update for release

This commit is contained in:
Chris PeBenito 2005-08-26 15:28:46 +00:00
parent 37aa3ff267
commit c2ecf024d4
67 changed files with 11063 additions and 489 deletions

View File

@ -13,21 +13,42 @@
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
@ -82,6 +103,11 @@
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
<tr><td>
<a href='admin_acct.html'>
acct</a></td>
<td><p>Berkeley process accounting</p></td>
<tr><td>
<a href='admin_consoletype.html'>
consoletype</a></td>
@ -94,6 +120,14 @@ Determine of the console connected to the controlling terminal.
dmesg</a></td>
<td><p>Policy for dmesg.</p></td>
<tr><td>
<a href='admin_firstboot.html'>
firstboot</a></td>
<td><p>
Final system configuration run during the first boot
after installation of Red Hat/Fedora systems.
</p></td>
<tr><td>
<a href='admin_logrotate.html'>
logrotate</a></td>
@ -104,11 +138,36 @@ Determine of the console connected to the controlling terminal.
netutils</a></td>
<td><p>Network analysis utilities</p></td>
<tr><td>
<a href='admin_quota.html'>
quota</a></td>
<td><p>File system quota management</p></td>
<tr><td>
<a href='admin_rpm.html'>
rpm</a></td>
<td><p>Policy for the RPM package manager.</p></td>
<tr><td>
<a href='admin_su.html'>
su</a></td>
<td><p>Run shells with substitute user and group</p></td>
<tr><td>
<a href='admin_sudo.html'>
sudo</a></td>
<td><p>Execute a command with a substitute user</p></td>
<tr><td>
<a href='admin_tmpreaper.html'>
tmpreaper</a></td>
<td><p>Manage temporary directory sizes and file ages</p></td>
<tr><td>
<a href='admin_updfstab.html'>
updfstab</a></td>
<td><p>Red Hat utility to change /etc/fstab.</p></td>
<tr><td>
<a href='admin_usermanage.html'>
usermanage</a></td>

View File

@ -0,0 +1,282 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: admin</h1><p/>
<h2>Module: acct</h2><p/>
<h3>Description:</h3>
<p><p>Berkeley process accounting</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_acct_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>acct_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Transition to the accounting management domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_acct_exec"></a>
<div id="interface">
<div id="codeblock">
<b>acct_exec</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute accounting management tools in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_acct_exec_data"></a>
<div id="interface">
<div id="codeblock">
<b>acct_exec_data</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute accounting management data in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_acct_manage_data"></a>
<div id="interface">
<div id="codeblock">
<b>acct_manage_data</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete process accounting data.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -13,21 +13,42 @@
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
@ -103,12 +124,12 @@ Determine of the console connected to the controlling terminal.
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute consoletype in the consoletype domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -145,12 +166,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute consoletype in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -13,21 +13,42 @@
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>

View File

@ -0,0 +1,322 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: admin</h1><p/>
<h2>Module: firstboot</h2><p/>
<h3>Description:</h3>
<p><p>
Final system configuration run during the first boot
after installation of Red Hat/Fedora systems.
</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_firstboot_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>firstboot_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute firstboot in the firstboot domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_firstboot_run"></a>
<div id="interface">
<div id="codeblock">
<b>firstboot_run</b>(
domain
,
role
,
terminal
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute firstboot in the firstboot domain, and
allow the specified role the firstboot domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
<tr><td>
role
</td><td>
The role to be allowed the firstboot domain.
</td><td>
No
</td></tr>
<tr><td>
terminal
</td><td>
The type of the terminal allow the firstboot domain to use.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_firstboot_use_fd"></a>
<div id="interface">
<div id="codeblock">
<b>firstboot_use_fd</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Inherit and use a file descriptor from firstboot.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_firstboot_write_pipe"></a>
<div id="interface">
<div id="codeblock">
<b>firstboot_write_pipe</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Write to a firstboot unnamed pipe.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -13,21 +13,42 @@
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>

View File

@ -13,21 +13,42 @@
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>

View File

@ -0,0 +1,320 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: admin</h1><p/>
<h2>Module: quota</h2><p/>
<h3>Description:</h3>
<p><p>File system quota management</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_quota_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>quota_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute quota management tools in the quota domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_quota_dontaudit_getattr_db"></a>
<div id="interface">
<div id="codeblock">
<b>quota_dontaudit_getattr_db</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to get the attributes
of filesystem quota data files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_quota_manage_flags"></a>
<div id="interface">
<div id="codeblock">
<b>quota_manage_flags</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_quota_run"></a>
<div id="interface">
<div id="codeblock">
<b>quota_run</b>(
domain
,
role
,
terminal
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute quota management tools in the quota domain, and
allow the specified role the quota domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
<tr><td>
role
</td><td>
The role to be allowed the quota domain.
</td><td>
No
</td></tr>
<tr><td>
terminal
</td><td>
The type of the terminal allow the quota domain to use.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -13,21 +13,42 @@
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>

171
www/api-docs/admin_su.html Normal file
View File

@ -0,0 +1,171 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: admin</h1><p/>
<h2>Module: su</h2><p/>
<h3>Description:</h3>
<p><p>Run shells with substitute user and group</p></p>
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_su_per_userdomain_template"></a>
<div id="template">
<div id="codeblock">
<b>su_per_userdomain_template</b>(
userdomain_prefix
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
The per user domain template for the su module.
</p>
<h5>Description</h5>
<p>
</p><p>
This template creates a derived domain which is allowed
to change the linux user id, to run shells as a different
user.
</p><p>
</p><p>
This template is invoked automatically for each user, and
generally does not need to be invoked directly
by policy writers.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
userdomain_prefix
</td><td>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -0,0 +1,171 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: admin</h1><p/>
<h2>Module: sudo</h2><p/>
<h3>Description:</h3>
<p><p>Execute a command with a substitute user</p></p>
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_sudo_per_userdomain_template"></a>
<div id="template">
<div id="codeblock">
<b>sudo_per_userdomain_template</b>(
userdomain_prefix
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
The per user domain template for the sudo module.
</p>
<h5>Description</h5>
<p>
</p><p>
This template creates a derived domain which is allowed
to change the linux user id, to run commands as a different
user.
</p><p>
</p><p>
This template is invoked automatically for each user, and
generally does not need to be invoked directly
by policy writers.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
userdomain_prefix
</td><td>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -0,0 +1,156 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: admin</h1><p/>
<h2>Module: tmpreaper</h2><p/>
<h3>Description:</h3>
<p><p>Manage temporary directory sizes and file ages</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_tmpreaper_exec"></a>
<div id="interface">
<div id="codeblock">
<b>tmpreaper_exec</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute tmpreaper in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -0,0 +1,156 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: admin</h1><p/>
<h2>Module: updfstab</h2><p/>
<h3>Description:</h3>
<p><p>Red Hat utility to change /etc/fstab.</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_updfstab_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>updfstab_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute updfstab in the updfstab domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -13,21 +13,42 @@
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
@ -101,12 +122,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute chfn in the chfn domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -143,12 +164,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute groupadd in the groupadd domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -185,12 +206,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute passwd in the passwd domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -227,12 +248,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute useradd in the useradd domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -327,13 +348,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute chfn in the chfn domain, and
allow the specified role the chfn domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -406,13 +427,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute groupadd in the groupadd domain, and
allow the specified role the groupadd domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -485,13 +506,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute passwd in the passwd domain, and
allow the specified role the passwd domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -564,13 +585,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute useradd in the useradd domain, and
allow the specified role the useradd domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -22,6 +22,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_gpg.html'>
gpg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_loadkeys.html'>
loadkeys</a><br/>
</div>
<a href="kernel.html">+&nbsp;
@ -73,6 +76,11 @@
gpg</a></td>
<td><p>Policy for GNU Privacy Guard and related programs.</p></td>
<tr><td>
<a href='apps_loadkeys.html'>
loadkeys</a></td>
<td><p>Load keyboard mappings.</p></td>
</td></tr>

View File

@ -22,6 +22,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_gpg.html'>
gpg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_loadkeys.html'>
loadkeys</a><br/>
</div>
<a href="kernel.html">+&nbsp;

View File

@ -0,0 +1,243 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_gpg.html'>
gpg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_loadkeys.html'>
loadkeys</a><br/>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: apps</h1><p/>
<h2>Module: loadkeys</h2><p/>
<h3>Description:</h3>
<p><p>Load keyboard mappings.</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_loadkeys_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>loadkeys_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute the loadkeys program in the loadkeys domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_loadkeys_exec"></a>
<div id="interface">
<div id="codeblock">
<b>loadkeys_exec</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute the loadkeys program in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_loadkeys_run"></a>
<div id="interface">
<div id="codeblock">
<b>loadkeys_run</b>(
domain
,
role
,
terminal
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute the loadkeys program in the loadkeys domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
<tr><td>
role
</td><td>
The role to allow the loadkeys domain.
</td><td>
No
</td></tr>
<tr><td>
terminal
</td><td>
The type of the terminal allow the loadkeys domain to use.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -13,21 +13,42 @@
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
@ -40,6 +61,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_gpg.html'>
gpg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_loadkeys.html'>
loadkeys</a><br/>
</div>
<a href="kernel.html">+&nbsp;
@ -76,33 +100,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;

View File

@ -13,21 +13,42 @@
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
@ -40,6 +61,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_gpg.html'>
gpg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_loadkeys.html'>
loadkeys</a><br/>
</div>
<a href="kernel.html">+&nbsp;
@ -76,33 +100,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
@ -257,6 +308,19 @@ Allow system to run with kerberos
</div></div>
<div id="interface">
<div id="codeblock">allow_user_mysql_connect</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow users to connect to mysql
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">allow_ypbind</div>
<div id="description">
@ -298,6 +362,20 @@ to support fcron.
</div></div>
<div id="interface">
<div id="codeblock">named_write_master_zones</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p><p>
Allow BIND to write the master zone files.
Generally this is used for dynamic DNS.
</p></p>
</div></div>
<div id="interface">
<div id="codeblock">read_default_t</div>
<div id="description">

View File

@ -13,21 +13,42 @@
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
@ -40,6 +61,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_gpg.html'>
gpg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_loadkeys.html'>
loadkeys</a><br/>
</div>
<a href="kernel.html">+&nbsp;
@ -76,33 +100,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
@ -214,6 +265,11 @@
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
<tr><td>
<a href='admin_acct.html'>
acct</a></td>
<td><p>Berkeley process accounting</p></td>
<tr><td>
<a href='admin_consoletype.html'>
consoletype</a></td>
@ -226,6 +282,14 @@ Determine of the console connected to the controlling terminal.
dmesg</a></td>
<td><p>Policy for dmesg.</p></td>
<tr><td>
<a href='admin_firstboot.html'>
firstboot</a></td>
<td><p>
Final system configuration run during the first boot
after installation of Red Hat/Fedora systems.
</p></td>
<tr><td>
<a href='admin_logrotate.html'>
logrotate</a></td>
@ -236,11 +300,36 @@ Determine of the console connected to the controlling terminal.
netutils</a></td>
<td><p>Network analysis utilities</p></td>
<tr><td>
<a href='admin_quota.html'>
quota</a></td>
<td><p>File system quota management</p></td>
<tr><td>
<a href='admin_rpm.html'>
rpm</a></td>
<td><p>Policy for the RPM package manager.</p></td>
<tr><td>
<a href='admin_su.html'>
su</a></td>
<td><p>Run shells with substitute user and group</p></td>
<tr><td>
<a href='admin_sudo.html'>
sudo</a></td>
<td><p>Execute a command with a substitute user</p></td>
<tr><td>
<a href='admin_tmpreaper.html'>
tmpreaper</a></td>
<td><p>Manage temporary directory sizes and file ages</p></td>
<tr><td>
<a href='admin_updfstab.html'>
updfstab</a></td>
<td><p>Red Hat utility to change /etc/fstab.</p></td>
<tr><td>
<a href='admin_usermanage.html'>
usermanage</a></td>
@ -354,6 +443,11 @@ Policy for kernel security interface, in particular, selinuxfs.
gpg</a></td>
<td><p>Policy for GNU Privacy Guard and related programs.</p></td>
<tr><td>
<a href='apps_loadkeys.html'>
loadkeys</a></td>
<td><p>Load keyboard mappings.</p></td>
</td></tr>
@ -555,11 +649,26 @@ connection and disconnection of devices at runtime.
</td></tr>
<tr><td>
<a href='services_bind.html'>
bind</a></td>
<td><p>Berkeley internet name domain DNS server.</p></td>
<tr><td>
<a href='services_cron.html'>
cron</a></td>
<td><p>Periodic execution of scheduled commands.</p></td>
<tr><td>
<a href='services_gpm.html'>
gpm</a></td>
<td><p>General Purpose Mouse driver</p></td>
<tr><td>
<a href='services_howl.html'>
howl</a></td>
<td><p>Port of Apple Rendezvous multicast DNS</p></td>
<tr><td>
<a href='services_inetd.html'>
inetd</a></td>
@ -570,11 +679,21 @@ connection and disconnection of devices at runtime.
kerberos</a></td>
<td><p>MIT Kerberos admin and KDC</p></td>
<tr><td>
<a href='services_ldap.html'>
ldap</a></td>
<td><p>OpenLDAP directory server</p></td>
<tr><td>
<a href='services_mta.html'>
mta</a></td>
<td><p>Policy common to all email tranfer agents.</p></td>
<tr><td>
<a href='services_mysql.html'>
mysql</a></td>
<td><p>Policy for MySQL</p></td>
<tr><td>
<a href='services_nis.html'>
nis</a></td>
@ -585,11 +704,26 @@ connection and disconnection of devices at runtime.
nscd</a></td>
<td><p>Name service cache daemon</p></td>
<tr><td>
<a href='services_privoxy.html'>
privoxy</a></td>
<td><p>Privacy enhancing web proxy.</p></td>
<tr><td>
<a href='services_remotelogin.html'>
remotelogin</a></td>
<td><p>Policy for rshd, rlogind, and telnetd.</p></td>
<tr><td>
<a href='services_rshd.html'>
rshd</a></td>
<td><p>Remote shell service.</p></td>
<tr><td>
<a href='services_rsync.html'>
rsync</a></td>
<td><p>Fast incremental file transfer for synchronization</p></td>
<tr><td>
<a href='services_sendmail.html'>
sendmail</a></td>
@ -600,6 +734,11 @@ connection and disconnection of devices at runtime.
ssh</a></td>
<td><p>Secure shell client and server policy.</p></td>
<tr><td>
<a href='services_tcpd.html'>
tcpd</a></td>
<td><p>Policy for TCP daemon.</p></td>
</td></tr>

File diff suppressed because it is too large Load Diff

View File

@ -106,6 +106,8 @@ Additionally, this module controls access to three things:
</p></p>
<p>This module is required to be included in all policies.</p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>

View File

@ -736,6 +736,49 @@ No
</div>
</div>
<a name="link_fs_get_xattr_fs_quota"></a>
<div id="interface">
<div id="codeblock">
<b>fs_get_xattr_fs_quota</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Get the filesystem quotas of a filesystem
with extended attributes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the domain mounting the filesystem.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_fs_getattr_all_files"></a>
<div id="interface">
@ -3660,6 +3703,90 @@ No
</div>
</div>
<a name="link_fs_search_cifs"></a>
<div id="interface">
<div id="codeblock">
<b>fs_search_cifs</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Search directories on a CIFS or SMB filesystem.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the domain reading the files.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_fs_search_nfs"></a>
<div id="interface">
<div id="codeblock">
<b>fs_search_nfs</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Search directories on a NFS filesystem.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the domain reading the files.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_fs_search_tmpfs"></a>
<div id="interface">
@ -3744,6 +3871,49 @@ No
</div>
</div>
<a name="link_fs_set_xattr_fs_quota"></a>
<div id="interface">
<div id="codeblock">
<b>fs_set_xattr_fs_quota</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Set the filesystem quotas of a filesystem
with extended attributes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the domain mounting the filesystem.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_fs_setattr_tmpfs_dir"></a>
<div id="interface">

View File

@ -518,6 +518,48 @@ No
</div>
</div>
<a name="link_kernel_dontaudit_write_kernel_sysctl"></a>
<div id="interface">
<div id="codeblock">
<b>kernel_dontaudit_write_kernel_sysctl</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to write generic kernel sysctls.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_kernel_get_sysvipc_info"></a>
<div id="interface">

View File

@ -155,7 +155,7 @@ No
<h5>Summary</h5>
<p>
Calculate the default type for object creation.
</p>
@ -167,7 +167,7 @@ No
domain
</td><td>
Domain allowed access.
</td><td>
No
@ -197,10 +197,21 @@ No
<h5>Summary</h5>
<p>
Calculate the context for relabeling objects.
</p>
<h5>Description</h5>
<p>
</p><p>
Calculate the context for relabeling objects.
This is determined by using the type_change
rules in the policy, and is generally used
for determining the context for relabeling
a terminal when a user logs in.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -209,7 +220,7 @@ No
domain
</td><td>
The process type to
Domain allowed access.
</td><td>
No
@ -467,6 +478,18 @@ enable or disable conditional portions of the policy.
</p>
<h5>Description</h5>
<p>
</p><p>
Allow caller to set the state of Booleans to
enable or disable conditional portions of the policy.
</p><p>
</p><p>
Since this is a security event, this action is
always audited.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -520,6 +543,18 @@ Allow caller to set the mode of policy enforcement
</p>
<h5>Description</h5>
<p>
</p><p>
Allow caller to set the mode of policy enforcement
(enforcing or permissive mode).
</p><p>
</p><p>
Since this is a security event, this action is
always audited.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -558,10 +593,23 @@ No
<h5>Summary</h5>
<p>
Allow caller to set selinux security parameters.
Allow caller to set SELinux access vector cache parameters.
</p>
<h5>Description</h5>
<p>
</p><p>
Allow caller to set SELinux access vector cache parameters.
The allows the domain to set performance related parameters
of the AVC, such as cache threshold.
</p><p>
</p><p>
Since this is a security event, this action is
always audited.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -600,7 +648,7 @@ No
<h5>Summary</h5>
<p>
Unconfined access to the SELinux security server.
Unconfined access to the SELinux kernel security server.
</p>

View File

@ -85,6 +85,8 @@
<p><p>Policy for terminals.</p></p>
<p>This module is required to be included in all policies.</p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
@ -115,12 +117,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Create a pty in the /dev/pts directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -167,14 +169,14 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to get the
attributes of any user pty
device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -211,14 +213,14 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to get the
attributes of any user tty
device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -255,13 +257,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to get the attributes
of all unallocated tty device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -298,13 +300,56 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to read the
/dev/pts directory to.
/dev/pts directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_term_dontaudit_manage_pty_dir"></a>
<div id="interface">
<div id="codeblock">
<b>term_dontaudit_manage_pty_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to create, read,
write, or delete the /dev/pts directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -341,13 +386,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to read any
user ptys.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -384,13 +429,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to read or write
any user ttys.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -427,13 +472,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attemtps to read from
or write to the console.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -470,14 +515,14 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Dot not audit attempts to read and
write the generic pty type. This is
generally only used in the targeted policy.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -514,13 +559,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to read and
write the pty multiplexor (/dev/ptmx).
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -557,13 +602,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to read or
write unallocated ttys.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -600,13 +645,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Get the attributes of all user
pty device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -643,13 +688,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Get the attributes of all user tty
device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -686,13 +731,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Get the attributes of all unallocated
tty device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -729,13 +774,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read the /dev/pts directory to
list all ptys.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -772,13 +817,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Transform specified type into a pty type
used by login programs, such as sshd.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -815,12 +860,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Transform specified type into a pty type.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -857,13 +902,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Relabel from and to all user
user pty device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -900,13 +945,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Relabel from and to all user
user tty device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -943,13 +988,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Relabel from and to the unallocated
tty type.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1028,13 +1073,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Relabel from all user tty types to
the unallocated tty type.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1114,13 +1159,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Set the attributes of all user tty
device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1157,13 +1202,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Set the attributes of the console
device node.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1200,13 +1245,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Set the attributes of all unallocated
tty device nodes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1243,12 +1288,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Transform specified type into a tty type.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1285,13 +1330,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read and write the console, all
ttys and all ptys.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1328,12 +1373,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read and write all user ptys.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1370,12 +1415,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read and write all user to all user ttys.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1412,12 +1457,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read from and write to the console.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1454,13 +1499,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read and write the controlling
terminal (/dev/tty).
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1497,14 +1542,14 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read and write the generic pty
type. This is generally only used in
the targeted policy.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1541,12 +1586,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read and write unallocated ttys.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1591,14 +1636,14 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Transform specified type into an user
pty type. This allows it to be relabeled via
type change by login programs such as ssh.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1646,12 +1691,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Write to all user ttys.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1688,12 +1733,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Write to the console.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1730,12 +1775,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Write to unallocated ttys.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -31,33 +31,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
@ -101,11 +128,26 @@
</td></tr>
<tr><td>
<a href='services_bind.html'>
bind</a></td>
<td><p>Berkeley internet name domain DNS server.</p></td>
<tr><td>
<a href='services_cron.html'>
cron</a></td>
<td><p>Periodic execution of scheduled commands.</p></td>
<tr><td>
<a href='services_gpm.html'>
gpm</a></td>
<td><p>General Purpose Mouse driver</p></td>
<tr><td>
<a href='services_howl.html'>
howl</a></td>
<td><p>Port of Apple Rendezvous multicast DNS</p></td>
<tr><td>
<a href='services_inetd.html'>
inetd</a></td>
@ -116,11 +158,21 @@
kerberos</a></td>
<td><p>MIT Kerberos admin and KDC</p></td>
<tr><td>
<a href='services_ldap.html'>
ldap</a></td>
<td><p>OpenLDAP directory server</p></td>
<tr><td>
<a href='services_mta.html'>
mta</a></td>
<td><p>Policy common to all email tranfer agents.</p></td>
<tr><td>
<a href='services_mysql.html'>
mysql</a></td>
<td><p>Policy for MySQL</p></td>
<tr><td>
<a href='services_nis.html'>
nis</a></td>
@ -131,11 +183,26 @@
nscd</a></td>
<td><p>Name service cache daemon</p></td>
<tr><td>
<a href='services_privoxy.html'>
privoxy</a></td>
<td><p>Privacy enhancing web proxy.</p></td>
<tr><td>
<a href='services_remotelogin.html'>
remotelogin</a></td>
<td><p>Policy for rshd, rlogind, and telnetd.</p></td>
<tr><td>
<a href='services_rshd.html'>
rshd</a></td>
<td><p>Remote shell service.</p></td>
<tr><td>
<a href='services_rsync.html'>
rsync</a></td>
<td><p>Fast incremental file transfer for synchronization</p></td>
<tr><td>
<a href='services_sendmail.html'>
sendmail</a></td>
@ -146,6 +213,11 @@
ssh</a></td>
<td><p>Secure shell client and server policy.</p></td>
<tr><td>
<a href='services_tcpd.html'>
tcpd</a></td>
<td><p>Policy for TCP daemon.</p></td>
</td></tr>

View File

@ -0,0 +1,377 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: services</h1><p/>
<h2>Module: bind</h2><p/>
<h3>Description:</h3>
<p><p>Berkeley internet name domain DNS server.</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_bind_domtrans_ndc"></a>
<div id="interface">
<div id="codeblock">
<b>bind_domtrans_ndc</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute ndc in the ndc domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_bind_read_config"></a>
<div id="interface">
<div id="codeblock">
<b>bind_read_config</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read BIND named configuration files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_bind_run_ndc"></a>
<div id="interface">
<div id="codeblock">
<b>bind_run_ndc</b>(
domain
,
role
,
terminal
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute ndc in the ndc domain, and
allow the specified role the ndc domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
<tr><td>
role
</td><td>
The role to be allowed the bind domain.
</td><td>
No
</td></tr>
<tr><td>
terminal
</td><td>
The type of the terminal allow the bind domain to use.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_bind_setattr_pid_dir"></a>
<div id="interface">
<div id="codeblock">
<b>bind_setattr_pid_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to set the attributes
of the BIND pid directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_bind_write_config"></a>
<div id="interface">
<div id="codeblock">
<b>bind_write_config</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Write BIND named configuration files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -31,33 +31,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;

View File

@ -0,0 +1,259 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: services</h1><p/>
<h2>Module: gpm</h2><p/>
<h3>Description:</h3>
<p><p>General Purpose Mouse driver</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_gpm_dontaudit_getattr_gpmctl"></a>
<div id="interface">
<div id="codeblock">
<b>gpm_dontaudit_getattr_gpmctl</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to get the
attributes of the GPM control channel
named socket.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_gpm_getattr_gpmctl"></a>
<div id="interface">
<div id="codeblock">
<b>gpm_getattr_gpmctl</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Get the attributes of the GPM
control channel named socket.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_gpm_setattr_gpmctl"></a>
<div id="interface">
<div id="codeblock">
<b>gpm_setattr_gpmctl</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Set the attributes of the GPM
control channel named socket.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -0,0 +1,123 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: services</h1><p/>
<h2>Module: howl</h2><p/>
<h3>Description:</h3>
<p><p>Port of Apple Rendezvous multicast DNS</p></p>
</div>
</body>
</html>

View File

@ -31,33 +31,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
@ -161,6 +188,48 @@ No
</div>
</div>
<a name="link_inetd_domtrans_child"></a>
<div id="interface">
<div id="codeblock">
<b>inetd_domtrans_child</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Run inetd child process in the inet child domain
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_inetd_service_domain"></a>
<div id="interface">
@ -221,13 +290,13 @@ No
</div>
</div>
<a name="link_inetd_tcp_connectto"></a>
<a name="link_inetd_tcp_connect"></a>
<div id="interface">
<div id="codeblock">
<b>inetd_tcp_connectto</b>(
<b>inetd_tcp_connect</b>(
@ -383,6 +452,48 @@ No
</div>
</div>
<a name="link_inetd_use_fd"></a>
<div id="interface">
<div id="codeblock">
<b>inetd_use_fd</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Inherit and use file descriptors from inetd.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>

View File

@ -31,33 +31,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
@ -112,13 +139,13 @@ Clients:
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_kerberos_read_conf"></a>
<a name="link_kerberos_read_config"></a>
<div id="interface">
<div id="codeblock">
<b>kerberos_read_conf</b>(
<b>kerberos_read_config</b>(
@ -136,6 +163,48 @@ Read the kerberos configuration file (/etc/krb5.conf).
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_kerberos_rw_config"></a>
<div id="interface">
<div id="codeblock">
<b>kerberos_rw_config</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read and write the kerberos configuration file (/etc/krb5.conf).
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -0,0 +1,214 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: services</h1><p/>
<h2>Module: ldap</h2><p/>
<h3>Description:</h3>
<p><p>OpenLDAP directory server</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_ldap_list_db_dir"></a>
<div id="interface">
<div id="codeblock">
<b>ldap_list_db_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read the contents of the OpenLDAP
database directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_ldap_read_config"></a>
<div id="interface">
<div id="codeblock">
<b>ldap_read_config</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read the OpenLDAP configuration files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -31,33 +31,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
@ -366,12 +393,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read mail address aliases.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -0,0 +1,424 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: services</h1><p/>
<h2>Module: mysql</h2><p/>
<h3>Description:</h3>
<p><p>Policy for MySQL</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_mysql_manage_db_dir"></a>
<div id="interface">
<div id="codeblock">
<b>mysql_manage_db_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete MySQL database directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_mysql_read_config"></a>
<div id="interface">
<div id="codeblock">
<b>mysql_read_config</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read MySQL configuration files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_mysql_rw_db_dir"></a>
<div id="interface">
<div id="codeblock">
<b>mysql_rw_db_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read and write to the MySQL database directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_mysql_search_db_dir"></a>
<div id="interface">
<div id="codeblock">
<b>mysql_search_db_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Search the directories that contain MySQL
database storage.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_mysql_signal"></a>
<div id="interface">
<div id="codeblock">
<b>mysql_signal</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Send a generic signal to MySQL.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_mysql_stream_connect"></a>
<div id="interface">
<div id="codeblock">
<b>mysql_stream_connect</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Connect to MySQL using a unix domain stream socket.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_mysql_write_log"></a>
<div id="interface">
<div id="codeblock">
<b>mysql_write_log</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Write to the MySQL log.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -31,33 +31,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;

View File

@ -31,33 +31,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;

View File

@ -0,0 +1,123 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: services</h1><p/>
<h2>Module: privoxy</h2><p/>
<h3>Description:</h3>
<p><p>Privacy enhancing web proxy.</p></p>
</div>
</body>
</html>

View File

@ -31,33 +31,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
@ -110,12 +137,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Domain transition to the remote login domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -0,0 +1,171 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: services</h1><p/>
<h2>Module: rshd</h2><p/>
<h3>Description:</h3>
<p><p>Remote shell service.</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_rshd_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>rshd_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Domain transition to rshd.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>

View File

@ -0,0 +1,123 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: services</h1><p/>
<h2>Module: rsync</h2><p/>
<h3>Description:</h3>
<p><p>Fast incremental file transfer for synchronization</p></p>
</div>
</body>
</html>

View File

@ -31,33 +31,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
@ -110,12 +137,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Domain transition to sendmail.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -31,33 +31,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;

View File

@ -0,0 +1,123 @@
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: services</h1><p/>
<h2>Module: tcpd</h2><p/>
<h3>Description:</h3>
<p><p>Policy for TCP daemon.</p></p>
</div>
</body>
</html>

View File

@ -146,6 +146,48 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_auth_create_login_records"></a>
<div id="interface">
<div id="codeblock">
<b>auth_create_login_records</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_delete_pam_pid"></a>
<div id="interface">
@ -164,12 +206,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Delete pam PID files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -206,12 +248,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Run unix_chkpwd to check a password.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -256,12 +298,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute a login_program in the target domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -308,12 +350,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute pam programs in the pam domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -392,12 +434,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute utempter programs in the utempter domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -477,13 +519,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to read the shadow
password file (/etc/shadow).
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -562,12 +604,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute the pam program.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -688,12 +730,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Use the login program as an entry point program.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -742,13 +784,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Manage all files on the filesystem, except
the shadow passwords and listed exceptions.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1048,12 +1090,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read the shadow passwords file (/etc/shadow)
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1102,13 +1144,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Relabel all files on the filesystem, except
the shadow passwords and listed exceptions.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1214,12 +1256,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute pam programs in the PAM domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1292,12 +1334,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute utempter programs in the utempter domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1480,12 +1522,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read and write the shadow password file (/etc/shadow).
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1565,6 +1607,80 @@ No
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_auth_domtrans_user_chk_passwd"></a>
<div id="template">
<div id="codeblock">
<b>auth_domtrans_user_chk_passwd</b>(
userdomain_prefix
,
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Run unix_chkpwd to check a password
for a user domain.
</p>
<h5>Description</h5>
<p>
</p><p>
Run unix_chkpwd to check a password
for a user domain.
</p><p>
</p><p>
This is a templated interface, and should only
be called from a per-userdomain template.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
userdomain_prefix
</td><td>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</td><td>
No
</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_authlogin_per_userdomain_template"></a>
<div id="template">

View File

@ -161,12 +161,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute hwclock in the clock domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -203,12 +203,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute hwclock in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -261,13 +261,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute hwclock in the clock domain, and
allow the specified role the hwclock domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -324,12 +324,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow executing domain to modify clock drift
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -1207,6 +1207,13 @@ No
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute a shell in the target domain. This
is an explicit transition, requiring the
caller to use setexeccon().
</p>
<h5>Description</h5>
<p>

View File

@ -148,13 +148,13 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_domain_base_domain_type"></a>
<a name="link_domain_base_type"></a>
<div id="interface">
<div id="codeblock">
<b>domain_base_domain_type</b>(
<b>domain_base_type</b>(
@ -349,13 +349,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to get the attributes
of all domains unix datagram sockets.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -392,13 +392,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to get the attributes
of all domains unnamed pipes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -478,13 +478,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit attempts to read the process state
directories of all domains.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -800,6 +800,49 @@ No
</div>
</div>
<a name="link_domain_getattr_all_entry_files"></a>
<div id="interface">
<div id="codeblock">
<b>domain_getattr_all_entry_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Get the attributes of entry point
files for all domains.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_domain_getattr_all_sockets"></a>
<div id="interface">
@ -915,12 +958,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Send a kill signal to all domains.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -957,13 +1000,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Makes caller an exception to the constraint preventing
changing the user identity in object contexts.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1084,13 +1127,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Makes caller an exception to the constraint preventing
changing of role.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1169,12 +1212,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Send a child terminated signal to all domains.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1254,12 +1297,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Send general signals to all domains.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1296,12 +1339,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Send a null signal to all domains.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1338,12 +1381,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Send a stop signal to all domains.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1380,13 +1423,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Makes caller an exception to the constraint preventing
changing of user identity.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -653,48 +653,6 @@ No
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_delete_all_tmp_files"></a>
<div id="interface">
<div id="codeblock">
<b>files_delete_all_tmp_files</b>(
?
@ -1196,6 +1154,50 @@ No
</div>
</div>
<a name="link_files_dontaudit_read_etc_runtime_files"></a>
<div id="interface">
<div id="codeblock">
<b>files_dontaudit_read_etc_runtime_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to read files
in /etc that are dynamically
created on boot, such as mtab.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_dontaudit_read_root_file"></a>
<div id="interface">
@ -1364,6 +1366,48 @@ No
</div>
</div>
<a name="link_files_dontaudit_search_home"></a>
<div id="interface">
<div id="codeblock">
<b>files_dontaudit_search_home</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to search home directories root.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_dontaudit_search_isid_type_dir"></a>
<div id="interface">
@ -1713,7 +1757,7 @@ No
?
domain
)<br>
@ -1722,7 +1766,7 @@ No
<h5>Summary</h5>
<p>
Summary is missing!
Get the attributes of all files.
</p>
@ -1731,10 +1775,10 @@ Summary is missing!
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
domain
</td><td>
Parameter descriptions are missing!
Domain allowed access.
</td><td>
No
@ -1912,6 +1956,48 @@ No
</div>
</div>
<a name="link_files_getattr_usr_files"></a>
<div id="interface">
<div id="codeblock">
<b>files_getattr_usr_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Get the attributes of files in /usr.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_getattr_var_lib_dir"></a>
<div id="interface">
@ -1965,6 +2051,48 @@ No
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
List the contents of all directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_list_all_dirs"></a>
<div id="interface">
<div id="codeblock">
<b>files_list_all_dirs</b>(
?
@ -2333,6 +2461,48 @@ No
</div>
</div>
<a name="link_files_list_var_lib"></a>
<div id="interface">
<div id="codeblock">
<b>files_list_var_lib</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
List the contents of the /var/lib directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_list_world_readable"></a>
<div id="interface">
@ -2536,7 +2706,7 @@ No
?
domain
)<br>
@ -2545,7 +2715,9 @@ No
<h5>Summary</h5>
<p>
Summary is missing!
Create, read, write, and delete files in
/etc that are dynamically created on boot,
such as mtab.
</p>
@ -2554,10 +2726,10 @@ Summary is missing!
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
domain
</td><td>
Parameter descriptions are missing!
Domain allowed access.
</td><td>
No
@ -2975,6 +3147,90 @@ Create, read, write, and delete directories in /mnt.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_manage_mnt_files"></a>
<div id="interface">
<div id="codeblock">
<b>files_manage_mnt_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete files in /mnt.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_manage_mnt_symlinks"></a>
<div id="interface">
<div id="codeblock">
<b>files_manage_mnt_symlinks</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete symbolic links in /mnt.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -3035,6 +3291,134 @@ No
</div>
</div>
<a name="link_files_manage_var_dirs"></a>
<div id="interface">
<div id="codeblock">
<b>files_manage_var_dirs</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete directories
in the /var directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_manage_var_files"></a>
<div id="interface">
<div id="codeblock">
<b>files_manage_var_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete files in the /var directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_manage_var_symlinks"></a>
<div id="interface">
<div id="codeblock">
<b>files_manage_var_symlinks</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete symbolic
links in the /var directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_mount_all_file_type_fs"></a>
<div id="interface">
@ -3288,6 +3672,90 @@ No
</div>
</div>
<a name="link_files_purge_tmp"></a>
<div id="interface">
<div id="codeblock">
<b>files_purge_tmp</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_read_all_files"></a>
<div id="interface">
<div id="codeblock">
<b>files_read_all_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read all files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_read_all_pids"></a>
<div id="interface">
@ -3330,6 +3798,48 @@ No
</div>
</div>
<a name="link_files_read_all_symlinks"></a>
<div id="interface">
<div id="codeblock">
<b>files_read_all_symlinks</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read all symbolic links.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_read_default_files"></a>
<div id="interface">
@ -3551,7 +4061,7 @@ No
?
domain
)<br>
@ -3560,7 +4070,8 @@ No
<h5>Summary</h5>
<p>
Summary is missing!
Read files in /etc that are dynamically
created on boot, such as mtab.
</p>
@ -3569,10 +4080,10 @@ Summary is missing!
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
domain
</td><td>
Parameter descriptions are missing!
Domain allowed access.
</td><td>
No
@ -3751,6 +4262,48 @@ No
</div>
</div>
<a name="link_files_read_usr_symlinks"></a>
<div id="interface">
<div id="codeblock">
<b>files_read_usr_symlinks</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read symbolic links in /usr.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_read_var_files"></a>
<div id="interface">
@ -4153,6 +4706,48 @@ No
</div>
</div>
<a name="link_files_relabelto_usr_files"></a>
<div id="interface">
<div id="codeblock">
<b>files_relabelto_usr_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Relabel a file to the type used in /usr.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_rw_etc_files"></a>
<div id="interface">
@ -4427,7 +5022,7 @@ No
<h5>Summary</h5>
<p>
Search home directories.
Search home directories root.
</p>
@ -4637,7 +5232,7 @@ No
<h5>Summary</h5>
<p>
Search the tmp directory (/tmp)
Search the tmp directory (/tmp).
</p>
@ -4767,6 +5362,48 @@ Search the /var/lib directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_files_setattr_all_tmp_dirs"></a>
<div id="interface">
<div id="codeblock">
<b>files_setattr_all_tmp_dirs</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Set the attributes of all tmp directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -161,12 +161,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute fs tools in the fstools domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -203,12 +203,98 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute fsadm in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_fstools_manage_entry_files"></a>
<div id="interface">
<div id="codeblock">
<b>fstools_manage_entry_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create, read, write, and delete a file used by the
filesystem tools programs.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_fstools_relabelto_entry_files"></a>
<div id="interface">
<div id="codeblock">
<b>fstools_relabelto_entry_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Relabel a file to the type used by the
filesystem tools programs.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -261,13 +347,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute fs tools in the fstools domain, and
allow the specified role the fs tools domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -161,12 +161,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute gettys in the getty domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -203,12 +203,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow process to edit getty config file.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -245,12 +245,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow process to read getty config file.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -287,12 +287,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow process to read getty log file.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -810,6 +810,133 @@ No
</div>
</div>
<a name="link_init_list_script_pids"></a>
<div id="interface">
<div id="codeblock">
<b>init_list_script_pids</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
List the contents of an init script
process id directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_init_read_script"></a>
<div id="interface">
<div id="codeblock">
<b>init_read_script</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read init scripts.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_init_read_script_file"></a>
<div id="interface">
<div id="codeblock">
<b>init_read_script_file</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read init scripts.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_init_read_script_pid"></a>
<div id="interface">
@ -928,10 +1055,19 @@ No
</div>
<div id="description">
<h5>Summary</h5>
<p>
Start and stop daemon programs directly.
</p>
<h5>Description</h5>
<p>
Start and stop daemon programs directly.
</p><p>
Start and stop daemon programs directly
in the traditional "/etc/init.d/daemon start"
style, and do not require run_init.
</p><p>
</p>
<h5>Parameters</h5>
@ -1380,7 +1516,7 @@ No
?
domain
)<br>
@ -1389,19 +1525,30 @@ No
<h5>Summary</h5>
<p>
Summary is missing!
Read and write the init script pty.
</p>
<h5>Description</h5>
<p>
</p><p>
Read and write the init script pty. This
pty is generally opened by the open_init_pty
portion of the run_init program so that the
daemon does not require direct access to
the administrator terminal.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
domain
</td><td>
Parameter descriptions are missing!
The type of the process performing this action.
</td><td>
No

View File

@ -143,48 +143,6 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_ipsec_connectto_unix_stream_socket"></a>
<div id="interface">
<div id="codeblock">
<b>ipsec_connectto_unix_stream_socket</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Connect to an IPSEC unix domain stream socket.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_ipsec_domtrans"></a>
<div id="interface">
@ -377,6 +335,48 @@ Read the IPSEC configuration
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_ipsec_stream_connect"></a>
<div id="interface">
<div id="codeblock">
<b>ipsec_stream_connect</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Connect to IPSEC using a unix domain stream socket.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -161,12 +161,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute iptables in the iptables domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -203,12 +203,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute iptables in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -261,13 +261,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute iptables in the iptables domain, and
allow the specified role the iptables domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -380,6 +380,48 @@ as static libraries.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_libs_relabelto_lib_files"></a>
<div id="interface">
<div id="codeblock">
<b>libs_relabelto_lib_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Relabel files to the type used in library directories.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -623,14 +623,14 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allows the domain to open a file in the
log directory, but does not allow the listing
of the contents of the log directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -161,12 +161,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute lvm programs in the lvm domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -203,12 +203,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read LVM configuration files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -261,12 +261,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute lvm programs in the lvm domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -161,12 +161,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute depmod in the depmod domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -203,12 +203,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute insmod in the insmod domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -245,12 +245,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute depmod in the depmod domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -413,12 +413,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read the dependencies of kernel modules.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -455,13 +455,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Read the configuration options used when
loading modules.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -514,12 +514,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute depmod in the depmod domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -592,8 +592,7 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute insmod in the insmod domain, and
allow the specified role the insmod domain,
@ -601,6 +600,7 @@ and use the caller's terminal. Has a sigchld
backchannel.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -673,12 +673,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute update_modules in the update_modules domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -161,12 +161,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute mount in the mount domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -219,14 +219,14 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute mount in the mount domain, and
allow the specified role the mount domain,
and use the caller's terminal.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -283,13 +283,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow the mount domain to send nfs requests for mounting
network drives
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -326,12 +326,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Use file descriptors for mount.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -203,12 +203,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute checkpolicy in the checkpolicy domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -245,12 +245,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute load_policy in the load_policy domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -287,12 +287,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute newrole in the load_policy domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -329,12 +329,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute restorecon in the restorecon domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -371,12 +371,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute run_init in the run_init domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -413,12 +413,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute setfiles in the setfiles domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -498,13 +498,13 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Do not audit the caller attempts to send
a signal to newrole.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1087,12 +1087,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Allow the caller to relabel a file to the binary policy type.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1145,8 +1145,7 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute checkpolicy in the checkpolicy domain, and
allow the specified role the checkpolicy domain,
@ -1154,6 +1153,7 @@ and use the caller's terminal.
Has a SIGCHLD signal backchannel.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1226,8 +1226,7 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute load_policy in the load_policy domain, and
allow the specified role the load_policy domain,
@ -1235,6 +1234,7 @@ and use the caller's terminal.
Has a SIGCHLD signal backchannel.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1307,14 +1307,14 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute newrole in the newrole domain, and
allow the specified role the newrole domain,
and use the caller's terminal.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1387,14 +1387,14 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute restorecon in the restorecon domain, and
allow the specified role the restorecon domain,
and use the caller's terminal.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1467,14 +1467,14 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute run_init in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -1547,14 +1547,14 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute setfiles in the setfiles domain, and
allow the specified role the setfiles domain,
and use the caller's terminal.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -143,6 +143,49 @@
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_sysnet_create_config"></a>
<div id="interface">
<div id="codeblock">
<b>sysnet_create_config</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create files in /etc with the type used for
the network config files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_sysnet_domtrans_dhcpc"></a>
<div id="interface">
@ -161,12 +204,12 @@
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute dhcp client in dhcpc domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -203,12 +246,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute ifconfig in the ifconfig domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
@ -471,14 +514,14 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute ifconfig in the ifconfig domain, and
allow the specified role the ifconfig domain,
and use the caller's terminal.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

View File

@ -319,12 +319,12 @@ No
</div>
<div id="description">
<h5>Description</h5>
<h5>Summary</h5>
<p>
Execute specified programs in the unconfined domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

File diff suppressed because it is too large Load Diff

View File

@ -13,21 +13,42 @@
admin</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_acct.html'>
acct</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_consoletype.html'>
consoletype</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_dmesg.html'>
dmesg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_firstboot.html'>
firstboot</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_logrotate.html'>
logrotate</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_netutils.html'>
netutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_quota.html'>
quota</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_rpm.html'>
rpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_su.html'>
su</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_sudo.html'>
sudo</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_tmpreaper.html'>
tmpreaper</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_updfstab.html'>
updfstab</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='admin_usermanage.html'>
usermanage</a><br/>
@ -40,6 +61,9 @@
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_gpg.html'>
gpg</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='apps_loadkeys.html'>
loadkeys</a><br/>
</div>
<a href="kernel.html">+&nbsp;
@ -76,33 +100,60 @@
services</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_bind.html'>
bind</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_cron.html'>
cron</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_gpm.html'>
gpm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_howl.html'>
howl</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_inetd.html'>
inetd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_kerberos.html'>
kerberos</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ldap.html'>
ldap</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mta.html'>
mta</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_mysql.html'>
mysql</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nis.html'>
nis</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_nscd.html'>
nscd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_privoxy.html'>
privoxy</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_remotelogin.html'>
remotelogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rshd.html'>
rshd</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_rsync.html'>
rsync</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_sendmail.html'>
sendmail</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_ssh.html'>
ssh</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='services_tcpd.html'>
tcpd</a><br/>
</div>
<a href="system.html">+&nbsp;
@ -231,6 +282,41 @@ The template for creating an administrative user.
</div>
<div id="templatesmall">
Module: <a href='system_authlogin.html#link_auth_domtrans_user_chk_passwd'>
authlogin</a><p/>
Layer: <a href='system.html'>
system</a><p/>
<div id="codeblock">
<b>auth_domtrans_user_chk_passwd</b>(
userdomain_prefix
,
domain
)<br>
</div>
<div id="description">
<p>
Run unix_chkpwd to check a password
for a user domain.
</p>
</div>
</div>
<div id="templatesmall">
Module: <a href='system_authlogin.html#link_authlogin_per_userdomain_template'>
authlogin</a><p/>
@ -492,6 +578,58 @@ The template to define a ssh server.
</div>
<div id="templatesmall">
Module: <a href='admin_su.html#link_su_per_userdomain_template'>
su</a><p/>
Layer: <a href='admin.html'>
admin</a><p/>
<div id="codeblock">
<b>su_per_userdomain_template</b>(
userdomain_prefix
)<br>
</div>
<div id="description">
<p>
The per user domain template for the su module.
</p>
</div>
</div>
<div id="templatesmall">
Module: <a href='admin_sudo.html#link_sudo_per_userdomain_template'>
sudo</a><p/>
Layer: <a href='admin.html'>
admin</a><p/>
<div id="codeblock">
<b>sudo_per_userdomain_template</b>(
userdomain_prefix
)<br>
</div>
<div id="description">
<p>
The per user domain template for the sudo module.
</p>
</div>
</div>
<div id="templatesmall">
Module: <a href='system_unconfined.html#link_unconfined_domain_template'>
unconfined</a><p/>
@ -544,6 +682,319 @@ The template for creating a unprivileged user.
</div>
<div id="templatesmall">
Module: <a href='system_userdomain.html#link_userdom_exec_user_home_files'>
userdomain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
<div id="codeblock">
<b>userdom_exec_user_home_files</b>(
domain
,
userdomain_prefix
)<br>
</div>
<div id="description">
<p>
Execute user home files.
</p>
</div>
</div>
<div id="templatesmall">
Module: <a href='system_userdomain.html#link_userdom_manage_user_home_subdir_files'>
userdomain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
<div id="codeblock">
<b>userdom_manage_user_home_subdir_files</b>(
domain
,
userdomain_prefix
)<br>
</div>
<div id="description">
<p>
Create, read, write, and delete files
in a user home subdirectory.
</p>
</div>
</div>
<div id="templatesmall">
Module: <a href='system_userdomain.html#link_userdom_manage_user_home_subdir_symlinks'>
userdomain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
<div id="codeblock">
<b>userdom_manage_user_home_subdir_symlinks</b>(
domain
,
userdomain_prefix
)<br>
</div>
<div id="description">
<p>
Create, read, write, and delete symbolic links
in a user home subdirectory.
</p>
</div>
</div>
<div id="templatesmall">
Module: <a href='system_userdomain.html#link_userdom_manage_user_tmp_dirs'>
userdomain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
<div id="codeblock">
<b>userdom_manage_user_tmp_dirs</b>(
domain
,
userdomain_prefix
)<br>
</div>
<div id="description">
<p>
Create, read, write, and delete user
temporary directories.
</p>
</div>
</div>
<div id="templatesmall">
Module: <a href='system_userdomain.html#link_userdom_manage_user_tmp_files'>
userdomain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
<div id="codeblock">
<b>userdom_manage_user_tmp_files</b>(
domain
,
userdomain_prefix
)<br>
</div>
<div id="description">
<p>
Create, read, write, and delete user
temporary files.
</p>
</div>
</div>
<div id="templatesmall">
Module: <a href='system_userdomain.html#link_userdom_manage_user_tmp_pipes'>
userdomain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
<div id="codeblock">
<b>userdom_manage_user_tmp_pipes</b>(
domain
,
userdomain_prefix
)<br>
</div>
<div id="description">
<p>
Create, read, write, and delete user
temporary named pipes.
</p>
</div>
</div>
<div id="templatesmall">
Module: <a href='system_userdomain.html#link_userdom_manage_user_tmp_sockets'>
userdomain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
<div id="codeblock">
<b>userdom_manage_user_tmp_sockets</b>(
domain
,
userdomain_prefix
)<br>
</div>
<div id="description">
<p>
Create, read, write, and delete user
temporary named sockets.
</p>
</div>
</div>
<div id="templatesmall">
Module: <a href='system_userdomain.html#link_userdom_manage_user_tmp_symlinks'>
userdomain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
<div id="codeblock">
<b>userdom_manage_user_tmp_symlinks</b>(
domain
,
userdomain_prefix
)<br>
</div>
<div id="description">
<p>
Create, read, write, and delete user
temporary symbolic links.
</p>
</div>
</div>
<div id="templatesmall">
Module: <a href='system_userdomain.html#link_userdom_use_user_terminals'>
userdomain</a><p/>
Layer: <a href='system.html'>
system</a><p/>
<div id="codeblock">
<b>userdom_use_user_terminals</b>(
domain
,
userdomain_prefix
)<br>
</div>
<div id="description">
<p>
Read and write a user domain tty and pty.
</p>
</div>
</div>
</div>
</body>

View File

@ -1,32 +1,87 @@
<h1>Project Overview</h1>
<p>
The SELinux Reference Policy project (refpolicy) is creating a complete SELinux policy as an alternative to the existing strict and targeted policies available from <a href="http://selinux.sf.net">http://selinux.sf.net</a>. Once complete, this policy will be able to be used as the system policy for a variety of systems and used as the basis for creating other policies. Refpolicy is based on the current strict and targeted policies, but aims to accomplish many additional goals.
The SELinux Reference Policy project (refpolicy) is creating a complete SELinux
policy as an alternative to the existing strict and targeted policies available
from <a href="http://selinux.sf.net">http://selinux.sf.net</a>. Once complete,
this policy will be able to be used as the system policy for a variety of
systems and used as the basis for creating other policies. Refpolicy is based on
the current strict and targeted policies, but aims to accomplish many additional
goals.
</p>
<br/>
<p>
Refpolicy is under active development, with support and full time development staff from <a href="http://www.tresys.com/selinux">Tresys Technology</a>. The first release is available from the <a href="index.php?page=download">download</a> page. This release is far from complete and is not usable as a drop in replacement for the existing policies. It is for interested policy developers and community members to examine and comment upon. The <a href="index.php?page=status">status</a> page has more details on what is included in the current release. This project is just getting started and we are looking for policy developers interested in <a href="index.php?page=contributing">contributing</a>.
Refpolicy is under active development, with support and full time development
staff from <a href="http://www.tresys.com/selinux">Tresys Technology</a>. The
first release is available from the <a href="index.php?page=download">download</a>
page. This release is far from complete and is not usable as a drop in
replacement for the existing policies. It is for interested policy developers
and community members to examine and comment upon. The
<a href="index.php?page=status">status</a> page has more details on what is
included in the current release. This project is just getting started and we are
looking for policy developers interested in <a href="index.php?page=contributing">contributing</a>.
</p>
<br>
<h1>Project Goals</h1>
<h2>Security</h2>
<p>Security is the reason for existence for SELinux policies and must, therefore, always be the first priority. The common view of security as a binary state (secure or not secure) is not a sufficient goal for developing an SELinux policy. In reality, different systems have different requirements and purposes and corresponding differences in the meaning of secure. What is a fundamental security flaw on one system might be the acceptable, or even the primary functionality, of another. The challenge for a system policies like the current strict and targeted policy or refpolicy is to support as many of these differring security goals as is practical. To accomplish this refpolicy will provide:
<p>Security is the reason for existence for SELinux policies and must,
therefore, always be the first priority. The common view of security as a binary
state (secure or not secure) is not a sufficient goal for developing an SELinux
policy. In reality, different systems have different requirements and purposes
and corresponding differences in the meaning of secure. What is a fundamental
security flaw on one system might be the acceptable, or even the primary
functionality, of another. The challenge for a system policies like the current
strict and targeted policy or refpolicy is to support as many of these differring
security goals as is practical. To accomplish this refpolicy will provide:
</p>
<ul>
<li><b>Security Goals:</b> clearly stated security goals will for each component of the policy. This will allow policy developers to determine if a given component meets their security needs.</li>
<LI><b>Flexible Base Policy:</b> a base policy that protects the basic operating system and serves as a foundation to the rest of the policy. This base policy should be able to support a variety of application policies with differing security goals.</LI>
<li><b>Application Policy Variations:</b> application policy variations that make different security tradeoffs. For example, two Apache policies might be created. One that is for serving read-only, static content that is severely restricted and another that is appropriate for dynamic content.</li>
<li><b>Configuration Tools:</b> configuration tools that allow the policy developer to make important security decisions including defining roles, configuring networking, and trading legacy compatibility for increased security.</li>
<li><b>Multi-Level Security</b>: MLS will be supported out-of-the-box without requiring destructive changes to the policy. It will be possible to compile and MLS and non-MLS policy from the same policy files by switching a configuration option.</li>
<li><b>Security Goals:</b> clearly stated security goals will for each
component of the policy. This will allow policy developers to
determine if a given component meets their security needs.
</li>
<li><b>Flexible Base Policy:</b> a base policy that protects the basic
operating system and serves as a foundation to the rest of the
policy. This base policy should be able to support a variety of
application policies with differing security goals.
</li>
<li><b>Application Policy Variations:</b> application policy variations
that make different security tradeoffs. For example, two Apache
policies might be created. One that is for serving read-only,
static content that is severely restricted and another that is
appropriate for dynamic content.
</li>
<li><b>Configuration Tools:</b> configuration tools that allow the
policy developer to make important security decisions including
defining roles, configuring networking, and trading legacy
compatibility for increased security.
</li>
<li><b>Multi-Level Security</b>: MLS will be supported out-of-the-box
without requiring destructive changes to the policy. It will be
possible to compile and MLS and non-MLS policy from the same
policy files by switching a configuration option.
</li>
</ul>
<h2>Usability and Documentation</h2>
<p>
The difficulty and complexity of creating SELinux policies has become the number one barrier to the adoption of SELinux. It also potentially reduces the security of the policies: a policy that is too complex to easily understand is difficult to make secure. Refpolicy aims to make aggressive improvements in this area, making policies easier to develop, understand, and analyze. This will be addressed through improved structuring and organization, the addition of modularity and abstraction, and documentation. See <a href="index.php?page=getting-started">getting started</a> and <a href="index.php?page=documentation">documentation</a> for more information.
The difficulty and complexity of creating SELinux policies has become the number
one barrier to the adoption of SELinux. It also potentially reduces the security
of the policies: a policy that is too complex to easily understand is difficult
to make secure. Refpolicy aims to make aggressive improvements in this area,
making policies easier to develop, understand, and analyze. This will be
addressed through improved structuring and organization, the addition of
modularity and abstraction, and documentation. See
<a href="index.php?page=getting-started">getting started</a> and
<a href="index.php?page=documentation">documentation</a> for more information.
</p>
<h2>Flexibility and Configuration</h2>
<p>
Refpolicy aims to support a variety of policy configurations and formats, including standard source policies, MLS policies, and
<A href="http://sepolicy-server.sourceforge.net/index.php?page=modules">loadable policy modules</A> all from the same source tree. This is done through the addition of infrastructure for automatically handling the differences between source and loadable module based policies and the additional MLS fields to all policy statements that include contexts.
Refpolicy aims to support a variety of policy configurations and formats,
including standard source policies, MLS policies, and
<a href="http://sepolicy-server.sourceforge.net/index.php?page=modules">loadable policy modules</a>
all from the same source tree. This is done through the addition of
infrastructure for automatically handling the differences between source and
loadable module based policies and the additional MLS fields to all policy
statements that include contexts.
</p>

View File

@ -1,5 +1,5 @@
<h1>Status</h1>
<strong>Current Version: 20050802</strong>
<strong>Current Version: 20050826</strong>
<p>
See <a href="index.php?page=download">download</a> for download
information. Details of this release are part of the <a href="html/Changelog.txt">changelog</a>. This release
@ -34,7 +34,7 @@
<td>Loadable Policy Modules</td>
<td>Major improvements</td>
<td>Infrastructure is in place to support both source policy and
loadable policy modules. Makefile support planned.</td>
loadable policy modules. Makefile support completed.</td>
</tr>
<tr>
<td>Documentation Infrastructure</td>
@ -166,10 +166,8 @@ are added to reference policy, it can be updated to be in line with current
versions of the NSA example policy. For those who wish to contribute, here
is a listing of modules which need to be converted:
<ul>
<li>acct</li>
<li>arpwatch</li>
<li>automount</li>
<li>bind</li>
<li>bluetooth</li>
<li>cdrecord</li>
<li>comsat</li>
@ -178,16 +176,12 @@ is a listing of modules which need to be converted:
<li>dovecot</li>
<li>fetchmail</li>
<li>fingerd</li>
<li>firstboot</li>
<li>ftpd</li>
<li>games</li>
<li>gpm</li>
<li>howl</li>
<li>inn</li>
<li>irqbalance</li>
<li>ktalkd</li>
<li>kudzu</li>
<li>loadkeys</li>
<li>lockdev</li>
<li>mrtg</li>
<li>ntpd</li>
@ -196,7 +190,6 @@ is a listing of modules which need to be converted:
<li>postgresql</li>
<li>prelink</li>
<li>procmail</li>
<li>quota</li>
<li>radius</li>
<li>radvd</li>
<li>rlogin</li>
@ -211,12 +204,9 @@ is a listing of modules which need to be converted:
<li>squid</li>
<li>stunnel</li>
<li>sysstat</li>
<li>tcpd</li>
<li>telnet</li>
<li>tftp</li>
<li>tmpreaper</li>
<li>uml</li>
<li>updfstab</li>
<li>userhelper</li>
<li>vpnc</li>
<li>zebra</li>
@ -225,7 +215,7 @@ is a listing of modules which need to be converted:
<p>
A very minimal RedHat Enterprise Linux 4 system with the following RPMs has
can be successfully booted in enforcing mode, and users can log in locally,
with Reference Policy:
with a strict Reference Policy:
</p>
<ul>
<li>libgcc-3.4.3-9.EL4</li>