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_storage.html'>
storage</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='kernel_terminal.html'>
terminal</a><br/>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_authlogin.html'>
authlogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_clock.html'>
clock</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_corecommands.html'>
corecommands</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_domain.html'>
domain</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_files.html'>
files</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_fstools.html'>
fstools</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_getty.html'>
getty</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hostname.html'>
hostname</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hotplug.html'>
hotplug</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_libraries.html'>
libraries</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_locallogin.html'>
locallogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_logging.html'>
logging</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_lvm.html'>
lvm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_miscfiles.html'>
miscfiles</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_modutils.html'>
modutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_sysnetwork.html'>
sysnetwork</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
udev</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
unconfined</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
userdomain</a><br/>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<h3>Global tunables:</h3>
<div id="interface">
<div id="codeblock">allow_execmem</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow execution of anonymous mappings, e.g. executable stack.
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">allow_execmod</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Support Share libraries with text relocations
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">allow_gpg_execstack</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow gpg executable stack
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">allow_kerberos</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow system to run with kerberos
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">allow_ypbind</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow system to run with NIS
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">cron_can_relabel</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow system cron jobs to relabel filesystem
for restoring file contexts.
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">fcron_crond</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Enable extra rules in the cron domain
to support fcron.
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">read_default_t</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow reading of default_t files.
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">run_ssh_inetd</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow ssh to run from inetd instead of as a daemon.
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">ssh_sysadm_login</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow ssh logins as sysadm_r:sysadm_t
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">staff_read_sysadm_file</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow staff_r users to search the sysadm home
dir and read files (such as ~/.bashrc)
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">use_dns</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow the use of DNS for name resolution.
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">use_nfs_home_dirs</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Support NFS home directories
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">use_samba_home_dirs</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Support SAMBA home directories
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">user_direct_mouse</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow regular users direct mouse access
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">user_dmesg</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow users to read system messages.
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">user_net_control</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow users to control network interfaces
(also needs USERCTL=true)
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">user_ping</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Control users use of ping and traceroute
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">user_rw_noexattrfile</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">user_rw_usb</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow users to rw usb devices
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">user_tcp_server</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow users to run TCP servers (bind to ports and accept connection from
the same domain and outside users) disabling this forces FTP passive mode
and may change other protocols.
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">user_ttyfile_stat</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow w to display everyone
</p></p>
</div></div>
</div>
</body>
</html>

View File

@ -91,6 +91,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
@ -136,6 +139,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -160,6 +166,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -178,15 +190,26 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<h1>Layer: admin</h1><p/>
<p><p>
Policy modules for administrative functions, such as package management.
</p></p><br/>
<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
@ -242,6 +265,11 @@ Determine of the console connected to the controlling terminal.
<h1>Layer: kernel</h1><p/>
<p><p>
Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
</p></p><br/>
<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
@ -311,6 +339,9 @@ Policy for kernel security interface, in particular, selinuxfs.
<h1>Layer: apps</h1><p/>
<p><p>Policy modules for applications</p></p><br/>
<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
@ -339,6 +370,11 @@ Policy for kernel security interface, in particular, selinuxfs.
<h1>Layer: system</h1><p/>
<p><p>
Policy modules for system functions from init to multi-user login.
</p></p><br/>
<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
@ -413,6 +449,11 @@ connection and disconnection of devices at runtime.
init</a></td>
<td><p>System initialization programs (init and init scripts).</p></td>
<tr><td>
<a href='system_ipsec.html'>
ipsec</a></td>
<td><p>TCP/IP encryption</p></td>
<tr><td>
<a href='system_iptables.html'>
iptables</a></td>
@ -453,6 +494,16 @@ connection and disconnection of devices at runtime.
mount</a></td>
<td><p>Policy for mount.</p></td>
<tr><td>
<a href='system_pcmcia.html'>
pcmcia</a></td>
<td><p>PCMCIA card management services</p></td>
<tr><td>
<a href='system_raid.html'>
raid</a></td>
<td><p>RAID array management tools</p></td>
<tr><td>
<a href='system_selinuxutil.html'>
selinuxutil</a></td>
@ -485,6 +536,12 @@ connection and disconnection of devices at runtime.
<h1>Layer: services</h1><p/>
<p><p>
Policy modules for system services, like cron, and network services,
like sshd.
</p></p><br/>
<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
@ -523,6 +580,11 @@ connection and disconnection of devices at runtime.
nis</a></td>
<td><p>Policy for NIS (YP) servers and clients</p></td>
<tr><td>
<a href='services_nscd.html'>
nscd</a></td>
<td><p>Name service cache daemon</p></td>
<tr><td>
<a href='services_remotelogin.html'>
remotelogin</a></td>

File diff suppressed because it is too large Load Diff

View File

@ -64,15 +64,26 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<h1>Layer: kernel</h1><p/>
<p><p>
Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
</p></p><br/>
<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>

View File

@ -64,9 +64,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -74,8 +80,6 @@
<h1>Layer: kernel</h1><p/>
<h2>Module: bootloader</h2><p/>
<h3>Description:</h3>
<p><p>Policy for the kernel modules, kernel image, and bootloader.</p></p>
@ -85,6 +89,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_bootloader_create_kernel"></a>
<div id="interface">
@ -102,12 +107,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Install a kernel into the /boot directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -126,6 +131,7 @@ No
</div>
</div>
<a name="link_bootloader_create_kernel_symbol_table"></a>
<div id="interface">
@ -143,12 +149,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Install a system.map into the /boot directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -167,6 +173,7 @@ No
</div>
</div>
<a name="link_bootloader_create_modules"></a>
<div id="interface">
@ -208,6 +215,7 @@ No
</div>
</div>
<a name="link_bootloader_create_runtime_file"></a>
<div id="interface">
@ -225,13 +233,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read and write the bootloader
temporary data in /tmp.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -250,6 +258,7 @@ No
</div>
</div>
<a name="link_bootloader_delete_kernel"></a>
<div id="interface">
@ -267,12 +276,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Delete a kernel from /boot.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -291,6 +300,7 @@ No
</div>
</div>
<a name="link_bootloader_delete_kernel_symbol_table"></a>
<div id="interface">
@ -308,12 +318,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Delete a system.map in the /boot directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -332,6 +342,7 @@ No
</div>
</div>
<a name="link_bootloader_domtrans"></a>
<div id="interface">
@ -349,12 +360,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute bootloader in the bootloader domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -373,6 +384,7 @@ No
</div>
</div>
<a name="link_bootloader_dontaudit_search_boot"></a>
<div id="interface">
@ -390,12 +402,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to search the /boot directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -414,6 +426,49 @@ No
</div>
</div>
<a name="link_bootloader_getattr_kernel_modules"></a>
<div id="interface">
<div id="codeblock">
<b>bootloader_getattr_kernel_modules</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Get the attributes of kernel module files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_bootloader_list_kernel_modules"></a>
<div id="interface">
@ -431,12 +486,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
List the contents of the kernel module directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -455,6 +510,7 @@ No
</div>
</div>
<a name="link_bootloader_manage_kernel_modules"></a>
<div id="interface">
@ -472,13 +528,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Create, read, write, and delete
kernel module files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -497,6 +553,7 @@ No
</div>
</div>
<a name="link_bootloader_read_config"></a>
<div id="interface">
@ -514,12 +571,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read the bootloader configuration file.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -538,6 +595,7 @@ No
</div>
</div>
<a name="link_bootloader_read_kernel_modules"></a>
<div id="interface">
@ -555,12 +613,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read kernel module files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -579,6 +637,7 @@ No
</div>
</div>
<a name="link_bootloader_read_kernel_symbol_table"></a>
<div id="interface">
@ -596,12 +655,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read system.map in the /boot directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -620,6 +679,7 @@ No
</div>
</div>
<a name="link_bootloader_run"></a>
<div id="interface">
@ -653,13 +713,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute bootloader interactively and do
a domain transition to the bootloader domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -698,6 +758,7 @@ No
</div>
</div>
<a name="link_bootloader_rw_boot_symlinks"></a>
<div id="interface">
@ -715,13 +776,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read and write symbolic links
in the /boot directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -740,6 +801,7 @@ No
</div>
</div>
<a name="link_bootloader_rw_config"></a>
<div id="interface">
@ -757,13 +819,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read and write the bootloader
configuration file.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -782,6 +844,7 @@ No
</div>
</div>
<a name="link_bootloader_rw_tmp_file"></a>
<div id="interface">
@ -799,13 +862,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read and write the bootloader
temporary data in /tmp.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -824,6 +887,7 @@ No
</div>
</div>
<a name="link_bootloader_search_boot"></a>
<div id="interface">
@ -841,12 +905,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Search the /boot directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -865,6 +929,7 @@ No
</div>
</div>
<a name="link_bootloader_write_kernel_modules"></a>
<div id="interface">
@ -882,12 +947,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Write kernel module files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -64,9 +64,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -74,8 +80,6 @@
<h1>Layer: kernel</h1><p/>
<h2>Module: selinux</h2><p/>
<h3>Description:</h3>
<p><p>
@ -89,6 +93,7 @@ Policy for kernel security interface, in particular, selinuxfs.
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_selinux_compute_access_vector"></a>
<div id="interface">
@ -106,12 +111,12 @@ Policy for kernel security interface, in particular, selinuxfs.
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allows caller to compute an access vector.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -130,6 +135,7 @@ No
</div>
</div>
<a name="link_selinux_compute_create_context"></a>
<div id="interface">
@ -147,12 +153,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -171,6 +177,7 @@ No
</div>
</div>
<a name="link_selinux_compute_relabel_context"></a>
<div id="interface">
@ -188,12 +195,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -212,6 +219,7 @@ No
</div>
</div>
<a name="link_selinux_compute_user_contexts"></a>
<div id="interface">
@ -229,12 +237,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allows caller to compute possible contexts for a user.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -253,6 +261,49 @@ No
</div>
</div>
<a name="link_selinux_dontaudit_search_fs"></a>
<div id="interface">
<div id="codeblock">
<b>selinux_dontaudit_search_fs</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to search selinuxfs.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_selinux_get_enforce_mode"></a>
<div id="interface">
@ -270,13 +321,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allows the caller to get the mode of policy enforcement
(enforcing or permissive mode).
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -295,6 +346,7 @@ No
</div>
</div>
<a name="link_selinux_get_fs_mount"></a>
<div id="interface">
@ -312,12 +364,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Gets the caller the mountpoint of the selinuxfs filesystem.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -336,6 +388,7 @@ No
</div>
</div>
<a name="link_selinux_load_policy"></a>
<div id="interface">
@ -353,12 +406,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow caller to load the policy into the kernel.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -377,6 +430,7 @@ No
</div>
</div>
<a name="link_selinux_set_boolean"></a>
<div id="interface">
@ -406,13 +460,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow caller to set the state of Booleans to
enable or disable conditional portions of the policy.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -441,6 +495,7 @@ yes
</div>
</div>
<a name="link_selinux_set_enforce_mode"></a>
<div id="interface">
@ -458,13 +513,13 @@ yes
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow caller to set the mode of policy enforcement
(enforcing or permissive mode).
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -483,6 +538,7 @@ No
</div>
</div>
<a name="link_selinux_set_parameters"></a>
<div id="interface">
@ -500,12 +556,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow caller to set selinux security parameters.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -524,6 +580,7 @@ No
</div>
</div>
<a name="link_selinux_unconfined"></a>
<div id="interface">
@ -541,12 +598,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Unconfined access to the SELinux security server.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -565,6 +622,7 @@ No
</div>
</div>
<a name="link_selinux_validate_context"></a>
<div id="interface">
@ -582,12 +640,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allows caller to validate security contexts.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -64,9 +64,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -74,8 +80,6 @@
<h1>Layer: kernel</h1><p/>
<h2>Module: storage</h2><p/>
<h3>Description:</h3>
<p><p>Policy controlling access to storage devices</p></p>
@ -85,6 +89,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_storage_create_fixed_disk"></a>
<div id="interface">
@ -126,6 +131,49 @@ No
</div>
</div>
<a name="link_storage_create_fixed_disk_tmpfs"></a>
<div id="interface">
<div id="codeblock">
<b>storage_create_fixed_disk_tmpfs</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create fixed disk device nodes on a tmpfs filesystem.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_storage_dontaudit_getattr_fixed_disk"></a>
<div id="interface">
@ -168,6 +216,7 @@ No
</div>
</div>
<a name="link_storage_dontaudit_getattr_removable_device"></a>
<div id="interface">
@ -210,6 +259,7 @@ No
</div>
</div>
<a name="link_storage_dontaudit_setattr_fixed_disk"></a>
<div id="interface">
@ -252,6 +302,7 @@ No
</div>
</div>
<a name="link_storage_dontaudit_setattr_removable_device"></a>
<div id="interface">
@ -294,6 +345,7 @@ No
</div>
</div>
<a name="link_storage_getattr_fixed_disk"></a>
<div id="interface">
@ -336,6 +388,7 @@ No
</div>
</div>
<a name="link_storage_getattr_removable_device"></a>
<div id="interface">
@ -378,6 +431,7 @@ No
</div>
</div>
<a name="link_storage_getattr_scsi_generic"></a>
<div id="interface">
@ -420,6 +474,7 @@ No
</div>
</div>
<a name="link_storage_getattr_scsi_generic"></a>
<div id="interface">
@ -462,6 +517,7 @@ No
</div>
</div>
<a name="link_storage_getattr_tape_device"></a>
<div id="interface">
@ -504,6 +560,7 @@ No
</div>
</div>
<a name="link_storage_manage_fixed_disk"></a>
<div id="interface">
@ -545,6 +602,7 @@ No
</div>
</div>
<a name="link_storage_raw_read_fixed_disk"></a>
<div id="interface">
@ -589,6 +647,7 @@ No
</div>
</div>
<a name="link_storage_raw_read_lvm_volume"></a>
<div id="interface">
@ -633,6 +692,7 @@ No
</div>
</div>
<a name="link_storage_raw_read_removable_device"></a>
<div id="interface">
@ -678,6 +738,7 @@ No
</div>
</div>
<a name="link_storage_raw_write_fixed_disk"></a>
<div id="interface">
@ -722,6 +783,7 @@ No
</div>
</div>
<a name="link_storage_raw_write_lvm_volume"></a>
<div id="interface">
@ -766,6 +828,7 @@ No
</div>
</div>
<a name="link_storage_raw_write_removable_device"></a>
<div id="interface">
@ -811,6 +874,7 @@ No
</div>
</div>
<a name="link_storage_read_scsi_generic"></a>
<div id="interface">
@ -856,6 +920,7 @@ No
</div>
</div>
<a name="link_storage_read_tape_device"></a>
<div id="interface">
@ -898,6 +963,7 @@ No
</div>
</div>
<a name="link_storage_relabel_fixed_disk"></a>
<div id="interface">
@ -939,6 +1005,7 @@ No
</div>
</div>
<a name="link_storage_set_scsi_generic_attributes"></a>
<div id="interface">
@ -981,6 +1048,7 @@ No
</div>
</div>
<a name="link_storage_setattr_fixed_disk"></a>
<div id="interface">
@ -1023,6 +1091,7 @@ No
</div>
</div>
<a name="link_storage_setattr_removable_device"></a>
<div id="interface">
@ -1065,6 +1134,7 @@ No
</div>
</div>
<a name="link_storage_setattr_scsi_generic"></a>
<div id="interface">
@ -1107,6 +1177,7 @@ No
</div>
</div>
<a name="link_storage_setattr_tape_device"></a>
<div id="interface">
@ -1149,6 +1220,7 @@ No
</div>
</div>
<a name="link_storage_swapon_fixed_disk"></a>
<div id="interface">
@ -1190,6 +1262,7 @@ No
</div>
</div>
<a name="link_storage_unconfined"></a>
<div id="interface">
@ -1231,6 +1304,7 @@ No
</div>
</div>
<a name="link_storage_write_scsi_generic"></a>
<div id="interface">
@ -1276,6 +1350,7 @@ No
</div>
</div>
<a name="link_storage_write_tape_device"></a>
<div id="interface">

View File

@ -64,9 +64,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -74,8 +80,6 @@
<h1>Layer: kernel</h1><p/>
<h2>Module: terminal</h2><p/>
<h3>Description:</h3>
<p><p>Policy for terminals.</p></p>
@ -85,6 +89,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_term_create_pty"></a>
<div id="interface">
@ -144,6 +149,51 @@ No
</div>
</div>
<a name="link_term_dontaudit_getattr_all_user_ptys"></a>
<div id="interface">
<div id="codeblock">
<b>term_dontaudit_getattr_all_user_ptys</b>(
domain
)<br>
</div>
<div id="description">
<h5>Description</h5>
<p>
Do not audit attempts to get the
attributes of any user pty
device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_term_dontaudit_getattr_all_user_ttys"></a>
<div id="interface">
@ -187,6 +237,50 @@ No
</div>
</div>
<a name="link_term_dontaudit_getattr_unallocated_ttys"></a>
<div id="interface">
<div id="codeblock">
<b>term_dontaudit_getattr_unallocated_ttys</b>(
domain
)<br>
</div>
<div id="description">
<h5>Description</h5>
<p>
Do not audit attempts to get the attributes
of all unallocated tty device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_term_dontaudit_list_ptys"></a>
<div id="interface">
@ -229,6 +323,7 @@ No
</div>
</div>
<a name="link_term_dontaudit_use_all_user_ptys"></a>
<div id="interface">
@ -271,6 +366,7 @@ No
</div>
</div>
<a name="link_term_dontaudit_use_all_user_ttys"></a>
<div id="interface">
@ -313,6 +409,7 @@ No
</div>
</div>
<a name="link_term_dontaudit_use_console"></a>
<div id="interface">
@ -355,6 +452,7 @@ No
</div>
</div>
<a name="link_term_dontaudit_use_generic_pty"></a>
<div id="interface">
@ -398,6 +496,7 @@ No
</div>
</div>
<a name="link_term_dontaudit_use_ptmx"></a>
<div id="interface">
@ -440,6 +539,7 @@ No
</div>
</div>
<a name="link_term_dontaudit_use_unallocated_tty"></a>
<div id="interface">
@ -482,6 +582,7 @@ No
</div>
</div>
<a name="link_term_getattr_all_user_ptys"></a>
<div id="interface">
@ -524,6 +625,7 @@ No
</div>
</div>
<a name="link_term_getattr_all_user_ttys"></a>
<div id="interface">
@ -566,6 +668,7 @@ No
</div>
</div>
<a name="link_term_getattr_unallocated_ttys"></a>
<div id="interface">
@ -608,6 +711,7 @@ No
</div>
</div>
<a name="link_term_list_ptys"></a>
<div id="interface">
@ -650,6 +754,7 @@ No
</div>
</div>
<a name="link_term_login_pty"></a>
<div id="interface">
@ -692,6 +797,7 @@ No
</div>
</div>
<a name="link_term_pty"></a>
<div id="interface">
@ -733,6 +839,7 @@ No
</div>
</div>
<a name="link_term_relabel_all_user_ptys"></a>
<div id="interface">
@ -775,6 +882,7 @@ No
</div>
</div>
<a name="link_term_relabel_all_user_ttys"></a>
<div id="interface">
@ -817,6 +925,7 @@ No
</div>
</div>
<a name="link_term_relabel_unallocated_ttys"></a>
<div id="interface">
@ -859,6 +968,49 @@ No
</div>
</div>
<a name="link_term_relabelto_all_user_ptys"></a>
<div id="interface">
<div id="codeblock">
<b>term_relabelto_all_user_ptys</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Relabel to all user ptys.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_term_reset_tty_labels"></a>
<div id="interface">
@ -901,6 +1053,50 @@ No
</div>
</div>
<a name="link_term_setattr_all_user_ptys"></a>
<div id="interface">
<div id="codeblock">
<b>term_setattr_all_user_ptys</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Set the attributes of all user
pty device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_term_setattr_all_user_ttys"></a>
<div id="interface">
@ -943,6 +1139,7 @@ No
</div>
</div>
<a name="link_term_setattr_console"></a>
<div id="interface">
@ -985,6 +1182,7 @@ No
</div>
</div>
<a name="link_term_setattr_unallocated_ttys"></a>
<div id="interface">
@ -1027,6 +1225,7 @@ No
</div>
</div>
<a name="link_term_tty"></a>
<div id="interface">
@ -1068,6 +1267,7 @@ No
</div>
</div>
<a name="link_term_use_all_terms"></a>
<div id="interface">
@ -1110,6 +1310,7 @@ No
</div>
</div>
<a name="link_term_use_all_user_ptys"></a>
<div id="interface">
@ -1151,6 +1352,7 @@ No
</div>
</div>
<a name="link_term_use_all_user_ttys"></a>
<div id="interface">
@ -1192,6 +1394,7 @@ No
</div>
</div>
<a name="link_term_use_console"></a>
<div id="interface">
@ -1233,6 +1436,7 @@ No
</div>
</div>
<a name="link_term_use_controlling_term"></a>
<div id="interface">
@ -1275,6 +1479,7 @@ No
</div>
</div>
<a name="link_term_use_generic_pty"></a>
<div id="interface">
@ -1318,6 +1523,7 @@ No
</div>
</div>
<a name="link_term_use_unallocated_tty"></a>
<div id="interface">
@ -1359,6 +1565,7 @@ No
</div>
</div>
<a name="link_term_user_pty"></a>
<div id="interface">
@ -1421,6 +1628,7 @@ No
</div>
</div>
<a name="link_term_write_all_user_ttys"></a>
<div id="interface">
@ -1462,6 +1670,7 @@ No
</div>
</div>
<a name="link_term_write_console"></a>
<div id="interface">
@ -1503,6 +1712,7 @@ No
</div>
</div>
<a name="link_term_write_unallocated_ttys"></a>
<div id="interface">

View File

@ -46,6 +46,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
@ -64,15 +67,27 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<h1>Layer: services</h1><p/>
<p><p>
Policy modules for system services, like cron, and network services,
like sshd.
</p></p><br/>
<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
@ -111,6 +126,11 @@
nis</a></td>
<td><p>Policy for NIS (YP) servers and clients</p></td>
<tr><td>
<a href='services_nscd.html'>
nscd</a></td>
<td><p>Name service cache daemon</p></td>
<tr><td>
<a href='services_remotelogin.html'>
remotelogin</a></td>

View File

@ -46,6 +46,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
@ -64,9 +67,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -74,11 +83,9 @@
<h1>Layer: services</h1><p/>
<h2>Module: cron</h2><p/>
<a href=#interfaces>Interfaces</a>
<a href=#templates>Templates</a>
<h3>Description:</h3>
<p><p>Periodic execution of scheduled commands.</p></p>
@ -88,6 +95,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_cron_read_pipe"></a>
<div id="interface">
@ -129,6 +137,7 @@ No
</div>
</div>
<a name="link_cron_rw_log"></a>
<div id="interface">
@ -170,6 +179,7 @@ No
</div>
</div>
<a name="link_cron_search_spool"></a>
<div id="interface">
@ -211,6 +221,7 @@ No
</div>
</div>
<a name="link_cron_system_entry"></a>
<div id="interface">
@ -278,6 +289,7 @@ No
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_cron_admin_template"></a>
<div id="template">
@ -328,6 +340,7 @@ No
</div>
</div>
<a name="link_cron_per_userdomain_template"></a>
<div id="template">

View File

@ -46,6 +46,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
@ -64,9 +67,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -74,8 +83,6 @@
<h1>Layer: services</h1><p/>
<h2>Module: inetd</h2><p/>
<h3>Description:</h3>
<p><p>Internet services daemon.</p></p>
@ -85,6 +92,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_inetd_core_service_domain"></a>
<div id="interface">
@ -153,6 +161,7 @@ No
</div>
</div>
<a name="link_inetd_service_domain"></a>
<div id="interface">
@ -212,6 +221,49 @@ No
</div>
</div>
<a name="link_inetd_tcp_connectto"></a>
<div id="interface">
<div id="codeblock">
<b>inetd_tcp_connectto</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Connect to the inetd service using a TCP connection.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_inetd_tcp_service_domain"></a>
<div id="interface">
@ -271,6 +323,7 @@ No
</div>
</div>
<a name="link_inetd_udp_service_domain"></a>
<div id="interface">

View File

@ -46,6 +46,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
@ -64,9 +67,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -74,8 +83,6 @@
<h1>Layer: services</h1><p/>
<h2>Module: kerberos</h2><p/>
<h3>Description:</h3>
<p><p>
@ -84,10 +91,20 @@ This policy supports:
</p><p>
</p><p>
Servers:
</p><ul><li>kadmind</li><li>krb5kdc</li></ul><p>
<ul><p>
</p><li><p>kadmind</p></li><p>
</p><li><p>krb5kdc</p></li><p>
</p></ul>
</p><p>
</p><p>
Clients:
</p><ul><li>kinit</li><li>kdestroy</li><li>klist</li><li>ksu (incomplete)</li></ul><p>
<ul><p>
</p><li><p>kinit</p></li><p>
</p><li><p>kdestroy</p></li><p>
</p><li><p>klist</p></li><p>
</p><li><p>ksu (incomplete)</p></li><p>
</p></ul>
</p><p>
</p></p>
@ -95,6 +112,7 @@ Clients:
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_kerberos_read_conf"></a>
<div id="interface">
@ -136,6 +154,7 @@ No
</div>
</div>
<a name="link_kerberos_use"></a>
<div id="interface">

View File

@ -46,6 +46,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
@ -64,9 +67,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -74,11 +83,9 @@
<h1>Layer: services</h1><p/>
<h2>Module: mta</h2><p/>
<a href=#interfaces>Interfaces</a>
<a href=#templates>Templates</a>
<h3>Description:</h3>
<p><p>Policy common to all email tranfer agents.</p></p>
@ -88,6 +95,50 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_mta_dontaudit_read_spool_symlink"></a>
<div id="interface">
<div id="codeblock">
<b>mta_dontaudit_read_spool_symlink</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to read a symlink
in the mail spool.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_mta_exec"></a>
<div id="interface">
@ -129,6 +180,7 @@ No
</div>
</div>
<a name="link_mta_getattr_spool"></a>
<div id="interface">
@ -170,6 +222,7 @@ No
</div>
</div>
<a name="link_mta_mailserver"></a>
<div id="interface">
@ -211,6 +264,7 @@ No
</div>
</div>
<a name="link_mta_manage_queue"></a>
<div id="interface">
@ -252,6 +306,7 @@ No
</div>
</div>
<a name="link_mta_manage_spool"></a>
<div id="interface">
@ -293,6 +348,7 @@ No
</div>
</div>
<a name="link_mta_read_aliases"></a>
<div id="interface">
@ -334,6 +390,7 @@ No
</div>
</div>
<a name="link_mta_rw_aliases"></a>
<div id="interface">
@ -375,6 +432,7 @@ No
</div>
</div>
<a name="link_mta_rw_spool"></a>
<div id="interface">
@ -416,6 +474,7 @@ No
</div>
</div>
<a name="link_mta_send_mail"></a>
<div id="interface">
@ -457,6 +516,7 @@ No
</div>
</div>
<a name="link_mta_sendmail_mailserver"></a>
<div id="interface">
@ -540,6 +600,7 @@ No
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_mta_per_userdomain_template"></a>
<div id="template">

View File

@ -46,6 +46,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
@ -64,9 +67,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -74,8 +83,6 @@
<h1>Layer: services</h1><p/>
<h2>Module: nis</h2><p/>
<h3>Description:</h3>
<p><p>Policy for NIS (YP) servers and clients</p></p>
@ -85,6 +92,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_nis_list_var_yp"></a>
<div id="interface">
@ -126,6 +134,7 @@ No
</div>
</div>
<a name="link_nis_udp_sendto_ypbind"></a>
<div id="interface">
@ -167,6 +176,7 @@ No
</div>
</div>
<a name="link_nis_use_ypbind"></a>
<div id="interface">

View File

@ -0,0 +1,314 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: services</h1><p/>
<h2>Module: nscd</h2><p/>
<h3>Description:</h3>
<p><p>Name service cache daemon</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_nscd_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>nscd_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute NSCD in the nscd domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_nscd_read_pid"></a>
<div id="interface">
<div id="codeblock">
<b>nscd_read_pid</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read NSCD pid file.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_nscd_unconfined"></a>
<div id="interface">
<div id="codeblock">
<b>nscd_unconfined</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Unconfined access to NSCD services.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_nscd_use_shared_mem"></a>
<div id="interface">
<div id="codeblock">
<b>nscd_use_shared_mem</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Use NSCD services by mapping the database from
an inherited NSCD file descriptor.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_nscd_use_socket"></a>
<div id="interface">
<div id="codeblock">
<b>nscd_use_socket</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Use NSCD services by connecting using
a unix stream socket.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -46,6 +46,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
@ -64,9 +67,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -74,8 +83,6 @@
<h1>Layer: services</h1><p/>
<h2>Module: remotelogin</h2><p/>
<h3>Description:</h3>
<p><p>Policy for rshd, rlogind, and telnetd.</p></p>
@ -85,6 +92,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_remotelogin_domtrans"></a>
<div id="interface">

View File

@ -46,6 +46,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
@ -64,9 +67,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -74,8 +83,6 @@
<h1>Layer: services</h1><p/>
<h2>Module: sendmail</h2><p/>
<h3>Description:</h3>
<p><p>Policy for sendmail.</p></p>
@ -85,6 +92,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_sendmail_domtrans"></a>
<div id="interface">

View File

@ -46,6 +46,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
@ -64,9 +67,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -74,11 +83,9 @@
<h1>Layer: services</h1><p/>
<h2>Module: ssh</h2><p/>
<a href=#interfaces>Interfaces</a>
<a href=#templates>Templates</a>
<h3>Description:</h3>
<p><p>Secure shell client and server policy.</p></p>
@ -88,6 +95,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_ssh_dontaudit_read_server_keys"></a>
<div id="interface">
@ -134,6 +142,7 @@ No
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_ssh_per_userdomain_template"></a>
<div id="template">
@ -190,6 +199,7 @@ No
</div>
</div>
<a name="link_ssh_server_template"></a>
<div id="template">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,15 +118,26 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<h1>Layer: system</h1><p/>
<p><p>
Policy modules for system functions from init to multi-user login.
</p></p><br/>
<table border="1" cellspacing="0" cellpadding="3" width="75%">
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
@ -192,6 +212,11 @@ connection and disconnection of devices at runtime.
init</a></td>
<td><p>System initialization programs (init and init scripts).</p></td>
<tr><td>
<a href='system_ipsec.html'>
ipsec</a></td>
<td><p>TCP/IP encryption</p></td>
<tr><td>
<a href='system_iptables.html'>
iptables</a></td>
@ -232,6 +257,16 @@ connection and disconnection of devices at runtime.
mount</a></td>
<td><p>Policy for mount.</p></td>
<tr><td>
<a href='system_pcmcia.html'>
pcmcia</a></td>
<td><p>PCMCIA card management services</p></td>
<tr><td>
<a href='system_raid.html'>
raid</a></td>
<td><p>RAID array management tools</p></td>
<tr><td>
<a href='system_selinuxutil.html'>
selinuxutil</a></td>

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,11 +134,9 @@
<h1>Layer: system</h1><p/>
<h2>Module: authlogin</h2><p/>
<a href=#interfaces>Interfaces</a>
<a href=#templates>Templates</a>
<h3>Description:</h3>
<p><p>Common policy for authentication and user login.</p></p>
@ -133,6 +146,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_auth_delete_pam_pid"></a>
<div id="interface">
@ -174,6 +188,7 @@ No
</div>
</div>
<a name="link_auth_domtrans_chk_passwd"></a>
<div id="interface">
@ -215,6 +230,7 @@ No
</div>
</div>
<a name="link_auth_domtrans_login_program"></a>
<div id="interface">
@ -274,6 +290,7 @@ No
</div>
</div>
<a name="link_auth_domtrans_pam"></a>
<div id="interface">
@ -315,6 +332,7 @@ No
</div>
</div>
<a name="link_auth_domtrans_pam_console"></a>
<div id="interface">
@ -356,6 +374,7 @@ No
</div>
</div>
<a name="link_auth_domtrans_utempter"></a>
<div id="interface">
@ -397,6 +416,7 @@ No
</div>
</div>
<a name="link_auth_dontaudit_getattr_shadow"></a>
<div id="interface">
@ -414,12 +434,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to get the attributes
of the shadow passwords file.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -428,7 +449,7 @@ No
domain
</td><td>
The type of the process performing this action.
Domain to not audit.
</td><td>
No
@ -438,6 +459,7 @@ No
</div>
</div>
<a name="link_auth_dontaudit_read_shadow"></a>
<div id="interface">
@ -480,6 +502,7 @@ No
</div>
</div>
<a name="link_auth_dontaudit_write_login_records"></a>
<div id="interface">
@ -521,6 +544,7 @@ No
</div>
</div>
<a name="link_auth_exec_pam"></a>
<div id="interface">
@ -562,6 +586,49 @@ No
</div>
</div>
<a name="link_auth_getattr_shadow"></a>
<div id="interface">
<div id="codeblock">
<b>auth_getattr_shadow</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Get the attributes of the shadow passwords file.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_list_pam_console_data"></a>
<div id="interface">
@ -603,6 +670,7 @@ No
</div>
</div>
<a name="link_auth_login_entry_type"></a>
<div id="interface">
@ -644,6 +712,7 @@ No
</div>
</div>
<a name="link_auth_manage_all_files_except_shadow"></a>
<div id="interface">
@ -709,6 +778,7 @@ yes
</div>
</div>
<a name="link_auth_manage_login_records"></a>
<div id="interface">
@ -750,6 +820,7 @@ No
</div>
</div>
<a name="link_auth_manage_pam_console_data"></a>
<div id="interface">
@ -791,6 +862,7 @@ No
</div>
</div>
<a name="link_auth_manage_shadow"></a>
<div id="interface">
@ -832,6 +904,7 @@ No
</div>
</div>
<a name="link_auth_read_login_records"></a>
<div id="interface">
@ -873,6 +946,7 @@ No
</div>
</div>
<a name="link_auth_read_pam_console_data"></a>
<div id="interface">
@ -914,6 +988,7 @@ No
</div>
</div>
<a name="link_auth_read_pam_pid"></a>
<div id="interface">
@ -955,6 +1030,7 @@ No
</div>
</div>
<a name="link_auth_read_shadow"></a>
<div id="interface">
@ -996,6 +1072,7 @@ No
</div>
</div>
<a name="link_auth_relabel_all_files_except_shadow"></a>
<div id="interface">
@ -1061,6 +1138,7 @@ yes
</div>
</div>
<a name="link_auth_relabelto_shadow"></a>
<div id="interface">
@ -1102,6 +1180,7 @@ No
</div>
</div>
<a name="link_auth_run_pam"></a>
<div id="interface">
@ -1179,6 +1258,7 @@ No
</div>
</div>
<a name="link_auth_run_utempter"></a>
<div id="interface">
@ -1256,6 +1336,7 @@ No
</div>
</div>
<a name="link_auth_rw_faillog"></a>
<div id="interface">
@ -1297,6 +1378,7 @@ No
</div>
</div>
<a name="link_auth_rw_lastlog"></a>
<div id="interface">
@ -1338,6 +1420,7 @@ No
</div>
</div>
<a name="link_auth_rw_login_records"></a>
<div id="interface">
@ -1379,6 +1462,7 @@ No
</div>
</div>
<a name="link_auth_rw_shadow"></a>
<div id="interface">
@ -1420,6 +1504,60 @@ No
</div>
</div>
<a name="link_auth_unconfined"></a>
<div id="interface">
<div id="codeblock">
<b>auth_unconfined</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Unconfined access to the authlogin module.
</p>
<h5>Description</h5>
<p>
</p><p>
Unconfined access to the authlogin module.
</p><p>
</p><p>
Currently, this only allows assertions for
the shadow passwords file (/etc/shadow) to
be passed. No access is granted yet.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
@ -1427,6 +1565,7 @@ No
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_authlogin_per_userdomain_template"></a>
<div id="template">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: clock</h2><p/>
<h3>Description:</h3>
<p><p>Policy for reading and setting the hardware clock.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_clock_domtrans"></a>
<div id="interface">
@ -171,6 +185,7 @@ No
</div>
</div>
<a name="link_clock_exec"></a>
<div id="interface">
@ -212,6 +227,7 @@ No
</div>
</div>
<a name="link_clock_run"></a>
<div id="interface">
@ -290,6 +306,7 @@ No
</div>
</div>
<a name="link_clock_rw_adjtime"></a>
<div id="interface">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: corecommands</h2><p/>
<h3>Description:</h3>
<p><p>
@ -133,53 +146,13 @@ in /bin, /sbin, /usr/bin, and /usr/sbin.
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_corecmd_bin_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>corecmd_chroot_exec_chroot</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<div id="interface">
<div id="codeblock">
<b>corecmd_domtrans_shell</b>(
<b>corecmd_bin_domtrans</b>(
@ -199,10 +172,31 @@ No
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute a file in a bin directory
in the specified domain.
</p>
<h5>Description</h5>
<p>
Execute a shell in the target domain.
</p><p>
Execute a file in a bin directory
in the specified domain. This allows
the specified domain to execute any file
on these filesystems in the specified
domain. This is not suggested.
</p><p>
</p><p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p><p>
</p><p>
This interface was added to handle
the ssh-agent policy.
</p><p>
</p>
<h5>Parameters</h5>
@ -223,7 +217,7 @@ No
target_domain
</td><td>
The type of the shell process.
The type of the new process.
</td><td>
No
@ -233,6 +227,7 @@ No
</div>
</div>
<a name="link_corecmd_dontaudit_getattr_sbin_file"></a>
<div id="interface">
@ -274,6 +269,7 @@ No
</div>
</div>
<a name="link_corecmd_exec_bin"></a>
<div id="interface">
@ -315,6 +311,49 @@ No
</div>
</div>
<a name="link_corecmd_exec_chroot"></a>
<div id="interface">
<div id="codeblock">
<b>corecmd_exec_chroot</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_corecmd_exec_ls"></a>
<div id="interface">
@ -356,6 +395,7 @@ No
</div>
</div>
<a name="link_corecmd_exec_sbin"></a>
<div id="interface">
@ -397,6 +437,7 @@ No
</div>
</div>
<a name="link_corecmd_exec_shell"></a>
<div id="interface">
@ -438,6 +479,7 @@ No
</div>
</div>
<a name="link_corecmd_getattr_bin_file"></a>
<div id="interface">
@ -479,6 +521,7 @@ No
</div>
</div>
<a name="link_corecmd_getattr_sbin_file"></a>
<div id="interface">
@ -520,6 +563,7 @@ No
</div>
</div>
<a name="link_corecmd_list_bin"></a>
<div id="interface">
@ -561,6 +605,7 @@ No
</div>
</div>
<a name="link_corecmd_list_sbin"></a>
<div id="interface">
@ -602,6 +647,133 @@ No
</div>
</div>
<a name="link_corecmd_read_bin_file"></a>
<div id="interface">
<div id="codeblock">
<b>corecmd_read_bin_file</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read files in bin directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_corecmd_read_bin_pipe"></a>
<div id="interface">
<div id="codeblock">
<b>corecmd_read_bin_pipe</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read pipes in bin directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_corecmd_read_bin_socket"></a>
<div id="interface">
<div id="codeblock">
<b>corecmd_read_bin_socket</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read named sockets in bin directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_corecmd_read_bin_symlink"></a>
<div id="interface">
@ -643,6 +815,133 @@ No
</div>
</div>
<a name="link_corecmd_read_sbin_file"></a>
<div id="interface">
<div id="codeblock">
<b>corecmd_read_sbin_file</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read files in sbin directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_corecmd_read_sbin_pipe"></a>
<div id="interface">
<div id="codeblock">
<b>corecmd_read_sbin_pipe</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read named pipes in sbin directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_corecmd_read_sbin_socket"></a>
<div id="interface">
<div id="codeblock">
<b>corecmd_read_sbin_socket</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read named sockets in sbin directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_corecmd_read_sbin_symlink"></a>
<div id="interface">
@ -684,6 +983,7 @@ No
</div>
</div>
<a name="link_corecmd_search_bin"></a>
<div id="interface">
@ -725,6 +1025,7 @@ No
</div>
</div>
<a name="link_corecmd_search_sbin"></a>
<div id="interface">
@ -766,6 +1067,79 @@ No
</div>
</div>
<a name="link_corecmd_shell_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>corecmd_shell_domtrans</b>(
domain
,
target_domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute a shell in the specified domain.
</p>
<h5>Description</h5>
<p>
</p><p>
Execute a shell in the specified domain.
</p><p>
</p><p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
<tr><td>
target_domain
</td><td>
The type of the shell process.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_corecmd_shell_entry_type"></a>
<div id="interface">
@ -807,6 +1181,7 @@ No
</div>
</div>
<a name="link_corecmd_shell_spec_domtrans"></a>
<div id="interface">
@ -835,9 +1210,16 @@ No
<h5>Description</h5>
<p>
</p><p>
Execute a shell in the target domain. This
is an explicit transition, requiring the
caller to use setexeccon().
</p><p>
</p><p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p><p>
</p>
<h5>Parameters</h5>

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,11 +134,9 @@
<h1>Layer: system</h1><p/>
<h2>Module: domain</h2><p/>
<a href=#interfaces>Interfaces</a>
<a href=#templates>Templates</a>
<h3>Description:</h3>
<p><p>Core policy for domains.</p></p>
@ -135,6 +148,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_domain_base_domain_type"></a>
<div id="interface">
@ -176,6 +190,62 @@ No
</div>
</div>
<a name="link_domain_dontaudit_getattr_all_sockets"></a>
<div id="interface">
<div id="codeblock">
<b>domain_dontaudit_getattr_all_sockets</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to get the attributes
of all domains sockets, for all socket types.
</p>
<h5>Description</h5>
<p>
</p><p>
Do not audit attempts to get the attributes
of all domains sockets, for all socket types.
</p><p>
</p><p>
This interface was added for PCMCIA cardmgr
and is probably excessive.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_domain_dontaudit_getattr_all_tcp_sockets"></a>
<div id="interface">
@ -193,13 +263,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to get the attributes
of all domains TCP sockets.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -218,6 +288,7 @@ No
</div>
</div>
<a name="link_domain_dontaudit_getattr_all_udp_sockets"></a>
<div id="interface">
@ -235,13 +306,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to get the attributes
of all domains UDP sockets.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -260,6 +331,7 @@ No
</div>
</div>
<a name="link_domain_dontaudit_getattr_all_unix_dgram_sockets"></a>
<div id="interface">
@ -302,6 +374,7 @@ No
</div>
</div>
<a name="link_domain_dontaudit_getattr_all_unnamed_pipes"></a>
<div id="interface">
@ -344,6 +417,50 @@ No
</div>
</div>
<a name="link_domain_dontaudit_getsession_all_domains"></a>
<div id="interface">
<div id="codeblock">
<b>domain_dontaudit_getsession_all_domains</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to get the
session ID of all domains.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_domain_dontaudit_list_all_domains_proc"></a>
<div id="interface">
@ -386,6 +503,136 @@ No
</div>
</div>
<a name="link_domain_dontaudit_read_all_domains_state"></a>
<div id="interface">
<div id="codeblock">
<b>domain_dontaudit_read_all_domains_state</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to read the process
state (/proc/pid) of all domains.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_domain_dontaudit_rw_all_key_sockets"></a>
<div id="interface">
<div id="codeblock">
<b>domain_dontaudit_rw_all_key_sockets</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to read or write
all domains key sockets.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_domain_dontaudit_rw_all_udp_sockets"></a>
<div id="interface">
<div id="codeblock">
<b>domain_dontaudit_rw_all_udp_sockets</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to read or write
all domains UDP sockets.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_domain_dontaudit_use_wide_inherit_fd"></a>
<div id="interface">
@ -427,6 +674,7 @@ No
</div>
</div>
<a name="link_domain_dyntrans_type"></a>
<div id="interface">
@ -468,6 +716,7 @@ No
</div>
</div>
<a name="link_domain_entry_file"></a>
<div id="interface">
@ -509,6 +758,7 @@ No
</div>
</div>
<a name="link_domain_exec_all_entry_files"></a>
<div id="interface">
@ -550,6 +800,62 @@ No
</div>
</div>
<a name="link_domain_getattr_all_sockets"></a>
<div id="interface">
<div id="codeblock">
<b>domain_getattr_all_sockets</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Get the attributes of all domains
sockets, for all socket types.
</p>
<h5>Description</h5>
<p>
</p><p>
Get the attributes of all domains
sockets, for all socket types.
</p><p>
</p><p>
This is commonly used for domains
that can use lsof on all domains.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_domain_getsession_all_domains"></a>
<div id="interface">
@ -567,12 +873,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Get the session ID of all domains.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -591,6 +897,7 @@ No
</div>
</div>
<a name="link_domain_kill_all_domains"></a>
<div id="interface">
@ -632,6 +939,7 @@ No
</div>
</div>
<a name="link_domain_obj_id_change_exempt"></a>
<div id="interface">
@ -674,6 +982,7 @@ No
</div>
</div>
<a name="link_domain_read_all_domains_state"></a>
<div id="interface">
@ -691,12 +1000,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read the process state (/proc/pid) of all domains.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -715,6 +1024,7 @@ No
</div>
</div>
<a name="link_domain_read_all_entry_files"></a>
<div id="interface">
@ -756,6 +1066,7 @@ No
</div>
</div>
<a name="link_domain_role_change_exempt"></a>
<div id="interface">
@ -798,6 +1109,7 @@ No
</div>
</div>
<a name="link_domain_setpriority_all_domains"></a>
<div id="interface">
@ -839,6 +1151,7 @@ No
</div>
</div>
<a name="link_domain_sigchld_all_domains"></a>
<div id="interface">
@ -880,6 +1193,7 @@ No
</div>
</div>
<a name="link_domain_sigchld_wide_inherit_fd"></a>
<div id="interface">
@ -922,6 +1236,7 @@ No
</div>
</div>
<a name="link_domain_signal_all_domains"></a>
<div id="interface">
@ -963,6 +1278,7 @@ No
</div>
</div>
<a name="link_domain_signull_all_domains"></a>
<div id="interface">
@ -1004,6 +1320,7 @@ No
</div>
</div>
<a name="link_domain_sigstop_all_domains"></a>
<div id="interface">
@ -1045,6 +1362,7 @@ No
</div>
</div>
<a name="link_domain_subj_id_change_exempt"></a>
<div id="interface">
@ -1087,6 +1405,7 @@ No
</div>
</div>
<a name="link_domain_type"></a>
<div id="interface">
@ -1128,6 +1447,7 @@ No
</div>
</div>
<a name="link_domain_unconfined"></a>
<div id="interface">
@ -1169,6 +1489,7 @@ No
</div>
</div>
<a name="link_domain_use_wide_inherit_fd"></a>
<div id="interface">
@ -1210,6 +1531,7 @@ No
</div>
</div>
<a name="link_domain_wide_inherit_fd"></a>
<div id="interface">
@ -1258,6 +1580,7 @@ No
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_domain_auto_trans"></a>
<div id="template">
@ -1299,6 +1622,7 @@ No
</div>
</div>
<a name="link_domain_trans"></a>
<div id="template">

File diff suppressed because it is too large Load Diff

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: fstools</h2><p/>
<h3>Description:</h3>
<p><p>Tools for filesystem management, such as mkfs and fsck.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_fstools_domtrans"></a>
<div id="interface">
@ -171,6 +185,7 @@ No
</div>
</div>
<a name="link_fstools_exec"></a>
<div id="interface">
@ -212,6 +227,7 @@ No
</div>
</div>
<a name="link_fstools_run"></a>
<div id="interface">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: getty</h2><p/>
<h3>Description:</h3>
<p><p>Policy for getty.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_getty_domtrans"></a>
<div id="interface">
@ -171,6 +185,7 @@ No
</div>
</div>
<a name="link_getty_modify_config"></a>
<div id="interface">
@ -212,6 +227,7 @@ No
</div>
</div>
<a name="link_getty_read_config"></a>
<div id="interface">
@ -253,6 +269,7 @@ No
</div>
</div>
<a name="link_getty_read_log"></a>
<div id="interface">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: hostname</h2><p/>
<h3>Description:</h3>
<p><p>Policy for changing the system host name.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_hostname_domtrans"></a>
<div id="interface">
@ -147,12 +161,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute hostname in the hostname domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -162,7 +176,6 @@ domain
</td><td>
The type of the process performing this action.
Has a sigchld signal backchannel.
</td><td>
No
@ -172,6 +185,7 @@ No
</div>
</div>
<a name="link_hostname_exec"></a>
<div id="interface">
@ -189,13 +203,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute hostname in the hostname domain, and
Has a sigchld signal backchannel.
Execute hostname in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -214,6 +227,7 @@ No
</div>
</div>
<a name="link_hostname_run"></a>
<div id="interface">
@ -247,14 +261,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute hostname in the hostname domain, and
allow the specified role the hostname domain.
Has a sigchld signal backchannel.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: hotplug</h2><p/>
<h3>Description:</h3>
<p><p>
@ -133,6 +146,7 @@ connection and disconnection of devices at runtime.
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_hotplug_domtrans"></a>
<div id="interface">
@ -174,6 +188,7 @@ No
</div>
</div>
<a name="link_hotplug_dontaudit_search_config"></a>
<div id="interface">
@ -215,6 +230,7 @@ No
</div>
</div>
<a name="link_hotplug_dontaudit_use_fd"></a>
<div id="interface">
@ -256,6 +272,7 @@ No
</div>
</div>
<a name="link_hotplug_exec"></a>
<div id="interface">
@ -297,6 +314,49 @@ No
</div>
</div>
<a name="link_hotplug_getattr_config_dir"></a>
<div id="interface">
<div id="codeblock">
<b>hotplug_getattr_config_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Get the attributes of the hotplug configuration directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_hotplug_read_config"></a>
<div id="interface">
@ -314,12 +374,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read the configuration files for hotplug.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -338,6 +398,49 @@ No
</div>
</div>
<a name="link_hotplug_search_config"></a>
<div id="interface">
<div id="codeblock">
<b>hotplug_search_config</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Search the hotplug configuration directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_hotplug_use_fd"></a>
<div id="interface">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: init</h2><p/>
<h3>Description:</h3>
<p><p>System initialization programs (init and init scripts).</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_init_daemon_domain"></a>
<div id="interface">
@ -190,6 +204,7 @@ No
</div>
</div>
<a name="link_init_domain"></a>
<div id="interface">
@ -249,6 +264,7 @@ No
</div>
</div>
<a name="link_init_domtrans"></a>
<div id="interface">
@ -290,6 +306,7 @@ No
</div>
</div>
<a name="link_init_domtrans_script"></a>
<div id="interface">
@ -331,6 +348,7 @@ No
</div>
</div>
<a name="link_init_dontaudit_getattr_initctl"></a>
<div id="interface">
@ -372,6 +390,7 @@ No
</div>
</div>
<a name="link_init_dontaudit_rw_script_pid"></a>
<div id="interface">
@ -413,6 +432,7 @@ No
</div>
</div>
<a name="link_init_dontaudit_use_fd"></a>
<div id="interface">
@ -454,6 +474,7 @@ No
</div>
</div>
<a name="link_init_dontaudit_use_initctl"></a>
<div id="interface">
@ -495,6 +516,7 @@ No
</div>
</div>
<a name="link_init_dontaudit_use_script_fd"></a>
<div id="interface">
@ -536,6 +558,7 @@ No
</div>
</div>
<a name="link_init_dontaudit_use_script_pty"></a>
<div id="interface">
@ -577,6 +600,7 @@ No
</div>
</div>
<a name="link_init_dontaudit_write_script_pid"></a>
<div id="interface">
@ -618,6 +642,7 @@ No
</div>
</div>
<a name="link_init_exec_script"></a>
<div id="interface">
@ -659,6 +684,7 @@ No
</div>
</div>
<a name="link_init_get_process_group"></a>
<div id="interface">
@ -700,6 +726,7 @@ No
</div>
</div>
<a name="link_init_get_script_process_group"></a>
<div id="interface">
@ -741,6 +768,7 @@ No
</div>
</div>
<a name="link_init_getattr_initctl"></a>
<div id="interface">
@ -782,6 +810,7 @@ No
</div>
</div>
<a name="link_init_read_script_pid"></a>
<div id="interface">
@ -823,6 +852,7 @@ No
</div>
</div>
<a name="link_init_read_script_process_state"></a>
<div id="interface">
@ -864,6 +894,7 @@ No
</div>
</div>
<a name="link_init_run_daemon"></a>
<div id="interface">
@ -941,6 +972,7 @@ No
</div>
</div>
<a name="link_init_rw_script_pid"></a>
<div id="interface">
@ -982,6 +1014,7 @@ No
</div>
</div>
<a name="link_init_rw_script_pipe"></a>
<div id="interface">
@ -1023,6 +1056,7 @@ No
</div>
</div>
<a name="link_init_rw_script_tmp_files"></a>
<div id="interface">
@ -1064,6 +1098,7 @@ No
</div>
</div>
<a name="link_init_sigchld"></a>
<div id="interface">
@ -1105,6 +1140,7 @@ No
</div>
</div>
<a name="link_init_system_domain"></a>
<div id="interface">
@ -1165,6 +1201,7 @@ No
</div>
</div>
<a name="link_init_udp_sendto_script"></a>
<div id="interface">
@ -1206,6 +1243,7 @@ No
</div>
</div>
<a name="link_init_use_fd"></a>
<div id="interface">
@ -1247,6 +1285,7 @@ No
</div>
</div>
<a name="link_init_use_initctl"></a>
<div id="interface">
@ -1288,6 +1327,7 @@ No
</div>
</div>
<a name="link_init_use_script_fd"></a>
<div id="interface">
@ -1329,6 +1369,7 @@ No
</div>
</div>
<a name="link_init_use_script_pty"></a>
<div id="interface">
@ -1370,6 +1411,7 @@ No
</div>
</div>
<a name="link_init_write_initctl"></a>
<div id="interface">

View File

@ -0,0 +1,405 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_authlogin.html'>
authlogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_clock.html'>
clock</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_corecommands.html'>
corecommands</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_domain.html'>
domain</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_files.html'>
files</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_fstools.html'>
fstools</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_getty.html'>
getty</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hostname.html'>
hostname</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hotplug.html'>
hotplug</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_libraries.html'>
libraries</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_locallogin.html'>
locallogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_logging.html'>
logging</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_lvm.html'>
lvm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_miscfiles.html'>
miscfiles</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_modutils.html'>
modutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_sysnetwork.html'>
sysnetwork</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
udev</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
unconfined</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
userdomain</a><br/>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: system</h1><p/>
<h2>Module: ipsec</h2><p/>
<h3>Description:</h3>
<p><p>TCP/IP encryption</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_ipsec_connectto_unix_stream_socket"></a>
<div id="interface">
<div id="codeblock">
<b>ipsec_connectto_unix_stream_socket</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Connect to an IPSEC unix domain stream socket.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_ipsec_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>ipsec_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute ipsec in the ipsec domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_ipsec_exec_mgmt"></a>
<div id="interface">
<div id="codeblock">
<b>ipsec_exec_mgmt</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute the IPSEC management program in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_ipsec_getattr_key_socket"></a>
<div id="interface">
<div id="codeblock">
<b>ipsec_getattr_key_socket</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Get the attributes of an IPSEC key socket.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_ipsec_manage_pid"></a>
<div id="interface">
<div id="codeblock">
<b>ipsec_manage_pid</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete the IPSEC pid files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_ipsec_read_config"></a>
<div id="interface">
<div id="codeblock">
<b>ipsec_read_config</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read the IPSEC configuration
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: iptables</h2><p/>
<h3>Description:</h3>
<p><p>Policy for iptables.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_iptables_domtrans"></a>
<div id="interface">
@ -171,6 +185,7 @@ No
</div>
</div>
<a name="link_iptables_exec"></a>
<div id="interface">
@ -212,6 +227,7 @@ No
</div>
</div>
<a name="link_iptables_run"></a>
<div id="interface">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: libraries</h2><p/>
<h3>Description:</h3>
<p><p>Policy for system libraries.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_libs_domtrans_ldconfig"></a>
<div id="interface">
@ -171,6 +185,7 @@ No
</div>
</div>
<a name="link_libs_exec_ld_so"></a>
<div id="interface">
@ -212,6 +227,7 @@ No
</div>
</div>
<a name="link_libs_exec_lib_files"></a>
<div id="interface">
@ -253,6 +269,7 @@ No
</div>
</div>
<a name="link_libs_legacy_use_ld_so"></a>
<div id="interface">
@ -295,6 +312,7 @@ No
</div>
</div>
<a name="link_libs_legacy_use_shared_libs"></a>
<div id="interface">
@ -337,6 +355,7 @@ No
</div>
</div>
<a name="link_libs_read_lib"></a>
<div id="interface">
@ -379,6 +398,7 @@ No
</div>
</div>
<a name="link_libs_run_ldconfig"></a>
<div id="interface">
@ -456,6 +476,7 @@ No
</div>
</div>
<a name="link_libs_rw_ld_so_cache"></a>
<div id="interface">
@ -498,6 +519,7 @@ No
</div>
</div>
<a name="link_libs_search_lib"></a>
<div id="interface">
@ -539,6 +561,7 @@ No
</div>
</div>
<a name="link_libs_use_ld_so"></a>
<div id="interface">
@ -581,6 +604,7 @@ No
</div>
</div>
<a name="link_libs_use_shared_libs"></a>
<div id="interface">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: locallogin</h2><p/>
<h3>Description:</h3>
<p><p>Policy for local logins.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_locallogin_domtrans"></a>
<div id="interface">
@ -171,6 +185,7 @@ No
</div>
</div>
<a name="link_locallogin_signull"></a>
<div id="interface">
@ -212,6 +227,7 @@ No
</div>
</div>
<a name="link_locallogin_use_fd"></a>
<div id="interface">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: logging</h2><p/>
<h3>Description:</h3>
<p><p>Policy for the kernel message logger and system logging daemon.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_logging_append_all_logs"></a>
<div id="interface">
@ -171,6 +185,7 @@ No
</div>
</div>
<a name="link_logging_create_log"></a>
<div id="interface">
@ -212,6 +227,49 @@ No
</div>
</div>
<a name="link_logging_domtrans_syslog"></a>
<div id="interface">
<div id="codeblock">
<b>logging_domtrans_syslog</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute syslogd in the syslog domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_logging_dontaudit_getattr_all_logs"></a>
<div id="interface">
@ -253,6 +311,7 @@ No
</div>
</div>
<a name="link_logging_exec_all_logs"></a>
<div id="interface">
@ -294,6 +353,7 @@ No
</div>
</div>
<a name="link_logging_log_file"></a>
<div id="interface">
@ -335,6 +395,7 @@ No
</div>
</div>
<a name="link_logging_manage_all_logs"></a>
<div id="interface">
@ -376,6 +437,7 @@ No
</div>
</div>
<a name="link_logging_read_all_logs"></a>
<div id="interface">
@ -417,6 +479,7 @@ No
</div>
</div>
<a name="link_logging_read_generic_logs"></a>
<div id="interface">
@ -458,6 +521,7 @@ No
</div>
</div>
<a name="link_logging_rw_generic_logs"></a>
<div id="interface">
@ -499,6 +563,7 @@ No
</div>
</div>
<a name="link_logging_rw_log_dir"></a>
<div id="interface">
@ -540,6 +605,7 @@ No
</div>
</div>
<a name="link_logging_search_logs"></a>
<div id="interface">
@ -583,6 +649,7 @@ No
</div>
</div>
<a name="link_logging_send_syslog_msg"></a>
<div id="interface">
@ -624,6 +691,7 @@ No
</div>
</div>
<a name="link_logging_write_generic_logs"></a>
<div id="interface">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: lvm</h2><p/>
<h3>Description:</h3>
<p><p>Policy for logical volume management programs.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_lvm_domtrans"></a>
<div id="interface">
@ -171,6 +185,7 @@ No
</div>
</div>
<a name="link_lvm_read_config"></a>
<div id="interface">
@ -212,6 +227,7 @@ No
</div>
</div>
<a name="link_lvm_run"></a>
<div id="interface">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: miscfiles</h2><p/>
<h3>Description:</h3>
<p><p>Miscelaneous files.</p></p>
@ -130,6 +143,49 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_miscfiles_exec_tetex_data"></a>
<div id="interface">
<div id="codeblock">
<b>miscfiles_exec_tetex_data</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute TeX data programs in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Type type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_miscfiles_legacy_read_localization"></a>
<div id="interface">
@ -147,11 +203,11 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow process to read legacy time localization info
</p>
Allow process to read legacy time localization info
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
@ -161,8 +217,8 @@
domain
</td><td>
Type type of the process performing this action.
Type type of the process performing this action.
</td><td>
No
</td></tr>
@ -171,6 +227,7 @@ No
</div>
</div>
<a name="link_miscfiles_read_fonts"></a>
<div id="interface">
@ -188,11 +245,11 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow process to read fonts files
</p>
Read fonts
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
@ -202,8 +259,8 @@ No
domain
</td><td>
Type type of the process performing this action.
Type type of the process performing this action.
</td><td>
No
</td></tr>
@ -212,6 +269,7 @@ No
</div>
</div>
<a name="link_miscfiles_read_localization"></a>
<div id="interface">
@ -229,11 +287,11 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow process to read localization info
</p>
Allow process to read localization info
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
@ -243,8 +301,8 @@ No
domain
</td><td>
Type type of the process performing this action.
Type type of the process performing this action.
</td><td>
No
</td></tr>
@ -253,6 +311,7 @@ No
</div>
</div>
<a name="link_miscfiles_read_man_pages"></a>
<div id="interface">
@ -270,11 +329,11 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow process to read manpages
</p>
Allow process to read man pages
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
@ -284,8 +343,8 @@ No
domain
</td><td>
Type type of the process performing this action.
Type type of the process performing this action.
</td><td>
No
</td></tr>
@ -294,6 +353,49 @@ No
</div>
</div>
<a name="link_miscfiles_read_tetex_data"></a>
<div id="interface">
<div id="codeblock">
<b>miscfiles_read_tetex_data</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read TeX data
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Type type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_miscfiles_rw_man_cache"></a>
<div id="interface">
@ -311,12 +413,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow process to create files and dirs in /var/cache/man
and /var/catman/
</p>
Allow process to create files and dirs in /var/cache/man
and /var/catman/
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
@ -326,8 +428,8 @@ No
domain
</td><td>
Type type of the process performing this action.
Type type of the process performing this action.
</td><td>
No
</td></tr>

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: modutils</h2><p/>
<h3>Description:</h3>
<p><p>Policy for kernel module utilities</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_modutils_domtrans_depmod"></a>
<div id="interface">
@ -171,6 +185,7 @@ No
</div>
</div>
<a name="link_modutils_domtrans_insmod"></a>
<div id="interface">
@ -212,6 +227,7 @@ No
</div>
</div>
<a name="link_modutils_domtrans_update_mods"></a>
<div id="interface">
@ -253,6 +269,7 @@ No
</div>
</div>
<a name="link_modutils_exec_depmod"></a>
<div id="interface">
@ -294,6 +311,7 @@ No
</div>
</div>
<a name="link_modutils_exec_insmod"></a>
<div id="interface">
@ -335,6 +353,7 @@ No
</div>
</div>
<a name="link_modutils_exec_update_mods"></a>
<div id="interface">
@ -376,6 +395,7 @@ No
</div>
</div>
<a name="link_modutils_read_mods_deps"></a>
<div id="interface">
@ -417,6 +437,7 @@ No
</div>
</div>
<a name="link_modutils_read_module_conf"></a>
<div id="interface">
@ -459,6 +480,7 @@ No
</div>
</div>
<a name="link_modutils_run_depmod"></a>
<div id="interface">
@ -536,6 +558,7 @@ No
</div>
</div>
<a name="link_modutils_run_insmod"></a>
<div id="interface">
@ -616,6 +639,7 @@ No
</div>
</div>
<a name="link_modutils_run_update_mods"></a>
<div id="interface">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: mount</h2><p/>
<h3>Description:</h3>
<p><p>Policy for mount.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_mount_domtrans"></a>
<div id="interface">
@ -171,6 +185,7 @@ No
</div>
</div>
<a name="link_mount_run"></a>
<div id="interface">
@ -250,6 +265,7 @@ No
</div>
</div>
<a name="link_mount_send_nfs_client_request"></a>
<div id="interface">
@ -292,6 +308,7 @@ No
</div>
</div>
<a name="link_mount_use_fd"></a>
<div id="interface">

View File

@ -0,0 +1,444 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_authlogin.html'>
authlogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_clock.html'>
clock</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_corecommands.html'>
corecommands</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_domain.html'>
domain</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_files.html'>
files</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_fstools.html'>
fstools</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_getty.html'>
getty</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hostname.html'>
hostname</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hotplug.html'>
hotplug</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_libraries.html'>
libraries</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_locallogin.html'>
locallogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_logging.html'>
logging</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_lvm.html'>
lvm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_miscfiles.html'>
miscfiles</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_modutils.html'>
modutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_sysnetwork.html'>
sysnetwork</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
udev</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
unconfined</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
userdomain</a><br/>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: system</h1><p/>
<h2>Module: pcmcia</h2><p/>
<h3>Description:</h3>
<p><p>PCMCIA card management services</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_pcmcia_domtrans_cardctl"></a>
<div id="interface">
<div id="codeblock">
<b>pcmcia_domtrans_cardctl</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute cardctl in the cardmgr domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_pcmcia_domtrans_cardmgr"></a>
<div id="interface">
<div id="codeblock">
<b>pcmcia_domtrans_cardmgr</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute cardmgr in the cardmgr domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_pcmcia_manage_pid"></a>
<div id="interface">
<div id="codeblock">
<b>pcmcia_manage_pid</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete
cardmgr pid files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_pcmcia_manage_runtime_chr"></a>
<div id="interface">
<div id="codeblock">
<b>pcmcia_manage_runtime_chr</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete
cardmgr runtime character nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_pcmcia_read_pid"></a>
<div id="interface">
<div id="codeblock">
<b>pcmcia_read_pid</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read cardmgr pid files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_pcmcia_run_cardctl"></a>
<div id="interface">
<div id="codeblock">
<b>pcmcia_run_cardctl</b>(
domain
,
role
,
terminal
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute cardmgr in the cardctl domain, and
allow the specified role the cardmgr domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
<tr><td>
role
</td><td>
The role to be allowed the cardmgr domain.
</td><td>
No
</td></tr>
<tr><td>
terminal
</td><td>
The type of the terminal allow the cardmgr domain to use.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -0,0 +1,247 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_authlogin.html'>
authlogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_clock.html'>
clock</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_corecommands.html'>
corecommands</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_domain.html'>
domain</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_files.html'>
files</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_fstools.html'>
fstools</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_getty.html'>
getty</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hostname.html'>
hostname</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hotplug.html'>
hotplug</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_libraries.html'>
libraries</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_locallogin.html'>
locallogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_logging.html'>
logging</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_lvm.html'>
lvm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_miscfiles.html'>
miscfiles</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_modutils.html'>
modutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_sysnetwork.html'>
sysnetwork</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
udev</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
unconfined</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
userdomain</a><br/>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: system</h1><p/>
<h2>Module: raid</h2><p/>
<h3>Description:</h3>
<p><p>RAID array management tools</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_raid_domtrans_mdadm"></a>
<div id="interface">
<div id="codeblock">
<b>raid_domtrans_mdadm</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute software raid tools in the mdadm domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_raid_manage_mdadm_pid"></a>
<div id="interface">
<div id="codeblock">
<b>raid_manage_mdadm_pid</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete the mdadm pid files.
</p>
<h5>Description</h5>
<p>
</p><p>
Create, read, write, and delete the mdadm pid files.
</p><p>
</p><p>
Added for use in the init module.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: selinuxutil</h2><p/>
<h3>Description:</h3>
<p><p>Policy for SELinux policy and userland applications.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_seutil_create_binary_pol"></a>
<div id="interface">
@ -171,6 +185,7 @@ No
</div>
</div>
<a name="link_seutil_domtrans_checkpol"></a>
<div id="interface">
@ -212,6 +227,7 @@ No
</div>
</div>
<a name="link_seutil_domtrans_loadpol"></a>
<div id="interface">
@ -253,6 +269,7 @@ No
</div>
</div>
<a name="link_seutil_domtrans_newrole"></a>
<div id="interface">
@ -294,6 +311,7 @@ No
</div>
</div>
<a name="link_seutil_domtrans_restorecon"></a>
<div id="interface">
@ -335,6 +353,7 @@ No
</div>
</div>
<a name="link_seutil_domtrans_runinit"></a>
<div id="interface">
@ -376,6 +395,7 @@ No
</div>
</div>
<a name="link_seutil_domtrans_setfiles"></a>
<div id="interface">
@ -417,6 +437,50 @@ No
</div>
</div>
<a name="link_seutil_dontaudit_search_config"></a>
<div id="interface">
<div id="codeblock">
<b>seutil_dontaudit_search_config</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to search the SELinux
configuration directory (/etc/selinux).
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_seutil_dontaudit_signal_newrole"></a>
<div id="interface">
@ -459,6 +523,7 @@ No
</div>
</div>
<a name="link_seutil_exec_checkpol"></a>
<div id="interface">
@ -500,6 +565,7 @@ No
</div>
</div>
<a name="link_seutil_exec_loadpol"></a>
<div id="interface">
@ -541,6 +607,7 @@ No
</div>
</div>
<a name="link_seutil_exec_newrole"></a>
<div id="interface">
@ -582,6 +649,7 @@ No
</div>
</div>
<a name="link_seutil_exec_restorecon"></a>
<div id="interface">
@ -623,6 +691,7 @@ No
</div>
</div>
<a name="link_seutil_exec_setfiles"></a>
<div id="interface">
@ -664,6 +733,7 @@ No
</div>
</div>
<a name="link_seutil_manage_binary_pol"></a>
<div id="interface">
@ -705,6 +775,7 @@ No
</div>
</div>
<a name="link_seutil_manage_src_pol"></a>
<div id="interface">
@ -746,6 +817,7 @@ No
</div>
</div>
<a name="link_seutil_read_binary_pol"></a>
<div id="interface">
@ -787,6 +859,7 @@ No
</div>
</div>
<a name="link_seutil_read_config"></a>
<div id="interface">
@ -828,6 +901,7 @@ No
</div>
</div>
<a name="link_seutil_read_default_contexts"></a>
<div id="interface">
@ -869,6 +943,7 @@ No
</div>
</div>
<a name="link_seutil_read_file_contexts"></a>
<div id="interface">
@ -910,6 +985,7 @@ No
</div>
</div>
<a name="link_seutil_read_loadpol"></a>
<div id="interface">
@ -951,6 +1027,7 @@ No
</div>
</div>
<a name="link_seutil_read_src_pol"></a>
<div id="interface">
@ -992,6 +1069,7 @@ No
</div>
</div>
<a name="link_seutil_relabelto_binary_pol"></a>
<div id="interface">
@ -1033,6 +1111,7 @@ No
</div>
</div>
<a name="link_seutil_run_checkpol"></a>
<div id="interface">
@ -1113,6 +1192,7 @@ No
</div>
</div>
<a name="link_seutil_run_loadpol"></a>
<div id="interface">
@ -1193,6 +1273,7 @@ No
</div>
</div>
<a name="link_seutil_run_newrole"></a>
<div id="interface">
@ -1272,6 +1353,7 @@ No
</div>
</div>
<a name="link_seutil_run_restorecon"></a>
<div id="interface">
@ -1351,6 +1433,7 @@ No
</div>
</div>
<a name="link_seutil_run_runinit"></a>
<div id="interface">
@ -1430,6 +1513,7 @@ No
</div>
</div>
<a name="link_seutil_run_setfiles"></a>
<div id="interface">
@ -1509,6 +1593,7 @@ No
</div>
</div>
<a name="link_seutil_search_default_contexts"></a>
<div id="interface">
@ -1550,6 +1635,7 @@ No
</div>
</div>
<a name="link_seutil_sigchld_newrole"></a>
<div id="interface">
@ -1591,6 +1677,7 @@ No
</div>
</div>
<a name="link_seutil_use_newrole_fd"></a>
<div id="interface">
@ -1632,6 +1719,7 @@ No
</div>
</div>
<a name="link_seutil_use_runinit_fd"></a>
<div id="interface">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: sysnetwork</h2><p/>
<h3>Description:</h3>
<p><p>Policy for network configuration: ifconfig and dhcp client.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_sysnet_domtrans_dhcpc"></a>
<div id="interface">
@ -171,6 +185,7 @@ No
</div>
</div>
<a name="link_sysnet_domtrans_ifconfig"></a>
<div id="interface">
@ -212,6 +227,7 @@ No
</div>
</div>
<a name="link_sysnet_kill_dhcpc"></a>
<div id="interface">
@ -253,6 +269,49 @@ No
</div>
</div>
<a name="link_sysnet_manage_config"></a>
<div id="interface">
<div id="codeblock">
<b>sysnet_manage_config</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete network config files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_sysnet_read_config"></a>
<div id="interface">
@ -294,6 +353,7 @@ No
</div>
</div>
<a name="link_sysnet_read_dhcpc_pid"></a>
<div id="interface">
@ -335,6 +395,7 @@ No
</div>
</div>
<a name="link_sysnet_read_dhcpc_state"></a>
<div id="interface">
@ -376,6 +437,7 @@ No
</div>
</div>
<a name="link_sysnet_run_ifconfig"></a>
<div id="interface">
@ -455,6 +517,7 @@ No
</div>
</div>
<a name="link_sysnet_rw_dhcp_config"></a>
<div id="interface">
@ -496,6 +559,7 @@ No
</div>
</div>
<a name="link_sysnet_sigchld_dhcpc"></a>
<div id="interface">
@ -537,6 +601,7 @@ No
</div>
</div>
<a name="link_sysnet_signal_dhcpc"></a>
<div id="interface">
@ -578,6 +643,7 @@ No
</div>
</div>
<a name="link_sysnet_signull_dhcpc"></a>
<div id="interface">
@ -619,6 +685,7 @@ No
</div>
</div>
<a name="link_sysnet_sigstop_dhcpc"></a>
<div id="interface">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,8 +134,6 @@
<h1>Layer: system</h1><p/>
<h2>Module: udev</h2><p/>
<h3>Description:</h3>
<p><p>Policy for udev.</p></p>
@ -130,6 +143,7 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_udev_domtrans"></a>
<div id="interface">
@ -147,11 +161,11 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute udev in the udev domain.
</p>
Execute udev in the udev domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
@ -161,8 +175,8 @@
domain
</td><td>
The type of the process performing this action.
The type of the process performing this action.
</td><td>
No
</td></tr>
@ -171,6 +185,50 @@ No
</div>
</div>
<a name="link_udev_donaudit_rw_unix_dgram_socket"></a>
<div id="interface">
<div id="codeblock">
<b>udev_donaudit_rw_unix_dgram_socket</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to read or write
to a udev unix datagram socket.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_udev_read_db"></a>
<div id="interface">
@ -188,11 +246,11 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow process to read list of devices.
</p>
Allow process to read list of devices.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
@ -202,8 +260,8 @@ No
domain
</td><td>
The type of the process performing this action.
The type of the process performing this action.
</td><td>
No
</td></tr>
@ -212,6 +270,7 @@ No
</div>
</div>
<a name="link_udev_rw_db"></a>
<div id="interface">
@ -229,11 +288,11 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow process to modify list of devices.
</p>
Allow process to modify list of devices.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
@ -243,8 +302,8 @@ No
domain
</td><td>
The type of the process performing this action.
The type of the process performing this action.
</td><td>
No
</td></tr>

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,11 +134,9 @@
<h1>Layer: system</h1><p/>
<h2>Module: unconfined</h2><p/>
<a href=#interfaces>Interfaces</a>
<a href=#templates>Templates</a>
<h3>Description:</h3>
<p><p>The unconfined domain.</p></p>
@ -133,12 +146,13 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_unconfined_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>unconfined_domtrans_shell</b>(
<b>unconfined_domtrans</b>(
@ -152,7 +166,7 @@
<h5>Summary</h5>
<p>
Transition to the unconfined domain by executing a shell.
Transition to the unconfined domain.
</p>
@ -174,6 +188,62 @@ No
</div>
</div>
<a name="link_unconfined_dontaudit_rw_tcp_socket"></a>
<div id="interface">
<div id="codeblock">
<b>unconfined_dontaudit_rw_tcp_socket</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to read or write
unconfined domain tcp sockets.
</p>
<h5>Description</h5>
<p>
</p><p>
Do not audit attempts to read or write
unconfined domain tcp sockets.
</p><p>
</p><p>
This interface was added due to a broken
symptom in ldconfig.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_unconfined_role"></a>
<div id="interface">
@ -215,6 +285,85 @@ No
</div>
</div>
<a name="link_unconfined_run"></a>
<div id="interface">
<div id="codeblock">
<b>unconfined_run</b>(
domain
,
role
,
terminal
)<br>
</div>
<div id="description">
<h5>Description</h5>
<p>
Execute specified programs in the unconfined domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
<tr><td>
role
</td><td>
The role to allow the unconfined domain.
</td><td>
No
</td></tr>
<tr><td>
terminal
</td><td>
The type of the terminal allow the unconfined domain to use.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_unconfined_rw_pipe"></a>
<div id="interface">
@ -256,6 +405,49 @@ No
</div>
</div>
<a name="link_unconfined_shell_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>unconfined_shell_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Transition to the unconfined domain by executing a shell.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_unconfined_sigchld"></a>
<div id="interface">
@ -297,6 +489,7 @@ No
</div>
</div>
<a name="link_unconfined_use_fd"></a>
<div id="interface">
@ -345,6 +538,7 @@ No
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_unconfined_domain_template"></a>
<div id="template">

View File

@ -67,6 +67,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -91,6 +94,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -109,9 +118,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -119,11 +134,9 @@
<h1>Layer: system</h1><p/>
<h2>Module: userdomain</h2><p/>
<a href=#interfaces>Interfaces</a>
<a href=#templates>Templates</a>
<h3>Description:</h3>
<p><p>Policy for user domains</p></p>
@ -133,6 +146,135 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_userdom_dontaudit_search_all_users_home"></a>
<div id="interface">
<div id="codeblock">
<b>userdom_dontaudit_search_all_users_home</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to search all users home directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_userdom_dontaudit_search_staff_home_dir"></a>
<div id="interface">
<div id="codeblock">
<b>userdom_dontaudit_search_staff_home_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to search the staff
users home directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_userdom_dontaudit_search_sysadm_home_dir"></a>
<div id="interface">
<div id="codeblock">
<b>userdom_dontaudit_search_sysadm_home_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to search the sysadm
users home directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_userdom_dontaudit_use_sysadm_terms"></a>
<div id="interface">
@ -152,7 +294,7 @@
<h5>Summary</h5>
<p>
Do not audit attempts to use admin ttys and ptys.
Do not audit attempts to use sysadm ttys and ptys.
</p>
@ -164,7 +306,7 @@ Do not audit attempts to use admin ttys and ptys.
domain
</td><td>
The type of the process performing this action.
Domain to not audit.
</td><td>
No
@ -174,6 +316,49 @@ No
</div>
</div>
<a name="link_userdom_dontaudit_use_sysadm_tty"></a>
<div id="interface">
<div id="codeblock">
<b>userdom_dontaudit_use_sysadm_tty</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to use sysadm ttys.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_userdom_dontaudit_use_unpriv_user_fd"></a>
<div id="interface">
@ -216,6 +401,7 @@ No
</div>
</div>
<a name="link_userdom_dontaudit_use_unpriv_user_tty"></a>
<div id="interface">
@ -258,6 +444,7 @@ No
</div>
</div>
<a name="link_userdom_read_all_user_files"></a>
<div id="interface">
@ -299,6 +486,7 @@ No
</div>
</div>
<a name="link_userdom_read_staff_home_files"></a>
<div id="interface">
@ -340,6 +528,7 @@ No
</div>
</div>
<a name="link_userdom_read_sysadm_home_files"></a>
<div id="interface">
@ -381,6 +570,7 @@ No
</div>
</div>
<a name="link_userdom_rw_sysadm_pipe"></a>
<div id="interface">
@ -422,6 +612,7 @@ No
</div>
</div>
<a name="link_userdom_search_all_users_home"></a>
<div id="interface">
@ -463,6 +654,91 @@ No
</div>
</div>
<a name="link_userdom_search_staff_home_dir"></a>
<div id="interface">
<div id="codeblock">
<b>userdom_search_staff_home_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Search the staff users home directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_userdom_search_sysadm_home_dir"></a>
<div id="interface">
<div id="codeblock">
<b>userdom_search_sysadm_home_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Search the sysadm users home directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_userdom_shell_domtrans_sysadm"></a>
<div id="interface">
@ -504,6 +780,7 @@ No
</div>
</div>
<a name="link_userdom_signal_all_users"></a>
<div id="interface">
@ -545,6 +822,7 @@ No
</div>
</div>
<a name="link_userdom_signal_unpriv_users"></a>
<div id="interface">
@ -586,6 +864,7 @@ No
</div>
</div>
<a name="link_userdom_spec_domtrans_all_users"></a>
<div id="interface">
@ -629,6 +908,7 @@ No
</div>
</div>
<a name="link_userdom_spec_domtrans_unpriv_users"></a>
<div id="interface">
@ -672,6 +952,7 @@ No
</div>
</div>
<a name="link_userdom_unconfined"></a>
<div id="interface">
@ -713,6 +994,7 @@ No
</div>
</div>
<a name="link_userdom_use_all_user_fd"></a>
<div id="interface">
@ -754,6 +1036,7 @@ No
</div>
</div>
<a name="link_userdom_use_sysadm_fd"></a>
<div id="interface">
@ -795,6 +1078,7 @@ No
</div>
</div>
<a name="link_userdom_use_sysadm_pty"></a>
<div id="interface">
@ -836,6 +1120,7 @@ No
</div>
</div>
<a name="link_userdom_use_sysadm_terms"></a>
<div id="interface">
@ -877,6 +1162,7 @@ No
</div>
</div>
<a name="link_userdom_use_sysadm_tty"></a>
<div id="interface">
@ -918,6 +1204,7 @@ No
</div>
</div>
<a name="link_userdom_use_unpriv_users_fd"></a>
<div id="interface">
@ -959,6 +1246,7 @@ No
</div>
</div>
<a name="link_userdom_write_unpriv_user_tmp"></a>
<div id="interface">
@ -1007,6 +1295,7 @@ No
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_admin_user_template"></a>
<div id="template">
@ -1037,6 +1326,20 @@ This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p><p>
</p><p>
The privileges given to administrative users are:
<ul><p>
</p><li><p>Raw disk access</p></li><p>
</p><li><p>Set all sysctls</p></li><p>
</p><li><p>All kernel ring buffer controls</p></li><p>
</p><li><p>Set SELinux enforcement mode (enforcing/permissive)</p></li><p>
</p><li><p>Set SELinux booleans</p></li><p>
</p><li><p>Relabel all files but shadow</p></li><p>
</p><li><p>Create, read, write, and delete all files but shadow</p></li><p>
</p><li><p>Manage source and binary format SELinux policy</p></li><p>
</p><li><p>Run insmod</p></li><p>
</p></ul>
</p><p>
</p>
<h5>Parameters</h5>
@ -1058,6 +1361,7 @@ No
</div>
</div>
<a name="link_base_user_template"></a>
<div id="template">
@ -1115,6 +1419,7 @@ No
</div>
</div>
<a name="link_unpriv_user_template"></a>
<div id="template">

View File

@ -91,6 +91,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
@ -136,6 +139,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
@ -160,6 +166,12 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
@ -178,9 +190,15 @@
</div>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface Index</a>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template Index</a>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
@ -188,7 +206,7 @@
<div id="templatesmall">
Module: <a href='system_userdomain.html'>
Module: <a href='system_userdomain.html#link_admin_user_template'>
userdomain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
@ -214,7 +232,7 @@ The template for creating an administrative user.
</div>
<div id="templatesmall">
Module: <a href='system_authlogin.html'>
Module: <a href='system_authlogin.html#link_authlogin_per_userdomain_template'>
authlogin</a><p/>
Layer: <a href='system.html'>
system</a><p/>
@ -240,7 +258,7 @@ The per user domain template for the authlogin module.
</div>
<div id="templatesmall">
Module: <a href='system_userdomain.html'>
Module: <a href='system_userdomain.html#link_base_user_template'>
userdomain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
@ -267,7 +285,7 @@ users and administrative users.
</div>
<div id="templatesmall">
Module: <a href='services_cron.html'>
Module: <a href='services_cron.html#link_cron_admin_template'>
cron</a><p/>
Layer: <a href='services.html'>
services</a><p/>
@ -293,7 +311,7 @@ The administrative functions template for the cron module.
</div>
<div id="templatesmall">
Module: <a href='services_cron.html'>
Module: <a href='services_cron.html#link_cron_per_userdomain_template'>
cron</a><p/>
Layer: <a href='services.html'>
services</a><p/>
@ -319,7 +337,7 @@ The per user domain template for the cron module.
</div>
<div id="templatesmall">
Module: <a href='system_domain.html'>
Module: <a href='system_domain.html#link_domain_auto_trans'>
domain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
@ -345,7 +363,7 @@ Summary is missing!
</div>
<div id="templatesmall">
Module: <a href='system_domain.html'>
Module: <a href='system_domain.html#link_domain_trans'>
domain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
@ -371,7 +389,7 @@ Summary is missing!
</div>
<div id="templatesmall">
Module: <a href='apps_gpg.html'>
Module: <a href='apps_gpg.html#link_gpg_per_userdomain_template'>
gpg</a><p/>
Layer: <a href='apps.html'>
apps</a><p/>
@ -397,7 +415,7 @@ The per user domain template for the gpg module.
</div>
<div id="templatesmall">
Module: <a href='services_mta.html'>
Module: <a href='services_mta.html#link_mta_per_userdomain_template'>
mta</a><p/>
Layer: <a href='services.html'>
services</a><p/>
@ -423,7 +441,7 @@ Summary is missing!
</div>
<div id="templatesmall">
Module: <a href='services_ssh.html'>
Module: <a href='services_ssh.html#link_ssh_per_userdomain_template'>
ssh</a><p/>
Layer: <a href='services.html'>
services</a><p/>
@ -449,7 +467,7 @@ The per user domain template for the ssh module.
</div>
<div id="templatesmall">
Module: <a href='services_ssh.html'>
Module: <a href='services_ssh.html#link_ssh_server_template'>
ssh</a><p/>
Layer: <a href='services.html'>
services</a><p/>
@ -475,7 +493,7 @@ The template to define a ssh server.
</div>
<div id="templatesmall">
Module: <a href='system_unconfined.html'>
Module: <a href='system_unconfined.html#link_unconfined_domain_template'>
unconfined</a><p/>
Layer: <a href='system.html'>
system</a><p/>
@ -501,7 +519,7 @@ A template to make the specified domain unconfined.
</div>
<div id="templatesmall">
Module: <a href='system_userdomain.html'>
Module: <a href='system_userdomain.html#link_unpriv_user_template'>
userdomain</a><p/>
Layer: <a href='system.html'>
system</a><p/>