Layer: kernel

Module: corecommands

Description:

Core policy for shells, and generic programs in /bin, /sbin, /usr/bin, and /usr/sbin.

This module is required to be included in all policies.

Interfaces:

corecmd_bin_alias(
	
		domain
		
	)

Summary

Create a aliased type to generic bin files.

Description

Create a aliased type to generic bin files.

This is added to support targeted policy. Its use should be limited. It has no effect on the strict policy.

Parameters

Parameter:	Description:	Optional:
domain	Alias type for bin_t.	No

corecmd_bin_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file in a bin directory in the specified domain.

Description

Execute a file in a bin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle the ssh-agent policy.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
target_domain	The type of the new process.	No

corecmd_bin_spec_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file in a bin directory in the specified domain but do not do it automatically. This is an explicit transition, requiring the caller to use setexeccon().

Description

Execute a file in a bin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle the userhelper policy.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
target_domain	The type of the new process.	No

corecmd_check_exec_shell(
	
		domain
		
	)

Summary

Check if a shell is executable (DAC-wise).

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_dontaudit_getattr_sbin_files(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

corecmd_dontaudit_search_sbin(
	
		domain
		
	)

Summary

Do not audit attempts to search sbin directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain to not audit.	No

corecmd_exec_bin(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

corecmd_exec_chroot(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

corecmd_exec_ls(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

corecmd_exec_sbin(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

corecmd_exec_shell(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

corecmd_getattr_bin_files(
	
		domain
		
	)

Summary

Get the attributes of files in bin directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_getattr_sbin_files(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

corecmd_list_bin(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

corecmd_list_sbin(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

corecmd_manage_bin_files(
	
		domain
		
	)

Summary

Create, read, write, and delete bin files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_manage_sbin_files(
	
		domain
		
	)

Summary

Create, read, write, and delete sbin files.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_mmap_bin_files(
	
		domain
		
	)

Summary

Mmap a bin file as executable.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_mmap_sbin_files(
	
		domain
		
	)

Summary

Mmap a sbin file as executable.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_read_bin_files(
	
		domain
		
	)

Summary

Read files in bin directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_read_bin_pipes(
	
		domain
		
	)

Summary

Read pipes in bin directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_read_bin_sockets(
	
		domain
		
	)

Summary

Read named sockets in bin directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_read_bin_symlinks(
	
		domain
		
	)

Summary

Read symbolic links in bin directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_read_sbin_files(
	
		domain
		
	)

Summary

Read files in sbin directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_read_sbin_pipes(
	
		domain
		
	)

Summary

Read named pipes in sbin directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_read_sbin_sockets(
	
		domain
		
	)

Summary

Read named sockets in sbin directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_read_sbin_symlinks(
	
		domain
		
	)

Summary

Read symbolic links in sbin directories.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_relabel_bin_files(
	
		domain
		
	)

Summary

Relabel to and from the bin type.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_relabel_sbin_files(
	
		domain
		
	)

Summary

Relabel to and from the sbin type.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No

corecmd_sbin_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file in a sbin directory in the specified domain.

Description

Execute a file in a sbin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle the ssh-agent policy.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
target_domain	The type of the new process.	No

corecmd_sbin_spec_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a file in a sbin directory in the specified domain but do not do it automatically. This is an explicit transition, requiring the caller to use setexeccon().

Description

Execute a file in a sbin directory in the specified domain. This allows the specified domain to execute any file on these filesystems in the specified domain. This is not suggested.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

This interface was added to handle the userhelper policy.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
target_domain	The type of the new process.	No

corecmd_search_bin(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

corecmd_search_sbin(
	
		?
		
	)

Summary

Summary is missing!

Parameters

Parameter:	Description:	Optional:
?	Parameter descriptions are missing!	No

corecmd_shell_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a shell in the specified domain.

Description

Execute a shell in the specified domain.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
target_domain	The type of the shell process.	No

corecmd_shell_entry_type(
	
		domain
		
	)

Summary

Make the shell an entrypoint for the specified domain.

Parameters

Parameter:	Description:	Optional:
domain	The domain for which the shell is an entrypoint.	No

corecmd_shell_spec_domtrans(
	
		domain
		
			,
		
		target_domain
		
	)

Summary

Execute a shell in the target domain. This is an explicit transition, requiring the caller to use setexeccon().

Description

Execute a shell in the target domain. This is an explicit transition, requiring the caller to use setexeccon().

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters

Parameter:	Description:	Optional:
domain	Domain allowed access.	No
target_domain	The type of the shell process.	No

Return